httpd_configmap_generator 0.2.1 → 0.3.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.codeclimate.yml +16 -0
- data/.gitignore +0 -2
- data/.rubocop.yml +4 -0
- data/.rubocop_cc.yml +4 -0
- data/.rubocop_local.yml +0 -0
- data/.travis.yml +11 -4
- data/.yamllint +11 -0
- data/Dockerfile +11 -3
- data/Gemfile.lock +101 -0
- data/README-oidc.md +39 -0
- data/README.md +12 -29
- data/bin/httpd_configmap_generator +5 -5
- data/httpd_configmap_generator.gemspec +2 -2
- data/lib/httpd_configmap_generator/active_directory.rb +2 -2
- data/lib/httpd_configmap_generator/base/config_map.rb +13 -8
- data/lib/httpd_configmap_generator/base.rb +1 -4
- data/lib/httpd_configmap_generator/ipa.rb +11 -0
- data/lib/httpd_configmap_generator/ldap.rb +3 -2
- data/lib/httpd_configmap_generator/oidc.rb +48 -0
- data/lib/httpd_configmap_generator/saml.rb +3 -1
- data/lib/httpd_configmap_generator/version.rb +1 -1
- data/lib/httpd_configmap_generator.rb +1 -0
- metadata +23 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 74ce527f79c3ee674c52b811ae9075dc19eab97f5e5d7fe53e01a01ba95d41d1
|
4
|
+
data.tar.gz: e5fa88f3cb90605d125a188f16ab5f98d6ee517c6e42b4d77d573c630ae79a19
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ce0ad42aad3f3b7ba09d1370e0a4efe05c888fa01b7c45bc78da1871802cb515b419c6deed83b8cd8d7a3b329c3d9cf3b9907395ee6f96dbf5c0be983ae2b6d
|
7
|
+
data.tar.gz: f6c95ce7d686c3330d06b12cbaf8d8320d769b244320e83973128c45ff55841f7030a7be03b31a039358ca822ed7ae8c85f26bfc8e541b1ea15c75ecd1cc4f2a
|
data/.codeclimate.yml
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
prepare:
|
2
|
+
fetch:
|
3
|
+
- url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_base.yml
|
4
|
+
path: ".rubocop_base.yml"
|
5
|
+
- url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_cc_base.yml
|
6
|
+
path: ".rubocop_cc_base.yml"
|
7
|
+
- url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/base.yml
|
8
|
+
path: styles/base.yml
|
9
|
+
- url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/cc_base.yml
|
10
|
+
path: styles/cc_base.yml
|
11
|
+
plugins:
|
12
|
+
rubocop:
|
13
|
+
enabled: true
|
14
|
+
config: ".rubocop_cc.yml"
|
15
|
+
channel: rubocop-0-82
|
16
|
+
version: '2'
|
data/.gitignore
CHANGED
data/.rubocop.yml
ADDED
data/.rubocop_cc.yml
ADDED
data/.rubocop_local.yml
ADDED
File without changes
|
data/.travis.yml
CHANGED
@@ -1,10 +1,17 @@
|
|
1
|
+
---
|
1
2
|
language: ruby
|
3
|
+
dist: bionic
|
2
4
|
rvm:
|
3
|
-
-
|
4
|
-
-
|
5
|
-
sudo: false
|
5
|
+
- 2.6.6
|
6
|
+
- 2.7.2
|
6
7
|
cache: bundler
|
7
|
-
|
8
|
+
before_script:
|
9
|
+
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64
|
10
|
+
> ./cc-test-reporter
|
11
|
+
- chmod +x ./cc-test-reporter
|
12
|
+
- "./cc-test-reporter before-build"
|
13
|
+
after_script:
|
14
|
+
- "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
|
8
15
|
notifications:
|
9
16
|
webhooks:
|
10
17
|
urls:
|
data/.yamllint
ADDED
data/Dockerfile
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
FROM manageiq/httpd:latest
|
1
|
+
FROM manageiq/httpd-init:latest
|
2
2
|
MAINTAINER ManageIQ https://github.com/ManageIQ
|
3
3
|
|
4
4
|
LABEL name="httpd-configmap-generator" \
|
@@ -11,6 +11,14 @@ ENV HTTPD_AUTH_TYPE=internal \
|
|
11
11
|
HTTPD_AUTH_KERBEROS_REALMS=undefined \
|
12
12
|
TERM=xterm
|
13
13
|
|
14
|
