httpd_configmap_generator 0.2.1 → 0.3.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 97e0604454a0d955b16cf177a9d4342cfb73e513
4
- data.tar.gz: b69bcd86f4599c5198cbf5fde4c2a58f6d1c4df1
2
+ SHA256:
3
+ metadata.gz: 74ce527f79c3ee674c52b811ae9075dc19eab97f5e5d7fe53e01a01ba95d41d1
4
+ data.tar.gz: e5fa88f3cb90605d125a188f16ab5f98d6ee517c6e42b4d77d573c630ae79a19
5
5
  SHA512:
6
- metadata.gz: 0aff3baa827b66b0cc27958994f43be0015b543bd3e8e161ad169799aa4730276dd9b84a48820d90b865917bb8137eea2549a9b7748e97913e7a9df603b16a32
7
- data.tar.gz: 38b9b7a162478059c6523a964b67a5fd50c222ac8df884d378b8a6b48dc0433f82ccdbcd493fc97b61fa781e19d6c9158e0efbabe4072977c04078e925419a10
6
+ metadata.gz: 7ce0ad42aad3f3b7ba09d1370e0a4efe05c888fa01b7c45bc78da1871802cb515b419c6deed83b8cd8d7a3b329c3d9cf3b9907395ee6f96dbf5c0be983ae2b6d
7
+ data.tar.gz: f6c95ce7d686c3330d06b12cbaf8d8320d769b244320e83973128c45ff55841f7030a7be03b31a039358ca822ed7ae8c85f26bfc8e541b1ea15c75ecd1cc4f2a
data/.codeclimate.yml ADDED
@@ -0,0 +1,16 @@
1
+ prepare:
2
+ fetch:
3
+ - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_base.yml
4
+ path: ".rubocop_base.yml"
5
+ - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/.rubocop_cc_base.yml
6
+ path: ".rubocop_cc_base.yml"
7
+ - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/base.yml
8
+ path: styles/base.yml
9
+ - url: https://raw.githubusercontent.com/ManageIQ/manageiq-style/master/styles/cc_base.yml
10
+ path: styles/cc_base.yml
11
+ plugins:
12
+ rubocop:
13
+ enabled: true
14
+ config: ".rubocop_cc.yml"
15
+ channel: rubocop-0-82
16
+ version: '2'
data/.gitignore CHANGED
@@ -1,9 +1,7 @@
1
- Dockerfile.devel
2
1
  .rubocop-*
3
2
  /bundle/
4
3
  /.bundle/
5
4
  /.yardoc
6
- /Gemfile.lock
7
5
  /_yardoc/
8
6
  /coverage/
9
7
  /doc/
data/.rubocop.yml ADDED
@@ -0,0 +1,4 @@
1
+ inherit_gem:
2
+ manageiq-style: ".rubocop_base.yml"
3
+ inherit_from:
4
+ - ".rubocop_local.yml"
data/.rubocop_cc.yml ADDED
@@ -0,0 +1,4 @@
1
+ inherit_from:
2
+ - ".rubocop_base.yml"
3
+ - ".rubocop_cc_base.yml"
4
+ - ".rubocop_local.yml"
File without changes
data/.travis.yml CHANGED
@@ -1,10 +1,17 @@
1
+ ---
1
2
  language: ruby
3
+ dist: bionic
2
4
  rvm:
3
- - '2.3.1'
4
- - '2.4.2'
5
- sudo: false
5
+ - 2.6.6
6
+ - 2.7.2
6
7
  cache: bundler
7
- after_script: bundle exec codeclimate-test-reporter
8
+ before_script:
9
+ - curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64
10
+ > ./cc-test-reporter
11
+ - chmod +x ./cc-test-reporter
12
+ - "./cc-test-reporter before-build"
13
+ after_script:
14
+ - "./cc-test-reporter after-build --exit-code $TRAVIS_TEST_RESULT"
8
15
  notifications:
9
16
  webhooks:
10
17
  urls:
data/.yamllint ADDED
@@ -0,0 +1,11 @@
1
+ ---
2
+ ignore: |
3
+ /vendor/**
4
+
5
+ extends: relaxed
6
+
7
+ rules:
8
+ indentation:
9
+ indent-sequences: false
10
+ line-length:
11
+ max: 120
data/Dockerfile CHANGED
@@ -1,4 +1,4 @@
1
