c7febbf9e8
Pass parameters into logger calls directly instead of pre-merging with the logger message. This way the logs are easier to maintain and process. The code is also faster when logging is turned off since it doesn't have to evaluate all params and render them into strings.
81 lines
2.5 KiB
Python
81 lines
2.5 KiB
Python
import logging
|
|
from saml2.attribute_resolver import AttributeResolver
|
|
from saml2.saml import NAMEID_FORMAT_PERSISTENT
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
class VirtualOrg(object):
|
|
def __init__(self, sp, vorg, cnf):
|
|
self.sp = sp # The parent SP client instance
|
|
self._name = vorg
|
|
self.common_identifier = cnf["common_identifier"]
|
|
try:
|
|
self.member = cnf["member"]
|
|
except KeyError:
|
|
self.member = []
|
|
try:
|
|
self.nameid_format = cnf["nameid_format"]
|
|
except KeyError:
|
|
self.nameid_format = NAMEID_FORMAT_PERSISTENT
|
|
|
|
def _cache_session(self, session_info):
|
|
return True
|
|
|
|
def _affiliation_members(self):
|
|
"""
|
|
Get the member of the Virtual Organization from the metadata,
|
|
more specifically from AffiliationDescriptor.
|
|
"""
|
|
return self.sp.config.metadata.vo_members(self._name)
|
|
|
|
def members_to_ask(self, name_id):
|
|
"""Find the member of the Virtual Organization that I haven't already
|
|
spoken too
|
|
"""
|
|
|
|
vo_members = self._affiliation_members()
|
|
for member in self.member:
|
|
if member not in vo_members:
|
|
vo_members.append(member)
|
|
|
|
# Remove the ones I have cached data from about this subject
|
|
vo_members = [m for m in vo_members if not self.sp.users.cache.active(
|
|
name_id, m)]
|
|
logger.info("VO members (not cached): %s", vo_members)
|
|
return vo_members
|
|
|
|
def get_common_identifier(self, name_id):
|
|
(ava, _) = self.sp.users.get_identity(name_id)
|
|
if ava == {}:
|
|
return None
|
|
|
|
ident = self.common_identifier
|
|
|
|
try:
|
|
return ava[ident][0]
|
|
except KeyError:
|
|
return None
|
|
|
|
def do_aggregation(self, name_id):
|
|
|
|
logger.info("** Do VO aggregation **\nSubjectID: %s, VO:%s",
|
|
name_id, self._name)
|
|
|
|
to_ask = self.members_to_ask(name_id)
|
|
if to_ask:
|
|
com_identifier = self.get_common_identifier(name_id)
|
|
|
|
resolver = AttributeResolver(self.sp)
|
|
# extends returns a list of session_infos
|
|
for session_info in resolver.extend(
|
|
com_identifier, self.sp.config.entityid, to_ask):
|
|
_ = self._cache_session(session_info)
|
|
|
|
logger.info(">Issuers: %s", self.sp.users.issuers_of_info(name_id))
|
|
logger.info("AVA: %s", self.sp.users.get_identity(name_id))
|
|
|
|
return True
|
|
else:
|
|
return False
|