-
RUN
|
14
|
+
RUN dnf -y --disableplugin=subscription-manager install \
|
15
|
+
https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
|
16
|
+
dnf -y --disableplugin=subscription-manager install \
|
17
|
+
authselect-compat \
|
18
|
+
openldap-clients \
|
19
|
+
pamtester && \
|
20
|
+
dnf clean all && \
|
21
|
+
rm -rf /var/cache/dnf
|
15
22
|
|
16
|
-
RUN
|
23
|
+
RUN bundle config --global without development:test
|
24
|
+
RUN gem install --no-document httpd_configmap_generator
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,101 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
httpd_configmap_generator (0.3.2)
|
5
|
+
activesupport (>= 5.0)
|
6
|
+
awesome_spawn (~> 1.4)
|
7
|
+
iniparse (~> 1.4)
|
8
|
+
more_core_extensions (~> 3.4)
|
9
|
+
optimist (~> 3.0)
|
10
|
+
|
11
|
+
GEM
|
12
|
+
remote: https://rubygems.org/
|
13
|
+
specs:
|
14
|
+
activesupport (6.1.4.1)
|
15
|
+
concurrent-ruby (~> 1.0, >= 1.0.2)
|
16
|
+
i18n (>= 1.6, < 2)
|
17
|
+
minitest (>= 5.1)
|
18
|
+
tzinfo (~> 2.0)
|
19
|
+
zeitwerk (~> 2.3)
|
20
|
+
ast (2.4.2)
|
21
|
+
awesome_spawn (1.5.0)
|
22
|
+
concurrent-ruby (1.1.9)
|
23
|
+
diff-lcs (1.4.4)
|
24
|
+
docile (1.4.0)
|
25
|
+
i18n (1.8.10)
|
26
|
+
concurrent-ruby (~> 1.0)
|
27
|
+
iniparse (1.5.0)
|
28
|
+
manageiq-style (1.3.1)
|
29
|
+
more_core_extensions
|
30
|
+
optimist
|
31
|
+
rubocop (~> 1.13)
|
32
|
+
rubocop-performance
|
33
|
+
rubocop-rails
|
34
|
+
minitest (5.14.4)
|
35
|
+
more_core_extensions (3.8.0)
|
36
|
+
activesupport
|
37
|
+
optimist (3.0.1)
|
38
|
+
parallel (1.21.0)
|
39
|
+
parser (3.0.2.0)
|
40
|
+
ast (~> 2.4.1)
|
41
|
+
rack (2.2.3)
|
42
|
+
rainbow (3.0.0)
|
43
|
+
rake (13.0.6)
|
44
|
+
regexp_parser (2.1.1)
|
45
|
+
rexml (3.2.5)
|
46
|
+
rspec (3.10.0)
|
47
|
+
rspec-core (~> 3.10.0)
|
48
|
+
rspec-expectations (~> 3.10.0)
|
49
|
+
rspec-mocks (~> 3.10.0)
|
50
|
+
rspec-core (3.10.1)
|
51
|
+
rspec-support (~> 3.10.0)
|
52
|
+
rspec-expectations (3.10.1)
|
53
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
54
|
+
rspec-support (~> 3.10.0)
|
55
|
+
rspec-mocks (3.10.2)
|
56
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
57
|
+
rspec-support (~> 3.10.0)
|
58
|
+
rspec-support (3.10.2)
|
59
|
+
rubocop (1.22.1)
|
60
|
+
parallel (~> 1.10)
|
61
|
+
parser (>= 3.0.0.0)
|
62
|
+
rainbow (>= 2.2.2, < 4.0)
|
63
|
+
regexp_parser (>= 1.8, < 3.0)
|
64
|
+
rexml
|
65
|
+
rubocop-ast (>= 1.12.0, < 2.0)
|
66
|
+
ruby-progressbar (~> 1.7)
|
67
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
68
|
+
rubocop-ast (1.12.0)
|
69
|
+
parser (>= 3.0.1.1)
|
70
|
+
rubocop-performance (1.11.5)
|
71
|
+
rubocop (>= 1.7.0, < 2.0)
|
72
|
+
rubocop-ast (>= 0.4.0)
|
73
|
+
rubocop-rails (2.12.2)
|
74
|
+
activesupport (>= 4.2.0)
|
75
|
+
rack (>= 1.1)
|
76
|
+
rubocop (>= 1.7.0, < 2.0)
|
77
|
+
ruby-progressbar (1.11.0)
|
78
|
+
simplecov (0.21.2)
|
79
|
+
docile (~> 1.1)
|
80
|
+
simplecov-html (~> 0.11)
|
81
|
+
simplecov_json_formatter (~> 0.1)
|
82
|
+
simplecov-html (0.12.3)
|
83
|
+
simplecov_json_formatter (0.1.3)
|
84
|
+
tzinfo (2.0.4)
|
85
|
+
concurrent-ruby (~> 1.0)
|
86
|
+
unicode-display_width (2.1.0)
|
87
|
+
zeitwerk (2.4.2)
|
88
|
+
|
89
|
+
PLATFORMS
|
90
|
+
ruby
|
91
|
+
x86_64-darwin-19
|
92
|
+
|
93
|
+
DEPENDENCIES
|
94
|
+
httpd_configmap_generator!
