[ldap] bind with admin to get attributes

2020-02-23 16:52:30 +01:00 · 2020-02-23 16:52:30 +01:00 · edbfb7964e
parent e2b5b5d102
commit edbfb7964e
4 changed files with 44 additions and 22 deletions
--- a/uncloud/opennebula/views.py
+++ b/uncloud/opennebula/views.py
@ -1,22 +1,27 @@
 from rest_framework import viewsets, generics, permissions
+from rest_framework.response import Response
+
+from django.contrib.auth import get_user_model
+
 from .models import VM
 from .serializers import VMSerializer, OpenNebulaVMSerializer

-
-#class VMList(generics.ListAPIView):
-#    queryset = VM.objects.all()
-#    serializer_class = VMSerializer
-
-
 class RawVMViewSet(viewsets.ModelViewSet):
-#    lookup_field = 'vmid'
    queryset = VM.objects.all()
    serializer_class = VMSerializer
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = [permissions.IsAdminUser]


 class VMViewSet(viewsets.ModelViewSet):
-    queryset = VM.objects.all()
-    serializer_class = OpenNebulaVMSerializer
-
    permission_classes = [permissions.IsAuthenticated]
+
+    def list(self, request):
+        queryset = VM.objects.filter(owner=request.user)
+        serializer = OpenNebulaVMSerializer(queryset, many=True)
+        return Response(serializer.data)
+
+    def retrieve(self, request, pk=None):
+        queryset = VM.objects.filter(owner=request.user)
+        user = get_object_or_404(queryset, pk=pk)
+        serializer = OpenNebulaVMSerializer(queryset)
+        return Response(serializer.data)
--- a/uncloud/uncloud/secrets_sample.py
+++ b/uncloud/uncloud/secrets_sample.py
@ -8,3 +8,11 @@ OPENNEBULA_URL='https://opennebula.ungleich.ch:2634/RPC2'
 OPENNEBULA_USER_PASS='user:password'

 POSTGRESQL_DB_NAME="uncloud"
+
+
+# See https://django-auth-ldap.readthedocs.io/en/latest/authentication.html
+LDAP_ADMIN_DN=""
+LDAP_ADMIN_PASSWORD=""
+LDAP_SERVER_URI = ""
+
+SECRET_KEY="dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf"
--- a/uncloud/uncloud/settings.py
+++ b/uncloud/uncloud/settings.py
@ -12,6 +12,10 @@ https://docs.djangoproject.com/en/3.0/ref/settings/

 import os

+# Uncommitted file with secrets
+import uncloud.secrets
+
+
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

@ -20,7 +24,7 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 # See https://docs.djangoproject.com/en/3.0/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'dx$iqt=lc&yrp^!z5$ay^%g5lhx1y3bcu=jg(jx0yj0ogkfqvf'
+SECRET_KEY = uncloud.secrets.SECRET_KEY

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
@ -100,15 +104,25 @@ AUTH_PASSWORD_VALIDATORS = [
 import ldap
 from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion

+AUTH_LDAP_SERVER_URI = uncloud.secrets.LDAP_SERVER_URI

-AUTH_LDAP_SERVER_URI = "ldaps://ldap1.ungleich.ch,ldaps://ldap2.ungleich.ch"
-
-AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}

+AUTH_LDAP_BIND_DN = uncloud.secrets.LDAP_ADMIN_DN
+AUTH_LDAP_BIND_PASSWORD = uncloud.secrets.LDAP_ADMIN_PASSWORD
 AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    "ou=customer,dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
+    "dc=ungleich,dc=ch", ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
 )

+#AUTH_LDAP_BIND_AS_AUTHENTICATING_USER=True
+#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=customer,dc=ungleich,dc=ch"
+
+
+
 ################################################################################
 # AUTH/Django
 AUTHENTICATION_BACKENDS = [
@ -150,8 +164,6 @@ USE_TZ = True
 STATIC_URL = '/static/'


-# Uncommitted file with secrets
-import uncloud.secrets


 # Database
--- a/uncloud/uncloud/urls.py
+++ b/uncloud/uncloud/urls.py
@ -24,7 +24,7 @@ from opennebula import views as oneviews
 router = routers.DefaultRouter()
 router.register(r'users', views.UserViewSet)
 router.register(r'groups', views.GroupViewSet)
-router.register(r'opennebula', oneviews.VMViewSet)
+router.register(r'opennebula', oneviews.VMViewSet, basename='opennebula')
 router.register(r'opennebula_raw', oneviews.RawVMViewSet)

 # Wire up our API using automatic URL routing.
@ -34,7 +34,4 @@ urlpatterns = [
    path('admin/', admin.site.urls),
    path('products/', views.ProductsView.as_view(), name='products'),
    path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
-#    path('vm/list/', oneviews.VMList.as_view(), name='vm_list'),
-#    path('vm/detail/<int:vmid>/', oneviews.VMDetail.as_view(), name='vm_detail'),
-
 ]