entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 46 Releases Activity

ctl: update check-hobos command to configure IdP (#5031)

This commit is contained in:
Frédéric Péters 2014-06-23 17:21:02 +02:00
parent 7079869fda
commit 0bb86caf35
2 changed files with 68 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
wcs/ctl/check_hobos.py
View File

@ -17,9 +17,11 @@
import json
import os
import sys
import tempfile
import urllib2
from qommon.ctl import Command, make_option
from qommon.storage import atomic_write
def is_for_us(service):
@ -50,7 +52,6 @@ class CmdCheckHobos(Command):
print >> sys.stderr, 'failed to get URL', arg, e
continue
services = []
for hobo in hobos:
try:
all_services = json.load(
@ -58,23 +59,72 @@ class CmdCheckHobos(Command):
except (urllib2.URLError, urllib2.HTTPError), e:
print >> sys.stderr, 'failed to get URL', hobo, e
continue
services.extend([x for x in all_services if x.get('service-id') == 'wcs'])
services = [x for x in all_services if x.get('service-id') == 'wcs' and is_for_us(x)]
# initialize all instances of w.c.s.
for service in services:
parsed_url = urllib2.urlparse.urlsplit(service.get('base_url'))
instance_path = parsed_url.netloc
if parsed_url.path:
instance_path = '%s+' % parsed_url.path.replace('/', '+')
pub.app_dir = os.path.join(global_app_dir, instance_path)
if not os.path.exists(pub.app_dir):
print 'initializing instance in', pub.app_dir
os.mkdir(pub.app_dir)
pub.initialize_app_dir()
else:
pub.set_config()
for service in services:
if not is_for_us(service):
continue
parsed_url = urllib2.urlparse.urlsplit(service.get('base_url'))
instance_path = parsed_url.netloc
if parsed_url.path:
instance_path = '%s+' % parsed_url.path.replace('/', '+')
pub.app_dir = os.path.join(global_app_dir, instance_path)
if not os.path.exists(pub.app_dir):
print 'initializing instance in', pub.app_dir
os.mkdir(pub.app_dir)
pub.initialize_app_dir()
if not pub.cfg.get('misc'):
pub.cfg['misc'] = {}
pub.cfg['misc']['sitename'] = service.get('title').encode('utf-8')
# configure authentication methods
idps = [x for x in all_services if x.get('service-id') == 'authentic']
if not pub.cfg.get('identification'):
pub.cfg['identification'] = {}
methods = pub.cfg['identification'].get('methods', [])
if not methods:
methods = ['idp']
elif not 'idp' in methods:
methods.append('idp')
pub.cfg['identification']['methods'] = methods
pub.write_cfg()
if idps and not pub.cfg.get('sp', {}).get('publickey'):
from qommon.ident.idp import MethodAdminDirectory
if not pub.cfg.get('sp'):
pub.cfg['sp'] = {}
spconfig = pub.cfg['sp']
spconfig['base_url'] = str(service.get('base_url')) + '/liberty'
spconfig['saml2_base_url'] = str(service.get('base_url')) + '/saml'
spconfig['providerid'] = spconfig['base_url'] + '/metadata'
spconfig['saml2_providerid'] = spconfig['saml2_base_url'] + '/metadata'
MethodAdminDirectory().generate_rsa_keypair()
for idp in idps:
metadata_url = '%s/idp/saml2/metadata' % idp['base_url']
try:
rfd = urllib2.urlopen(metadata_url)
except (urllib2.HTTPError, urllib2.URLError), e:
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
continue
except Exception, e:
print >> sys.stderr, 'failed to get metadata URL', metadata_url, e
continue
s = rfd.read()
(bfd, metadata_pathname) = tempfile.mkstemp('.metadata')
atomic_write(metadata_pathname, s)
from qommon.ident.idp import AdminIDPDir
admin_dir = AdminIDPDir()
key_provider_id = admin_dir.submit_new_remote(
metadata_pathname, None, metadata_url, None)
pub.cfg['idp'][key_provider_id]['admin-attributes'] = \
{'role': 'admin::%s' % str(service.get('slug'))}
pub.write_cfg()
pub.write_cfg()
CmdCheckHobos.register()

4
wcs/qommon/ident/idp.py
View File

@ -572,6 +572,10 @@ class AdminIDPDir(Directory):
get_publisher().write_cfg()
if not get_request():
# this allows this method to be called outsite of a
# request/response cycle.
return key_provider_id
return redirect('.')