agent: consider allowed technical roles when provisionning roles (#36937)
This commit is contained in:
parent
7e8d61f077
commit
4ed5d38e4c
|
@ -213,7 +213,12 @@ class Provisionning(threading.local):
|
|||
})
|
||||
|
||||
def notify_roles(self, ous, roles, mode='provision', full=False):
|
||||
roles = set([role for role in roles if not role.slug.startswith('_')])
|
||||
allowed_technical_roles_prefixes = getattr(settings, 'HOBO_PROVISION_ROLE_PREFIXES', []) or []
|
||||
|
||||
def is_forbidden_technical_role(role):
|
||||
return role.slug.startswith('_') and not role.slug.startswith(tuple(allowed_technical_roles_prefixes))
|
||||
|
||||
roles = set([role for role in roles if not is_forbidden_technical_role(role)])
|
||||
if mode == 'provision':
|
||||
self.complete_roles(roles)
|
||||
|
||||
|
|
Loading…
Reference in New Issue