authentic agent: mass provision roles on new services (#35345)

hobo/agent/authentic2/management/commands/hobo_deploy.py

@@ -22,6 +22,7 @@ from django.conf import settings
 from tenant_schemas.utils import tenant_context
 
 from hobo.agent.common.management.commands import hobo_deploy
+from hobo.agent.authentic2.provisionning import Provisionning
 
 User = get_user_model()
 
@@ -123,6 +124,7 @@ class Command(hobo_deploy.Command):
             services = hobo_environment['services']
             retries = 0
             loaded = 0
+            provision_target_ous = {}
             max_retries = 1 if self.redeploy else 5
             while retries < max_retries:
                 for service in services:
@@ -183,6 +185,7 @@ class Command(hobo_deploy.Command):
                                 name=service['title'])
                     if service_created or not provider.ou:
                         provider.ou = ou
+                        provision_target_ous[provider.ou.id] = provider.ou
                     provider.save()
                     if service_created:
                         service_provider = LibertyServiceProvider(
@@ -233,6 +236,12 @@ class Command(hobo_deploy.Command):
                 time.sleep(self.backoff_factor * (2 ** retries))
                 retries += 1
 
+            if provision_target_ous:
+                # mass provision roles on new created services
+                engine = Provisionning()
+                roles = get_role_model().objects.all()
+                engine.notify_roles(provision_target_ous, roles, full=True)
+
             for service in services:
                 if not service.get('$done'):
                     last_error = service['$last-error']

tests_authentic/test_hobo_deploy.py

@@ -56,9 +56,6 @@ def test_hobo_deploy(monkeypatch, tenant_base, mocker, skeleton_dir):
             },
         ], roles_json)
 
-    # As a user is created, notify_agents is called, as celery is not running
-    # we just block it
-    mocker.patch('hobo.agent.authentic2.provisionning.notify_agents')
     requests_get = mocker.patch('requests.get')
     meta1 = '''<?xml version="1.0"?>
 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
@@ -314,7 +311,19 @@ def test_hobo_deploy(monkeypatch, tenant_base, mocker, skeleton_dir):
     hobo_json = tempfile.NamedTemporaryFile()
     hobo_json.write(hobo_json_content)
     hobo_json.flush()
-    call_command('hobo_deploy', 'http://sso.example.net', hobo_json.name)
+
+    with mock.patch('hobo.agent.authentic2.provisionning.notify_agents') as mock_notify:
+        call_command('hobo_deploy', 'http://sso.example.net', hobo_json.name)
+
+    # check role mass provisionning to new services
+    # two wcs => two ous => two audiences
+    assert mock_notify.call_count == 2
+    audiences = sorted([arg[0][0]['audience'] for arg in mock_notify.call_args_list])
+    assert audiences == [['http://clapiers.example.net/saml/metadata'],
+                         ['http://eservices.example.net/saml/metadata', 'http://passerelle.example.net/saml/metadata']]
+    assert [arg[0][0]['@type'] for arg in mock_notify.call_args_list] == ['provision', 'provision']
+    assert [arg[0][0]['objects']['@type'] for arg in mock_notify.call_args_list] == ['role', 'role']
+    assert [arg[0][0]['full'] for arg in mock_notify.call_args_list] == [True, True]
 
     from hobo.multitenant.middleware import TenantMiddleware
     tenants = list(TenantMiddleware.get_tenants())