use primitive values for task parameters
- remove all code from osusers.models - add description field to ldapentities.models.LdapGroup - change tasks defined in osusers.tasks to use primitive values as parameters to avoid serialization and model synchronization
This commit is contained in:
parent
5174e144ba
commit
4b9d8d02ba
3 changed files with 114 additions and 53 deletions
|
@ -23,6 +23,7 @@ class LdapGroup(ldapmodels.Model):
|
||||||
# posixGroup attributes
|
# posixGroup attributes
|
||||||
gid = IntegerField(db_column='gidNumber', unique=True)
|
gid = IntegerField(db_column='gidNumber', unique=True)
|
||||||
name = CharField(db_column='cn', max_length=200, primary_key=True)
|
name = CharField(db_column='cn', max_length=200, primary_key=True)
|
||||||
|
description = CharField(db_column='description')
|
||||||
members = ListField(db_column='memberUid', blank=True)
|
members = ListField(db_column='memberUid', blank=True)
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
from django.db import models
|
|
||||||
from django.utils.encoding import python_2_unicode_compatible
|
|
||||||
from django.utils.translation import ugettext as _
|
|
||||||
|
|
||||||
from model_utils.models import TimeStampedModel
|
|
||||||
|
|
||||||
|
|
||||||
@python_2_unicode_compatible
|
|
||||||
class Group(TimeStampedModel, models.Model):
|
|
||||||
groupname = models.CharField(
|
|
||||||
_('Group name'), max_length=16, unique=True)
|
|
||||||
gid = models.PositiveSmallIntegerField(
|
|
||||||
_('Group ID'), unique=True, primary_key=True)
|
|
||||||
descr = models.TextField(_('Description'), blank=True)
|
|
||||||
passwd = models.CharField(
|
|
||||||
_('Group password'), max_length=128, blank=True)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
verbose_name = _('Group')
|
|
||||||
verbose_name_plural = _('Groups')
|
|
||||||
|
|
||||||
def __str__(self):
|
|
||||||
return '{0} ({1})'.format(self.groupname, self.gid)
|
|
||||||
|
|
||||||
|
|
||||||
@python_2_unicode_compatible
|
|
||||||
class User(TimeStampedModel, models.Model):
|
|
||||||
username = models.CharField(
|
|
||||||
_('User name'), max_length=64, unique=True)
|
|
||||||
uid = models.PositiveSmallIntegerField(
|
|
||||||
_('User ID'), unique=True, primary_key=True)
|
|
||||||
group = models.ForeignKey(Group, verbose_name=_('Group'))
|
|
||||||
gecos = models.CharField(_('Gecos field'), max_length=128, blank=True)
|
|
||||||
homedir = models.CharField(_('Home directory'), max_length=256)
|
|
||||||
shell = models.CharField(_('Login shell'), max_length=64)
|
|
||||||
|
|
||||||
class Meta:
|
|
||||||
verbose_name = _('User')
|
|
||||||
verbose_name_plural = _('Users')
|
|
||||||
|
|
||||||
def __str__(self):
|
|
||||||
return '{0} ({1})'.format(self.username, self.uid)
|
|
|
@ -1,28 +1,130 @@
|
||||||
from __future__ import absolute_import
|
from __future__ import absolute_import
|
||||||
|
|
||||||
|
from django.core.exceptions import ObjectDoesNotExist
|
||||||
from celery import shared_task
|
from celery import shared_task
|
||||||
|
from celery.utils.log import get_task_logger
|
||||||
|
from celery.exceptions import Reject
|
||||||
from ldapentities.models import (
|
from ldapentities.models import (
|
||||||
LdapGroup,
|
LdapGroup,
|
||||||
LdapUser,
|
LdapUser,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
_logger = get_task_logger(__name__)
|
||||||
|
|
||||||
|
|
||||||
@shared_task
|
@shared_task
|
||||||
def create_ldap_group(group):
|
def create_ldap_group(groupname, gid, descr):
|
||||||
ldapgroup = LdapGroup(gid=group.gid, name=group.groupname)
|
try:
|
||||||
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
||||||
|
_logger.info(
|
||||||
|
'ldap group with dn {0} already exists'.format(ldapgroup.dn)
|
||||||
|
)
|
||||||
|
ldapgroup.gid = gid
|
||||||
|
except LdapGroup.DoesNotExist:
|
||||||
|
ldapgroup = LdapGroup(gid=gid, name=groupname)
|
||||||
|
ldapgroup.description = descr
|
||||||
ldapgroup.save()
|
ldapgroup.save()
|
||||||
return ldapgroup.dn
|
return ldapgroup.dn
|
||||||
|
|
||||||
|
|
||||||
@shared_task
|
@shared_task
|
||||||
def create_ldap_user(user, password):
|
def create_ldap_user(username, uid, gid, gecos, homedir, shell, password):