- FROM manageiq/httpd:latest
1
+ FROM manageiq/httpd-init:latest
2
2
  MAINTAINER ManageIQ https://github.com/ManageIQ
3
3
 
4
4
  LABEL name="httpd-configmap-generator" \
@@ -11,6 +11,14 @@ ENV HTTPD_AUTH_TYPE=internal \
11
11
  HTTPD_AUTH_KERBEROS_REALMS=undefined \
12
12
  TERM=xterm
13
13
 
14
- RUN yum -y install openldap-clients pamtester
14
+ RUN dnf -y --disableplugin=subscription-manager install \
15
+ https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
16
+ dnf -y --disableplugin=subscription-manager install \
17
+ authselect-compat \
18
+ openldap-clients \
19
+ pamtester && \
20
+ dnf clean all && \
21
+ rm -rf /var/cache/dnf
15
22
 
16
- RUN gem install --no-ri --no-rdoc --no-document httpd_configmap_generator
23
+ RUN bundle config --global without development:test
24
+ RUN gem install --no-document httpd_configmap_generator
data/Gemfile.lock ADDED
@@ -0,0 +1,101 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ httpd_configmap_generator (0.3.2)
5
+ activesupport (>= 5.0)
6
+ awesome_spawn (~> 1.4)
7
+ iniparse (~> 1.4)
8
+ more_core_extensions (~> 3.4)
9
+ optimist (~> 3.0)
10
+
11
+ GEM
12
+ remote: https://rubygems.org/
13
+ specs:
14
+ activesupport (6.1.4.1)
15
+ concurrent-ruby (~> 1.0, >= 1.0.2)
16
+ i18n (>= 1.6, < 2)
17
+ minitest (>= 5.1)
18
+ tzinfo (~> 2.0)
19
+ zeitwerk (~> 2.3)
20
+ ast (2.4.2)
21
+ awesome_spawn (1.5.0)
22
+ concurrent-ruby (1.1.9)
23
+ diff-lcs (1.4.4)
24
+ docile (1.4.0)
25
+ i18n (1.8.10)
26
+ concurrent-ruby (~> 1.0)
27
+ iniparse (1.5.0)
28
+ manageiq-style (1.3.1)
29
+ more_core_extensions
30
+ optimist
31
+ rubocop (~> 1.13)
32
+ rubocop-performance
33
+ rubocop-rails
34
+ minitest (5.14.4)
35
+ more_core_extensions (3.8.0)
36
+ activesupport
37
+ optimist (3.0.1)
38
+ parallel (1.21.0)
39
+ parser (3.0.2.0)
40
+ ast (~> 2.4.1)
41
+ rack (2.2.3)
42
+ rainbow (3.0.0)
43
+ rake (13.0.6)
44
+ regexp_parser (2.1.1)
45
+ rexml (3.2.5)
46
+ rspec (3.10.0)
47
+ rspec-core (~> 3.10.0)
48
+ rspec-expectations (~> 3.10.0)
49
+ rspec-mocks (~> 3.10.0)
50
+ rspec-core (3.10.1)
51
+ rspec-support (~> 3.10.0)
52
+ rspec-expectations (3.10.1)
53
+ diff-lcs (>= 1.2.0, < 2.0)
54
+ rspec-support (~> 3.10.0)
55
+ rspec-mocks (3.10.2)
56
+ diff-lcs (>= 1.2.0, < 2.0)
57
+ rspec-support (~> 3.10.0)
58
+ rspec-support (3.10.2)
59
+ rubocop (1.22.1)
60
+ parallel (~> 1.10)
61
+ parser (>= 3.0.0.0)
62
+ rainbow (>= 2.2.2, < 4.0)
63
+ regexp_parser (>= 1.8, < 3.0)
64
+ rexml
65
+ rubocop-ast (>= 1.12.0, < 2.0)
66
+ ruby-progressbar (~> 1.7)
67
+ unicode-display_width (>= 1.4.0, < 3.0)
68
+ rubocop-ast (1.12.0)
69
+ parser (>= 3.0.1.1)
70
+ rubocop-performance (1.11.5)
71
+ rubocop (>= 1.7.0, < 2.0)
72
+ rubocop-ast (>= 0.4.0)
73
+ rubocop-rails (2.12.2)
74
+ activesupport (>= 4.2.0)
75
+ rack (>= 1.1)
76
+ rubocop (>= 1.7.0, < 2.0)
77
+ ruby-progressbar (1.11.0)
78
+ simplecov (0.21.2)
79
+ docile (~> 1.1)
80
+ simplecov-html (~> 0.11)
