11508 review feedback change config key

2025-08-24 08:25:17 -06:00 · 2023-08-16 08:32:28 -07:00 · 2023-08-16 08:32:28 -07:00 · 57bcb8199d
commit 57bcb8199d
parent 96216cf1ec
2 changed files with 24 additions and 15 deletions
--- a/docs/administration/authentication/microsoft-azure-ad.md
+++ b/docs/administration/authentication/microsoft-azure-ad.md
@ -82,20 +82,23 @@ SOCIAL_AUTH_PIPELINE = (
 )

 # Define special user types using groups. Exercise great caution when assigning superuser status.
-REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP = {
-    "is_staff": ['{AZURE_GROUP_ID}',],
-    "is_superuser": ['{AZURE_GROUP_ID}',]
-}
+SOCIAL_AUTH_PIPELINE_CONFIG = {
+    'AZUREAD_USER_FLAGS_BY_GROUP': {
+        "is_staff": ['{AZURE_GROUP_ID}',],
+        "is_superuser": ['{AZURE_GROUP_ID}',]
+    },
+
+    'AZUREAD_GROUP_MAP': {
+        '{AZURE_GROUP_ID}': '{NETBOX_GROUP}',
+    }

-REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP = {
-    '{AZURE_GROUP_ID}': '{NETBOX_GROUP}',
 }
 ```
-**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them.
+**AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them.

-**REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them.
+**AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them.

-**REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name.
+**AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name.

 ## Testing

--- a/netbox/netbox/authentication.py
+++ b/netbox/netbox/authentication.py
@ -398,18 +398,24 @@ def azuread_map_groups(response, user, backend, *args, **kwargs):
    '''
    logger = logging.getLogger('netbox.auth.azuread_map_groups')

-    if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP"):
+    if not hasattr(settings, "SOCIAL_AUTH_PIPELINE_CONFIG"):
        raise ImproperlyConfigured(
-            "Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP is not defined."
+            "Azure group mapping has been configured, but SOCIAL_AUTH_PIPELINE_CONFIG is not defined."
        )

-    if not hasattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP"):
+    config = getattr(settings, "SOCIAL_AUTH_PIPELINE_CONFIG")
+    if "AZUREAD_USER_FLAGS_BY_GROUP" not in config:
        raise ImproperlyConfigured(
-            "Azure group mapping has been configured, but REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP is not defined."
+            "Azure group mapping has been configured, but AZUREAD_USER_FLAGS_BY_GROUP is not defined."
        )

-    flags_by_group = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_USER_FLAGS_BY_GROUP")
-    group_mapping = getattr(settings, "REMOTE_AUTH_BACKEND_AZUREAD_GROUP_MAP")
+    if "AZUREAD_GROUP_MAP" not in config:
+        raise ImproperlyConfigured(
+            "Azure group mapping has been configured, but AZUREAD_GROUP_MAP is not defined."
+        )
+
+    flags_by_group = config["AZUREAD_USER_FLAGS_BY_GROUP"]
+    group_mapping = config["AZUREAD_GROUP_MAP"]

    access_token = response.get('access_token')
    headers = {