|
||||||
ldapuser = LdapUser(
|
try:
|
||||||
uid=user.uid, group=user.group.gid, gecos=user.gecos,
|
ldapuser = LdapUser.objects.get(username=username)
|
||||||
home_directory=user.homedir, login_shell=user.shell,
|
_logger.info(
|
||||||
username=user.username, common_name=user.username)
|
'ldap user with dn {0} already exists'.format(ldapuser.dn)
|
||||||
ldapuser.set_password(password)
|
)
|
||||||
ldapgroup = LdapGroup.objects.get(gid=ldapuser.group)
|
except LdapUser.DoesNotExist:
|
||||||
ldapgroup.members.append(ldapuser.username)
|
ldapuser = LdapUser(username=username)
|
||||||
ldapgroup.save()
|
try:
|
||||||
|
ldapgroup = LdapGroup.objects.get(gid=gid)
|
||||||
|
except ObjectDoesNotExist as exc:
|
||||||
|
_logger.info('ldap group with gid {0} does not exist')
|
||||||
|
raise Reject(exc, requeue=False)
|
||||||
|
ldapuser.uid = uid
|
||||||
|
ldapuser.group = gid
|
||||||
|
ldapuser.gecos = gecos
|
||||||
|
ldapuser.home_directory = homedir
|
||||||
|
ldapuser.login_shell = shell
|
||||||
|
ldapuser.username = username
|
||||||
|
ldapuser.common_name = username
|
||||||
|
if password is not None:
|
||||||
|
ldapuser.set_password(password)
|
||||||
|
if ldapuser.username in ldapgroup.members:
|
||||||
|
_logger.info('user {0} is already member of {1}'.format(
|
||||||
|
ldapuser.username, ldapgroup.dn)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
ldapgroup.members.append(ldapuser.username)
|
||||||
|
ldapgroup.save()
|
||||||
ldapuser.save()
|
ldapuser.save()
|
||||||
return ldapuser.dn
|
return ldapuser.dn
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task(bind=True)
|
||||||
|
def add_ldap_user_to_group(self, username, groupname):
|
||||||
|
try:
|
||||||
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
||||||
|
ldapuser = LdapUser.objects.get(username=username)
|
||||||
|
except LdapGroup.DoesNotExist:
|
||||||
|
_logger.error('ldap group {0} does not exist'.format(groupname))
|
||||||
|
except LdapUser.DoesNotExist as exc:
|
||||||
|
_logger.error('ldap user {0} does not exist'.format(username))
|
||||||
|
self.retry(exc=exc, time_limit=5)
|
||||||
|
else:
|
||||||
|
if not ldapuser.username in ldapgroup.members:
|
||||||
|
ldapgroup.members.append(ldapuser.username)
|
||||||
|
ldapgroup.save()
|
||||||
|
else:
|
||||||
|
_logger.info('ldap user {0} is already in group {1}'.format(
|
||||||
|
ldapuser.username, ldapgroup.dn)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def remove_ldap_user_from_group(username, groupname):
|
||||||
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
||||||
|
ldapuser = LdapUser.objects.get(username=username)
|
||||||
|
if ldapuser.username in ldapgroup.members:
|
||||||
|
ldapgroup.members.remove(ldapuser.username)
|
||||||
|
ldapgroup.save()
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def delete_ldap_user(username):
|
||||||
|
try:
|
||||||
|
ldapuser = LdapUser.objects.get(username=username)
|
||||||
|
except LdapUser.DoesNotExist:
|
||||||
|
_logger.info('there is no ldap user with uid {0}'.format(
|
||||||
|
username)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
try:
|
||||||
|
ldapgroup = LdapGroup.objects.get(gid=ldapuser.group)
|
||||||
|
except LdapGroup.DoesNotExist:
|
||||||
|
_logger.info('group {0} for user {1} does not exist'.format(
|
||||||
|
ldapuser.group, ldapuser.username)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
if ldapuser.username in ldapgroup.members:
|
||||||
|
ldapgroup.members.remove(ldapuser.username)
|
||||||
|
ldapgroup.save()
|
||||||
|
ldapuser.delete()
|
||||||
|
|
||||||
|
|
||||||
|
@shared_task
|
||||||
|
def delete_ldap_group_if_empty(groupname):
|
||||||
|
try:
|
||||||
|
ldapgroup = LdapGroup.objects.get(name=groupname)
|
||||||
|
except LdapGroup.DoesNotExist:
|
||||||
|
_logger.info('ldap group with name {0} does not exist'.format(
|
||||||
|
groupname)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
if len(ldapgroup.members) == 0:
|
||||||
|
ldapgroup.delete()
|
||||||
|
else:
|
||||||
|
_logger.info('ldap group {0} still has {1} members'.format(
|
||||||
|
ldapgroup.dn, len(ldapgroup.members))
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in a new issue