freeipa · f-trivino · Mar 23, 2023 · Oct 6, 2022 · Oct 6, 2022 · Jan 13, 2023
diff --git a/.github/workflows/gating.yaml b/.github/workflows/gating.yaml
@@ -12,35 +12,31 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v2
-        with:
-          python-version: "3.10"
-
-      - name: Install pip
+      - name: Setup Podman
         run: |
-          python -m pip install --upgrade pip
+          sudo apt update
+          sudo apt-get -y install podman
+          podman pull fedora:38
 
-      - name: Checkout repository
+      - name: Get source
         uses: actions/checkout@v3
+        with:
+          path: 'ipa-tuura'
 
-      - name: Install dependencies
-        run: |
-          pip install -r src/install/requirements.txt
-
-      # TBD: use sssd-container image with system dependencies included
-      - name: Install system dependencies
-        run: |
-          sudo apt install build-essential libdbus-glib-1-dev libgirepository1.0-dev
-          pip install dbus-python
-
-      - name: Install flake8
-        run: pip install flake8
-
-      - name: Lint with Flake8
-        run: |
-          flake8 . --ignore E265,E123 --exclude ./src/ipa-tuura/root/settings.py,./src/ipa-tuura/ipatuura/migrations/0001_initial.py
-
-      - name: Run Tests
+      - name: Create container and run tests
         run: |
-          python src/ipa-tuura/manage.py test
+          {
+              echo 'FROM fedora:38'
+              echo '# set TZ to ensure the test using timestamp'
+              echo 'ENV TZ=Europe/Madrid'
+              echo 'RUN dnf -y update'
+              echo 'RUN dnf -y install python3-sssdconfig maven unzip python3-pip git python3-netifaces python3-devel krb5-devel gcc sssd-dbus dbus-devel glibc glib2-devel dbus-daemon python-devel openldap-devel python-ipalib'
+              echo 'RUN dnf clean all'
+              echo 'COPY ipa-tuura ipa-tuura'
+              echo 'WORKDIR /ipa-tuura'
+              echo 'RUN pip install -r src/install/requirements.txt'
+              echo 'RUN pip install flake8 dbus-python python-ldap'
+              echo 'RUN flake8 . --ignore E265,E123 --exclude ./src/ipa-tuura/root/settings.py,./src/ipa-tuura/ipatuura/migrations/0001_initial.py,./ipatuura-env/*,./src/ipa-tuura/domains/migrations/0001_initial.py'
+              echo 'RUN python3 src/ipa-tuura/manage.py test'
+          } > podmanfile
+          podman build --tag gatingtest -f ./podmanfile
diff --git a/src/install/requirements.txt b/src/install/requirements.txt
@@ -8,3 +8,9 @@ django-extensions
 django-oauth-toolkit
 python-pam
 six
+# admin/domains endpoint
+djangorestframework
+markdown
+django-filter
+# swagger
+django-rest-swagger
diff --git a/src/ipa-tuura/domains/adapters.py b/src/ipa-tuura/domains/adapters.py
@@ -0,0 +1,30 @@
+#
+# Copyright (C) 2023  FreeIPA Contributors see COPYING for license
+#
+
+import logging
+
+from rest_framework.serializers import ModelSerializer
+
+from domains.models import Domain
+
+
+logger = logging.getLogger(__name__)
+
+
+class DomainSerializer(ModelSerializer):
+    class Meta:
+        model = Domain
+        fields = (
+            'id',
+            'name',
+            'description',
+            'integration_domain_url',
+            'client_id',
+            'client_secret',
+            'id_provider',
+            'user_extra_attrs',
+            'user_object_classes',
+            'users_dn',
+            'ldap_tls_cacert',
+        )
diff --git a/src/ipa-tuura/domains/migrations/0001_initial.py b/src/ipa-tuura/domains/migrations/0001_initial.py
@@ -0,0 +1,30 @@
+# Generated by Django 4.1.5 on 2023-02-07 09:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Domain',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=80)),
+                ('integration_domain_url', models.CharField(max_length=255)),
+                ('client_id', models.CharField(max_length=20)),
+                ('client_secret', models.CharField(max_length=20)),
+                ('description', models.TextField(blank=True)),
+                ('id_provider', models.CharField(choices=[('ipa', 'IPA Provider'), ('ad', 'LDAP Active Directory Provider'), ('ldap', 'LDAP Provider')], default='ipa', max_length=5)),
+                ('user_extra_attrs', models.CharField(max_length=255)),
+                ('user_object_classes', models.CharField(max_length=255)),
+                ('users_dn', models.CharField(blank=True, max_length=255)),
+                ('ldap_tls_cacert', models.CharField(max_length=100)),
+            ],
+        ),
+    ]
diff --git a/src/ipa-tuura/domains/migrations/__init__.py b/src/ipa-tuura/domains/migrations/__init__.py
diff --git a/src/ipa-tuura/domains/models.py b/src/ipa-tuura/domains/models.py
@@ -0,0 +1,98 @@
+#
+# Copyright (C) 2023  FreeIPA Contributors see COPYING for license
+#
+
+import logging
+
+from django.db import models
+from django.utils.translation import gettext as _
+
+
+logger = logging.getLogger(__name__)
+
+
+class Domain(models.Model):
+    """
+    Integration Domain model.
