PR#242: Update ipsilon config for staging adding infofasjson - fedora-infra/ansible

fedora-infra / ansible

#242 Update ipsilon config for staging adding infofasjson

Closed 3 years ago by abompard. Opened 3 years ago by ryanlerch.

fedora-infra/ ryanlerch/ansible ipsilon-stage into master

Update ipsilon config for staging adding infofasjson

Ryan Lerch • 3 years ago

a0a7fbe

roles/ipsilon/files/infofasjson.py

file added

+97

		`@@ -0,0 +1,97 @@`
		`+ from ipsilon.info.common import InfoProviderBase, InfoProviderInstaller`
		`+ from ipsilon.util.plugin import PluginObject`
		`+ from ipsilon.util.policy import Policy`
		`+ from ipsilon.util import config as pconfig`
		`+`
		`+ import fasjson_client`
		`+`
		`+`
		`+ fasjson_mapping = [`
		`+ ['email', 'email'],`
		`+ ['username', 'username'],`
		`+ ['timezone', 'timezone'],`
		`+ ['locale', 'locale'],`
		`+ ['human_name', 'human_name'],`
		`+ ['groups', 'groups'],`
		`+ ]`
		`+`
		`+`
		`+ class InfoProvider(InfoProviderBase):`
		`+`
		`+ def __init__(self, *args):`
		`+ super(InfoProvider, self).__init__(*args)`
		`+ self.mapper = Policy(fasjson_mapping)`
		`+`
		`+ self.name = 'fasjson'`
		`+ self.description = """`
		`+ Info plugin that retrieves user data from FASJSON. """`
		`+`
		`+ self.new_config(`
		`+ self.name,`
		`+ pconfig.String(`
		`+ 'FASJSON url',`
		`+ 'The FASJSON Url.',`
		`+ 'http://fasjson.tinystage.test/fasjson/'),`
		`+ )`
		`+`
		`+ @property`
		`+ def fasjson_url(self):`
		`+ return self.get_config_value('FASJSON url')`
		`+`
		`+`
		`+ def get_user_attrs(self, user):`
		`+ user_data = None`
		`+ user_group_data = None`
		`+ try:`
		`+ client = fasjson_client.Client(url=self.fasjson_url)`
		`+ user_data = client.get_user(username=user).result`
		`+ user_group_data = client.list_user_groups(username=user).result`
		`+ except Exception as e:`
		`+ self.error(f'FASJSON error: {e}')`
		`+`
		`+`
		`+ if not user_data:`
		`+ user_data = {"username": "ryancarr", "surname": "Carr", "givenname": "Ryan", "human_name": "Ryan Carr", "emails": ["ryancarr@tinystage.test"], "ircnicks": ["RyanCarr", "RyanCarr_"], "locale":`
		`+ "en-US", "timezone": "Australia/Brisbane", "gpgkeyids": None, "certificates": None, "creation": None, "locked": False, "uri": "http://fasjson.tinystage.test/fasjson/v1/users/ryancarr/"}`
		`+`
		`+ if not user_group_data:`
		`+ user_group_data = [{'groupname': 'developers', 'uri': 'http://fasjson.tinystage.test/fasjson/v1/groups/developers/'}, {'groupname': 'designers', 'uri': 'http://fasjson.tinystage.test/fasjson/v1/groups/designers/'}]`
		`+`
		`+ # assumption that first email is the default`
		`+ user_data['email'] = user_data['emails'][0]`
		`+`
		`+ # add the groups to the user_data`
		`+ user_data['groups'] = [ g['groupname'] for g in user_group_data]`
		`+`
		`+`
		`+ userattrs, extras = self.mapper.map_attributes(user_data)`
		`+ self.debug(f'user_data: {user_data}')`
		`+ self.debug(f'Userattrs: {userattrs}')`
		`+`
		`+ return userattrs`
		`+`
		`+`
		`+ class Installer(InfoProviderInstaller):`
		`+`
		`+ def __init__(self, *pargs):`
		`+ super(Installer, self).__init__()`
		`+ self.name = 'fasjson'`
		`+ self.pargs = pargs`
		`+`
		`+ def install_args(self, group):`
		`+ group.add_argument('--info-fasjson', choices=['yes', 'no'], default='no',`
		`+ help='Configure FAS info')`
		`+`
		`+ def configure(self, opts, changes):`
		`+ if opts['info_fasjson'] != 'yes':`
		`+ return`
		`+`
		`+ # Add configuration data to database`
		`+ po = PluginObject(*self.pargs)`
		`+ po.name = 'fasjson'`
		`+ po.wipe_data()`
		`+ po.wipe_config_values()`
		`+`
		`+ # Update global config to add login plugin`
		`+ po.is_enabled = True`
		`+ po.save_enabled_state()`

