forked from uncloud/uncloud
[ldap] bind with admin to get attributes
This commit is contained in:
parent
e2b5b5d102
commit
edbfb7964e
4 changed files with 44 additions and 22 deletions
|
@ -1,22 +1,27 @@
|
|||
from rest_framework import viewsets, generics, permissions
|
||||
from rest_framework.response import Response
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
|
||||
from .models import VM
|
||||
from .serializers import VMSerializer, OpenNebulaVMSerializer
|
||||
|
||||
|
||||
#class VMList(generics.ListAPIView):
|
||||
# queryset = VM.objects.all()
|
||||
# serializer_class = VMSerializer
|
||||
|
||||
|
||||
class RawVMViewSet(viewsets.ModelViewSet):
|
||||
# lookup_field = 'vmid'
|
||||
queryset = VM.objects.all()
|
||||
serializer_class = VMSerializer
|
||||
permission_classes = [permissions.IsAuthenticated]
|
||||
permission_classes = [permissions.IsAdminUser]
|
||||
|
||||
|
||||
class VMViewSet(viewsets.ModelViewSet):
|
||||
queryset = VM.objects.all()
|
||||
serializer_class = OpenNebulaVMSerializer
|
||||
|
||||
permission_classes = [permissions.IsAuthenticated]
|
||||
|
||||
def list(self, request):
|
||||
queryset = VM.objects.filter(owner=request.user)
|
||||
serializer = OpenNebulaVMSerializer(queryset, many=True)
|
||||
return Response(serializer.data)
|
||||
|
||||
def retrieve(self, request, pk=None):
|
||||
queryset = VM.objects.filter(owner=request.user)
|
||||
user = get_object_or_404(queryset, pk=pk)
|
||||
serializer = OpenNebulaVMSerializer(queryset)
|
||||
return Response(serializer.data)
|
||||
|
|
|
@ -8,3 +8,11 @@ OPENNEBULA_URL='https://opennebula.ungleich.ch:2634/RPC2'
|
|||
OPENNEBULA_USER_PASS='user:password'
|
||||
|
||||
POSTGRESQL_DB_NAME="uncloud"
|
||||
|
||||
|
||||
# See https://django-auth-ldap.readthedocs.io/en/latest/authentication.html
|
||||
LDAP_ADMIN_DN=""
|
||||
LDAP_ADMIN_PASSWORD=""
|
||||
LDAP_SERVER_URI = ""
|
||||
|
||||
SECRET_KEY="dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf"
|
||||
|
|
|
@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/
|
|||
|
||||
import os
|
||||
|
||||
# Uncommitted file with secrets
|
||||
import uncloud.secrets
|
||||
|
||||
|
||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
|
||||
|
@ -20,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|||
# See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/
|
||||
|
||||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY = 'dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf'
|
||||
SECRET_KEY = uncloud.secrets.SECRET_KEY
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = True
|
||||
|
@ -100,15 +104,25 @@ AUTH_PASSWORD_VALIDATORS = [
|
|||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
||||
|
||||
AUTH_LDAP_SERVER_URI = uncloud.secrets.LDAP_SERVER_URI
|
||||
|
||||
AUTH_LDAP_SERVER_URI = "ldaps://ldap1.ungleich.ch,ldaps://ldap2.ungleich.ch"
|
||||
|
||||
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
|
||||
AUTH_LDAP_USER_ATTR_MAP = {
|
||||
"first_name": "givenName",
|
||||
"last_name": "sn",
|
||||
"email": "mail"
|
||||
}
|
||||
|
||||
AUTH_LDAP_BIND_DN = uncloud.secrets.LDAP_ADMIN_DN
|
||||
AUTH_LDAP_BIND_PASSWORD = uncloud.secrets.LDAP_ADMIN_PASSWORD
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
||||
"ou=customer,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
|
||||
"dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
|
||||
)
|
||||
|
||||
#AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=True
|
||||
#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
|
||||
|
||||
|
||||
|
||||
################################################################################
|
||||
# AUTH/Django
|
||||
AUTHENTICATION_BACKENDS = [
|
||||
|
@ -150,8 +164,6 @@ USE_TZ = True
|
|||
STATIC_URL = '/static/'
|
||||
|
||||
|
||||
# Uncommitted file with secrets
|
||||
import uncloud.secrets
|
||||
|
||||
|
||||
# Database
|
||||
|
|
|
@ -24,7 +24,7 @@ from opennebula import views as oneviews
|
|||
router = routers.DefaultRouter()
|
||||
router.register(r'users', views.UserViewSet)
|
||||
router.register(r'groups', views.GroupViewSet)
|
||||
router.register(r'opennebula', oneviews.VMViewSet)
|
||||
router.register(r'opennebula', oneviews.VMViewSet, basename='opennebula')
|
||||
router.register(r'opennebula_raw', oneviews.RawVMViewSet)
|
||||
|
||||
# Wire up our API using automatic URL routing.
|
||||
|
@ -34,7 +34,4 @@ urlpatterns = [
|
|||
path('admin/', admin.site.urls),
|
||||
path('products/', views.ProductsView.as_view(), name='products'),
|
||||
path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
|
||||
# path('vm/list/', oneviews.VMList.as_view(), name='vm_list'),
|
||||
# path('vm/detail/<int:vmid>/', oneviews.VMDetail.as_view(), name='vm_detail'),
|
||||
|
||||
]
|
||||
|
|
Loading…
Reference in a new issue