14
14
import ldap3
15
15
from ldap3 .core .exceptions import LDAPException
16
16
17
+ import satosa .logging_util as lu
17
18
from satosa .exception import SATOSAError
18
- from satosa .logging_util import satosa_logging
19
19
from satosa .micro_services .base import ResponseMicroService
20
20
from satosa .response import Redirect
21
21
@@ -66,15 +66,15 @@ def __init__(self, config, *args, **kwargs):
66
66
67
67
if "default" in config and "" in config :
68
68
msg = """Use either 'default' or "" in config but not both"""
69
- satosa_logging ( logger , logging . ERROR , msg , None )
69
+ logger . error ( msg )
70
70
raise LdapAttributeStoreError (msg )
71
71
72
72
if "" in config :
73
73
config ["default" ] = config .pop ("" )
74
74
75
75
if "default" not in config :
76
76
msg = "No default configuration is present"
77
- satosa_logging ( logger , logging . ERROR , msg , None )
77
+ logger . error ( msg )
78
78
raise LdapAttributeStoreError (msg )
79
79
80
80
self .config = {}
@@ -88,7 +88,7 @@ def __init__(self, config, *args, **kwargs):
88
88
for sp in sp_list :
89
89
if not isinstance (config [sp ], dict ):
90
90
msg = "Configuration value for {} must be a dictionary"
91
- satosa_logging ( logger , logging . ERROR , msg , None )
91
+ logger . error ( msg )
92
92
raise LdapAttributeStoreError (msg )
93
93
94
94
# Initialize configuration using module defaults then update
@@ -111,28 +111,28 @@ def __init__(self, config, *args, **kwargs):
111
111
if connection_params in connections :
112
112
sp_config ["connection" ] = connections [connection_params ]
113
113
msg = "Reusing LDAP connection for SP {}" .format (sp )
114
- satosa_logging ( logger , logging . DEBUG , msg , None )
114
+ logger . debug ( msg )
115
115
else :
116
116
try :
117
117
connection = self ._ldap_connection_factory (sp_config )
118
118
connections [connection_params ] = connection
119
119
sp_config ["connection" ] = connection
120
120
msg = "Created new LDAP connection for SP {}" .format (sp )
121
- satosa_logging ( logger , logging . DEBUG , msg , None )
121
+ logger . debug ( msg )
122
122
except LdapAttributeStoreError :
123
123
# It is acceptable to not have a default LDAP connection
124
124
# but all SP overrides must have a connection, either
125
125
# inherited from the default or directly configured.
126
126
if sp != "default" :
127
127
msg = "No LDAP connection can be initialized for SP {}"
128
128
msg = msg .format (sp )
129
- satosa_logging ( logger , logging . ERROR , msg , None )
129
+ logger . error ( msg )
130
130
raise LdapAttributeStoreError (msg )
131
131
132
132
self .config [sp ] = sp_config
133
133
134
134
msg = "LDAP Attribute Store microservice initialized"
135
- satosa_logging ( logger , logging . INFO , msg , None )
135
+ logger . info ( msg )
136
136
137
137
def _construct_filter_value (
138
138
self , candidate , name_id_value , name_id_format , issuer , attributes
@@ -176,7 +176,7 @@ def _construct_filter_value(
176
176
for attr_value in [attributes .get (identifier_name )]
177
177
]
178
178
msg = "Found candidate values {}" .format (values )
179
- satosa_logging ( logger , logging . DEBUG , msg , None )
179
+ logger . debug ( msg )
180
180
181
181
# If one of the configured identifier names is name_id then if there is
182
182
# also a configured name_id_format add the value for the NameID of that
@@ -190,7 +190,7 @@ def _construct_filter_value(
190
190
and candidate_name_id_format == name_id_format
191
191
):
192
192
msg = "IdP asserted NameID {}" .format (name_id_value )
193
- satosa_logging ( logger , logging . DEBUG , msg , None )
193
+ logger . debug ( msg )
194
194
candidate_nameid_value = name_id_value
195
195
196
196
# Only add the NameID value asserted by the IdP if it is not
@@ -201,18 +201,18 @@ def _construct_filter_value(
201
201
if candidate_nameid_value not in values :
202
202
msg = "Added NameID {} to candidate values"
203
203
msg = msg .format (candidate_nameid_value )
204
- satosa_logging ( logger , logging . DEBUG , msg , None )
204
+ logger . debug ( msg )
205
205
values .append (candidate_nameid_value )
206
206
else :
207
207
msg = "NameID {} value also asserted as attribute value"
208
208
msg = msg .format (candidate_nameid_value )
209
- satosa_logging ( logger , logging . WARN , msg , None )
209
+ logger . warning ( msg )
