agent/authentic2: add debug mode for provisionning (#54637)

2021-06-08 11:31:22 +02:00 · 2021-06-08 11:31:22 +02:00 · cdfe73d441
parent 3252785cd0
commit cdfe73d441
3 changed files with 35 additions and 0 deletions
--- a/debian/debian_config_common.py
+++ b/debian/debian_config_common.py
@ -49,6 +49,7 @@ DEBUG_LOG_FORMAT = (
    '%(asctime)s \x1f%(tenant)s \x1f%(ip)s \x1f%(user)r \x1f%(request_id)s \x1f'
    '%(levelname)s \x1f%(name)s \x1f%(message)s'
 )
+DEBUG_PROVISIONNING_LOG_PATH = '/var/log/%s/provisionning-debug' % PROJECT_NAME

 DISABLE_GLOBAL_HANDLERS = os.environ.get('DISABLE_GLOBAL_HANDLERS') == '1'

--- a/hobo/agent/authentic2/provisionning.py
+++ b/hobo/agent/authentic2/provisionning.py
@ -1,4 +1,5 @@
 import copy
+import datetime
 import json
 import logging
 import threading
@ -486,6 +487,16 @@ class Provisionning(threading.local):
                        self.add_saved(other_instance)

    def notify_agents(self, data):
+        log_path = getattr(settings, 'DEBUG_PROVISIONNING_LOG_PATH', '')
+        if log_path and getattr(settings, 'HOBO_PROVISIONNING_DEBUG', False):
+            try:
+                with open(log_path, 'a') as f:
+                    f.write('%s %s ' % (datetime.datetime.now().isoformat(), connection.tenant.domain_url))
+                    json.dump(data, f, indent=2)
+                    f.write('\n')
+            except IOError:
+                pass
+
        if getattr(settings, 'HOBO_HTTP_PROVISIONNING', False):
            leftover_audience = self.notify_agents_http(data)
            if not leftover_audience:
--- a/tests_authentic/test_provisionning.py
+++ b/tests_authentic/test_provisionning.py
@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-

 import json
+import os

 import lasso
 import pytest
@ -739,3 +740,25 @@ def test_provisionning_api(transactional_db, app_factory, tenant, settings, capl
        )
        assert resp.json['err'] == 1
        assert resp.json['leftover_audience']
+
+
+def test_provision_debug(transactional_db, tenant, caplog, settings, tmpdir):
+    log_path = str(tmpdir / 'debug-provisionning.log')
+    settings.DEBUG_PROVISIONNING_LOG_PATH = log_path
+    settings.HOBO_PROVISIONNING_DEBUG = True
+
+    assert not os.path.exists(log_path)
+
+    with patch('hobo.agent.authentic2.provisionning.notify_agents') as notify_agents:
+        with tenant_context(tenant):
+            LibertyProvider.objects.create(
+                ou=get_default_ou(),
+                name='provider',
+                entity_id='http://provider.com',
+                protocol_conformance=lasso.PROTOCOL_SAML_2_0,
+            )
+            with provisionning:
+                role = Role.objects.create(name='coin', ou=get_default_ou())
+
+            assert notify_agents.call_count == 1
+            assert os.path.exists(log_path)