multitenant: give up 'unsecure' file mechanism (#63119)
This commit is contained in:
parent
5c1de7d4ad
commit
e0f7576d84
|
@ -42,18 +42,10 @@ class Tenant(TenantMixin):
|
|||
if service.get('this'):
|
||||
return service
|
||||
|
||||
def is_secure(self):
|
||||
if os.path.exists(os.path.join(self.get_directory(), 'unsecure')):
|
||||
return False
|
||||
return True
|
||||
|
||||
def get_base_url(self):
|
||||
if os.path.exists(os.path.join(self.get_directory(), 'base_url')):
|
||||
return open(os.path.join(self.get_directory(), 'base_url')).read().strip().strip('/')
|
||||
if self.is_secure():
|
||||
return 'https://%s' % self.domain_url
|
||||
else:
|
||||
return 'http://%s' % self.domain_url
|
||||
return 'https://%s' % self.domain_url
|
||||
|
||||
def build_absolute_uri(self, location):
|
||||
return urljoin(self.get_base_url(), location)
|
||||
|
|
|
@ -26,8 +26,6 @@ def tenant_factory(transactional_db, tenant_base, settings):
|
|||
def factory(name):
|
||||
tenant_dir = os.path.join(tenant_base, name)
|
||||
os.mkdir(tenant_dir)
|
||||
with open(os.path.join(tenant_dir, 'unsecure'), 'w') as fd:
|
||||
fd.write('1')
|
||||
with open(os.path.join(tenant_dir, 'settings.json'), 'w') as fd:
|
||||
json.dump({'HOBO_TEST_VARIABLE': name}, fd)
|
||||
with open(os.path.join(tenant_dir, 'hobo.json'), 'w') as fd:
|
||||
|
@ -44,7 +42,7 @@ def tenant_factory(transactional_db, tenant_base, settings):
|
|||
'title': 'Test',
|
||||
'this': True,
|
||||
'secret_key': '12345',
|
||||
'base_url': 'http://%s' % name,
|
||||
'base_url': 'https://%s' % name,
|
||||
'variables': {
|
||||
'other_variable': 'bar',
|
||||
},
|
||||
|
|
|
@ -157,7 +157,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -198,7 +198,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -264,7 +264,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -302,7 +302,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -340,7 +340,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -374,7 +374,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -412,7 +412,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['audience'] == ['http://provider.com']
|
||||
assert arg['@type'] == 'provision'
|
||||
assert arg['full'] is False
|
||||
|
@ -455,7 +455,7 @@ def test_provision_user(transactional_db, tenant, caplog):
|
|||
arg = arg[0][0]
|
||||
assert isinstance(arg, dict)
|
||||
assert set(arg.keys()) == set(['issuer', 'audience', '@type', 'objects', 'full'])
|
||||
assert arg['issuer'] == 'http://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert arg['issuer'] == 'https://%s/idp/saml2/metadata' % tenant.domain_url
|
||||
assert set(arg['audience']) == set(['http://provider.com', 'http://provider2.com'])
|
||||
assert arg['@type'] == 'deprovision'
|
||||
assert arg['full'] is False
|
||||
|
|
|
@ -17,8 +17,6 @@ def tenants(transactional_db, request, settings):
|
|||
def make_tenant(name):
|
||||
tenant_dir = os.path.join(base, name)
|
||||
os.mkdir(tenant_dir)
|
||||
with open(os.path.join(tenant_dir, 'unsecure'), 'w') as fd:
|
||||
fd.write('1')
|
||||
t = Tenant(domain_url=name, schema_name=name.replace('-', '_').replace('.', '_'))
|
||||
t.create_schema()
|
||||
return t
|
||||
|
|
|
@ -33,11 +33,11 @@ def assert_hobo1_service_in_hobo1(hobo_json):
|
|||
if service['slug'] == 'hobo':
|
||||
assert service['service-id'] == 'hobo'
|
||||
assert service['title'] == 'Hobo'
|
||||
assert service['backoffice-menu-url'] == 'http://tenant1.example.net/menu.json'
|
||||
assert service['base_url'] == 'http://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
|
||||
assert service['backoffice-menu-url'] == 'https://tenant1.example.net/menu.json'
|
||||
assert service['base_url'] == 'https://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
|
||||
