commit
80f514fa90
|
@ -4,6 +4,9 @@ on:
|
||||||
push:
|
push:
|
||||||
branches-ignore:
|
branches-ignore:
|
||||||
- release
|
- release
|
||||||
|
pull_request:
|
||||||
|
branches-ignore:
|
||||||
|
- release
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
|
|
@ -70,8 +70,7 @@ AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||||
AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
|
AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
|
||||||
|
|
||||||
# Cache groups for one hour to reduce LDAP traffic
|
# Cache groups for one hour to reduce LDAP traffic
|
||||||
AUTH_LDAP_CACHE_GROUPS = os.environ.get('AUTH_LDAP_CACHE_GROUPS', 'True').lower() == 'true'
|
AUTH_LDAP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600))
|
||||||
AUTH_LDAP_GROUP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_GROUP_CACHE_TIMEOUT', 3600))
|
|
||||||
|
|
||||||
# Populate the Django user from the LDAP directory.
|
# Populate the Django user from the LDAP directory.
|
||||||
AUTH_LDAP_USER_ATTR_MAP = {
|
AUTH_LDAP_USER_ATTR_MAP = {
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# applications:
|
# applications:
|
||||||
# users:
|
# users:
|
||||||
# - technical_user
|
# - technical_user
|
||||||
|
@ -8,9 +20,16 @@
|
||||||
# users:
|
# users:
|
||||||
# - writer
|
# - writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
# vm_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*_virtualmachine'
|
||||||
|
# device_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*device*'
|
||||||
|
# creators:
|
||||||
|
# permissions:
|
||||||
|
# - add_*
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# technical_user:
|
# technical_user:
|
||||||
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
||||||
# reader:
|
# reader:
|
||||||
|
@ -5,9 +17,7 @@
|
||||||
# writer:
|
# writer:
|
||||||
# password: writer
|
# password: writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
|
|
@ -20,15 +20,23 @@ with file.open('r') as stream:
|
||||||
username = username,
|
username = username,
|
||||||
password = user_details.get('password', 0) or User.objects.make_random_password)
|
password = user_details.get('password', 0) or User.objects.make_random_password)
|
||||||
|
|
||||||
print("👤 Created user ",username)
|
print("👤 Created user",username)
|
||||||
|
|
||||||
if user_details.get('api_token', 0):
|
if user_details.get('api_token', 0):
|
||||||
Token.objects.create(user=user, key=user_details['api_token'])
|
Token.objects.create(user=user, key=user_details['api_token'])
|
||||||
|
|
||||||
user_permissions = user_details.get('permissions', [])
|
yaml_permissions = user_details.get('permissions', [])
|
||||||
if user_permissions:
|
if yaml_permissions:
|
||||||
user.user_permissions.clear()
|
subject = user.user_permissions
|
||||||
for permission_codename in user_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
user.user_permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
user.save()
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|
|
@ -24,9 +24,18 @@ with file.open('r') as stream:
|
||||||
if user:
|
if user:
|
||||||
user.groups.add(group)
|
user.groups.add(group)
|
||||||
|
|
||||||
group_permissions = group_details.get('permissions', [])
|
yaml_permissions = group_details.get('permissions', [])
|
||||||
if group_permissions:
|
if yaml_permissions:
|
||||||
group.permissions.clear()
|
subject = group.permissions
|
||||||
for permission_codename in group_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
group.permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|
Loading…
Reference in New Issue