81
+ simplecov_json_formatter (~> 0.1)
82
+ simplecov-html (0.12.3)
83
+ simplecov_json_formatter (0.1.3)
84
+ tzinfo (2.0.4)
85
+ concurrent-ruby (~> 1.0)
86
+ unicode-display_width (2.1.0)
87
+ zeitwerk (2.4.2)
88
+
89
+ PLATFORMS
90
+ ruby
91
+ x86_64-darwin-19
92
+
93
+ DEPENDENCIES
94
+ httpd_configmap_generator!
95
+ manageiq-style
96
+ rake
97
+ rspec (~> 3.0)
98
+ simplecov
99
+
100
+ BUNDLED WITH
101
+ 2.2.24
data/README-oidc.md ADDED
@@ -0,0 +1,39 @@
1
+ # Httpd Configmap Generator - OpenID-Connect (OIDC)
2
+
3
+ This documents how to run the httpd\_configmap\_generator tool to configure the container against an OpenID-Connect (OIDC) identity provider.
4
+
5
+ ## Usage for the `oidc` auth-type:
6
+
7
+ ```
8
+ $ httpd_configmap_generator oidc --help
9
+ Options:
10
+ -o, --output=<s> Configuration map file to create
11
+ -u, --oidc-url=<s> OpenID-Connect Provider URL
12
+ -i, --oidc-client-id=<s> OpenID-Connect Provider Client ID
13
+ -s, --oidc-client-secret=<s> OpenID-Connect Provider Client Secret
14
+ -f, --force Force configuration if configured already
15
+ -d, --debug Enable debugging
16
+ -h, --help Show this message
17
+
18
+ ```
19
+
20
+ ### Examples:
21
+
22
+ Creates the extra data for the container:
23
+
24
+ ```
25
+ $ httpd_configmap_generator oidc \
26
+ --force \
27
+ --oidc-url=http://my-keycloak:8080/auth/realms/miq/.well-known/openid-configuration \
28
+ --oidc-client-id=my-keycloak-oidc-client \
29
+ --oidc-client-secret=99999999-9999-9999-a999-99999a999999 \
30
+ --debug \
31
+ -o /tmp/external-oidc.yaml
32
+ ```
33
+
34
+ The auth configmap file for oidc does not include any files. It only includes the following extra data:
35
+
36
+ * auth-oidc-provider-metadata-url
37
+ * auth-oidc-client-id
38
+ * auth-oidc-client-secret
39
+
data/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  # Httpd Configmap Generator
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/httpd_configmap_generator.svg)](http://badge.fury.io/rb/httpd_configmap_generator)
4
- [![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
4
+ [![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg?branch=master)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
5
5
  [![Code Climate](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator)
6
6
  [![Test Coverage](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/badges/coverage.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/coverage)
7
7
  [![Dependency Status](https://gemnasium.com/ManageIQ/httpd_configmap_generator.svg)](https://gemnasium.com/ManageIQ/httpd_configmap_generator)
@@ -28,7 +28,7 @@ httpd_configmap_generator 0.1.1 - External Authentication Configuration script
28
28
 
29
29
  Usage: httpd_configmap_generator auth_type | update | export [--help | options]
30
30
 
31
- supported auth_type: active-directory, ipa, ldap, saml
31
