Skip to content
This repository was archived by the owner on Feb 13, 2024. It is now read-only.

Commit 68d8702

Browse files
lechnerc77lechnerc77
authored
initial enhancement for user mapping (#468)
1 parent df1de8e commit 68d8702

File tree

3 files changed

+212
-0
lines changed

3 files changed

+212
-0
lines changed

config/templates/libs/BTPSA-USECASE.json

+36
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,24 @@
9595
"description": "user groups to be assigned from the parameter file",
9696
"title": "user groups from parameter file"
9797
},
98+
"attribute": {
99+
"type": "string",
100+
"description": "the name of the attribute. To be found in the identity provider.",
101+
"title": "attribute name (custom IdP)",
102+
"default": null
103+
},
104+
"attributeValue": {
105+
"type": "string",
106+
"description": "the value of the attribute. To be found in the identity provider.",
107+
"title": "attribute value (custom IdP)",
108+
"default": null
109+
},
110+
"group":{
111+
"type": "string",
112+
"description": "the name of the user group. To be found in the identity provider.",
113+
"title": "group name (custom IdP)",
114+
"default": null
115+
},
98116
"idp":{
99117
"type": "string",
100118
"description": "the identity provider that hosts the user. ",
@@ -302,6 +320,24 @@
302320
"description": "list of user groups to assign the role collection",
303321
"title": "list of user groups to assign the role collection"
304322
},
323+
"attribute": {
324+
"type": "string",
325+
"description": "the name of the attribute. To be found in the identity provider.",
326+
"title": "attribute name (custom IdP)",
327+
"default": null
328+
},
329+
"attributeValue": {
330+
"type": "string",
331+
"description": "the value of the attribute. To be found in the identity provider.",
332+
"title": "attribute value (custom IdP)",
333+
"default": null
334+
},
335+
"group":{
336+
"type": "string",
337+
"description": "the name of the user group. To be found in the identity provider.",
338+
"title": "group name (custom IdP)",
339+
"default": null
340+
},
305341
"idp":{
306342
"type": "string",
307343
"description": "the identity provider that hosts the user. ",

libs/btpsa-usecase.json

+36
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,24 @@
8181
"description": "user groups to be assigned from the parameter file",
8282
"title": "user groups from parameter file"
8383
},
84+
"attribute": {
85+
"type": "string",
86+
"description": "the name of the attribute. To be found in the identity provider.",
87+
"title": "attribute name (custom IdP)",
88+
"default": null
89+
},
90+
"attributeValue": {
91+
"type": "string",
92+
"description": "the value of the attribute. To be found in the identity provider.",
93+
"title": "attribute value (custom IdP)",
94+
"default": null
95+
},
96+
"group":{
97+
"type": "string",
98+
"description": "the name of the user group. To be found in the identity provider.",
99+
"title": "group name (custom IdP)",
100+
"default": null
101+
},
84102
"idp":{
85103
"type": "string",
86104
"description": "the identity provider that hosts the user. ",
@@ -288,6 +306,24 @@
288306
"description": "list of user groups to assign the role collection",
289307
"title": "list of user groups to assign the role collection"
290308
},
309+
"attribute": {
310+
"type": "string",
311+
"description": "the name of the attribute. To be found in the identity provider.",
312+
"title": "attribute name (custom IdP)",
313+
"default": null
314+
},
315+
"attributeValue": {
316+
"type": "string",
317+
"description": "the value of the attribute. To be found in the identity provider.",
318+
"title": "attribute value (custom IdP)",
319+
"default": null
320+
},
321+
"group":{
322+
"type": "string",
323+
"description": "the name of the user group. To be found in the identity provider.",
324+
"title": "group name (custom IdP)",
325+
"default": null
326+
},
291327
"idp":{
292328
"type": "string",
293329
"description": "the identity provider that hosts the user. ",

libs/python/helperRolesAndUsers.py

+140
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@
66
from libs.python.helperCommandExecution import login_cf
77
from libs.python.helperJson import getJsonFromFile
88
import logging
9+
import sys
10+
import os
911

