ldap_sync: Add support for excluding usernames from sync

3a73b703 · Daniel Klaffenbach · 1faf0863 · 3a73b703 · 3a73b703 · 3a73b703
Commit 3a73b703 authored Apr 25, 2017 by Daniel Klaffenbach 🐍
Hide whitespace changes
Inline Side-by-side

Showing with 67 additions and 2 deletions

.pydevproject .pydevproject +1 -1

fountain/management/commands/ldap_sync.py fountain/management/commands/ldap_sync.py +41 -1

tests/tests.py tests/tests.py +25 -0

No files found.
--- a/.pydevproject
+++ b/.pydevproject
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <?eclipse-pydev version="1.0"?><pydev_project>
-<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">django18</pydev_property>
+<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">django-fountain</pydev_property>
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
 <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
 <path>/${PROJECT_DIR_NAME}</path>

--- a/fountain/management/commands/ldap_sync.py
+++ b/fountain/management/commands/ldap_sync.py
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
+import re
 from django.conf import settings
 from django.contrib.auth import get_user_model
 from django.core.management.base import BaseCommand
 from fountain.ldap import Ldap

-
 class Command(BaseCommand):
+    DEFAULT_EXCLUDE_REGEX = r'^api:'
    help = "Updates the attributes of all Django users from the LDAP server." 
    
+    def add_arguments(self, parser):
+        parser.add_argument('-e', '--exclude',
+                dest='exclude_usernames',
+                metavar='username',
+                nargs='*',
+                help="You can exclude single usernames from the LDAP sync using this switch."
+            )
+        parser.add_argument('-r', '--exclude-regex',
+                default=self.DEFAULT_EXCLUDE_REGEX,
+                dest='exclude_regex',
+                metavar='regex',
+                nargs='?',
+                help="Sometimes you might want to exclude users from LDAP sync,\
+                      such as API users. You may specify a Python regular expression \
+                      here for usernames that you want to ignore during the sync.\n\
+                      Default: \"{}\"".format(self.DEFAULT_EXCLUDE_REGEX),
+            )
+    
    def handle(self, *args, **options):
        verbosity = options.get('verbosity')
        sync_is_active = getattr(settings, 'LDAP_SYNC_IS_ACTIVE', True)
        
+        exclude_regex = options.get('exclude_regex')
+        if exclude_regex:
+            exclude_regex = re.compile(exclude_regex)
+        
+        exclude_usernames = options.get('exclude_usernames')
+        if exclude_usernames:
+            exclude_usernames = set(exclude_usernames)
+        else:
+            exclude_usernames = set()
+        
        User = get_user_model()
        l = Ldap()
        
@@ -23,6 +52,17 @@ class Command(BaseCommand):

        for user_dict in User.objects.all().values(*values).iterator():
            username = user_dict[User.USERNAME_FIELD]
+            
+            if username in exclude_usernames:
+                if verbosity > 2:
+                    self.stdout.write('Ignoring {}'.format(username))
+                continue
+            
+            if exclude_regex and exclude_regex.match(username):
+                if verbosity > 2:
+                    self.stdout.write('Ignoring {}'.format(username))
+                continue               
+            
            attrs = l.get_attributes(username)
            if sync_is_active:
                if attrs:

--- a/tests/tests.py
+++ b/tests/tests.py
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
+import StringIO
 import threading
 from django.core import management
 from django.contrib.auth import get_user_model
 from django.test import Client, TestCase
 from .server import get_reactor
+from IPython.utils.io import stdout

 class LdapTestCase(TestCase):
    def setUp(self):
@@ -125,6 +127,29 @@ class LdapTestCase(TestCase):
            user = self.USER_MODEL.objects.get(username='not_in_ldap')
            self.assertTrue(user.is_active)

+    def test_management_command_exclude_arguments(self):
+        with self.settings(LDAP_SYNC_IS_ACTIVE=True):
+            self.USER_MODEL.objects.create(username='test',  is_active=False)
+            self.USER_MODEL.objects.create(username='alice', is_active=False)
+            self.USER_MODEL.objects.create(username='api:not_in_ldap', is_active=True)
+            
+            # Clear user attributes for this test
+            self.USER_MODEL.objects.all().update(first_name='', last_name='', email='')
+        
+            stdout = StringIO.StringIO()
+        
+            management.call_command('ldap_sync', exclude=['alice'], verbosity=3, stdout=stdout)
+            user = self.USER_MODEL.objects.get(username='test')
+            self.assertTrue(user.is_active)
+            user = self.USER_MODEL.objects.get(username='alice')
+            self.assertFalse(user.is_active)
+            user = self.USER_MODEL.objects.get(username='api:not_in_ldap')
+            self.assertTrue(user.is_active)
+            
+            # Check if output matches
+            output_lines = set(stdout.getvalue().splitlines())
+            self.assertIn("Ignoring api:not_in_ldap", output_lines)
+            self.assertIn("Ignoring alice", output_lines)
    
    def test_invalid_user(self):
        with self.settings():