+ supported auth_type: active-directory, ipa, ldap, saml, oidc
32
32
 
33
33
  httpd_configmap_generator options are:
34
34
  -V, --version Version of the httpd_configmap_generator command
@@ -43,12 +43,13 @@ $ httpd_configmap_generator ipa --help
43
43
 
44
44
  ## Supported Authentication Types
45
45
 
46
- |auth-type | Identity Provider/Environment | for usage: |
47
- |------------------|--------------------------------------------------|-------------------------------------------------------|
48
- | active-directory | Active Directory domain realm join | [README-active-directory](README-active-directory.md) |
49
- | ipa | IPA, IPA 2-factor authentication, IPA/AD Trust | [README-ipa](README-ipa.md) |
50
- | ldap | Ldap directories | [README-ldap](README-ldap.md) |
51
- | saml | Keycloak, etc. | [README-saml](README-saml.md) |
46
+ |auth-type | Identity Provider/Environment | for usage: |
47
+ |-----------------------------------|--------------------------------------------------|-------------------------------------------------------|
48
+ | active-directory | Active Directory domain realm join | [README-active-directory](README-active-directory.md) |
49
+ | ipa | IPA, IPA 2-factor authentication, IPA/AD Trust | [README-ipa](README-ipa.md) |
50
+ | ldap | Ldap directories | [README-ldap](README-ldap.md) |
51
+ | saml | Keycloak, etc. | [README-saml](README-saml.md) |
52
+ | OpenID-Connect (oidc) | Keycloak, etc. | [README-oidc](README-oidc.md) |
52
53
 
53
54
  ___
54
55
 
@@ -260,8 +261,6 @@ ___
260
261
 
261
262
  ### Pre-deployment tasks
262
263
 
263
- #### If running without OCI systemd hooks (Minishift)
264
-
265
264
  The httpd-configmap-generator service account must be added to the httpd-scc-sysadmin SCC before the Httpd Configmap Generator can run.
266
265
 
267
266
  ##### As Admin
@@ -285,22 +284,6 @@ $ oc describe scc httpd-scc-sysadmin | grep Users
285
284
  Users: system:serviceaccount:<your-namespace>:httpd-configmap-generator
286
285
  ```
287
286
 
288
- #### If running with OCI systemd hooks
289
-
290
- ##### As Admin
291
-
292
- ```
293
- $ oc adm policy add-scc-to-user anyuid system:serviceaccount:<your-namespace>:httpd-configmap-generator
294
- ```
295
-
296
- Verify that the httpd-configmap-generator service account is included in the anyuid SCC:
297
-
298
- ```
299
- $ oc describe scc anyuid | grep Users
300
- Users: system:serviceaccount:<your-namespace>:httpd-configmap-generator
301
- ```
302
-
303
-
304
287
  ### Deploy the Httpd Configmap Generator Application
305
288
 
306
289
  As basic user
@@ -341,20 +324,20 @@ $ CONFIGMAP_GENERATOR_POD=`oc get pods | grep "httpd-configmap-generator" | cut
341
324
  ### Generating a configmap for external authentication against IPA
342
325
 
343
326
  ```
344
- $ oc rsh $CONFIGMAP_GENERATOR_POD httpd_configmap_generator ipa ...
327
+ $ oc exec $CONFIGMAP_GENERATOR_POD -- bash -c 'httpd_configmap_generator ipa ...
