httpd_configmap_generator 0.2.2 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7404d7526e62a24e10b417fa31d73b4023b1eb71
-  data.tar.gz: 3a3587bac420ca0c2349d838a6c248b24d3cbade
+SHA256:
+  metadata.gz: aff6b3f7af181564f46a046634efe1965f4ed7936db37d143afa8d5ad0e59890
+  data.tar.gz: ebd0cfa723b123acd3cc8beac4b30e8349991c0563a93289cacd71440798a644
 SHA512:
-  metadata.gz: cf984ea9aa2d30ff1d36de0b0b20aad9f2e70a5a7f89e63d9c0cf3db0cf4cc951319c9687874f016a9699c44e6dc44ad729727ca23943e065bb77056ef2b6e68
-  data.tar.gz: 8fd7d31aba466446da43b81a13d34bd44b724d55f3cd0bc24f8fb00185a58f86dc047f8a0b7ba5f875907fb72765d8f4d19c2036669f4b83c8c44a3beab255cd
+  metadata.gz: 430913f53ac70692b10393aaaad7c94619a6a7b674871e84286a88020f86ee1bdd2fbfe8e87fa74a031402a07e7d5c6ca6dffe18de51c4465039ebc35ddde2ac
+  data.tar.gz: 149a5aa5978a38e573d112a0138f7574a09b1427b225aaf79d528b039e9ea7a11a5a0a6e392917e9d4c4baa01f5a5603e81d71ae08eba95950426e70d7d71ba7

data/.travis.yml

@@ -1,7 +1,8 @@
+---
 language: ruby
 rvm:
-- 2.3.6
-- 2.4.2
+- 2.5.7
+- 2.6.5
 sudo: false
 cache: bundler
 after_script: bundle exec codeclimate-test-reporter

data/.yamllint

@@ -0,0 +1,11 @@
+---
+ignore: |
+  /vendor/**
+
+extends: relaxed
+
+rules:
+  indentation:
+    indent-sequences: false
+  line-length:
+    max: 120

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM manageiq/httpd:latest
+FROM manageiq/httpd-init:latest
 MAINTAINER ManageIQ https://github.com/ManageIQ
 
 LABEL name="httpd-configmap-generator" \
@@ -11,6 +11,7 @@ ENV HTTPD_AUTH_TYPE=internal \
     HTTPD_AUTH_KERBEROS_REALMS=undefined \
     TERM=xterm
 
-RUN yum -y install openldap-clients pamtester
+RUN dnf -y --disableplugin=subscription-manager install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm && \
+    dnf -y --disableplugin=subscription-manager install openldap-clients pamtester
 
 RUN gem install --no-ri --no-rdoc --no-document httpd_configmap_generator

data/README-oidc.md

@@ -0,0 +1,39 @@
+# Httpd Configmap Generator - OpenID-Connect (OIDC)
+
+This documents how to run the httpd\_configmap\_generator tool to configure the container against an OpenID-Connect (OIDC) identity provider.
+
+## Usage for the `oidc` auth-type:
+
+```
+$ httpd_configmap_generator oidc --help
+Options:
+  -o, --output=<s>                Configuration map file to create
+  -u, --oidc-url=<s>              OpenID-Connect Provider URL
+  -i, --oidc-client-id=<s>        OpenID-Connect Provider Client ID
+  -s, --oidc-client-secret=<s>    OpenID-Connect Provider Client Secret
+  -f, --force                     Force configuration if configured already
+  -d, --debug                     Enable debugging
+  -h, --help                      Show this message
+
+```
+
+### Examples:
+
+Creates the extra data for the container:
+
+```
+$ httpd_configmap_generator oidc \
+    --force                                     \
+    --oidc-url=http://my-keycloak:8080/auth/realms/miq/.well-known/openid-configuration \
+    --oidc-client-id=my-keycloak-oidc-client \ 
+    --oidc-client-secret=99999999-9999-9999-a999-99999a999999 \
+    --debug                                     \
+    -o /tmp/external-oidc.yaml
+```
+
+The auth configmap file for oidc does not include any files. It only includes the following extra data:
+
+* auth-oidc-provider-metadata-url
+* auth-oidc-client-id
+* auth-oidc-client-secret
+

