NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-24 08:25:17 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

11508 review feedback change config key

Browse Source
This commit is contained in:
Arthur 2023-08-16 08:32:28 -07:00
parent 96216cf1ec
commit 57bcb8199d
2 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/administration/authentication/microsoft-azure-ad.md
View File

@ -82,20 +82,23 @@ SOCIAL_AUTH_PIPELINE = (
) )
# Define special user types using groups. Exercise great caution when assigning superuser status. # Define special user types using groups. Exercise great caution when assigning superuser status.
REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP = { SOCIAL_AUTH_PIPELINE_CONFIG = {
"is_staff": ['{AZURE_GROUP_ID}',], 'AZUREAD_USER_FLAGS_BY_GROUP': {
"is_superuser": ['{AZURE_GROUP_ID}',] "is_staff": ['{AZURE_GROUP_ID}',],
} "is_superuser": ['{AZURE_GROUP_ID}',]
},
'AZUREAD_GROUP_MAP': {
'{AZURE_GROUP_ID}': '{NETBOX_GROUP}',
}
REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP = {
'{AZURE_GROUP_ID}': '{NETBOX_GROUP}',
} }
``` ```
**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them. **AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them.
**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them. **AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them.
**REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name. **AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name.
## Testing ## Testing

18
netbox/netbox/authentication.py
View File

@ -398,18 +398,24 @@ def azuread_map_groups(response, user, backend, *args, **kwargs):
''' '''
logger = logging.getLogger('netbox.auth.azuread_map_groups') logger = logging.getLogger('netbox.auth.azuread_map_groups')
if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP"): if not hasattr(settings, "SOCIAL_AUTH_PIPELINE_CONFIG"):
raise ImproperlyConfigured( raise ImproperlyConfigured(
"Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP is not defined." "Azure group mapping has been configured, but SOCIAL_AUTH_PIPELINE_CONFIG is not defined."
) )
if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP"): config = getattr(settings, "SOCIAL_AUTH_PIPELINE_CONFIG")
if "AZUREAD_USER_FLAGS_BY_GROUP" not in config:
raise ImproperlyConfigured( raise ImproperlyConfigured(
"Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP is not defined." "Azure group mapping has been configured, but AZUREAD_USER_FLAGS_BY_GROUP is not defined."
) )
flags_by_group = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP") if "AZUREAD_GROUP_MAP" not in config:
group_mapping = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP") raise ImproperlyConfigured(
"Azure group mapping has been configured, but AZUREAD_GROUP_MAP is not defined."
)
flags_by_group = config["AZUREAD_USER_FLAGS_BY_GROUP"]
group_mapping = config["AZUREAD_GROUP_MAP"]
access_token = response.get('access_token') access_token = response.get('access_token')
headers = { headers = {