1012
log = logging.getLogger(__name__)
1113

@@ -119,6 +121,32 @@ def assignUsergroupsToRoleCollection(btpUsecase, rolecollection):
119121
)
120122
if idp is not None:
121123
command += " --of-idp '" + idp + "'"
124+
125+
# Additional mapping for custom IdP only relevant if custom IdP is used
126+
(
127+
groupForIdp,
128+
attributeForIdp,
129+
attributeValueForIdp,
130+
) = getCustomIdpMapping(rolecollection)
131+
132+
if isMappingForIdpValid(
133+
groupForIdp, attributeForIdp, attributeValueForIdp
134+
):
135+
136+
if groupForIdp is not None:
137+
command += " --to-group '" + groupForIdp + "'"
138+
139+
if attributeForIdp is not None:
140+
command += " --to-attribute '" + attributeForIdp + "'"
141+
command += (
142+
" --attribute-value '" + attributeValueForIdp + "'"
143+
)
144+
else:
145+
log.error(
146+
"Custom IdP configuration is not valid. Please check."
147+
)
148+
sys.exit(os.EX_DATAERR)
149+
122150
thisResult = runCommandAndGetJsonResult(
123151
btpUsecase, command, "INFO", message
124152
)
@@ -189,6 +217,32 @@ def assignUsersToGlobalAndSubaccount(btpUsecase):
189217
)
190218
if idp is not None:
191219
command += " --of-idp '" + idp + "'"
220+
221+
# Additional mapping for custom IdP only relevant if custom IdP is used
222+
(
223+
groupForIdp,
224+
attributeForIdp,
225+
attributeValueForIdp,
226+
) = getCustomIdpMapping(rolecollection)
227+
228+
if isMappingForIdpValid(
229+
groupForIdp, attributeForIdp, attributeValueForIdp
230+
):
231+
232+
if groupForIdp is not None:
233+
command += " --to-group '" + groupForIdp + "'"
234+
235+
if attributeForIdp is not None:
236+
command += " --to-attribute '" + attributeForIdp + "'"
237+
command += (
238+
" --attribute-value '" + attributeValueForIdp + "'"
239+
)
240+
else:
241+
log.error(
242+
"Custom IdP configuration is not valid. Please check."
243+
)
244+
sys.exit(os.EX_DATAERR)
245+
192246
runCommandAndGetJsonResult(btpUsecase, command, "INFO", message)
193247

194248
log.header("Set administrators for sub account")
@@ -215,6 +269,32 @@ def assignUsersToGlobalAndSubaccount(btpUsecase):
215269
)
216270
if idp is not None:
217271
command += " --of-idp '" + idp + "'"
272+
273+
# Additional mapping for custom IdP only relevant if custom IdP is used
274+
(
275+
groupForIdp,
276+
attributeForIdp,
277+
attributeValueForIdp,
278+
) = getCustomIdpMapping(rolecollection)
279+
280+
if isMappingForIdpValid(
281+
groupForIdp, attributeForIdp, attributeValueForIdp
282+
):
283+
284+
if groupForIdp is not None:
285+
command += " --to-group '" + groupForIdp + "'"
286+
287+
if attributeForIdp is not None:
288+
command += " --to-attribute '" + attributeForIdp + "'"
289+
command += (
290+
" --attribute-value '" + attributeValueForIdp + "'"
291+
)
292+
else:
293+
log.error(
294+
"Custom IdP configuration is not valid. Please check."
295+
)
296+
sys.exit(os.EX_DATAERR)
297+
218298
runCommandAndGetJsonResult(btpUsecase, command, "INFO", message)
219299

220300

@@ -331,6 +411,32 @@ def assignUsersToCustomRoleCollections(btpUsecase):
331411
)
332412
if idp is not None:
333413
command += " --of-idp '" + idp + "'"
414+
415+
# Additional mapping for custom IdP only relevant if custom IdP is used
416+
(
417+
groupForIdp,
418+
attributeForIdp,
419+
attributeValueForIdp,
420+
) = getCustomIdpMapping(rolecollection)
421+
422+
if isMappingForIdpValid(
423+
groupForIdp, attributeForIdp, attributeValueForIdp
424+
):
425+
426+
if groupForIdp is not None:
427+
command += " --to-group '" + groupForIdp + "'"
428+
429+
if attributeForIdp is not None:
430+
command += " --to-attribute '" + attributeForIdp + "'"
431+
command += (
432+
" --attribute-value '" + attributeValueForIdp + "'"
433+
)
434+
else:
435+
log.error(
436+
"Custom IdP configuration is not valid. Please check."
437+
)
438+
sys.exit(os.EX_DATAERR)
439+
334440
runCommandAndGetJsonResult(btpUsecase, command, "INFO", message)
335441

336442

@@ -380,6 +486,7 @@ def assignUsersToEnvironments(btpUsecase):
380486
)
381487
if idp is not None:
382488
command += " --origin '" + idp + "'"
489+
383490
p = runShellCommandFlex(
384491
btpUsecase, command, "INFO", message, False, False
385492
)
@@ -438,3 +545,36 @@ def determineIdpForRoleCollection(btpUsecase, rolecollection):
438545
idp = rolecollection.get("idp")
439546

440547
return idp
548+
549+
550+
def getCustomIdpMapping(rolecollection):
551+
groupForIdp = None
552+
attributeForIdp = None
553+
attributeValueForIdp = None
554+
555+
if rolecollection.get("group"):
556+
groupForIdp = rolecollection.get("group")
557+
558+
if rolecollection.get("attribute"):
559+
attributeForIdp = rolecollection.get("attribute")
560+
561+
if rolecollection.get("attributeValue"):
562+
attributeValueForIdp = rolecollection.get("attributeValue")
563+
564+
return groupForIdp, attributeForIdp, attributeValueForIdp
565+
566+
567+
def isMappingForIdpValid(groupForIdp, attributeForIdp, attributeValueForIdp):
568+
if groupForIdp is not None and attributeForIdp is not None:
569+
log.error(
570+
"A group and an attribute is configured for the IdP mapping. Only one is allowed."
571+
)
572+
return False
573+
if (attributeForIdp is None and attributeValueForIdp is not None) or (
574+
attributeForIdp is not None and attributeValueForIdp is None
575+
):
576+
log.error(
577+
"Attribute and attributeValue are both required for the IdP mapping. One is missing."
578+
)
579+
return False
580+
return True

0 commit comments

Comments
 (0)