|
95
|
+
manageiq-style
|
96
|
+
rake
|
97
|
+
rspec (~> 3.0)
|
98
|
+
simplecov
|
99
|
+
|
100
|
+
BUNDLED WITH
|
101
|
+
2.2.24
|
data/README-oidc.md
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
# Httpd Configmap Generator - OpenID-Connect (OIDC)
|
2
|
+
|
3
|
+
This documents how to run the httpd\_configmap\_generator tool to configure the container against an OpenID-Connect (OIDC) identity provider.
|
4
|
+
|
5
|
+
## Usage for the `oidc` auth-type:
|
6
|
+
|
7
|
+
```
|
8
|
+
$ httpd_configmap_generator oidc --help
|
9
|
+
Options:
|
10
|
+
-o, --output=<s> Configuration map file to create
|
11
|
+
-u, --oidc-url=<s> OpenID-Connect Provider URL
|
12
|
+
-i, --oidc-client-id=<s> OpenID-Connect Provider Client ID
|
13
|
+
-s, --oidc-client-secret=<s> OpenID-Connect Provider Client Secret
|
14
|
+
-f, --force Force configuration if configured already
|
15
|
+
-d, --debug Enable debugging
|
16
|
+
-h, --help Show this message
|
17
|
+
|
18
|
+
```
|
19
|
+
|
20
|
+
### Examples:
|
21
|
+
|
22
|
+
Creates the extra data for the container:
|
23
|
+
|
24
|
+
```
|
25
|
+
$ httpd_configmap_generator oidc \
|
26
|
+
--force \
|
27
|
+
--oidc-url=http://my-keycloak:8080/auth/realms/miq/.well-known/openid-configuration \
|
28
|
+
--oidc-client-id=my-keycloak-oidc-client \
|
29
|
+
--oidc-client-secret=99999999-9999-9999-a999-99999a999999 \
|
30
|
+
--debug \
|
31
|
+
-o /tmp/external-oidc.yaml
|
32
|
+
```
|
33
|
+
|
34
|
+
The auth configmap file for oidc does not include any files. It only includes the following extra data:
|
35
|
+
|
36
|
+
* auth-oidc-provider-metadata-url
|
37
|
+
* auth-oidc-client-id
|
38
|
+
* auth-oidc-client-secret
|
39
|
+
|
data/README.md
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
# Httpd Configmap Generator
|
2
2
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/httpd_configmap_generator.svg)](http://badge.fury.io/rb/httpd_configmap_generator)
|
4
|
-
[![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
|
4
|
+
[![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg?branch=master)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator)
|
6
6
|
[![Test Coverage](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/badges/coverage.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/coverage)
|
7
7
|
[![Dependency Status](https://gemnasium.com/ManageIQ/httpd_configmap_generator.svg)](https://gemnasium.com/ManageIQ/httpd_configmap_generator)
|
@@ -28,7 +28,7 @@ httpd_configmap_generator 0.1.1 - External Authentication Configuration script
|
|
28
28
|
|
29
29
|
Usage: httpd_configmap_generator auth_type | update | export [--help | options]
|
30
30
|
|
31
|
-