assert 'id' not in service
|
||||
return
|
||||
assert False, "Can't find hobo1 service"
|
||||
|
@ -49,10 +49,10 @@ def assert_hobo1_service_in_hobo2(hobo_json):
|
|||
assert service['service-id'] == 'hobo'
|
||||
assert service['title'] == 'Hobo'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert service['base_url'] == 'http://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
|
||||
assert service['base_url'] == 'https://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
|
||||
assert 'id' in service
|
||||
assert service['secondary'] is True
|
||||
assert service['template_name'] == ''
|
||||
|
@ -67,10 +67,10 @@ def assert_hobo1_service_in_hobo3(hobo_json):
|
|||
assert service['service-id'] == 'hobo'
|
||||
assert service['title'] == 'Hobo'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert service['base_url'] == 'http://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'http://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == 'fe4a8768479f0b82d3f465f65609fd7c43b4fc8f'
|
||||
assert service['base_url'] == 'https://tenant1.example.net/'
|
||||
assert service['provisionning-url'] == 'https://tenant1.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://tenant1.example.net/accounts/mellon/metadata/'
|
||||
assert service['secret_key'] == '7e5e1778ee87fbbcfc9f10f0978bdd9e1b74d300'
|
||||
assert 'id' in service
|
||||
assert service['secondary'] is True
|
||||
assert service['template_name'] == ''
|
||||
|
@ -86,9 +86,9 @@ def assert_hobo2_service_in_hobo1(hobo_json):
|
|||
assert service['title'] == 'Coll2'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert 'base-url' not in service
|
||||
assert service['base_url'] == 'http://hobo2.example.net/'
|
||||
assert service['provisionning-url'] == 'http://hobo2.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://hobo2.example.net/accounts/mellon/metadata/'
|
||||
assert service['base_url'] == 'https://hobo2.example.net/'
|
||||
assert service['provisionning-url'] == 'https://hobo2.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://hobo2.example.net/accounts/mellon/metadata/'
|
||||
assert service['secondary'] is False
|
||||
assert service['template_name'] == ''
|
||||
assert service['variables'] == {}
|
||||
|
@ -120,9 +120,9 @@ def assert_hobo2_service_in_hobo3(hobo_json):
|
|||
assert service['title'] == 'Coll2'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert 'base-url' not in service
|
||||
assert service['base_url'] == 'http://hobo2.example.net/'
|
||||
assert service['provisionning-url'] == 'http://hobo2.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://hobo2.example.net/accounts/mellon/metadata/'
|
||||
assert service['base_url'] == 'https://hobo2.example.net/'
|
||||
assert service['provisionning-url'] == 'https://hobo2.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://hobo2.example.net/accounts/mellon/metadata/'
|
||||
assert service['secondary'] is True
|
||||
assert service['template_name'] == ''
|
||||
assert service['variables'] == {}
|
||||
|
@ -139,9 +139,9 @@ def assert_hobo3_service_in_hobo1(hobo_json):
|
|||
assert service['title'] == 'Coll3'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert 'base-url' not in service
|
||||
assert service['base_url'] == 'http://hobo3.example.net/'
|
||||
assert service['provisionning-url'] == 'http://hobo3.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://hobo3.example.net/accounts/mellon/metadata/'
|
||||
assert service['base_url'] == 'https://hobo3.example.net/'
|
||||
assert service['provisionning-url'] == 'https://hobo3.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://hobo3.example.net/accounts/mellon/metadata/'
|
||||
assert service['secondary'] is False
|
||||
assert service['template_name'] == ''
|
||||
assert service['variables'] == {}
|