data/README.md

@@ -1,7 +1,7 @@
 # Httpd Configmap Generator
 
 [![Gem Version](https://badge.fury.io/rb/httpd_configmap_generator.svg)](http://badge.fury.io/rb/httpd_configmap_generator)
-[![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
+[![Build Status](https://travis-ci.org/ManageIQ/httpd_configmap_generator.svg?branch=master)](https://travis-ci.org/ManageIQ/httpd_configmap_generator)
 [![Code Climate](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator)
 [![Test Coverage](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/badges/coverage.svg)](https://codeclimate.com/github/ManageIQ/httpd_configmap_generator/coverage)
 [![Dependency Status](https://gemnasium.com/ManageIQ/httpd_configmap_generator.svg)](https://gemnasium.com/ManageIQ/httpd_configmap_generator)
@@ -28,7 +28,7 @@ httpd_configmap_generator 0.1.1 - External Authentication Configuration script
 
 Usage: httpd_configmap_generator auth_type | update | export [--help | options]
 
-supported auth_type: active-directory, ipa, ldap, saml
+supported auth_type: active-directory, ipa, ldap, saml, oidc
 
 httpd_configmap_generator options are:
   -V, --version    Version of the httpd_configmap_generator command
@@ -43,12 +43,13 @@ $ httpd_configmap_generator ipa --help
 
 ## Supported Authentication Types
 
-|auth-type         | Identity Provider/Environment                    | for usage:                                            |
-|------------------|--------------------------------------------------|-------------------------------------------------------|
-| active-directory | Active Directory domain realm join               | [README-active-directory](README-active-directory.md) |
-| ipa              | IPA, IPA 2-factor authentication, IPA/AD Trust   | [README-ipa](README-ipa.md)                           |
-| ldap             | Ldap directories                                 | [README-ldap](README-ldap.md)                         |
-| saml             | Keycloak, etc.                                   | [README-saml](README-saml.md)                         |
+|auth-type                          | Identity Provider/Environment                    | for usage:                                            |
+|-----------------------------------|--------------------------------------------------|-------------------------------------------------------|
+| active-directory                  | Active Directory domain realm join               | [README-active-directory](README-active-directory.md) |
+| ipa                               | IPA, IPA 2-factor authentication, IPA/AD Trust   | [README-ipa](README-ipa.md)                           |
+| ldap                              | Ldap directories                                 | [README-ldap](README-ldap.md)                         |
+| saml                              | Keycloak, etc.                                   | [README-saml](README-saml.md)                         |
+| OpenID-Connect (oidc)             | Keycloak, etc.                                   | [README-oidc](README-oidc.md)                         |
 
 ___
 

data/bin/httpd_configmap_generator

@@ -8,7 +8,7 @@
 #
 
 Dir.chdir(__dir__) { require "bundler/setup" }
-require "trollop"
+require "optimist"
 require "httpd_configmap_generator"
 
 CMD = File.basename($PROGRAM_NAME)
@@ -23,14 +23,14 @@ module HttpdConfigmapGenerator
     SUB_COMMANDS = [HttpdConfigmapGenerator.supported_auth_types] | %w(update export)
 
     def run
-      Trollop.options do
+      Optimist.options do
         version("#{CMD} #{HttpdConfigmapGenerator::VERSION} - External Authentication Configuration script")
         banner <<-EOS
 #{version}
 
 Usage: #{CMD} auth_type | update | export [--help | options]
 
-supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
+supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.sort.join(', ')}
 
 #{CMD} options are:
       EOS
@@ -40,7 +40,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
       end
 
       auth_type = ARGV.shift
-      Trollop.die "Must specify an authentication type" if auth_type.nil?
+      Optimist.die "Must specify an authentication type" if auth_type.nil?
 
       begin
         auth_config =
@@ -53,7 +53,7 @@ supported auth_type: #{HttpdConfigmapGenerator.supported_auth_types.join(', ')}
         error_msg(err.to_s)
       end
 