supported auth_type: active-directory, ipa, ldap, saml
|
31
|
+
supported auth_type: active-directory, ipa, ldap, saml, oidc
|
32
32
|
|
33
33
|
httpd_configmap_generator options are:
|
34
34
|
-V, --version Version of the httpd_configmap_generator command
|
@@ -43,12 +43,13 @@ $ httpd_configmap_generator ipa --help
|
|
43
43
|
|
44
44
|
## Supported Authentication Types
|
45
45
|
|
46
|
-
|auth-type
|
47
|
-
|
48
|
-
| active-directory
|
49
|
-
| ipa
|
50
|
-
| ldap
|
51
|
-
| saml
|
46
|
+
|auth-type | Identity Provider/Environment | for usage: |
|
47
|
+
|-----------------------------------|--------------------------------------------------|-------------------------------------------------------|
|
48
|
+
| active-directory | Active Directory domain realm join | [README-active-directory](README-active-directory.md) |
|
49
|
+
| ipa | IPA, IPA 2-factor authentication, IPA/AD Trust | [README-ipa](README-ipa.md) |
|
50
|
+
| ldap | Ldap directories | [README-ldap](README-ldap.md) |
|
51
|
+
| saml | Keycloak, etc. | [README-saml](README-saml.md) |
|
52
|
+
| OpenID-Connect (oidc) | Keycloak, etc. | [README-oidc](README-oidc.md) |
|
52
53
|
|
53
54
|
___
|
54
55
|
|
@@ -260,8 +261,6 @@ ___
|
|
260
261
|
|
261
262
|
### Pre-deployment tasks
|
262
263
|
|
263
|
-
#### If running without OCI systemd hooks (Minishift)
|
264
|
-
|
265
264
|
The httpd-configmap-generator service account must be added to the httpd-scc-sysadmin SCC before the Httpd Configmap Generator can run.
|
266
265
|
|
267
266
|
##### As Admin
|
@@ -285,22 +284,6 @@ $ oc describe scc httpd-scc-sysadmin | grep Users
|
|
285
284
|
Users: system:serviceaccount:<your-namespace>:httpd-configmap-generator
|
286
285
|
```
|
287
286
|
|
288
|
-
#### If running with OCI systemd hooks
|
289
|
-
|
290
|
-
##### As Admin
|
291
|
-
|
292
|
-
```
|
293
|
-
$ oc adm policy add-scc-to-user anyuid system:serviceaccount:<your-namespace>:httpd-configmap-generator
|
294
|
-
```
|
295
|
-
|
296
|
-
Verify that the httpd-configmap-generator service account is included in the anyuid SCC:
|
297
|
-
|
298
|
-
```
|
299
|
-
$ oc describe scc anyuid | grep Users
|
300
|
-
Users: system:serviceaccount:<your-namespace>:httpd-configmap-generator
|
301
|
-
```
|
302
|
-
|
303
|
-
|
304
287
|
### Deploy the Httpd Configmap Generator Application
|
305
288
|
|
306
289
|
As basic user
|
@@ -341,20 +324,20 @@ $ CONFIGMAP_GENERATOR_POD=`oc get pods | grep "httpd-configmap-generator" | cut
|
|
341
324
|
### Generating a configmap for external authentication against IPA
|
342
325
|
|
343
326
|
```
|
344
|
-
$ oc
|
327
|
+
$ oc exec $CONFIGMAP_GENERATOR_POD -- bash -c 'httpd_configmap_generator ipa ...
