From a13b9048682cca9740dbe4ff0897de10d49d770c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Colombaro?= Date: Mon, 21 Oct 2024 18:40:15 +0200 Subject: [PATCH] Backward compatibility for LDAP require group (#351) --- charts/netbox/Chart.yaml | 2 +- charts/netbox/files/ldap_config.py | 22 ++++++++++------------ pyproject.toml | 10 ++++++++-- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml index c566006a..bc23a409 100644 --- a/charts/netbox/Chart.yaml +++ b/charts/netbox/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: netbox -version: 5.0.0-beta.131 +version: 5.0.0-beta.132 appVersion: "v4.1.4" type: application kubeVersion: ^1.25.0-0 diff --git a/charts/netbox/files/ldap_config.py b/charts/netbox/files/ldap_config.py index 69536ece..ca820d79 100644 --- a/charts/netbox/files/ldap_config.py +++ b/charts/netbox/files/ldap_config.py @@ -1,6 +1,7 @@ """ This file serves as a LDAP configuration for Netbox -https://netboxlabs.com/docs/netbox/en/stable/configuration/ +https://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/#configuration +https://django-auth-ldap.readthedocs.io/en/latest/reference.html """ from functools import reduce @@ -56,7 +57,7 @@ def _import_group_type(group_type_name: str) -> Any | None: AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, - "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)", + f"({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)", ) AUTH_LDAP_GROUP_SEARCH = LDAPSearch( AUTH_LDAP_GROUP_SEARCH_BASEDN, @@ -66,19 +67,16 @@ def _import_group_type(group_type_name: str) -> Any | None: AUTH_LDAP_GROUP_TYPE = _import_group_type(AUTH_LDAP_GROUP_TYPE) # Define a group required to login. -AUTH_LDAP_REQUIRE_GROUP = reduce( - lambda query, group: query | LDAPGroupQuery(group), - AUTH_LDAP_REQUIRE_GROUP_LIST, - LDAPGroupQuery(""), -) - -# Define special user types using groups. Exercise great caution when assigning superuser status. -AUTH_LDAP_USER_FLAGS_BY_GROUP = { - "is_active": reduce( +if AUTH_LDAP_REQUIRE_GROUP_LIST: + AUTH_LDAP_REQUIRE_GROUP = reduce( lambda query, group: query | LDAPGroupQuery(group), AUTH_LDAP_REQUIRE_GROUP_LIST, LDAPGroupQuery(""), - ), + ) + +# Define special user types using groups. Exercise great caution when assigning superuser status. +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": AUTH_LDAP_REQUIRE_GROUP, "is_staff": reduce( lambda query, group: query | LDAPGroupQuery(group), AUTH_LDAP_IS_ADMIN_LIST, diff --git a/pyproject.toml b/pyproject.toml index 961775c2..1c77ca30 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.black] line_length = 100 -target-version = ['py38'] +target-version = ["py38"] include = '\.pyi?$' exclude = ''' ( @@ -20,7 +20,13 @@ multi_line_output = 3 line_length = 100 [tool.pylint.main] -disable = ["duplicate-code", "import-error", "used-before-assignment", "undefined-variable"] +disable = [ + "duplicate-code", + "import-error", + "possibly-used-before-assignment", + "used-before-assignment", + "undefined-variable", +] [tool.pylint.format] max-line-length = "100"