-      params = Trollop.options do
+      params = Optimist.options do
         auth_config.required_options.each do |key, key_options|
           opt key, key_options[:description], HttpdConfigmapGenerator::Cli.options_for(key_options, true)
         end

data/httpd_configmap_generator.gemspec

@@ -32,5 +32,5 @@ Gem::Specification.new do |s|
   s.add_dependency "awesome_spawn",        "~> 1.4"
   s.add_dependency "iniparse",             "~> 1.4"
   s.add_dependency "more_core_extensions", "~> 3.4"
-  s.add_dependency "trollop",              "~> 2.1"
+  s.add_dependency "optimist",             "~> 3.0"
 end

data/lib/httpd_configmap_generator.rb

@@ -4,6 +4,7 @@ require "httpd_configmap_generator/active_directory"
 require "httpd_configmap_generator/ipa"
 require "httpd_configmap_generator/ldap"
 require "httpd_configmap_generator/saml"
+require "httpd_configmap_generator/oidc"
 require "httpd_configmap_generator/update"
 require "httpd_configmap_generator/export"
 require "more_core_extensions/core_ext/hash"

data/lib/httpd_configmap_generator/active_directory.rb

@@ -9,6 +9,8 @@ module HttpdConfigmapGenerator
 
     def required_options
       super.merge(
+        :host        => { :description => "Application Domain",
+                          :short       => "-h" },
         :ad_domain   => { :description => "Active Directory Domain"   },
         :ad_user     => { :description => "Active Directory User"     },
         :ad_password => { :description => "Active Directory Password" }

data/lib/httpd_configmap_generator/base.rb

@@ -54,10 +54,7 @@ module HttpdConfigmapGenerator
 
     def required_options
       {
-        :host   => { :description => "Application Domain",
-                     :short       => "-h" },
-        :output => { :description => "Configuration map file to create",
-                     :short       => "-o" }
+        :output => { :description => "Configuration map file to create", :short => "-o" }
       }
     end
 

data/lib/httpd_configmap_generator/base/config_map.rb

@@ -16,11 +16,11 @@ module HttpdConfigmapGenerator
       @config_map = template
     end
 
-    def generate(auth_type, realm, file_list)
+    def generate(auth_type, realm = "undefined", file_list = nil, metadata = {})
       info_msg("Generating Auth Config-Map for #{auth_type}")
       @config_map = template(auth_type, realm)
       file_specs = gen_filespecs(file_list)
-      define_configuration(file_specs)
+      define_configuration(file_specs, metadata)
       include_files(file_specs)
     end
 
@@ -71,7 +71,7 @@ module HttpdConfigmapGenerator
       file_specs = []
       file_list.each do |file|
         file_specs << file_entry_spec(file.strip)
-      end
+      end unless file_list.nil?
       file_specs.sort_by { |file_spec| file_spec[:basename] }
     end
 
@@ -135,7 +135,7 @@ module HttpdConfigmapGenerator
       }
     end
 
-    def update_configuration(file_specs)
+    def update_configuration(file_specs, metadata={})
       auth_configuration = fetch_auth_configuration
       return define_configuration(file_specs) unless auth_configuration
       # first, remove any file_specs references in the file list, we don't want duplication here.
@@ -146,7 +146,7 @@ module HttpdConfigmapGenerator
       end
       auth_configuration = auth_configuration.join("\n") + "\n"
       # now, append any of the new file_specs at the end of the list.
-      append_configuration(auth_configuration, file_specs)
+      append_configuration(auth_configuration, file_specs, metadata)
     end
 
     def search_file_entry(target_file)
@@ -157,9 +157,9 @@ module HttpdConfigmapGenerator
       entry ? entry.first.split('=')[1].strip.split(' ') : nil
     end
 
-    def define_configuration(file_specs)
+    def define_configuration(file_specs, metadata={})
       auth_configuration = "# External Authentication Configuration File\n#\n"
-      append_configuration(auth_configuration, file_specs)
+      append_configuration(auth_configuration, file_specs, metadata)
     end
 
     def include_files(file_specs)
@@ -175,12 +175,17 @@ module HttpdConfigmapGenerator
       file_spec[:binary] ? "#{file_spec[:basename]}.base64" : file_spec[:basename]
     end
 
