openstack/deb-python-pysaml2
Code Issues Proposed changes
9e0f8afece
deb-python-pysaml2/src/saml2/virtual_org.py
Jozef Knaperek c7febbf9e8 Fix paramter passing in logging messages 
Pass parameters into logger calls directly instead of pre-merging
with the logger message. This way the logs are easier to maintain
and process. The code is also faster when logging is turned off
since it doesn't have to evaluate all params and render them into
strings.
2015-10-15 15:33:10 +02:00

81 lines
2.5 KiB
Python
Raw Blame History

import logging
from saml2.attribute_resolver import AttributeResolver
from saml2.saml import NAMEID_FORMAT_PERSISTENT
logger = logging.getLogger(__name__)
class VirtualOrg(object):
def __init__(self, sp, vorg, cnf):
self.sp = sp # The parent SP client instance
self._name = vorg
self.common_identifier = cnf["common_identifier"]
try:
self.member = cnf["member"]
except KeyError:
self.member = []
try:
self.nameid_format = cnf["nameid_format"]
except KeyError:
self.nameid_format = NAMEID_FORMAT_PERSISTENT
def _cache_session(self, session_info):
return True
def _affiliation_members(self):
"""
Get the member of the Virtual Organization from the metadata,
more specifically from AffiliationDescriptor.
"""
return self.sp.config.metadata.vo_members(self._name)
def members_to_ask(self, name_id):
"""Find the member of the Virtual Organization that I haven't already
spoken too
"""
vo_members = self._affiliation_members()
for member in self.member:
if member not in vo_members:
vo_members.append(member)
# Remove the ones I have cached data from about this subject
vo_members = [m for m in vo_members if not self.sp.users.cache.active(
name_id, m)]
logger.info("VO members (not cached): %s", vo_members)
return vo_members
def get_common_identifier(self, name_id):
(ava, _) = self.sp.users.get_identity(name_id)
if ava == {}:
return None
ident = self.common_identifier
try:
return ava[ident][0]
except KeyError:
return None
def do_aggregation(self, name_id):
logger.info("** Do VO aggregation **\nSubjectID: %s, VO:%s",
name_id, self._name)
to_ask = self.members_to_ask(name_id)
if to_ask:
com_identifier = self.get_common_identifier(name_id)
resolver = AttributeResolver(self.sp)
# extends returns a list of session_infos
for session_info in resolver.extend(
com_identifier, self.sp.config.entityid, to_ask):
_ = self._cache_session(session_info)
logger.info(">Issuers: %s", self.sp.users.issuers_of_info(name_id))
logger.info("AVA: %s", self.sp.users.get_identity(name_id))
return True
else:
return False
View Git Blame Copy Permalink