||||
|
@ -158,9 +158,9 @@ def assert_hobo3_service_in_hobo2(hobo_json):
|
|||
assert service['title'] == 'Coll3'
|
||||
assert 'backoffice-menu-url' not in service
|
||||
assert 'base-url' not in service
|
||||
assert service['base_url'] == 'http://hobo3.example.net/'
|
||||
assert service['provisionning-url'] == 'http://hobo3.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'http://hobo3.example.net/accounts/mellon/metadata/'
|
||||
assert service['base_url'] == 'https://hobo3.example.net/'
|
||||
assert service['provisionning-url'] == 'https://hobo3.example.net/__provision__/'
|
||||
assert service['saml-sp-metadata-url'] == 'https://hobo3.example.net/accounts/mellon/metadata/'
|
||||
assert service['secondary'] is True
|
||||
assert service['template_name'] == ''
|
||||
assert service['variables'] == {}
|
||||
|
@ -187,20 +187,20 @@ def assert_hobo3_service_in_hobo3(hobo_json):
|
|||
|
||||
def test_multipublik(tenants, mocker):
|
||||
hobo1 = tenants[0]
|
||||
hobo1.base_url = 'http://tenant1.example.net/'
|
||||
hobo1.base_url = 'https://tenant1.example.net/'
|
||||
with tenant_context(hobo1):
|
||||
hobo_json = get_hobo_json()
|
||||
assert count_hobo_services(hobo_json) == 1
|
||||
assert_hobo1_service_in_hobo1(hobo_json)
|
||||
|
||||
hobo2 = Hobo(title='Coll2', slug='hobo-coll2', base_url='http://hobo2.example.net')
|
||||
hobo2 = Hobo(title='Coll2', slug='hobo-coll2', base_url='https://hobo2.example.net')
|
||||
hobo2.save()
|
||||
hobo_json = get_hobo_json()
|
||||
assert count_hobo_services(hobo_json) == 2
|
||||
assert_hobo1_service_in_hobo1(hobo_json)
|
||||
assert_hobo2_service_in_hobo1(hobo_json)
|
||||
|
||||
hobo3 = Hobo(title='Coll3', slug='hobo-coll3', base_url='http://hobo3.example.net')
|
||||
hobo3 = Hobo(title='Coll3', slug='hobo-coll3', base_url='https://hobo3.example.net')
|
||||
hobo3.save()
|
||||
hobo_json = get_hobo_json()
|
||||
assert count_hobo_services(hobo_json) == 3
|
||||
|
@ -208,7 +208,7 @@ def test_multipublik(tenants, mocker):
|
|||
assert_hobo2_service_in_hobo1(hobo_json)
|
||||
assert_hobo3_service_in_hobo1(hobo_json)
|
||||
|
||||
combo = Combo(title='Portail', slug='portal', base_url='http://combo1.example.net')
|
||||
combo = Combo(title='Portail', slug='portal', base_url='https://combo1.example.net')
|
||||
combo.save()
|
||||
assert count_hobo_services(hobo_json) == 3
|
||||
assert_hobo1_service_in_hobo1(hobo_json)
|
||||
|
@ -230,20 +230,20 @@ def test_multipublik(tenants, mocker):
|
|||
assert Combo.objects.count() == 1
|
||||
combo = Combo.objects.first()
|
||||
assert combo.slug == '_interco_portal'
|
||||
assert combo.base_url == 'http://combo1.example.net/'
|
||||
assert combo.base_url == 'https://combo1.example.net/'
|
||||
assert combo.secondary is True
|
||||
|
||||
assert Hobo.objects.count() == 3
|
||||
# interco hobo
|
||||
hobo = Hobo.objects.get(slug='_interco_hobo')
|
||||
assert hobo.title == 'Hobo'
|
||||
assert hobo.base_url == 'http://tenant1.example.net/'
|
||||
assert hobo.base_url == 'https://tenant1.example.net/'
|
||||
assert hobo.secondary is True
|
||||
|
||||
# coll3 Hobo
|
||||
hobo = Hobo.objects.get(slug='_interco_hobo-coll3')
|
||||
assert hobo.title == 'Coll3'
|
||||
assert hobo.base_url == 'http://hobo3.example.net/'
|
||||
assert hobo.base_url == 'https://hobo3.example.net/'
|
||||
assert hobo.secondary is True
|
||||
|
||||
# notify_agents will be called for secondary services: as celery
|
||||
|
@ -251,9 +251,9 @@ def test_multipublik(tenants, mocker):
|
|||
mocker.patch('hobo.agent.hobo.management.commands.hobo_deploy.notify_agents')
|
||||
|
||||
hobo2 = TenantMiddleware.get_tenant_by_hostname('hobo2.example.net')
|
||||
hobo2.base_url = 'http://hobo2.example.net/'
|
||||
hobo2.base_url = 'https://hobo2.example.net/'
|
||||