345
328
  ```
346
329
 
347
330
  Example configuration:
348
331
 
349
332
  ```
350
- $ oc rsh $CONFIGMAP_GENERATOR_POD httpd_configmap_generator ipa \
333
+ $ oc exec $CONFIGMAP_GENERATOR_POD -- bash -c 'httpd_configmap_generator ipa \
351
334
  --host=appliance.example.com \
352
335
  --ipa-server=ipaserver.example.com \
353
336
  --ipa-domain=example.com \
354
337
  --ipa-realm=EXAMPLE.COM \
355
338
  --ipa-principal=admin \
356
339
  --ipa-password=smartvm1 \
357
- -o /tmp/external-ipa.yaml
340
+ -o /tmp/external-ipa.yaml'
358
341
  ```
359
342
 
360
343
  `--host` above must be the DNS of the application exposing the httpd auth pod,
@@ -8,7 +8,7 @@
8
8
  #
9
9
 
10
10
  Dir.chdir(__dir__) { require "bundler/setup" }
11
- require "trollop"
11
+ require "optimist"
12
12
  require "httpd_configmap_generator"
13
13
 
14
14
  CMD = File.basename($PROGRAM_NAME)
@@ -23,14 +23,14 @@ module HttpdConfigmapGenerator
23
23
  SUB_COMMANDS = [HttpdConfigmapGenerator.supported_auth_types] | %w(update export)
24
24
 
25
25
  def run
26
- Trollop.options do
26
+ Optimist.options do
27
27
  version("#{CMD} #{HttpdConfigmapGenerator::VERSION} - External Authentication Configuration script")
28
28
  banner <<-EOS
29
29
  #{version}
30
30
 
31
31
  Usage: #{CMD} auth_type | update | export [--help | options]
32
32
 
33
- supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
33
+ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.sort.join(', ')}
34
34
 
35
35
  #{CMD} options are:
36
36
  EOS
@@ -40,7 +40,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
40
40
  end
41
41
 
42
42
  auth_type = ARGV.shift
43
- Trollop.die "Must specify an authentication type" if auth_type.nil?
43
+ Optimist.die "Must specify an authentication type" if auth_type.nil?
44
44
 
45
45
  begin
46
46
  auth_config =
@@ -53,7 +53,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
53
53
  error_msg(err.to_s)
54
54
  end
55
55
 
56
- params = Trollop.options do
56
+ params = Optimist.options do
57
57
  auth_config.required_options.each do |key, key_options|
58
58
  opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options, true)
59
59
  end
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
23
23
  s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) } - %w(console setup)
24
24
  s.require_paths = ["lib"]
25
25
 
26
- s.add_development_dependency "codeclimate-test-reporter", "~> 1.0.0"
26
+ s.add_development_dependency "manageiq-style"
27
27
  s.add_development_dependency "rspec", "~> 3.0"
28
28
  s.add_development_dependency "rake"
29
29
  s.add_development_dependency "simplecov"
@@ -32,5 +32,5 @@ Gem::Specification.new do |s|
32
32
  s.add_dependency "awesome_spawn", "~> 1.4"
33
33
  s.add_dependency "iniparse", "~> 1.4"
34
34
  s.add_dependency "more_core_extensions", "~> 3.4"
35
- s.add_dependency "trollop", "~> 2.1"
35
+ s.add_dependency "optimist", "~> 3.0"
36
36
  end
@@ -9,6 +9,8 @@ module HttpdConfigmapGenerator
9
9
 
10
10
  def required_options
11
11
  super.merge(
12
+ :host => { :description => "Application Domain",
13
+ :short => "-h" },
12
14
  :ad_domain => { :description => "Active Directory Domain" },
13
15
  :ad_user => { :description => "Active Directory User" },
14
16
  :ad_password => { :description => "Active Directory Password" }
@@ -34,10 +36,8 @@ module HttpdConfigmapGenerator
34
36
  /etc/pam.d/postlogin-ac
35
37
  /etc/pam.d/smartcard-auth-ac
36
38
  /etc/pam.d/system-auth-ac
37
- /etc/resolv.conf
38
39
  /etc/sssd/sssd.conf
39
40
  /etc/sysconfig/authconfig
40
- /etc/sysconfig/network
41
41
  )
42
42
  end
43
43
 
@@ -16,11 +16,11 @@ module HttpdConfigmapGenerator
16
16
  @config_map = template
17
17
  end
18
18
 
19
- def generate(auth_type, realm, file_list)
19
+ def generate(auth_type, realm = "undefined", file_list = nil, metadata = {})
20
20
  info_msg("Generating Auth Config-Map for #{auth_type}")
21
21
  @config_map = template(auth_type, realm)
22
22
  file_specs = gen_filespecs(file_list)
23
- define_configuration(file_specs)
23
+ define_configuration(file_specs, metadata)
24
24
  include_files(file_specs)
25
25
  end
26
26
 
@@ -71,7 +71,7 @@ module HttpdConfigmapGenerator
71
71
  file_specs = []
72
72
  file_list.each do |file|
73
73
  file_specs << file_entry_spec(file.strip)
74
- end
74
+ end unless file_list.nil?
