From cdfe73d4410ff69ff200ab03256ef5610eea014c Mon Sep 17 00:00:00 2001
From: Emmanuel Cazenave <ecazenave@entrouvert.com>
Date: Tue, 8 Jun 2021 11:31:22 +0200
Subject: [PATCH] agent/authentic2: add debug mode for provisionning (#54637)

---
 debian/debian_config_common.py         |  1 +
 hobo/agent/authentic2/provisionning.py | 11 +++++++++++
 tests_authentic/test_provisionning.py  | 23 +++++++++++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/debian/debian_config_common.py b/debian/debian_config_common.py
index 86c7a49..6fe009c 100644
--- a/debian/debian_config_common.py
+++ b/debian/debian_config_common.py
@@ -49,6 +49,7 @@ DEBUG_LOG_FORMAT = (
     '%(asctime)s \x1f%(tenant)s \x1f%(ip)s \x1f%(user)r \x1f%(request_id)s \x1f'
     '%(levelname)s \x1f%(name)s \x1f%(message)s'
 )
+DEBUG_PROVISIONNING_LOG_PATH = '/var/log/%s/provisionning-debug' % PROJECT_NAME
 
 DISABLE_GLOBAL_HANDLERS = os.environ.get('DISABLE_GLOBAL_HANDLERS') == '1'
 
diff --git a/hobo/agent/authentic2/provisionning.py b/hobo/agent/authentic2/provisionning.py
index 725f778..8f37e30 100644
--- a/hobo/agent/authentic2/provisionning.py
+++ b/hobo/agent/authentic2/provisionning.py
@@ -1,4 +1,5 @@
 import copy
+import datetime
 import json
 import logging
 import threading
@@ -486,6 +487,16 @@ class Provisionning(threading.local):
                         self.add_saved(other_instance)
 
     def notify_agents(self, data):
+        log_path = getattr(settings, 'DEBUG_PROVISIONNING_LOG_PATH', '')
+        if log_path and getattr(settings, 'HOBO_PROVISIONNING_DEBUG', False):
+            try:
+                with open(log_path, 'a') as f:
+                    f.write('%s %s ' % (datetime.datetime.now().isoformat(), connection.tenant.domain_url))
+                    json.dump(data, f, indent=2)
+                    f.write('\n')
+            except IOError:
+                pass
+
         if getattr(settings, 'HOBO_HTTP_PROVISIONNING', False):
             leftover_audience = self.notify_agents_http(data)
             if not leftover_audience:
diff --git a/tests_authentic/test_provisionning.py b/tests_authentic/test_provisionning.py
index f817743..4c2770e 100644
--- a/tests_authentic/test_provisionning.py
+++ b/tests_authentic/test_provisionning.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 
 import json
+import os
 
 import lasso
 import pytest
@@ -739,3 +740,25 @@ def test_provisionning_api(transactional_db, app_factory, tenant, settings, capl
         )
         assert resp.json['err'] == 1
         assert resp.json['leftover_audience']
+
+
+def test_provision_debug(transactional_db, tenant, caplog, settings, tmpdir):
+    log_path = str(tmpdir / 'debug-provisionning.log')
+    settings.DEBUG_PROVISIONNING_LOG_PATH = log_path
+    settings.HOBO_PROVISIONNING_DEBUG = True
+
+    assert not os.path.exists(log_path)
+
+    with patch('hobo.agent.authentic2.provisionning.notify_agents') as notify_agents:
+        with tenant_context(tenant):
+            LibertyProvider.objects.create(
+                ou=get_default_ou(),
+                name='provider',
+                entity_id='http://provider.com',
+                protocol_conformance=lasso.PROTOCOL_SAML_2_0,
+            )
+            with provisionning:
+                role = Role.objects.create(name='coin', ou=get_default_ou())
+
+            assert notify_agents.call_count == 1
+            assert os.path.exists(log_path)