roles/ipsilon/tasks/main.yml

file modified

+11 -1

		`@@ -37,6 +37,16 @@`
		`tags:`
		`- ipsilon`

		`+ - name: Copy infofasjson (STAGING)`
		`+ copy: src=infofasjson.py`
		`+ dest=/usr/lib/python2.7/site-packages/ipsilon/info/infofasjson.py`
		`+ owner=root group=root mode=0644`
		`+ when: env == "staging"`
		`+ notify:`
		`+ - reload apache`
		`+ tags:`
		`+ - ipsilon`
		`+`
		`- name: Copy OpenID Connect scope registrations`
		`copy: src=oidc_scopes/{{item}}.py`
		`dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py`
		`@@ -62,7 +72,7 @@`
		`# owner=root group=root mode=0644`
		`# when: env == "staging"`
		`# with_items:`
		`- # -`
		`+ # -`
		`# notify:`
		`# - reload apache`
		`# tags:`

roles/ipsilon/templates/configuration.conf

file modified

+7 -3

		`@@ -5,15 +5,16 @@`
		`fas FAS Insecure Auth=False`

		`[info_config]`
		`+ {% if env == "production" %}`
		`global enabled=fas`
		`fas FAS url=https://admin{{env_suffix}}.fedoraproject.org/accounts/`
		`fas FAS Proxy client user Agent=Fedora Ipsilon`
		`fas FAS Insecure Auth=False`
		`fas Bind Username={{ ipsilon_fasinfo_username }}`
		`- {% if env == "production" %}`
		`fas Bind Password={{ ipsilon_fasinfo_prod_password }}`
		`{% else %}`
		`- fas Bind Password={{ ipsilon_fasinfo_stg_password }}`
		`+ global enabled=fasjson`
		`+ fasjson fasjson url=https://fasjson{{env_suffix}}.fedoraproject.org/`
		`{% endif %}`

		`[authz_config]`
		`@@ -42,8 +43,11 @@`
		`openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy`
		`openidc idp sig key id=20161031-sig`
		`openidc allow dynamic client registration=False`
		`+ {% if env == 'staging' %}`
		`+ openidc default attribute mapping = [["email", "email"], ["username", "preferred_username"], ["timezone", "zoneinfo"], ["locale", "locale"], ["human_name","name"], ["agreements","agreements"], ["groups","groups"]]`
		`+ {% else %}`
		`openidc default attribute mapping=[["", ""], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]`
		`-`
		`+ {% endif %}`
		`openid endpoint url=https://id{{env_suffix}}.fedoraproject.org/openid/`
		`openid identity url template=http://%(username)s.id{{env_suffix}}.fedoraproject.org/`
		`{% if env == 'staging' %}`

ryanlerch commented 3 years ago

STAGING: This adds the new infofasjson info plugin and configures it.

Signed-off-by: Ryan Lerch rlerch@redhat.com

zuul commented 3 years ago

Build succeeded.

fi-ansible--ansible-review-diff : SUCCESS in 2m 06s

abompard commented 3 years ago

I'm not going to merge this PR because it's still very much dev code, and I've changed the way ipsilon extensions are deployed. They are now deployed from: https://pagure.io/fedora-infra/ipsilon-fedora, which is where we'll put infofasjson.py for starters.

abompard commented 3 years ago

I did merge the config changes in 70f717 though.