-    def append_configuration(auth_configuration, file_specs)
+    def append_configuration(auth_configuration, file_specs, metadata)
       file_specs.each do |file_spec|
         debug_msg("Adding file #{file_spec[:target]} ...")
         auth_configuration += "file = #{file_basename(file_spec)} #{file_spec[:target]} #{file_spec[:mode]}\n"
       end
       config_map[DATA_SECTION] ||= {}
+
+      metadata.each do |key, value|
+        config_map[DATA_SECTION].merge!(key => value)
+      end
+
       config_map[DATA_SECTION].merge!(AUTH_CONFIGURATION => auth_configuration)
     end
 

data/lib/httpd_configmap_generator/ipa.rb

@@ -11,6 +11,8 @@ module HttpdConfigmapGenerator
 
     def required_options
       super.merge(
+        :host         => { :description => "Application Domain",
+                           :short       => "-h" },
         :ipa_server   => { :description => "IPA Server FQDN"     },
         :ipa_password => { :description => "IPA Server Password" }
       )

data/lib/httpd_configmap_generator/ldap.rb

@@ -10,6 +10,8 @@ module HttpdConfigmapGenerator
 
     def required_options
       super.merge(
+        :host        => { :description => "Application Domain",
+                          :short       => "-h" },
         :cert_file   => { :description => "Cert File" },
         :ldap_host   => { :description => "LDAP Directory Host FQDN" },
         :ldap_mode   => { :description => "ldap | ldaps" },

data/lib/httpd_configmap_generator/oidc.rb

@@ -0,0 +1,48 @@
+module HttpdConfigmapGenerator
+  class Oidc < Base
+
+    AUTH = {
+      :type    => "openid-connect",
+      :subtype => "oidc"
+    }.freeze
+
+    def required_options
+      super.merge(
+        :oidc_url           => { :description => "OpenID-Connect Provider URL", 
+                                 :short       => "-u" },
+        :oidc_client_id     => { :description => "OpenID-Connect Provider Client ID",
+                                 :short       => "-i" },
+        :oidc_client_secret => { :description => "OpenID-Connect Provider Client Secret",
+                                 :short       => "-s" },
+      )
+    end
+
+    def configure(opts)
+      auth_oidc_data = {}
+      auth_oidc_data["auth-oidc-provider-metadata-url"] = opts[:oidc_url]
+      auth_oidc_data["auth-oidc-client-id"] = opts[:oidc_client_id]
+      auth_oidc_data["auth-oidc-client-secret"] = opts[:oidc_client_secret]
+
+      config_map = ConfigMap.new(opts)
+      config_map.generate(AUTH[:type], nil, nil, auth_oidc_data )
+      config_map.save(opts[:output])
+    rescue => err
+      log_command_error(err)
+      raise err
+    end
+
+    def validate_options(opts)
+      super(opts)
+    end
+
+    def configured?
+      false
+    end
+
+    def unconfigure
+      return unless configured?
+    end
+
+  end
+end
+

data/lib/httpd_configmap_generator/saml.rb

@@ -10,7 +10,9 @@ module HttpdConfigmapGenerator
     }.freeze
 
     def required_options
-      super
+      super.merge(
+        :host => { :description => "Application Domain", :short => "-h" },
+      )
     end
 
     def optional_options

data/lib/httpd_configmap_generator/version.rb

@@ -1,3 +1,3 @@
 module HttpdConfigmapGenerator
-  VERSION = "0.2.2".freeze
+  VERSION = "0.3.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpd_configmap_generator
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Httpd Auth Config Developers
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-22 00:00:00.000000000 Z
+date: 2020-07-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
@@ -123,21 +123,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.4'
 - !ruby/object:Gem::Dependency
-  name: trollop
+  name: optimist
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '3.0'
 description: The Httpd Configmap Generator
-email: 
+email:
 executables:
 - httpd_configmap_generator
 extensions: []
@@ -146,12 +146,14 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- ".yamllint"
 - Dockerfile
 - Gemfile
 - LICENSE
 - README-active-directory.md
 - README-ipa.md
 - README-ldap.md
+- README-oidc.md
 - README-saml.md
 - README.md
 - Rakefile
@@ -174,6 +176,7 @@ files:
 - lib/httpd_configmap_generator/export.rb
 - lib/httpd_configmap_generator/ipa.rb
 - lib/httpd_configmap_generator/ldap.rb
+- lib/httpd_configmap_generator/oidc.rb
 - lib/httpd_configmap_generator/saml.rb
 - lib/httpd_configmap_generator/update.rb
 - lib/httpd_configmap_generator/version.rb
@@ -184,7 +187,7 @@ homepage: https://github.com/ManageIQ/httpd_configmap_generator
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -199,9 +202,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.13
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: The Httpd Configmap Generator
 test_files: []