210
210
211
211
# If no value was asserted by the IdP for one of the configured list of
212
212
# identifier names for this candidate then go onto the next candidate.
213
213
if None in values :
214
214
msg = "Candidate is missing value so skipping"
215
- satosa_logging ( logger , logging . DEBUG , msg , None )
215
+ logger . debug ( msg )
216
216
return None
217
217
218
218
# All values for the configured list of attribute names are present
@@ -225,14 +225,14 @@ def _construct_filter_value(
225
225
else candidate ["add_scope" ]
226
226
)
227
227
msg = "Added scope {} to values" .format (scope )
228
- satosa_logging ( logger , logging . DEBUG , msg , None )
228
+ logger . debug ( msg )
229
229
values .append (scope )
230
230
231
231
# Concatenate all values to create the filter value.
232
232
value = "" .join (values )
233
233
234
234
msg = "Constructed filter value {}" .format (value )
235
- satosa_logging ( logger , logging . DEBUG , msg , None )
235
+ logger . debug ( msg )
236
236
237
237
return value
238
238
@@ -283,13 +283,13 @@ def _ldap_connection_factory(self, config):
283
283
server = ldap3 .Server (** args )
284
284
285
285
msg = "Creating a new LDAP connection"
286
- satosa_logging ( logger , logging . DEBUG , msg , None )
286
+ logger . debug ( msg )
287
287
288
288
msg = "Using LDAP URL {}" .format (ldap_url )
289
- satosa_logging ( logger , logging . DEBUG , msg , None )
289
+ logger . debug ( msg )
290
290
291
291
msg = "Using bind DN {}" .format (bind_dn )
292
- satosa_logging ( logger , logging . DEBUG , msg , None )
292
+ logger . debug ( msg )
293
293
294
294
auto_bind_string = config ["auto_bind" ]
295
295
auto_bind_map = {
@@ -309,9 +309,9 @@ def _ldap_connection_factory(self, config):
309
309
310
310
if client_strategy == ldap3 .REUSABLE :
311
311
msg = "Using pool size {}" .format (pool_size )
312
- satosa_logging ( logger , logging . DEBUG , msg , None )
312
+ logger . debug ( msg )
313
313
msg = "Using pool keep alive {}" .format (pool_keepalive )
314
- satosa_logging ( logger , logging . DEBUG , msg , None )
314
+ logger . debug ( msg )
315
315
316
316
try :
317
317
connection = ldap3 .Connection (
@@ -327,16 +327,16 @@ def _ldap_connection_factory(self, config):
327
327
pool_keepalive = pool_keepalive ,
328
328
)
329
329
msg = "Successfully connected to LDAP server"
330
- satosa_logging ( logger , logging . DEBUG , msg , None )
330
+ logger . debug ( msg )
331
331
332
332
except LDAPException as e :
333
333
msg = "Caught exception when connecting to LDAP server: {}"
334
334
msg = msg .format (e )
335
- satosa_logging ( logger , logging . ERROR , msg , None )
335
+ logger . error ( msg )
336
336
raise LdapAttributeStoreError (msg )
337
337
338
338
msg = "Successfully connected to LDAP server"
339
- satosa_logging ( logger , logging . DEBUG , msg , None )
339
+ logger . debug ( msg )
340
340
341
341
return connection
342
342
@@ -348,7 +348,7 @@ def _populate_attributes(self, config, record):
348
348
ldap_attributes = record .get ("attributes" , None )
349
349
if not ldap_attributes :
350
350
msg = "No attributes returned with LDAP record"
351
- satosa_logging ( logger , logging . DEBUG , msg , None )
351
+ logger . debug ( msg )
352
352
return
353
353
354
354
ldap_to_internal_map = (
@@ -373,8 +373,8 @@ def _populate_attributes(self, config, record):
373
373
else [values ]
374
374
)
375
375
msg = "Recording internal attribute {} with values {}"
376
- msg = msg .format (internal_attr , attributes [internal_attr ])
377
- satosa_logging ( logger , logging . DEBUG , msg , None )
376
+ logline = msg .format (internal_attr , attributes [internal_attr ])
377
+ logger . debug ( logline )
378
378
379
379
return attributes
380
380
@@ -408,12 +408,14 @@ def process(self, context, data):
408
408
"issuer" : issuer ,
409
409
"config" : self ._filter_config (config ),
410
410
}
411
- satosa_logging (logger , logging .DEBUG , msg , context .state )
411
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
412
+ logger .debug (logline )
412
413
413
414
# Ignore this SP entirely if so configured.
414
415
if config ["ignore" ]:
415
416
msg = "Ignoring SP {}" .format (requester )
416
- satosa_logging (logger , logging .INFO , msg , context .state )
417
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
418
+ logger .info (logline )
417
419
return super ().process (context , data )
418
420
419
421
# The list of values for the LDAP search filters that will be tried in
@@ -437,7 +439,8 @@ def process(self, context, data):
437
439
if filter_value
438
440
]
439
441
msg = {"message" : "Search filters" , "filter_values" : filter_values }
440
- satosa_logging (logger , logging .DEBUG , msg , context .state )
442
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
443
+ logger .debug (logline )
441
444
442
445
# Initialize an empty LDAP record. The first LDAP record found using
443
446
# the ordered # list of search filter values will be the record used.
@@ -450,7 +453,8 @@ def process(self, context, data):
450
453
"message" : "LDAP server host" ,
451
454
"server host" : connection .server .host ,
452
455
}
453
- satosa_logging (logger , logging .DEBUG , msg , context .state )
456
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
457
+ logger .debug (logline )
454
458
455
459
for filter_val in filter_values :
456
460
ldap_ident_attr = config ["ldap_identifier_attribute" ]
@@ -459,7 +463,8 @@ def process(self, context, data):
459
463
"message" : "LDAP query with constructed search filter" ,
460
464
"search filter" : search_filter ,
461
465
}
462
- satosa_logging (logger , logging .DEBUG , msg , context .state )
466
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
467
+ logger .debug (logline )
463
468
464
469
attributes = (
465
470
config ["query_return_attributes" ]
@@ -480,13 +485,15 @@ def process(self, context, data):
480
485
exp_msg = "Caught unhandled exception: {}" .format (err )
481
486
482
487
if exp_msg :
483
- satosa_logging (logger , logging .ERROR , exp_msg , context .state )
488
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = exp_msg )
489
+ logger .error (logline )
484
490
return super ().process (context , data )
485
491
486
492
if not results :
487
493
msg = "Querying LDAP server: No results for {}."
488
494
msg = msg .format (filter_val )
489
- satosa_logging (logger , logging .DEBUG , msg , context .state )
495
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
496
+ logger .debug (logline )
490
497
continue
491
498
492
499
if isinstance (results , bool ):
@@ -495,17 +502,20 @@ def process(self, context, data):
495
502
responses = connection .get_response (results )[0 ]
496
503
497
504
msg = "Done querying LDAP server"
498
- satosa_logging (logger , logging .DEBUG , msg , context .state )
505
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
506
+ logger .debug (logline )
499
507
msg = "LDAP server returned {} records" .format (len (responses ))
500
- satosa_logging (logger , logging .INFO , msg , context .state )
508
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
509
+ logger .info (logline )
501
510
502
511
# For now consider only the first record found (if any).
503
512
if len (responses ) > 0 :
504
513
if len (responses ) > 1 :
505
514
msg = "LDAP server returned {} records using search filter"
506
515
msg = msg + " value {}"
507
516
msg = msg .format (len (responses ), filter_val )
508
- satosa_logging (logger , logging .WARN , msg , context .state )
517
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
518
+ logger .warning (logline )
509
519
record = responses [0 ]
510
520
break
511
521
@@ -514,7 +524,8 @@ def process(self, context, data):
514
524
if config ["clear_input_attributes" ]:
515
525
msg = "Clearing values for these input attributes: {}"
516
526
msg = msg .format (data .attributes )
517
- satosa_logging (logger , logging .DEBUG , msg , context .state )
527
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
528
+ logger .debug (logline )
518
529
data .attributes = {}
519
530
520
531
# This adapts records with different search and connection strategy
@@ -538,7 +549,8 @@ def process(self, context, data):
538
549
"DN" : record ["dn" ],
539
550
"attributes" : record ["attributes" ],
540
551
}
541
- satosa_logging (logger , logging .DEBUG , msg , context .state )
552
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
553
+ logger .debug (logline )
542
554
543
555
# Populate attributes as configured.
544
556
new_attrs = self ._populate_attributes (config , record )
@@ -555,16 +567,18 @@ def process(self, context, data):
555
567
if user_ids :
556
568
data .subject_id = "" .join (user_ids )
557
569
msg = "NameID value is {}" .format (data .subject_id )
558
- satosa_logging ( logger , logging . DEBUG , msg , None )
570
+ logger . debug ( msg )
559
571
560
572
# Add the record to the context so that later microservices
561
573
# may use it if required.
562
574
context .decorate (KEY_FOUND_LDAP_RECORD , record )
563
575
msg = "Added record {} to context" .format (record )
564
- satosa_logging (logger , logging .DEBUG , msg , context .state )
576
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
577
+ logger .debug (logline )
565
578
else :
566
579
msg = "No record found in LDAP so no attributes will be added"
567
- satosa_logging (logger , logging .WARN , msg , context .state )
580
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
581
+ logger .warning (logline )
568
582
on_ldap_search_result_empty = config ["on_ldap_search_result_empty" ]
569
583
if on_ldap_search_result_empty :
570
584
# Redirect to the configured URL with
@@ -578,9 +592,11 @@ def process(self, context, data):
578
592
encoded_idp_entity_id ,
579
593
)
580
594
msg = "Redirecting to {}" .format (url )
581
- satosa_logging (logger , logging .INFO , msg , context .state )
595
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
596
+ logger .info (logline )
582
597
return Redirect (url )
583
598
584
599
msg = "Returning data.attributes {}" .format (data .attributes )
585
- satosa_logging (logger , logging .DEBUG , msg , context .state )
600
+ logline = lu .LOG_FMT .format (id = lu .get_session_id (context .state ), message = msg )
601
+ logger .debug (logline )
586
602
return super ().process (context , data )
0 commit comments