mirror of
https://github.com/netbox-community/netbox.git
synced 2025-12-20 12:22:23 -06:00
Vapor API Scaffold (#2)
* Updated README * Start of Vapor Netbox Module * Add api/vapor route * Ignore virtualenv * Query devices assigned to users * Add vapor/interfaces route * adds docker-compose file to manage postgres/redis - Initial test suite for the vapor api module. (Django tests are kind of hard and slow) * Init pipeline - Adds a tox harness to run the test suite - Test running in tox - Clone example config to config.py - Add the kubernetes agent + dependent services to complete tests in the podspec - some really hacky sed configuration on the fly * Init Docker build - Adds the dockerfile assets from vapor-ware/netbox-docker - Slight changes to keep the root directory clean (nesting dirs in docker path) - Adds a rudimentary job label to build on micro-k8s builder - adds docker build/publish stages to the pipeline for branch builds. - dockerignore the project dir as its fetching packages from GHAPI * Cleanups * More unittests
This commit is contained in:
Marco Ceppi
GitHub
81
docker/configuration/ldap_config.py
Normal file
81
docker/configuration/ldap_config.py
Normal file
@@ -0,0 +1,81 @@
|
||||
import ldap
|
||||
import os
|
||||
|
||||
from django_auth_ldap.config import LDAPSearch
|
||||
from importlib import import_module
|
||||
|
||||
# Read secret from file
|
||||
def read_secret(secret_name):
|
||||
try:
|
||||
f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
|
||||
except EnvironmentError:
|
||||
return ''
|
||||
else:
|
||||
with f:
|
||||
return f.readline().strip()
|
||||
|
||||
# Import and return the group type based on string name
|
||||
def import_group_type(group_type_name):
|
||||
mod = import_module('django_auth_ldap.config')
|
||||
try:
|
||||
return getattr(mod, group_type_name)()
|
||||
except:
|
||||
return None
|
||||
|
||||
# Server URI
|
||||
AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', '')
|
||||
|
||||
# The following may be needed if you are binding to Active Directory.
|
||||
AUTH_LDAP_CONNECTION_OPTIONS = {
|
||||
ldap.OPT_REFERRALS: 0
|
||||
}
|
||||
|
||||
# Set the DN and password for the NetBox service account.
|
||||
AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
|
||||
AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', read_secret('auth_ldap_bind_password'))
|
||||
|
||||
# Set a string template that describes any user’s distinguished name based on the username.
|
||||
AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None)
|
||||
|
||||
# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
|
||||
# Note that this is a NetBox-specific setting which sets:
|
||||
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
|
||||
LDAP_IGNORE_CERT_ERRORS = os.environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
|
||||
|
||||
AUTH_LDAP_USER_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
|
||||
AUTH_LDAP_USER_SEARCH_ATTR = os.environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_BASEDN,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
"(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)")
|
||||
|
||||
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
|
||||
# heirarchy.
|
||||
AUTH_LDAP_GROUP_SEARCH_BASEDN = os.environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
|
||||
AUTH_LDAP_GROUP_SEARCH_CLASS = os.environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
|
||||
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
|
||||
"(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
|
||||
AUTH_LDAP_GROUP_TYPE = import_group_type(os.environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
|
||||
|
||||
# Define a group required to login.
|
||||
AUTH_LDAP_REQUIRE_GROUP = os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '')
|
||||
|
||||
# Define special user types using groups. Exercise great caution when assigning superuser status.
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||
"is_active": os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
|
||||
"is_staff": os.environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
|
||||
"is_superuser": os.environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
|
||||
}
|
||||
|
||||
# For more granular permissions, we can map LDAP groups to Django groups.
|
||||
AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
|
||||
|
||||
# Cache groups for one hour to reduce LDAP traffic
|
||||
AUTH_LDAP_CACHE_GROUPS = os.environ.get('AUTH_LDAP_CACHE_GROUPS', 'True').lower() == 'true'
|
||||
AUTH_LDAP_GROUP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_GROUP_CACHE_TIMEOUT', 3600))
|
||||
|
||||
# Populate the Django user from the LDAP directory.
|
||||
AUTH_LDAP_USER_ATTR_MAP = {
|
||||
"first_name": os.environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'),
|
||||
"last_name": os.environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
|
||||
"email": os.environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
|
||||
}
|
||||
Reference in New Issue
Block a user