+    This defines an integration domain supported by ipatuura service.
+    The fields corresponds to the integration domain required
+    and optional configuration fields.
+    """
+
+    class DomainProviderType(models.TextChoices):
+        """
+        Field Choices for the supported integration domain provider types
+        """
+        IPA = 'ipa', _("IPA Provider")
+        AD = 'ad', _("LDAP Active Directory Provider")
+        LDAP = 'ldap', _("LDAP Provider")
+
+    # TODO: multi-domain, implement is_active boolean flag
+    # it designates whether the integration domain should be considered active
+    # is_active = models.BooleanField(verbose_name='is active?', default=True)
+
+    # Domain Name
+    name = models.CharField(max_length=80)
+
+    # Optional description
+    description = models.TextField(blank=True)
+
+    # The connection URL to the identity server
+    integration_domain_url = models.CharField(max_length=255)
+
+    # Temporary admin service username
+    client_id = models.CharField(max_length=20)
+
+    # Temporary admin service password
+    client_secret = models.CharField(max_length=20)
+
+    # Identity provider type
+    id_provider = models.CharField(
+        max_length=5,
+        choices=DomainProviderType.choices,
+        default=DomainProviderType.IPA,
+    )
+
+    # Optional comma-separated list of extra attributes to download
+    # along with the user entry
+    user_extra_attrs = models.CharField(max_length=255, blank=True)
+
+    # Optional user object classes
+    user_object_classes = models.CharField(max_length=255, blank=True)
+
+    # Optional full DN of LDAP tree where users are
+    users_dn = models.CharField(max_length=255, blank=True)
+
+    # LDAP auth with TLS support, the file path for now
+    # TODO: base64 decode CA cert from HTTP request
+    ldap_tls_cacert = models.CharField(max_length=100)
+
+    def __str__(self):
+        return self.name
+
+    # This should be implemented in the keycloak plugin input validation
+    # enforce defaults based on other fields
+    def save(self, *args, **kwargs):
+        # logic for default vaules part of simplification process
+        if not self.user_extra_attrs:
+            self.user_extra_attrs = "mail:mail, sn:sn, givenname:givenname"
+
+        if self.id_provider == 'ldap':
+            if not self.user_object_classes:
+                self.user_object_classes = 'inetOrgPerson,'\
+                                           'organizationalPerson,'\
+                                           'person,'\
+                                           'top'
+            if not self.users_dn:
+                self.users_dn = "ou=people"
+
+        elif self.id_provider == 'ad':
+            if not self.user_object_classes:
+                self.user_object_classes = 'user,'\
+                                           'organizationalPerson,'\
+                                           'person,'\
+                                           'top'
+            if not self.users_dn:
+                self.users_dn = "CN=Users"
+
+        super().save(*args, **kwargs)
diff --git a/src/ipa-tuura/domains/urls.py b/src/ipa-tuura/domains/urls.py
@@ -0,0 +1,34 @@
+#
+# Copyright (C) 2023  FreeIPA Contributors see COPYING for license
+#
+
+"""Integration Domain URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/3.0/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+import logging
+
+from django.urls import include, re_path
+from rest_framework.routers import DefaultRouter
+from domains.views import DomainViewSet
+
+logger = logging.getLogger(__name__)
+
+
+router = DefaultRouter()
+router.register('domain', DomainViewSet)
+
+urlpatterns = [
+    re_path('^', include(router.urls)),
+]