|
345
328
|
```
|
346
329
|
|
347
330
|
Example configuration:
|
348
331
|
|
349
332
|
```
|
350
|
-
$ oc
|
333
|
+
$ oc exec $CONFIGMAP_GENERATOR_POD -- bash -c 'httpd_configmap_generator ipa \
|
351
334
|
--host=appliance.example.com \
|
352
335
|
--ipa-server=ipaserver.example.com \
|
353
336
|
--ipa-domain=example.com \
|
354
337
|
--ipa-realm=EXAMPLE.COM \
|
355
338
|
--ipa-principal=admin \
|
356
339
|
--ipa-password=smartvm1 \
|
357
|
-
-o /tmp/external-ipa.yaml
|
340
|
+
-o /tmp/external-ipa.yaml'
|
358
341
|
```
|
359
342
|
|
360
343
|
`--host` above must be the DNS of the application exposing the httpd auth pod,
|
@@ -8,7 +8,7 @@
|
|
8
8
|
#
|
9
9
|
|
10
10
|
Dir.chdir(__dir__) { require "bundler/setup" }
|
11
|
-
require "
|
11
|
+
require "optimist"
|
12
12
|
require "httpd_configmap_generator"
|
13
13
|
|
14
14
|
CMD = File.basename($PROGRAM_NAME)
|
@@ -23,14 +23,14 @@ module HttpdConfigmapGenerator
|
|
23
23
|
SUB_COMMANDS = [HttpdConfigmapGenerator.supported_auth_types] | %w(update export)
|
24
24
|
|
25
25
|
def run
|
26
|
-
|
26
|
+
Optimist.options do
|
27
27
|
version("#{CMD} #{HttpdConfigmapGenerator::VERSION} - External Authentication Configuration script")
|
28
28
|
banner <<-EOS
|
29
29
|
#{version}
|
30
30
|
|
31
31
|
Usage: #{CMD} auth_type | update | export [--help | options]
|
32
32
|
|
33
|
-
supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
|
33
|
+
supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.sort.join(', ')}
|
34
34
|
|
35
35
|
#{CMD} options are:
|
36
36
|
EOS
|
@@ -40,7 +40,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
|
|
40
40
|
end
|
41
41
|
|
42
42
|
auth_type = ARGV.shift
|
43
|
-
|
43
|
+
Optimist.die "Must specify an authentication type" if auth_type.nil?
|
44
44
|
|
45
45
|
begin
|
46
46
|
auth_config =
|
@@ -53,7 +53,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
|
|
53
53
|
error_msg(err.to_s)
|
54
54
|
end
|
55
55
|
|
56
|
-
params =
|
56
|
+
params = Optimist.options do
|
57
57
|
auth_config.required_options.each do |key, key_options|
|
58
58
|
opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options, true)
|
59
59
|
end
|
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
|
|
23
23
|
s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) } - %w(console setup)
|
24
24
|
s.require_paths = ["lib"]
|
25
25
|
|
26
|
-
s.add_development_dependency "
|
26
|
+
s.add_development_dependency "manageiq-style"
|
27
27
|
s.add_development_dependency "rspec", "~> 3.0"
|
28
28
|
s.add_development_dependency "rake"
|
29
29
|
s.add_development_dependency "simplecov"
|
@@ -32,5 +32,5 @@ Gem::Specification.new do |s|
|
|
32
32
|
s.add_dependency "awesome_spawn", "~> 1.4"
|
33
33
|
s.add_dependency "iniparse", "~> 1.4"
|
34
34
|
s.add_dependency "more_core_extensions", "~> 3.4"
|
35
|
-
s.add_dependency "
|
35
|
+
s.add_dependency "optimist", "~> 3.0"
|
36
36
|
end
|
@@ -9,6 +9,8 @@ module HttpdConfigmapGenerator
|
|
9
9
|
|
10
10
|
def required_options
|
11
11
|
super.merge(
|
12
|
+
:host => { :description => "Application Domain",
|
13
|
+
:short => "-h" },
|
12
14
|
:ad_domain => { :description => "Active Directory Domain" },
|
13
15
|
:ad_user => { :description => "Active Directory User" },
|
14
16
|
:ad_password => { :description => "Active Directory Password" }
|
@@ -34,10 +36,8 @@ module HttpdConfigmapGenerator
|
|
34
36
|
/etc/pam.d/postlogin-ac
|
35
37
|
/etc/pam.d/smartcard-auth-ac
|
36
38
|
/etc/pam.d/system-auth-ac
|
37
|
-
/etc/resolv.conf
|
38
39
|
/etc/sssd/sssd.conf
|
39
40
|
/etc/sysconfig/authconfig
|
40
|
-
/etc/sysconfig/network
|
41
41
|
)
|
42
42
|
end
|
43
43
|
|
@@ -16,11 +16,11 @@ module HttpdConfigmapGenerator
|
|
16
16
|
@config_map = template
|
17
17
|
end
|
18
18
|
|
19
|
-
def generate(auth_type, realm, file_list)
|
19
|
+
def generate(auth_type, realm = "undefined", file_list = nil, metadata = {})
|
20
20
|
info_msg("Generating Auth Config-Map for #{auth_type}")
|
21
21
|
@config_map = template(auth_type, realm)
|
22
22
|
file_specs = gen_filespecs(file_list)
|
23
|
-
define_configuration(file_specs)
|
23
|
+
define_configuration(file_specs, metadata)
|
24
24
|
include_files(file_specs)
|
25
25
|
end
|
26
26
|
|
@@ -71,7 +71,7 @@ module HttpdConfigmapGenerator
|
|
71
71
|
file_specs = []
|
72
72
|
file_list.each do |file|
|
73
73
|
file_specs << file_entry_spec(file.strip)
|
74
|
-
end
|
74
|
+
end unless file_list.nil?
