add option to NetBox role for patch. NetBox for OIDC group and role map.
Add option to NetBox role to make it patch NetBox to add custom pipeline
code for OIDC group and role mapping.
The custom pipeline code is licensed under the Creative Commons: CC
BY-SA 4.0 license.
See:
https://github.com/goauthentik/authentik/blob/main/LICENSE
https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
https://docs.goauthentik.io/integrations/services/netbox/
5676b1a468
This commit is contained in:
parent
aa9a0cdbce
commit
a71071dfcc
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
6 changed files with 87 additions and 2 deletions
|
|
@ -0,0 +1,61 @@
|
|||
diff --git a/netbox/netbox/custom_pipeline.py b/netbox/netbox/custom_pipeline.py
|
||||
new file mode 100644
|
||||
index 000000000..470f388dc
|
||||
--- /dev/null
|
||||
+++ b/netbox/netbox/custom_pipeline.py
|
||||
@@ -0,0 +1,55 @@
|
||||
+# Licensed under Creative Commons: CC BY-SA 4.0 license.
|
||||
+# https://github.com/goauthentik/authentik/blob/main/LICENSE
|
||||
+# https://github.com/goauthentik/authentik/blob/main/website/integrations/services/netbox/index.md
|
||||
+# https://docs.goauthentik.io/integrations/services/netbox/
|
||||
+from netbox.authentication import Group
|
||||
+
|
||||
+class AuthFailed(Exception):
|
||||
+ pass
|
||||
+
|
||||
+def add_groups(response, user, backend, *args, **kwargs):
|
||||
+ try:
|
||||
+ groups = response['groups']
|
||||
+ except KeyError:
|
||||
+ pass
|
||||
+
|
||||
+ # Add all groups from oAuth token
|
||||
+ for group in groups:
|
||||
+ group, created = Group.objects.get_or_create(name=group)
|
||||
+ user.groups.add(group)
|
||||
+
|
||||
+def remove_groups(response, user, backend, *args, **kwargs):
|
||||
+ try:
|
||||
+ groups = response['groups']
|
||||
+ except KeyError:
|
||||
+ # Remove all groups if no groups in oAuth token
|
||||
+ user.groups.clear()
|
||||
+ pass
|
||||
+
|
||||
+ # Get all groups of user
|
||||
+ user_groups = [item.name for item in user.groups.all()]
|
||||
+ # Get groups of user which are not part of oAuth token
|
||||
+ delete_groups = list(set(user_groups) - set(groups))
|
||||
+
|
||||
+ # Delete non oAuth token groups
|
||||
+ for delete_group in delete_groups:
|
||||
+ group = Group.objects.get(name=delete_group)
|
||||
+ user.groups.remove(group)
|
||||
+
|
||||
+
|
||||
+def set_roles(response, user, backend, *args, **kwargs):
|
||||
+ # Remove Roles temporary
|
||||
+ user.is_superuser = False
|
||||
+ user.is_staff = False
|
||||
+ try:
|
||||
+ groups = response['groups']
|
||||
+ except KeyError:
|
||||
+ # When no groups are set
|
||||
+ # save the user without Roles
|
||||
+ user.save()
|
||||
+ pass
|
||||
+
|
||||
+ # Set roles is role (superuser or staff) is in groups
|
||||
+ user.is_superuser = True if 'superusers' in groups else False
|
||||
+ user.is_staff = True if 'staff' in groups else False
|
||||
+ user.save()
|
||||
Loading…
Add table
Add a link
Reference in a new issue