forked from uncloud/uncloud
[ldap] bind with admin to get attributes
This commit is contained in:
parent
e2b5b5d102
commit
edbfb7964e
4 changed files with 44 additions and 22 deletions
|
@ -1,22 +1,27 @@
|
||||||
from rest_framework import viewsets, generics, permissions
|
from rest_framework import viewsets, generics, permissions
|
||||||
|
from rest_framework.response import Response
|
||||||
|
|
||||||
|
from django.contrib.auth import get_user_model
|
||||||
|
|
||||||
from .models import VM
|
from .models import VM
|
||||||
from .serializers import VMSerializer, OpenNebulaVMSerializer
|
from .serializers import VMSerializer, OpenNebulaVMSerializer
|
||||||
|
|
||||||
|
|
||||||
#class VMList(generics.ListAPIView):
|
|
||||||
# queryset = VM.objects.all()
|
|
||||||
# serializer_class = VMSerializer
|
|
||||||
|
|
||||||
|
|
||||||
class RawVMViewSet(viewsets.ModelViewSet):
|
class RawVMViewSet(viewsets.ModelViewSet):
|
||||||
# lookup_field = 'vmid'
|
|
||||||
queryset = VM.objects.all()
|
queryset = VM.objects.all()
|
||||||
serializer_class = VMSerializer
|
serializer_class = VMSerializer
|
||||||
permission_classes = [permissions.IsAuthenticated]
|
permission_classes = [permissions.IsAdminUser]
|
||||||
|
|
||||||
|
|
||||||
class VMViewSet(viewsets.ModelViewSet):
|
class VMViewSet(viewsets.ModelViewSet):
|
||||||
queryset = VM.objects.all()
|
|
||||||
serializer_class = OpenNebulaVMSerializer
|
|
||||||
|
|
||||||
permission_classes = [permissions.IsAuthenticated]
|
permission_classes = [permissions.IsAuthenticated]
|
||||||
|
|
||||||
|
def list(self, request):
|
||||||
|
queryset = VM.objects.filter(owner=request.user)
|
||||||
|
serializer = OpenNebulaVMSerializer(queryset, many=True)
|
||||||
|
return Response(serializer.data)
|
||||||
|
|
||||||
|
def retrieve(self, request, pk=None):
|
||||||
|
queryset = VM.objects.filter(owner=request.user)
|
||||||
|
user = get_object_or_404(queryset, pk=pk)
|
||||||
|
serializer = OpenNebulaVMSerializer(queryset)
|
||||||
|
return Response(serializer.data)
|
||||||
|
|
|
@ -8,3 +8,11 @@ OPENNEBULA_URL='https://opennebula.ungleich.ch:2634/RPC2'
|
||||||
OPENNEBULA_USER_PASS='user:password'
|
OPENNEBULA_USER_PASS='user:password'
|
||||||
|
|
||||||
POSTGRESQL_DB_NAME="uncloud"
|
POSTGRESQL_DB_NAME="uncloud"
|
||||||
|
|
||||||
|
|
||||||
|
# See https://django-auth-ldap.readthedocs.io/en/latest/authentication.html
|
||||||
|
LDAP_ADMIN_DN=""
|
||||||
|
LDAP_ADMIN_PASSWORD=""
|
||||||
|
LDAP_SERVER_URI = ""
|
||||||
|
|
||||||
|
SECRET_KEY="dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf"
|
||||||
|
|
|
@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
|
# Uncommitted file with secrets
|
||||||
|
import uncloud.secrets
|
||||||
|
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||||
|
|
||||||
|
@ -20,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||||
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
|
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
|
||||||
|
|
||||||
# SECURITY WARNING: keep the secret key used in production secret!
|
# SECURITY WARNING: keep the secret key used in production secret!
|
||||||
SECRET_KEY = 'dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf'
|
SECRET_KEY = uncloud.secrets.SECRET_KEY
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
DEBUG = True
|
DEBUG = True
|
||||||
|
@ -100,15 +104,25 @@ AUTH_PASSWORD_VALIDATORS = [
|
||||||
import ldap
|
import ldap
|
||||||
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
||||||
|
|
||||||
|
AUTH_LDAP_SERVER_URI = uncloud.secrets.LDAP_SERVER_URI
|
||||||
|
|
||||||
AUTH_LDAP_SERVER_URI = "ldaps://ldap1.ungleich.ch,ldaps://ldap2.ungleich.ch"
|
AUTH_LDAP_USER_ATTR_MAP = {
|
||||||
|
"first_name": "givenName",
|
||||||
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
|
"last_name": "sn",
|
||||||
|
"email": "mail"
|
||||||
|
}
|
||||||
|
|
||||||
|
AUTH_LDAP_BIND_DN = uncloud.secrets.LDAP_ADMIN_DN
|
||||||
|
AUTH_LDAP_BIND_PASSWORD = uncloud.secrets.LDAP_ADMIN_PASSWORD
|
||||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
||||||
"ou=customer,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
|
"dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
#AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=True
|
||||||
|
#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# AUTH/Django
|
# AUTH/Django
|
||||||
AUTHENTICATION_BACKENDS = [
|
AUTHENTICATION_BACKENDS = [
|
||||||
|
@ -150,8 +164,6 @@ USE_TZ = True
|
||||||
STATIC_URL = '/static/'
|
STATIC_URL = '/static/'
|
||||||
|
|
||||||
|
|
||||||
# Uncommitted file with secrets
|
|
||||||
import uncloud.secrets
|
|
||||||
|
|
||||||
|
|
||||||
# Database
|
# Database
|
||||||
|
|
|
@ -24,7 +24,7 @@ from opennebula import views as oneviews
|
||||||
router = routers.DefaultRouter()
|
router = routers.DefaultRouter()
|
||||||
router.register(r'users', views.UserViewSet)
|
router.register(r'users', views.UserViewSet)
|
||||||
router.register(r'groups', views.GroupViewSet)
|
router.register(r'groups', views.GroupViewSet)
|
||||||
router.register(r'opennebula', oneviews.VMViewSet)
|
router.register(r'opennebula', oneviews.VMViewSet, basename='opennebula')
|
||||||
router.register(r'opennebula_raw', oneviews.RawVMViewSet)
|
router.register(r'opennebula_raw', oneviews.RawVMViewSet)
|
||||||
|
|
||||||
# Wire up our API using automatic URL routing.
|
# Wire up our API using automatic URL routing.
|
||||||
|
@ -34,7 +34,4 @@ urlpatterns = [
|
||||||
path('admin/', admin.site.urls),
|
path('admin/', admin.site.urls),
|
||||||
path('products/', views.ProductsView.as_view(), name='products'),
|
path('products/', views.ProductsView.as_view(), name='products'),
|
||||||
path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
|
path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
|
||||||
# path('vm/list/', oneviews.VMList.as_view(), name='vm_list'),
|
|
||||||
# path('vm/detail/<int:vmid>/', oneviews.VMDetail.as_view(), name='vm_detail'),
|
|
||||||
|
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in a new issue