|
75
75
|
file_specs.sort_by { |file_spec| file_spec[:basename] }
|
76
76
|
end
|
77
77
|
|
@@ -135,7 +135,7 @@ module HttpdConfigmapGenerator
|
|
135
135
|
}
|
136
136
|
end
|
137
137
|
|
138
|
-
def update_configuration(file_specs)
|
138
|
+
def update_configuration(file_specs, metadata={})
|
139
139
|
auth_configuration = fetch_auth_configuration
|
140
140
|
return define_configuration(file_specs) unless auth_configuration
|
141
141
|
# first, remove any file_specs references in the file list, we don't want duplication here.
|
@@ -146,7 +146,7 @@ module HttpdConfigmapGenerator
|
|
146
146
|
end
|
147
147
|
auth_configuration = auth_configuration.join("\n") + "\n"
|
148
148
|
# now, append any of the new file_specs at the end of the list.
|
149
|
-
append_configuration(auth_configuration, file_specs)
|
149
|
+
append_configuration(auth_configuration, file_specs, metadata)
|
150
150
|
end
|
151
151
|
|
152
152
|
def search_file_entry(target_file)
|
@@ -157,9 +157,9 @@ module HttpdConfigmapGenerator
|
|
157
157
|
entry ? entry.first.split('=')[1].strip.split(' ') : nil
|
158
158
|
end
|
159
159
|
|
160
|
-
def define_configuration(file_specs)
|
160
|
+
def define_configuration(file_specs, metadata={})
|
161
161
|
auth_configuration = "# External Authentication Configuration File\n#\n"
|
162
|
-
append_configuration(auth_configuration, file_specs)
|
162
|
+
append_configuration(auth_configuration, file_specs, metadata)
|
163
163
|
end
|
164
164
|
|
165
165
|
def include_files(file_specs)
|
@@ -175,12 +175,17 @@ module HttpdConfigmapGenerator
|
|
175
175
|
file_spec[:binary] ? "#{file_spec[:basename]}.base64" : file_spec[:basename]
|
176
176
|
end
|
177
177
|
|
178
|
-
def append_configuration(auth_configuration, file_specs)
|
178
|
+
def append_configuration(auth_configuration, file_specs, metadata)
|
179
179
|
file_specs.each do |file_spec|
|
180
180
|
debug_msg("Adding file #{file_spec[:target]} ...")
