ctl: update check-hobos command to configure IdP (#5031)
This commit is contained in:
parent
7079869fda
commit
0bb86caf35
|
@ -17,9 +17,11 @@
|
|||
import json
|
||||
import os
|
||||
import sys
|
||||
import tempfile
|
||||
import urllib2
|
||||
|
||||
from qommon.ctl import Command, make_option
|
||||
from qommon.storage import atomic_write
|
||||
|
||||
|
||||
def is_for_us(service):
|
||||
|
@ -50,7 +52,6 @@ class CmdCheckHobos(Command):
|
|||
print >> sys.stderr, 'failed to get URL', arg, e
|
||||
continue
|
||||
|
||||
services = []
|
||||
for hobo in hobos:
|
||||
try:
|
||||
all_services = json.load(
|
||||
|
@ -58,23 +59,72 @@ class CmdCheckHobos(Command):
|
|||
except (urllib2.URLError, urllib2.HTTPError), e:
|
||||
print >> sys.stderr, 'failed to get URL', hobo, e
|
||||
continue
|
||||
services.extend([x for x in all_services if x.get('service-id') == 'wcs'])
|
||||
services = [x for x in all_services if x.get('service-id') == 'wcs' and is_for_us(x)]
|
||||
|
||||
# initialize all instances of w.c.s.
|
||||
for service in services:
|
||||
parsed_url = urllib2.urlparse.urlsplit(service.get('base_url'))
|
||||
instance_path = parsed_url.netloc
|
||||
if parsed_url.path:
|
||||
instance_path = '%s+' % parsed_url.path.replace('/', '+')
|
||||
pub.app_dir = os.path.join(global_app_dir, instance_path)
|
||||
if not os.path.exists(pub.app_dir):
|
||||
print 'initializing instance in', pub.app_dir
|
||||
os.mkdir(pub.app_dir)
|
||||
pub.initialize_app_dir()
|
||||
else:
|
||||
pub.set_config()
|
||||
|
||||
for service in services:
|
||||
if not is_for_us(service):
|
||||
continue
|
||||
parsed_url = urllib2.urlparse.urlsplit(service.get('base_url'))
|
||||
instance_path = parsed_url.netloc
|
||||
if parsed_url.path:
|
||||
instance_path = '%s+' % parsed_url.path.replace('/', '+')
|
||||
pub.app_dir = os.path.join(global_app_dir, instance_path)
|
||||
if not os.path.exists(pub.app_dir):
|
||||
print 'initializing instance in', pub.app_dir
|
||||
os.mkdir(pub.app_dir)
|
||||
pub.initialize_app_dir()
|
||||
if not pub.cfg.get('misc'):
|
||||
pub.cfg['misc'] = {}
|
||||
pub.cfg['misc']['sitename'] = service.get('title').encode('utf-8')
|
||||
|
||||
# configure authentication methods
|
||||
idps = [x for x in all_services if x.get('service-id') == 'authentic']
|
||||
if not pub.cfg.get('identification'):
|
||||
pub.cfg['identification'] = {}
|
||||
methods = pub.cfg['identification'].get('methods', [])
|
||||
if not methods:
|
||||
methods = ['idp']
|
||||
elif not 'idp' in methods:
|
||||
methods.append('idp')
|
||||
pub.cfg['identification']['methods'] = methods
|
||||
pub.write_cfg()
|
||||
|
||||
if idps and not pub.cfg.get('sp', {}).get('publickey'):
|
||||
from qommon.ident.idp import MethodAdminDirectory
|
||||
if not pub.cfg.get('sp'):
|
||||
pub.cfg['sp'] = {}
|
||||
spconfig = pub.cfg['sp']
|
||||
spconfig['base_url'] = str(service.get('base_url')) + '/liberty'
|
||||
spconfig['saml2_base_url'] = str(service.get('base_url')) + '/saml'
|
||||
spconfig['providerid'] = spconfig['base_url'] + '/metadata'
|
||||
spconfig['saml2_providerid'] = spconfig['saml2_base_url'] + '/metadata'
|
||||
MethodAdminDirectory().generate_rsa_keypair()
|
||||
|
||||
for idp in idps:
|
||||
metadata_url = '%s/idp/saml2/metadata' % idp['base_url']
|
||||
try:
|
||||
rfd = urllib2.urlopen(metadata_url)
|
||||
except (urllib2.HTTPError, urllib2.URLError), e:
|
||||
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
|
||||
continue
|
||||
except Exception, e:
|
||||
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
|
||||
continue
|
||||
|
||||
s = rfd.read()
|
||||
(bfd, metadata_pathname) = tempfile.mkstemp('.metadata')
|
||||
atomic_write(metadata_pathname, s)
|
||||
|
||||
from qommon.ident.idp import AdminIDPDir
|
||||
admin_dir = AdminIDPDir()
|
||||
key_provider_id = admin_dir.submit_new_remote(
|
||||
metadata_pathname, None, metadata_url, None)
|
||||
pub.cfg['idp'][key_provider_id]['admin-attributes'] = \
|
||||
{'role': 'admin::%s' % str(service.get('slug'))}
|
||||
pub.write_cfg()
|
||||
|
||||
pub.write_cfg()
|
||||
|
||||
CmdCheckHobos.register()
|
||||
|
|
|
@ -572,6 +572,10 @@ class AdminIDPDir(Directory):
|
|||
|
||||
get_publisher().write_cfg()
|
||||
|
||||
if not get_request():
|
||||
# this allows this method to be called outsite of a
|
||||
# request/response cycle.
|
||||
return key_provider_id
|
||||
return redirect('.')
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue