Skip to content

Commit

Permalink
Merge branch 'main' into feature/keycloak
Browse files Browse the repository at this point in the history
  • Loading branch information
jemrobinson authored May 23, 2024
2 parents eaee027 + 9d13b8f commit 1ea7bf0
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 18 deletions.
3 changes: 3 additions & 0 deletions apricot/ldap/oauth_ldap_entry.py
Original file line number Diff line number Diff line change
Expand Up @@ -83,3 +83,6 @@ def _bind(password: bytes) -> "OAuthLDAPEntry":
raise LDAPInvalidCredentials(msg)

return defer.maybeDeferred(_bind, password)

def list_children(self) -> "list[OAuthLDAPEntry]":
return [cast(OAuthLDAPEntry, entry) for entry in self._children.values()]
18 changes: 16 additions & 2 deletions apricot/ldap/oauth_ldap_tree.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,15 +77,29 @@ def root(self) -> OAuthLDAPEntry:

# Add groups to the groups OU
if self.debug:
log.msg(f"Adding {len(oauth_adaptor.groups)} groups to the LDAP tree.")
log.msg(
f"Attempting to add {len(oauth_adaptor.groups)} groups to the LDAP tree."
)
for group_attrs in oauth_adaptor.groups:
groups_ou.add_child(f"CN={group_attrs.cn}", group_attrs.to_dict())
if self.debug:
children = groups_ou.list_children()
for child in children:
log.msg(f"... {child.dn.getText()}")
log.msg(f"There are {len(children)} groups in the LDAP tree.")

# Add users to the users OU
if self.debug:
log.msg(f"Adding {len(oauth_adaptor.users)} users to the LDAP tree.")
log.msg(
f"Attempting to add {len(oauth_adaptor.users)} users to the LDAP tree."
)
for user_attrs in oauth_adaptor.users:
users_ou.add_child(f"CN={user_attrs.cn}", user_attrs.to_dict())
if self.debug:
children = users_ou.list_children()
for child in children:
log.msg(f"... {child.dn.getText()}")
log.msg(f"There are {len(children)} users in the LDAP tree.")

# Set last updated time
log.msg("Finished building LDAP tree.")
Expand Down
37 changes: 21 additions & 16 deletions apricot/oauth/microsoft_entra_client.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
from typing import Any, cast

from twisted.python import log

from apricot.types import JSONDict

from .oauth_client import OAuthClient
Expand Down Expand Up @@ -28,19 +30,19 @@ def extract_token(self, json_response: JSONDict) -> str:

def groups(self) -> list[JSONDict]:
output = []
try:
queries = [
"createdDateTime",
"displayName",
"id",
]
group_data = self.query(
f"https://graph.microsoft.com/v1.0/groups?$select={','.join(queries)}"
)
for group_dict in cast(
list[JSONDict],
sorted(group_data["value"], key=lambda group: group["createdDateTime"]),
):
queries = [
"createdDateTime",
"displayName",
"id",
]
group_data = self.query(
f"https://graph.microsoft.com/v1.0/groups?$select={','.join(queries)}"
)
for group_dict in cast(
list[JSONDict],
sorted(group_data["value"], key=lambda group: group["createdDateTime"]),
):
try:
group_uid = self.uid_cache.get_group_uid(group_dict["id"])
attributes: JSONDict = {}
attributes["cn"] = group_dict.get("displayName", None)
Expand All @@ -54,11 +56,14 @@ def groups(self) -> list[JSONDict]:
attributes["memberUid"] = [
str(user["userPrincipalName"]).split("@")[0]
for user in members["value"]
if user["userPrincipalName"]
if user.get("userPrincipalName")
]
output.append(attributes)
except KeyError:
pass
except KeyError as exc:
msg = (
f"Failed to process group {group_dict} due to a missing key {exc}."
)
log.msg(msg)
return output

def users(self) -> list[JSONDict]:
Expand Down
10 changes: 10 additions & 0 deletions apricot/oauth/oauth_data_adaptor.py
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,11 @@ def _retrieve_entries(
for parent_dict in oauth_groups + user_primary_groups + groups_of_groups
if child_dn in parent_dict["member"]
]
if self.debug:
for group_name in child_dict["memberOf"]:
log.msg(
f"... user '{child_dict['cn']}' is a member of '{group_name}'"
)

# Ensure memberOf is set correctly for groups
for child_dict in oauth_groups + user_primary_groups + groups_of_groups:
Expand All @@ -141,6 +146,11 @@ def _retrieve_entries(
for parent_dict in oauth_groups + user_primary_groups + groups_of_groups
if child_dn in parent_dict["member"]
]
if self.debug:
for group_name in child_dict["memberOf"]:
log.msg(
f"... group '{child_dict['cn']}' is a member of '{group_name}'"
)

# Annotate group and user dicts with the appropriate LDAP classes
annotated_groups = [
Expand Down

0 comments on commit 1ea7bf0

Please sign in to comment.