|
181
181
|
auth_configuration += "file = #{file_basename(file_spec)} #{file_spec[:target]} #{file_spec[:mode]}\n"
|
182
182
|
end
|
183
183
|
config_map[DATA_SECTION] ||= {}
|
184
|
+
|
185
|
+
metadata.each do |key, value|
|
186
|
+
config_map[DATA_SECTION].merge!(key => value)
|
187
|
+
end
|
188
|
+
|
184
189
|
config_map[DATA_SECTION].merge!(AUTH_CONFIGURATION => auth_configuration)
|
185
190
|
end
|
186
191
|
|
@@ -54,10 +54,7 @@ module HttpdConfigmapGenerator
|
|
54
54
|
|
55
55
|
def required_options
|
56
56
|
{
|
57
|
-
:
|
58
|
-
:short => "-h" },
|
59
|
-
:output => { :description => "Configuration map file to create",
|
60
|
-
:short => "-o" }
|
57
|
+
:output => { :description => "Configuration map file to create", :short => "-o" }
|
61
58
|
}
|
62
59
|
end
|
63
60
|
|
@@ -1,3 +1,5 @@
|
|
1
|
+
require "socket"
|
2
|
+
|
1
3
|
module HttpdConfigmapGenerator
|
2
4
|
class Ipa < Base
|
3
5
|
IPA_INSTALL_COMMAND = "/usr/sbin/ipa-client-install".freeze
|
@@ -9,6 +11,8 @@ module HttpdConfigmapGenerator
|
|
9
11
|
|
10
12
|
def required_options
|
11
13
|
super.merge(
|
14
|
+
:host => { :description => "Application Domain",
|
15
|
+
:short => "-h" },
|
12
16
|
:ipa_server => { :description => "IPA Server FQDN" },
|
13
17
|
:ipa_password => { :description => "IPA Server Password" }
|
14
18
|
)
|
@@ -49,6 +53,7 @@ module HttpdConfigmapGenerator
|
|
49
53
|
end
|
50
54
|
|
51
55
|
def configure(opts)
|
56
|
+
opts[:host] = get_canonical_hostname(opts[:host])
|
52
57
|
update_hostname(opts[:host])
|
53
58
|
command_run!(IPA_INSTALL_COMMAND,
|
54
59
|
:params => [
|
@@ -118,5 +123,11 @@ module HttpdConfigmapGenerator
|
|
118
123
|
FileUtils.chown(APACHE_USER, nil, HTTP_KEYTAB)
|
119
124
|
FileUtils.chmod(0o600, HTTP_KEYTAB)
|
120
125
|
end
|
126
|
+
|
127
|
+
def get_canonical_hostname(hostname)
|
128
|
+
Socket.gethostbyname(hostname)[0]
|
129
|
+
rescue SocketError
|
130
|
+
hostname
|
131
|
+
end
|
121
132
|
end
|
122
133
|
end
|
@@ -10,6 +10,8 @@ module HttpdConfigmapGenerator
|
|
10
10
|
|
11
11
|
def required_options
|
12
12
|
super.merge(
|
13
|
+
:host => { :description => "Application Domain",
|
14
|
+
:short => "-h" },
|
13
15
|
:cert_file => { :description => "Cert File" },
|
14
16
|
:ldap_host => { :description => "LDAP Directory Host FQDN" },
|
15
17
|
:ldap_mode => { :description => "ldap | ldaps" },
|
@@ -55,8 +57,7 @@ module HttpdConfigmapGenerator
|
|
55
57
|
/etc/pam.d/smartcard-auth-ac
|
56
58
|
/etc/pam.d/system-auth-ac
|
57
59
|
/etc/sssd/sssd.conf
|
58
|
-
/etc/sysconfig/authconfig
|
59
|
-
/etc/sysconfig/network) + [opts[:cert_file]]
|
60
|
+
/etc/sysconfig/authconfig) + [opts[:cert_file]]
|
60
61
|
end
|
61
62
|
|
62
63
|
def configure(opts)
|
@@ -0,0 +1,48 @@
|
|
1
|
+
module HttpdConfigmapGenerator
|
2
|
+
class Oidc < Base
|
3
|
+
|
4
|
+
AUTH = {
|
5
|
+
:type => "openid-connect",
|
6
|
+
:subtype => "oidc"
|
7
|
+
}.freeze
|
8
|
+
|
9
|
+
def required_options
|
10
|
+
super.merge(
|
11
|
+
:oidc_url => { :description => "OpenID-Connect Provider URL",
|
12
|
+
:short => "-u" },
|
13
|
+
:oidc_client_id => { :description => "OpenID-Connect Provider Client ID",
|
14
|
+
:short => "-i" },
|
15
|
+
:oidc_client_secret => { :description => "OpenID-Connect Provider Client Secret",
|
16
|
+
:short => "-s" },
|
17
|
+
)
|
18
|
+
end
|
19
|
+
|
20
|
+
def configure(opts)
|
21
|
+
auth_oidc_data = {}
|
22
|
+
auth_oidc_data["auth-oidc-provider-metadata-url"] = opts[:oidc_url]
|
23
|
+
auth_oidc_data["auth-oidc-client-id"] = opts[:oidc_client_id]
|
24
|
+
auth_oidc_data["auth-oidc-client-secret"] = opts[:oidc_client_secret]
|
25
|
+
|
26
|
+
config_map = ConfigMap.new(opts)
|
27
|
+
config_map.generate(AUTH[:type], nil, nil, auth_oidc_data )
|
28
|
+
config_map.save(opts[:output])
|
29
|
+
rescue => err
|
30
|
+
log_command_error(err)
|
31
|
+
raise err
|
32
|
+
end
|
33
|
+
|
34
|
+
def validate_options(opts)
|
35
|
+
super(opts)
|
36
|
+
end
|
37
|
+
|
38
|
+
def configured?
|
39
|
+
false
|
40
|
+
end
|
41
|
+
|
42
|
+
def unconfigure
|
43
|
+
return unless configured?