75
75
  file_specs.sort_by { |file_spec| file_spec[:basename] }
76
76
  end
77
77
 
@@ -135,7 +135,7 @@ module HttpdConfigmapGenerator
135
135
  }
136
136
  end
137
137
 
138
- def update_configuration(file_specs)
138
+ def update_configuration(file_specs, metadata={})
139
139
  auth_configuration = fetch_auth_configuration
140
140
  return define_configuration(file_specs) unless auth_configuration
141
141
  # first, remove any file_specs references in the file list, we don't want duplication here.
@@ -146,7 +146,7 @@ module HttpdConfigmapGenerator
146
146
  end
147
147
  auth_configuration = auth_configuration.join("\n") + "\n"
148
148
  # now, append any of the new file_specs at the end of the list.
149
- append_configuration(auth_configuration, file_specs)
149
+ append_configuration(auth_configuration, file_specs, metadata)
150
150
  end
151
151
 
152
152
  def search_file_entry(target_file)
@@ -157,9 +157,9 @@ module HttpdConfigmapGenerator
157
157
  entry ? entry.first.split('=')[1].strip.split(' ') : nil
158
158
  end
159
159
 
160
- def define_configuration(file_specs)
160
+ def define_configuration(file_specs, metadata={})
161
161
  auth_configuration = "# External Authentication Configuration File\n#\n"
162
- append_configuration(auth_configuration, file_specs)
162
+ append_configuration(auth_configuration, file_specs, metadata)
163
163
  end
164
164
 
165
165
  def include_files(file_specs)
@@ -175,12 +175,17 @@ module HttpdConfigmapGenerator
175
175
  file_spec[:binary] ? "#{file_spec[:basename]}.base64" : file_spec[:basename]
176
176
  end
177
177
 
178
- def append_configuration(auth_configuration, file_specs)
178
+ def append_configuration(auth_configuration, file_specs, metadata)
179
179
  file_specs.each do |file_spec|
180
180
  debug_msg("Adding file #{file_spec[:target]} ...")