with tenant_context(hobo2):
|
||||
combo = Combo(title='Portail', slug='portal', base_url='http://combo2.example.net')
|
||||
combo = Combo(title='Portail', slug='portal', base_url='https://combo2.example.net')
|
||||
combo.save()
|
||||
|
||||
# inform interco about coll2 environment
|
||||
|
@ -267,7 +267,7 @@ def test_multipublik(tenants, mocker):
|
|||
combo = Combo.objects.get(secondary=True)
|
||||
assert combo.slug == '_hobo-coll2_portal'
|
||||
assert combo.title == 'Portail'
|
||||
assert combo.base_url == 'http://combo2.example.net/'
|
||||
assert combo.base_url == 'https://combo2.example.net/'
|
||||
|
||||
# interco environment has changed (secondary Combo coming from coll2)
|
||||
# inform coll2 about interco environment and check that nothing changes
|
||||
|
@ -287,7 +287,7 @@ def test_multipublik(tenants, mocker):
|
|||
# inform coll3 about interco environment
|
||||
HoboDeployCommand().handle(hobo3.base_url, get_hobo_json_filename(hobo1))
|
||||
hobo3 = TenantMiddleware.get_tenant_by_hostname('hobo3.example.net')
|
||||
hobo3.base_url = 'http://hobo3.example.net/'
|
||||
hobo3.base_url = 'https://hobo3.example.net/'
|
||||
with tenant_context(hobo3):
|
||||
hobo_json = get_hobo_json()
|
||||
assert count_hobo_services(hobo_json) == 3
|
||||
|
@ -299,24 +299,24 @@ def test_multipublik(tenants, mocker):
|
|||
assert Combo.objects.count() == 1
|
||||
combo = Combo.objects.first()
|
||||
assert combo.slug == '_interco_portal'
|
||||
assert combo.base_url == 'http://combo1.example.net/'
|
||||
assert combo.base_url == 'https://combo1.example.net/'
|
||||
assert combo.secondary is True
|
||||
|
||||
assert Hobo.objects.count() == 3
|
||||
# interco hobo
|
||||
hobo = Hobo.objects.get(slug='_interco_hobo')
|
||||
assert hobo.title == 'Hobo'
|
||||
assert hobo.base_url == 'http://tenant1.example.net/'
|
||||
assert hobo.base_url == 'https://tenant1.example.net/'
|
||||
assert hobo.secondary is True
|
||||
|
||||
# coll2 Hobo
|
||||
hobo = Hobo.objects.get(slug='_interco_hobo-coll2')
|
||||
assert hobo.title == 'Coll2'
|
||||
assert hobo.base_url == 'http://hobo2.example.net/'
|
||||
assert hobo.base_url == 'https://hobo2.example.net/'
|
||||
assert hobo.secondary is True
|
||||
|
||||
# Add a portal in coll3
|
||||
combo = Combo(title='Portail', slug='portal', base_url='http://combo3.example.net')
|
||||
combo = Combo(title='Portail', slug='portal', base_url='https://combo3.example.net')
|
||||
combo.save()
|
||||
|
||||
# inform interco about coll3 environment
|
||||
|
@ -328,7 +328,7 @@ def test_multipublik(tenants, mocker):
|
|||
# coll3 Combo
|
||||
combo = Combo.objects.get(slug='_hobo-coll3_portal')
|
||||
assert combo.title == 'Portail'
|
||||
assert combo.base_url == 'http://combo3.example.net/'
|
||||
assert combo.base_url == 'https://combo3.example.net/'
|
||||
assert combo.secondary is True
|
||||
|
||||
# inform coll2 about interco environment
|
||||
|
|
|
@ -14,8 +14,6 @@ def make_tenant(tmp_path, transactional_db, settings, request):
|
|||
def make_tenant(name):
|
||||
tenant_dir = base / name
|
||||
tenant_dir.mkdir()
|
||||
with (tenant_dir / 'unsecure').open(mode='w') as fd:
|
||||
fd.write('1')
|
||||
with (tenant_dir / 'settings.json').open(mode='w') as fd:
|
||||
json.dump(
|
||||
{
|
||||
|
@ -46,8 +44,8 @@ def make_tenant(tmp_path, transactional_db, settings, request):
|
|||
'service-id': 'welco',
|
||||
'this': True,
|
||||
'secret_key': '12345',
|
||||
'base_url': 'http://%s' % name,
|
||||
'saml-sp-metadata-url': 'http://%s/saml/metadata' % name,
|
||||
'base_url': 'https://%s' % name,
|
||||
'saml-sp-metadata-url': 'https://%s/saml/metadata' % name,
|
||||
'variables': {
|
||||
'other_variable': 'bar',
|
||||
'SETTING_OVERRIDE1': True,
|
||||
|
|
Loading…
Reference in New Issue