From 71bf5e622e21fee61db73b21e97a5e366243805d Mon Sep 17 00:00:00 2001 From: index-git Date: Thu, 14 Dec 2023 16:55:16 +0100 Subject: [PATCH] Remove role and role-user operations on GeoServer --- src/geoserver/geoserver_test.py | 38 --------------- src/geoserver/util.py | 66 -------------------------- src/layman/__init__.py | 3 -- src/layman/layer/geoserver/__init__.py | 8 ---- 4 files changed, 115 deletions(-) diff --git a/src/geoserver/geoserver_test.py b/src/geoserver/geoserver_test.py index a803a0e57..2716a0e52 100644 --- a/src/geoserver/geoserver_test.py +++ b/src/geoserver/geoserver_test.py @@ -24,29 +24,6 @@ def gs_user(): assert gs_util.delete_user(TEST_USER, GS_AUTH) -@pytest.fixture() -def gs_role(): - roles = gs_util.get_roles(GS_AUTH) - assert TEST_ROLE not in roles - assert gs_util.ensure_role(TEST_ROLE, GS_AUTH) - yield TEST_ROLE - assert gs_util.delete_role(TEST_ROLE, GS_AUTH) - - -def test_role_management(): - init_roles = gs_util.get_roles(GS_AUTH) - new_role = TEST_ROLE - assert new_role not in init_roles - assert gs_util.ensure_role(new_role, GS_AUTH) - roles = gs_util.get_roles(GS_AUTH) - assert new_role in roles - assert len(init_roles) + 1 == len(roles) - assert gs_util.delete_role(new_role, GS_AUTH) - roles = gs_util.get_roles(GS_AUTH) - assert new_role not in roles - assert len(init_roles) == len(roles) - - def test_user_management(): init_usernames = gs_util.get_usernames(GS_AUTH) new_user = TEST_USER @@ -62,21 +39,6 @@ def test_user_management(): assert len(init_usernames) == len(usernames) -def test_user_role_management(gs_user, gs_role): - user = gs_user[0] - init_user_roles = gs_util.get_user_roles(user, GS_AUTH) - role = gs_role - assert role not in init_user_roles - assert gs_util.ensure_user_role(user, role, GS_AUTH) - user_roles = gs_util.get_user_roles(user, GS_AUTH) - assert role in user_roles - assert len(init_user_roles) + 1 == len(user_roles) - assert gs_util.delete_user_role(user, role, GS_AUTH) - user_roles = gs_util.get_user_roles(user, GS_AUTH) - assert role not in user_roles - assert len(init_user_roles) == len(user_roles) - - @pytest.mark.parametrize('service', gs_util.SERVICE_TYPES) def test_service_srs_list_management(service): init_service_epsg_codes = gs_util.get_service_srs_list(service, GS_AUTH) diff --git a/src/geoserver/util.py b/src/geoserver/util.py index 805572b54..d0c749c72 100644 --- a/src/geoserver/util.py +++ b/src/geoserver/util.py @@ -78,38 +78,6 @@ def get_roles(auth): return response.json()['roles'] -def ensure_role(role, auth): - roles = get_roles(auth) - role_exists = role in roles - if not role_exists: - logger.info(f"Role {role} does not exist yet, creating.") - response = requests.post( - urljoin(GS_REST_ROLES, 'role/' + role), - headers=headers_json, - auth=auth, - timeout=GS_REST_TIMEOUT, - ) - response.raise_for_status() - else: - logger.info(f"Role {role} already exists") - role_created = not role_exists - return role_created - - -def delete_role(role, auth): - response = requests.delete( - urljoin(GS_REST_ROLES, 'role/' + role), - headers=headers_json, - auth=auth, - timeout=GS_REST_TIMEOUT, - ) - role_not_exists = response.status_code == 404 - if not role_not_exists: - response.raise_for_status() - role_deleted = not role_not_exists - return role_deleted - - def get_usernames(auth): r_url = GS_REST_USERS response = requests.get(r_url, @@ -902,40 +870,6 @@ def get_user_roles(user, auth): return response.json()['roles'] -def ensure_user_role(user, role, auth): - roles = get_user_roles(user, auth) - association_exists = role in roles - if not association_exists: - logger.info(f"Role {role} not associated with user {user} yet, associating.") - r_url = urljoin(GS_REST_ROLES, f'role/{role}/user/{user}/') - response = requests.post( - r_url, - headers=headers_json, - auth=auth, - timeout=GS_REST_TIMEOUT, - ) - response.raise_for_status() - else: - logger.info(f"Role {role} already associated with user {user}") - association_created = not association_exists - return association_created - - -def delete_user_role(user, role, auth): - r_url = urljoin(GS_REST_ROLES, f'role/{role}/user/{user}/') - response = requests.delete( - r_url, - headers=headers_json, - auth=auth, - timeout=GS_REST_TIMEOUT, - ) - association_not_exists = response.status_code == 404 - if not association_not_exists: - response.raise_for_status() - association_deleted = not association_not_exists - return association_deleted - - def get_service_url(service): return { WMS_SERVICE_TYPE: GS_REST_WMS_SETTINGS, diff --git a/src/layman/__init__.py b/src/layman/__init__.py index dc5892070..491403ef1 100644 --- a/src/layman/__init__.py +++ b/src/layman/__init__.py @@ -86,10 +86,7 @@ logger.info(f'Adjusting GeoServer roles') if settings.GEOSERVER_ADMIN_AUTH: - gs_util.ensure_role(settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_AUTH) gs_util.ensure_user(settings.LAYMAN_GS_USER, settings.LAYMAN_GS_PASSWORD, settings.GEOSERVER_ADMIN_AUTH) - gs_util.ensure_user_role(settings.LAYMAN_GS_USER, 'ADMIN', settings.GEOSERVER_ADMIN_AUTH) - gs_util.ensure_user_role(settings.LAYMAN_GS_USER, settings.LAYMAN_GS_ROLE, settings.GEOSERVER_ADMIN_AUTH) gs_util.ensure_proxy_base_url(settings.LAYMAN_GS_PROXY_BASE_URL_WITH_PLACEHOLDERS, settings.LAYMAN_GS_AUTH) diff --git a/src/layman/layer/geoserver/__init__.py b/src/layman/layer/geoserver/__init__.py index 225be114a..312112419 100644 --- a/src/layman/layer/geoserver/__init__.py +++ b/src/layman/layer/geoserver/__init__.py @@ -16,19 +16,11 @@ def ensure_whole_user(username, auth=settings.LAYMAN_GS_AUTH): gs_util.ensure_user(username, None, auth) - role = gs_util.username_to_rolename(username) - gs_util.ensure_role(role, auth) - gs_util.ensure_user_role(username, role, auth) - gs_util.ensure_user_role(username, settings.LAYMAN_GS_ROLE, auth) ensure_workspace(username, auth) def delete_whole_user(username, auth=settings.LAYMAN_GS_AUTH): - role = gs_util.username_to_rolename(username) delete_workspace(username, auth) - gs_util.delete_user_role(username, role, auth) - gs_util.delete_user_role(username, settings.LAYMAN_GS_ROLE, auth) - gs_util.delete_role(role, auth) gs_util.delete_user(username, auth)