🚚 Rename disable-groups-of-groups to disable-mirrored-groups

Author: jemrobinson

README.md

@@ -67,7 +67,9 @@ member: <DN for each user belonging to this group>
 
 ## Primary groups
 
-Note that each user will have an associated group to act as its POSIX user primary group
+:exclamation: You can disable the creation of mirrored groups with the `--disable-primary-groups` command line option :exclamation:
+
+Apricot creates an associated group for each user, which acts as its POSIX user primary group.
 
 For example:
 

apricot/apricot_server.py

@@ -22,7 +22,7 @@ def __init__(
         port: int,
         *,
         debug: bool = False,
-        enable_group_of_groups: bool,
+        enable_mirrored_groups: bool,
         redis_host: str | None = None,
         redis_port: int | None = None,
         **kwargs: Any,
@@ -64,7 +64,7 @@ def __init__(
         if self.debug:
             log.msg("Creating an LDAPServerFactory.")
         factory = OAuthLDAPServerFactory(
-            domain, oauth_client, enable_group_of_groups=enable_group_of_groups
+            domain, oauth_client, enable_mirrored_groups=enable_mirrored_groups
         )
 
         # Attach a listening endpoint

apricot/ldap/oauth_ldap_server_factory.py

@@ -9,15 +9,15 @@
 
 class OAuthLDAPServerFactory(ServerFactory):
     def __init__(
-        self, domain: str, oauth_client: OAuthClient, *, enable_group_of_groups: bool
+        self, domain: str, oauth_client: OAuthClient, *, enable_mirrored_groups: bool
     ):
         """
         Initialise an LDAPServerFactory
 
         @param oauth_client: An OAuth client used to construct the LDAP tree
         """
         # Create an LDAP lookup tree
-        self.adaptor = OAuthLDAPTree(domain, oauth_client, enable_group_of_groups)
+        self.adaptor = OAuthLDAPTree(domain, oauth_client, enable_mirrored_groups)
 
     def __repr__(self) -> str:
         return f"{self.__class__.__name__} using adaptor {self.adaptor}"

apricot/ldap/oauth_ldap_tree.py

@@ -18,7 +18,7 @@ def __init__(
         domain: str,
         oauth_client: OAuthClient,
         *,
-        enable_group_of_groups: bool,
+        enable_mirrored_groups: bool,
         refresh_interval: int = 60,
     ) -> None:
         """
@@ -34,7 +34,7 @@ def __init__(
         self.oauth_client = oauth_client
         self.refresh_interval = refresh_interval
         self.root_: OAuthLDAPEntry | None = None
-        self.enable_group_of_groups = enable_group_of_groups
+        self.enable_mirrored_groups = enable_mirrored_groups
 
     @property
     def dn(self) -> DistinguishedName:
@@ -56,7 +56,7 @@ def root(self) -> OAuthLDAPEntry:
             oauth_adaptor = OAuthDataAdaptor(
                 self.domain,
                 self.oauth_client,
-                enable_group_of_groups=self.enable_group_of_groups,
+                enable_mirrored_groups=self.enable_mirrored_groups,
             )
 
             # Create a root node for the tree

apricot/oauth/oauth_data_adaptor.py

@@ -22,12 +22,12 @@ class OAuthDataAdaptor:
     """Adaptor for converting raw user and group data into LDAP format."""
 
     def __init__(
-        self, domain: str, oauth_client: OAuthClient, *, enable_group_of_groups: bool
+        self, domain: str, oauth_client: OAuthClient, *, enable_mirrored_groups: bool
     ):
         self.debug = oauth_client.debug
         self.oauth_client = oauth_client
         self.root_dn = "DC=" + domain.replace(".", ",DC=")
-        self.enable_group_of_groups = enable_group_of_groups
+        self.enable_mirrored_groups = enable_mirrored_groups
 
         # Retrieve and validate user and group information
         annotated_groups, annotated_users = self._retrieve_entries()
@@ -108,7 +108,7 @@ def _retrieve_entries(
         # Add one group of groups for each existing group.
         # Its members are the primary user groups for each original group member.
         groups_of_groups = []
-        if self.enable_group_of_groups:
+        if self.enable_mirrored_groups:
             for group in oauth_groups:
                 group_dict = {}
                 group_dict["cn"] = f"Primary user groups for {group['cn']}"

docker/entrypoint.sh

@@ -37,8 +37,8 @@ if [ -n "${DEBUG}" ]; then
     EXTRA_OPTS="${EXTRA_OPTS} --debug"
 fi
 
-if [ -n "${DISABLE_GROUP_OF_GROUPS}" ]; then
-    EXTRA_OPTS="${EXTRA_OPTS} --disable-group-of-groups"
+if [ -n "${DISABLE_MIRRORED_GROUPS}" ]; then
+    EXTRA_OPTS="${EXTRA_OPTS} --disable-mirrored-groups"
 fi
 
 if [ -n "${ENTRA_TENANT_ID}" ]; then

run.py

@@ -16,9 +16,9 @@
         parser.add_argument("-i", "--client-id", type=str, help="OAuth client ID.")
         parser.add_argument("-p", "--port", type=int, default=1389, help="Port to run on.")
         parser.add_argument("-s", "--client-secret", type=str, help="OAuth client secret.")
-        parser.add_argument("--disable-group-of-groups", action="store_false",
-                             dest="enable_group_of_groups", default=True,
-                             help="Disable creation of group-of-groups.")
+        parser.add_argument("--disable-mirrored-groups", action="store_false",
+                             dest="enable_mirrored", default=True,
+                             help="Disable creation of mirrored groups.")
         parser.add_argument("--debug", action="store_true", help="Enable debug logging.")
         # Options for Microsoft Entra backend
         entra_group = parser.add_argument_group("Microsoft Entra")