Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
F
fountain
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
urz-django
fountain
Commits
3a73b703
Commit
3a73b703
authored
Apr 25, 2017
by
Daniel Klaffenbach
🐍
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ldap_sync: Add support for excluding usernames from sync
parent
1faf0863
Pipeline
#7732
failed with stage
in 52 seconds
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
67 additions
and
2 deletions
+67
-2
.pydevproject
.pydevproject
+1
-1
fountain/management/commands/ldap_sync.py
fountain/management/commands/ldap_sync.py
+41
-1
tests/tests.py
tests/tests.py
+25
-0
No files found.
.pydevproject
View file @
3a73b703
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?eclipse-pydev version="1.0"?>
<pydev_project>
<pydev_property
name=
"org.python.pydev.PYTHON_PROJECT_INTERPRETER"
>
django
18
</pydev_property>
<pydev_property
name=
"org.python.pydev.PYTHON_PROJECT_INTERPRETER"
>
django
-fountain
</pydev_property>
<pydev_property
name=
"org.python.pydev.PYTHON_PROJECT_VERSION"
>
python 2.7
</pydev_property>
<pydev_pathproperty
name=
"org.python.pydev.PROJECT_SOURCE_PATH"
>
<path>
/${PROJECT_DIR_NAME}
</path>
...
...
fountain/management/commands/ldap_sync.py
View file @
3a73b703
# -*- coding: utf-8 -*-
from
__future__
import
unicode_literals
import
re
from
django.conf
import
settings
from
django.contrib.auth
import
get_user_model
from
django.core.management.base
import
BaseCommand
from
fountain.ldap
import
Ldap
class
Command
(
BaseCommand
):
DEFAULT_EXCLUDE_REGEX
=
r'^api:'
help
=
"Updates the attributes of all Django users from the LDAP server."
def
add_arguments
(
self
,
parser
):
parser
.
add_argument
(
'-e'
,
'--exclude'
,
dest
=
'exclude_usernames'
,
metavar
=
'username'
,
nargs
=
'*'
,
help
=
"You can exclude single usernames from the LDAP sync using this switch."
)
parser
.
add_argument
(
'-r'
,
'--exclude-regex'
,
default
=
self
.
DEFAULT_EXCLUDE_REGEX
,
dest
=
'exclude_regex'
,
metavar
=
'regex'
,
nargs
=
'?'
,
help
=
"Sometimes you might want to exclude users from LDAP sync,
\
such as API users. You may specify a Python regular expression
\
here for usernames that you want to ignore during the sync.
\n\
Default:
\"
{}
\"
"
.
format
(
self
.
DEFAULT_EXCLUDE_REGEX
),
)
def
handle
(
self
,
*
args
,
**
options
):
verbosity
=
options
.
get
(
'verbosity'
)
sync_is_active
=
getattr
(
settings
,
'LDAP_SYNC_IS_ACTIVE'
,
True
)
exclude_regex
=
options
.
get
(
'exclude_regex'
)
if
exclude_regex
:
exclude_regex
=
re
.
compile
(
exclude_regex
)
exclude_usernames
=
options
.
get
(
'exclude_usernames'
)
if
exclude_usernames
:
exclude_usernames
=
set
(
exclude_usernames
)
else
:
exclude_usernames
=
set
()
User
=
get_user_model
()
l
=
Ldap
()
...
...
@@ -23,6 +52,17 @@ class Command(BaseCommand):
for
user_dict
in
User
.
objects
.
all
().
values
(
*
values
).
iterator
():
username
=
user_dict
[
User
.
USERNAME_FIELD
]
if
username
in
exclude_usernames
:
if
verbosity
>
2
:
self
.
stdout
.
write
(
'Ignoring {}'
.
format
(
username
))
continue
if
exclude_regex
and
exclude_regex
.
match
(
username
):
if
verbosity
>
2
:
self
.
stdout
.
write
(
'Ignoring {}'
.
format
(
username
))
continue
attrs
=
l
.
get_attributes
(
username
)
if
sync_is_active
:
if
attrs
:
...
...
tests/tests.py
View file @
3a73b703
# -*- coding: utf-8 -*-
from
__future__
import
unicode_literals
import
StringIO
import
threading
from
django.core
import
management
from
django.contrib.auth
import
get_user_model
from
django.test
import
Client
,
TestCase
from
.server
import
get_reactor
from
IPython.utils.io
import
stdout
class
LdapTestCase
(
TestCase
):
def
setUp
(
self
):
...
...
@@ -125,6 +127,29 @@ class LdapTestCase(TestCase):
user
=
self
.
USER_MODEL
.
objects
.
get
(
username
=
'not_in_ldap'
)
self
.
assertTrue
(
user
.
is_active
)
def
test_management_command_exclude_arguments
(
self
):
with
self
.
settings
(
LDAP_SYNC_IS_ACTIVE
=
True
):
self
.
USER_MODEL
.
objects
.
create
(
username
=
'test'
,
is_active
=
False
)
self
.
USER_MODEL
.
objects
.
create
(
username
=
'alice'
,
is_active
=
False
)
self
.
USER_MODEL
.
objects
.
create
(
username
=
'api:not_in_ldap'
,
is_active
=
True
)
# Clear user attributes for this test
self
.
USER_MODEL
.
objects
.
all
().
update
(
first_name
=
''
,
last_name
=
''
,
email
=
''
)
stdout
=
StringIO
.
StringIO
()
management
.
call_command
(
'ldap_sync'
,
exclude
=
[
'alice'
],
verbosity
=
3
,
stdout
=
stdout
)
user
=
self
.
USER_MODEL
.
objects
.
get
(
username
=
'test'
)
self
.
assertTrue
(
user
.
is_active
)
user
=
self
.
USER_MODEL
.
objects
.
get
(
username
=
'alice'
)
self
.
assertFalse
(
user
.
is_active
)
user
=
self
.
USER_MODEL
.
objects
.
get
(
username
=
'api:not_in_ldap'
)
self
.
assertTrue
(
user
.
is_active
)
# Check if output matches
output_lines
=
set
(
stdout
.
getvalue
().
splitlines
())
self
.
assertIn
(
"Ignoring api:not_in_ldap"
,
output_lines
)
self
.
assertIn
(
"Ignoring alice"
,
output_lines
)
def
test_invalid_user
(
self
):
with
self
.
settings
():
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment