CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 2 Wiki Activity Actions

add option to netbox role for custom pipeline code for OIDC mapping
All checks were successful
/ Ansible Lint (push) Successful in 1m36s
Details
/ Ansible Lint (pull_request) Successful in 1m36s
Details

Browse source 
Add option to netbox role for ensuring custom pipeline code for OIDC
group and role mapping is either present or not.

The custom pipeline code is licensed under the Creative Commons: CC
BY-SA 4.0 license.

See:
https://github.com/goauthentik/authentik/blob/main/LICENSE
https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
https://docs.goauthentik.io/integrations/services/netbox/
5676b1a468
This commit is contained in:
June 2025-02-15 05:22:21 +01:00
commit 09a8551c8a
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
6 changed files with 95 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

55
roles/netbox/files/custom_pipeline_oidc_group_and_role_mapping.py Normal file
View file

@ -0,0 +1,55 @@
# Licensed under Creative Commons: CC BY-SA 4.0 license.
# https://github.com/goauthentik/authentik/blob/main/LICENSE
# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
# https://docs.goauthentik.io/integrations/services/netbox/
from netbox.authentication import Group
class AuthFailed(Exception):
pass
def add_groups(response, user, backend, *args, **kwargs):
try:
groups = response['groups']
except KeyError:
pass
# Add all groups from oAuth token
for group in groups:
group, created = Group.objects.get_or_create(name=group)
user.groups.add(group)
def remove_groups(response, user, backend, *args, **kwargs):
try:
groups = response['groups']
except KeyError:
# Remove all groups if no groups in oAuth token
user.groups.clear()
pass
# Get all groups of user
user_groups = [item.name for item in user.groups.all()]
# Get groups of user which are not part of oAuth token
delete_groups = list(set(user_groups) - set(groups))
# Delete non oAuth token groups
for delete_group in delete_groups:
group = Group.objects.get(name=delete_group)
user.groups.remove(group)
def set_roles(response, user, backend, *args, **kwargs):
# Remove Roles temporary
user.is_superuser = False
user.is_staff = False
try:
groups = response['groups']
except KeyError:
# When no groups are set
# save the user without Roles
user.save()
pass
# Set roles is role (superuser or staff) is in groups
user.is_superuser = True if 'superusers' in groups else False
user.is_staff = True if 'staff' in groups else False
user.save()