181
181
  auth_configuration += "file = #{file_basename(file_spec)} #{file_spec[:target]} #{file_spec[:mode]}\n"
182
182
  end
183
183
  config_map[DATA_SECTION] ||= {}
184
+
185
+ metadata.each do |key, value|
186
+ config_map[DATA_SECTION].merge!(key => value)
187
+ end
188
+
184
189
  config_map[DATA_SECTION].merge!(AUTH_CONFIGURATION => auth_configuration)
185
190
  end
186
191
 
@@ -54,10 +54,7 @@ module HttpdConfigmapGenerator
54
54
 
55
55
  def required_options
56
56
  {
57
- :host => { :description => "Application Domain",
58
- :short => "-h" },
59
- :output => { :description => "Configuration map file to create",
60
- :short => "-o" }
57
+ :output => { :description => "Configuration map file to create", :short => "-o" }
61
58
  }
62
59
  end
63
60
 
@@ -1,3 +1,5 @@
1
+ require "socket"
2
+
1
3
  module HttpdConfigmapGenerator
2
4
  class Ipa < Base
3
5
  IPA_INSTALL_COMMAND = "/usr/sbin/ipa-client-install".freeze
@@ -9,6 +11,8 @@ module HttpdConfigmapGenerator
9
11
 
10
12
  def required_options
11
13
  super.merge(
14
+ :host => { :description => "Application Domain",
15
+ :short => "-h" },
12
16
  :ipa_server => { :description => "IPA Server FQDN" },
13
17
  :ipa_password => { :description => "IPA Server Password" }
14
18
  )
@@ -49,6 +53,7 @@ module HttpdConfigmapGenerator
49
53
  end
50
54
 
51
55
  def configure(opts)
56
+ opts[:host] = get_canonical_hostname(opts[:host])
52
57
  update_hostname(opts[:host])
53
58
  command_run!(IPA_INSTALL_COMMAND,
54
59
  :params => [
@@ -118,5 +123,11 @@ module HttpdConfigmapGenerator
118
123
  FileUtils.chown(APACHE_USER, nil, HTTP_KEYTAB)
119
124
  FileUtils.chmod(0o600, HTTP_KEYTAB)
120
125
  end
126
+
127
+ def get_canonical_hostname(hostname)
128
+ Socket.gethostbyname(hostname)[0]
129
+ rescue SocketError
130
+ hostname
131
+ end
121
132
  end
122
133
  end
@@ -10,6 +10,8 @@ module HttpdConfigmapGenerator
10
10
 
11
11
  def required_options
12
12
  super.merge(
13
+ :host => { :description => "Application Domain",
14
+ :short => "-h" },
13
15
  :cert_file => { :description => "Cert File" },
14
16
  :ldap_host => { :description => "LDAP Directory Host FQDN" },
15
17
  :ldap_mode => { :description => "ldap | ldaps" },
@@ -55,8 +57,7 @@ module HttpdConfigmapGenerator
55
57
  /etc/pam.d/smartcard-auth-ac
56
58
  /etc/pam.d/system-auth-ac
57
59
  /etc/sssd/sssd.conf
58
- /etc/sysconfig/authconfig
59
- /etc/sysconfig/network) + [opts[:cert_file]]
60
+ /etc/sysconfig/authconfig) + [opts[:cert_file]]
60
61
  end
61
62
 
62
63
  def configure(opts)
@@ -0,0 +1,48 @@
1
+ module HttpdConfigmapGenerator
2
+ class Oidc < Base
3
+
4
+ AUTH = {
5
+ :type => "openid-connect",
6
+ :subtype => "oidc"
7
+ }.freeze
8
+
9
+ def required_options
10
+ super.merge(
11
+ :oidc_url => { :description => "OpenID-Connect Provider URL",
12
+ :short => "-u" },
13
+ :oidc_client_id => { :description => "OpenID-Connect Provider Client ID",
14
+ :short => "-i" },
15
+ :oidc_client_secret => { :description => "OpenID-Connect Provider Client Secret",
16
+ :short => "-s" },
17
+ )
18
+ end
19
+
20
+ def configure(opts)
21
+ auth_oidc_data = {}
22
+ auth_oidc_data["auth-oidc-provider-metadata-url"] = opts[:oidc_url]
23
+ auth_oidc_data["auth-oidc-client-id"] = opts[:oidc_client_id]
24
+ auth_oidc_data["auth-oidc-client-secret"] = opts[:oidc_client_secret]
25
+
26
+ config_map = ConfigMap.new(opts)
27
+ config_map.generate(AUTH[:type], nil, nil, auth_oidc_data )
28
+ config_map.save(opts[:output])
29
+ rescue => err
30
+ log_command_error(err)
31
+ raise err
32
+ end
33
+
34
+ def validate_options(opts)
35
+ super(opts)
36
+ end
37
+
38
+ def configured?
