Commit 3a73b703 authored by Daniel Klaffenbach's avatar Daniel Klaffenbach 🐍

ldap_sync: Add support for excluding usernames from sync

parent 1faf0863
Pipeline #7732 failed with stage
in 52 seconds
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?eclipse-pydev version="1.0"?><pydev_project>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">django18</pydev_property>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">django-fountain</pydev_property>
<pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
<pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
<path>/${PROJECT_DIR_NAME}</path>
......
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import re
from django.conf import settings
from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from fountain.ldap import Ldap
class Command(BaseCommand):
DEFAULT_EXCLUDE_REGEX = r'^api:'
help = "Updates the attributes of all Django users from the LDAP server."
def add_arguments(self, parser):
parser.add_argument('-e', '--exclude',
dest='exclude_usernames',
metavar='username',
nargs='*',
help="You can exclude single usernames from the LDAP sync using this switch."
)
parser.add_argument('-r', '--exclude-regex',
default=self.DEFAULT_EXCLUDE_REGEX,
dest='exclude_regex',
metavar='regex',
nargs='?',
help="Sometimes you might want to exclude users from LDAP sync,\
such as API users. You may specify a Python regular expression \
here for usernames that you want to ignore during the sync.\n\
Default: \"{}\"".format(self.DEFAULT_EXCLUDE_REGEX),
)
def handle(self, *args, **options):
verbosity = options.get('verbosity')
sync_is_active = getattr(settings, 'LDAP_SYNC_IS_ACTIVE', True)
exclude_regex = options.get('exclude_regex')
if exclude_regex:
exclude_regex = re.compile(exclude_regex)
exclude_usernames = options.get('exclude_usernames')
if exclude_usernames:
exclude_usernames = set(exclude_usernames)
else:
exclude_usernames = set()
User = get_user_model()
l = Ldap()
......@@ -23,6 +52,17 @@ class Command(BaseCommand):
for user_dict in User.objects.all().values(*values).iterator():
username = user_dict[User.USERNAME_FIELD]
if username in exclude_usernames:
if verbosity > 2:
self.stdout.write('Ignoring {}'.format(username))
continue
if exclude_regex and exclude_regex.match(username):
if verbosity > 2:
self.stdout.write('Ignoring {}'.format(username))
continue
attrs = l.get_attributes(username)
if sync_is_active:
if attrs:
......
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import StringIO
import threading
from django.core import management
from django.contrib.auth import get_user_model
from django.test import Client, TestCase
from .server import get_reactor
from IPython.utils.io import stdout
class LdapTestCase(TestCase):
def setUp(self):
......@@ -125,6 +127,29 @@ class LdapTestCase(TestCase):
user = self.USER_MODEL.objects.get(username='not_in_ldap')
self.assertTrue(user.is_active)
def test_management_command_exclude_arguments(self):
with self.settings(LDAP_SYNC_IS_ACTIVE=True):
self.USER_MODEL.objects.create(username='test', is_active=False)
self.USER_MODEL.objects.create(username='alice', is_active=False)
self.USER_MODEL.objects.create(username='api:not_in_ldap', is_active=True)
# Clear user attributes for this test
self.USER_MODEL.objects.all().update(first_name='', last_name='', email='')
stdout = StringIO.StringIO()
management.call_command('ldap_sync', exclude=['alice'], verbosity=3, stdout=stdout)
user = self.USER_MODEL.objects.get(username='test')
self.assertTrue(user.is_active)
user = self.USER_MODEL.objects.get(username='alice')
self.assertFalse(user.is_active)
user = self.USER_MODEL.objects.get(username='api:not_in_ldap')
self.assertTrue(user.is_active)
# Check if output matches
output_lines = set(stdout.getvalue().splitlines())
self.assertIn("Ignoring api:not_in_ldap", output_lines)
self.assertIn("Ignoring alice", output_lines)
def test_invalid_user(self):
with self.settings():
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment