canonical · nrobinaubertin · Feb 3, 2023 · Jan 22, 2023 · Jan 25, 2023 · Jan 25, 2023
@@ -3,3 +3,4 @@
 
 # Include the files directory
 !files/*
+!plugins/*
@@ -8,3 +8,4 @@ __pycache__/
 .idea
 .vscode
 .mypy_cache
+*.egg-info/
@@ -1,2 +1,12 @@
 refresh-external-resources:
   description: Pull changes from the customization repository, reload uWSGI and upgrade the external plugins
+add-admin:
+  description: Add an admin to Indico
+  params:
+    email:
+      type: string
+      description: User email.
+    password:
+      type: string
+      description: User password.
+  required: [email, password]
@@ -32,13 +32,17 @@ RUN apt-get update \
     && addgroup --gid ${indico_gid} indico \
     && adduser --system --gid ${indico_gid} --uid ${indico_uid} --home /srv/indico indico
 
+# Add our plugins
+COPY --chown=indico:indico plugins /srv/indico/plugins
+
 USER indico
 RUN python3 -m pip install --no-cache-dir --no-warn-script-location --prefer-binary \
     indico==3.2.0 \
     indico-plugin-piwik \
     indico-plugin-storage-s3 \
-    python-ldap \
     python3-saml \
+    python-ldap \
+    /srv/indico/plugins/autocreate \
     uwsgi \
     && /bin/bash -c "mkdir -p --mode=775 /srv/indico/{archive,cache,custom,etc,log,tmp}" \
     && /bin/bash -c "chown indico:indico /srv/indico /srv/indico/{archive,cache,custom,etc,log,tmp,.local}" \

@@ -0,0 +1,3 @@
+# Autocreate Plugin
+
+Extends the indico CLI to add a non-interactive way to create users
@@ -0,0 +1,5 @@
+#!/usr/bin/env python3
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""Create users non-interactively."""
@@ -0,0 +1,74 @@
+#!/usr/bin/env python3
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""Create users non-interactively."""
+
+import click
+from indico.cli.core import cli_group
+from indico.core.db import db
+from indico.modules.auth import Identity
+from indico.modules.users import User
+from indico.modules.users.operations import create_user
+from indico.modules.users.util import search_users
+
+
+@cli_group(name="autocreate")
+def cli():
+    """Create users non-interactively."""
+
+
+@cli.command("admin")
+@click.argument("email", type=str)
+@click.argument("password", type=str)
+@click.pass_context
+def create_admin(ctx, email, password):
+    """Create a new admin user non-interactively."""
+
+    email = email.lower()
+    username = email
+    first_name = "unknown"
+    last_name = "unknown"
+    affiliation = "unknown"
+
+    if User.query.filter(User.all_emails == email, ~User.is_deleted, ~User.is_pending).has_rows():
+        click.secho("This user already exists", fg="red")
+        ctx.exit(1)
+
+    if password == "":
+        click.secho("Password should not be empty", fg="red")
+        ctx.exit(1)
+
+    if Identity.query.filter_by(provider="indico", identifier=username).has_rows():
+        click.secho("Username already exists", fg="red")
+        ctx.exit(1)
+
+    identity = Identity(provider="indico", identifier=username, password=password)
+    user = create_user(
+        email,
+        {"first_name": first_name, "last_name": last_name, "affiliation": affiliation},
+        identity,
+    )
+    user.is_admin = True
+
+    # db.session has add()
+    db.session.add(user)  # pylint: disable=no-member
+    # db.session has commit()
+    db.session.commit()  # pylint: disable=no-member
+
+    # search the created user
+    res = search_users(
+        exact=True,
+        include_deleted=False,
+        include_pending=False,
+        include_blocked=False,
+        external=False,
+        allow_system_user=False,
+        email=email,
+    )
+
+    if not res:
+        click.secho("Admin was not correctly created", fg="red")
+        ctx.exit(1)
+
+    click.secho(f'Admin with email "{res.pop().email}" correctly created', fg="green")
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+"""Connect our CLI plugin to the existing Indico's CLI."""
+
+from autocreate.cli import cli
+from indico.core import signals
+from indico.core.plugins import IndicoPlugin
+
+
+class AutocreatePlugin(IndicoPlugin):
+    """Autocreate
+
+    Provides a way to non-interactively create users via Indico's CLI
+    """
+
+    def init(self):
+        super().init()
+        self.connect(signals.plugin.cli, self._extend_indico_cli)
+
+    def _extend_indico_cli(self):
+        return cli
@@ -0,0 +1,28 @@
+[metadata]
+name = indico-plugin-autocreate
+version = 3.2
+description = Extends the indico CLI to add a non-interactive way to create users
+long_description = file: README.md
+long_description_content_type = text/markdown; charset=UTF-8; variant=GFM
+url = https://github.com/canonical/indico-operator
+license = Apache License 2.0
+author = launchpad.net/~canonical-is-devops
+author_email = [email protected]
+classifiers =
+    Environment :: Plugins
+    Environment :: Web Environment
+    License :: OSI Approved :: Apache Software License
+    Programming Language :: Python :: 3.9
+    Programming Language :: Python :: 3.10
+
+[options]
+packages = find:
+zip_safe = false
+include_package_data = true
+python_requires = >=3.9.0, <3.11
+install_requires =
+    indico>=3.2
+
+[options.entry_points]
+indico.plugins =
+    autocreate = autocreate.plugin:AutocreatePlugin
@@ -0,0 +1,5 @@
+"""Extends the indico CLI to add a non-interactive way to create users."""
+
+from setuptools import setup
+
+setup()
@@ -29,6 +29,8 @@
 )
 from ops.pebble import ExecError
 
+logger = logging.getLogger(__name__)
+
 CANONICAL_LDAP_HOST = "ldap.canonical.com"
 CELERY_PROMEXP_PORT = "9808"
 DATABASE_NAME = "indico"
@@ -70,6 +72,7 @@ def __init__(self, *args):
             self.on.refresh_external_resources_action, self._refresh_external_resources_action
         )
         # self.framework.observe(self.on.update_status, self._refresh_external_resources)
+        self.framework.observe(self.on.add_admin_action, self._add_admin_action)
 
         self._stored.set_default(
             db_conn_str=None,
@@ -689,6 +692,10 @@ def _get_indico_env_config(self, container: Container) -> Dict:
             env_config = {**env_config, **self._get_http_proxy_configuration()}
         return env_config
 
+    def _get_indico_env_config_str(self, container: Container) -> Dict[str, str]:
+        indico_env_config = self._get_indico_env_config(container)
+        return {k: str(v) for k, v in indico_env_config.items()}
+
     def _get_http_proxy_configuration(self) -> Dict[str, str]:
         """Generate http proxy config.
 
@@ -905,6 +912,41 @@ def _has_secrets(self) -> bool:
         # check if the other end of a relation also supports secrets...
         return juju_version.has_secrets
 
+    def _add_admin_action(self, event: ActionEvent) -> None:
+        """Add a new user to Indico.
+
+        Args:
+            event: Event triggered by the add_admin action
+        """
+        container = self.unit.get_container("indico")
+        indico_env_config = self._get_indico_env_config_str(container)
+
+        cmd = [
+            "/srv/indico/.local/bin/indico",
+            "autocreate",
+            "admin",
+            event.params["email"],
+            event.params["password"],
+        ]
+
+        if container.can_connect():
+            process = container.exec(
+                cmd,
+                user="indico",
+                working_dir="/srv/indico",
+                environment=indico_env_config,
+            )
+            try:
+                output = process.wait_output()
+                event.set_results({"user": f"{event.params['email']}", "output": output})
+            except ExecError as ex:
+                logger.exception("Action add-admin failed: %s", ex.stdout)
+
+                event.fail(
+                    # Parameter validation errors are printed to stdout
+                    f"Failed to create admin {event.params['email']}: {ex.stdout!r}"
+                )
+
 
 if __name__ == "__main__":  # pragma: no cover
     main(IndicoOperatorCharm, use_juju_for_storage=True)
@@ -1,9 +1,10 @@
 #!/usr/bin/env python3
-# Copyright 2022 Canonical Ltd.
+# Copyright 2023 Canonical Ltd.
 # See LICENSE file for licensing details.
 
 """Indico charm integration tests."""
 
+import juju.action
 import pytest
 import requests
 from ops.model import ActiveStatus, Application
@@ -94,3 +95,29 @@ async def test_health_checks(app: Application):
             assert stdout.count("0/3") == 1
         else:
             assert stdout.count("0/3") == 2
+
+
+@pytest.mark.asyncio
+@pytest.mark.abort_on_fail
+async def test_add_admin(app: Application):
+    """
+    arrange: given charm in its initial state
+    act: run the add-admin action
+    assert: check the output in the action result
+    """
+
+    # Application actually does have units
+    assert app.units[0]  # type: ignore
+
+    email = "[email protected]"
+    # This is a test password
+    password = "somepassword"  # nosec
+
+    # Application actually does have units
+    action: juju.action.Action = await app.units[0].run_action(  # type: ignore
+        "add-admin", email=email, password=password
+    )
+    await action.wait()
+    assert action.status == "completed"
+    assert action.results["user"] == email
+    assert f'Admin with email "{email}" correctly created' in action.results["output"]