39
+ false
40
+ end
41
+
42
+ def unconfigure
43
+ return unless configured?
44
+ end
45
+
46
+ end
47
+ end
48
+
@@ -10,7 +10,9 @@ module HttpdConfigmapGenerator
10
10
  }.freeze
11
11
 
12
12
  def required_options
13
- super
13
+ super.merge(
14
+ :host => { :description => "Application Domain", :short => "-h" },
15
+ )
14
16
  end
15
17
 
16
18
  def optional_options
@@ -1,3 +1,3 @@
1
1
  module HttpdConfigmapGenerator
2
- VERSION = "0.2.1".freeze
2
+ VERSION = "0.3.2".freeze
3
3
  end
@@ -4,6 +4,7 @@ require "httpd_configmap_generator/active_directory"
4
4
  require "httpd_configmap_generator/ipa"
5
5
  require "httpd_configmap_generator/ldap"
6
6
  require "httpd_configmap_generator/saml"
7
+ require "httpd_configmap_generator/oidc"
7
8
  require "httpd_configmap_generator/update"
8
9
  require "httpd_configmap_generator/export"
9
10
  require "more_core_extensions/core_ext/hash"
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: httpd_configmap_generator
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Httpd Auth Config Developers
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-11-02 00:00:00.000000000 Z
11
+ date: 2021-10-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: codeclimate-test-reporter
14
+ name: manageiq-style
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 1.0.0
19
+ version: '0'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 1.0.0
26
+ version: '0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rspec
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -123,35 +123,42 @@ dependencies:
123
123
  - !ruby/object:Gem::Version
124
124
  version: '3.4'
125
125
  - !ruby/object:Gem::Dependency
126
- name: trollop
126
+ name: optimist
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: '2.1'
131
+ version: '3.0'
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: '2.1'
138
+ version: '3.0'
139
139
  description: The Httpd Configmap Generator
140
- email:
140
+ email:
141
141
  executables:
142
142
  - httpd_configmap_generator
143
143
  extensions: []
144
144
  extra_rdoc_files: []
145
145
  files:
146
+ - ".codeclimate.yml"
146
147
  - ".gitignore"
147
148
  - ".rspec"
149
+ - ".rubocop.yml"
150
+ - ".rubocop_cc.yml"
151
+ - ".rubocop_local.yml"
148
152
  - ".travis.yml"
153
+ - ".yamllint"
149
154
  - Dockerfile
150
155
  - Gemfile
156
+ - Gemfile.lock
151
157
  - LICENSE
152
158
  - README-active-directory.md
153
159
  - README-ipa.md
154
160
  - README-ldap.md
161
+ - README-oidc.md
155
162
  - README-saml.md
156
163
  - README.md
157
164
  - Rakefile
@@ -174,6 +181,7 @@ files:
174
181
  - lib/httpd_configmap_generator/export.rb
175
182
  - lib/httpd_configmap_generator/ipa.rb
176
183
  - lib/httpd_configmap_generator/ldap.rb
184
+ - lib/httpd_configmap_generator/oidc.rb
177
185
  - lib/httpd_configmap_generator/saml.rb
178
186
  - lib/httpd_configmap_generator/update.rb
179
187
  - lib/httpd_configmap_generator/version.rb
@@ -184,7 +192,7 @@ homepage: https://github.com/ManageIQ/httpd_configmap_generator
184
192
  licenses:
185
193
  - Apache-2.0
186
194
  metadata: {}
187
- post_install_message:
195
+ post_install_message:
188
196
  rdoc_options: []
189
197
  require_paths:
190
198
  - lib
@@ -199,9 +207,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
199
207
  - !ruby/object:Gem::Version
200
208
  version: '0'
201
209
  requirements: []
202
- rubyforge_project:
203
- rubygems_version: 2.6.11
204
- signing_key:
210
+ rubygems_version: 3.1.4
211
+ signing_key:
205
212
  specification_version: 4
206
213
  summary: The Httpd Configmap Generator
207
214
  test_files: []