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
@@ -4,6 +4,7 @@ require "httpd_configmap_generator/active_directory"
|
|
4
4
|
require "httpd_configmap_generator/ipa"
|
5
5
|
require "httpd_configmap_generator/ldap"
|
6
6
|
require "httpd_configmap_generator/saml"
|
7
|
+
require "httpd_configmap_generator/oidc"
|
7
8
|
require "httpd_configmap_generator/update"
|
8
9
|
require "httpd_configmap_generator/export"
|
9
10
|
require "more_core_extensions/core_ext/hash"
|
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: httpd_configmap_generator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2
|
4
|
+
version: 0.3.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Httpd Auth Config Developers
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: manageiq-style
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: '0'
|
20
20
|
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -123,35 +123,42 @@ dependencies:
|
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '3.4'
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
|
-
name:
|
126
|
+
name: optimist
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
129
|
- - "~>"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version: '
|
131
|
+
version: '3.0'
|
132
132
|
type: :runtime
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
136
|
- - "~>"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version: '
|
138
|
+
version: '3.0'
|
139
139
|
description: The Httpd Configmap Generator
|
140
|
-
email:
|
140
|
+
email:
|
141
141
|
executables:
|
142
142
|
- httpd_configmap_generator
|
143
143
|
extensions: []
|
144
144
|
extra_rdoc_files: []
|
145
145
|
files:
|
146
|
+
- ".codeclimate.yml"
|
146
147
|
- ".gitignore"
|
147
148
|
- ".rspec"
|
149
|
+
- ".rubocop.yml"
|
150
|
+
- ".rubocop_cc.yml"
|
151
|
+
- ".rubocop_local.yml"
|
148
152
|
- ".travis.yml"
|
153
|
+
- ".yamllint"
|
149
154
|
- Dockerfile
|
150
155
|
- Gemfile
|
156
|
+
- Gemfile.lock
|
151
157
|
- LICENSE
|
152
158
|
- README-active-directory.md
|
153
159
|
- README-ipa.md
|
154
160
|
- README-ldap.md
|
161
|
+
- README-oidc.md
|
155
162
|
- README-saml.md
|
156
163
|
- README.md
|
157
164
|
- Rakefile
|
@@ -174,6 +181,7 @@ files:
|
|
174
181
|
- lib/httpd_configmap_generator/export.rb
|
175
182
|
- lib/httpd_configmap_generator/ipa.rb
|
176
183
|
- lib/httpd_configmap_generator/ldap.rb
|
184
|
+
- lib/httpd_configmap_generator/oidc.rb
|
177
185
|
- lib/httpd_configmap_generator/saml.rb
|
178
186
|
- lib/httpd_configmap_generator/update.rb
|
179
187
|
- lib/httpd_configmap_generator/version.rb
|
@@ -184,7 +192,7 @@ homepage: https://github.com/ManageIQ/httpd_configmap_generator
|
|
184
192
|
licenses:
|
185
193
|
- Apache-2.0
|
186
194
|
metadata: {}
|
187
|
-
post_install_message:
|
195
|
+
post_install_message:
|
188
196
|
rdoc_options: []
|
189
197
|
require_paths:
|
190
198
|
- lib
|
@@ -199,9 +207,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
199
207
|
- !ruby/object:Gem::Version
|
200
208
|
version: '0'
|
201
209
|
requirements: []
|
202
|
-
|
203
|
-
|
204
|
-
signing_key:
|
210
|
+
rubygems_version: 3.1.4
|
211
|
+
signing_key:
|
205
212
|
specification_version: 4
|
206
213
|
summary: The Httpd Configmap Generator
|
207
214
|
test_files: []
|