manageiq-appliance_console 3.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/manageiq/appliance_console/database_admin.rb +12 -11
- data/lib/manageiq/appliance_console/external_auth_options.rb +6 -4
- data/lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb +31 -18
- data/lib/manageiq/appliance_console/prompts.rb +3 -3
- data/lib/manageiq/appliance_console/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c51a1645cacd16b9f78f45db22f3a1ae65976639e4cf4b350fac41e3cb8e736
|
|
4
|
+
data.tar.gz: d8307195379d0abd4d7379aa02ec3d0a9a779845f801b537b62861c63153aed3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 703481bd2a07952b373444c4e1b2b7b65978341e2d6a9007ecbe66481a98b1b49122593149ce8b7b4109b7f148482e6281f090bae405112debd4c1a372bab4b2
|
|
7
|
+
data.tar.gz: 4a9b89883776c42b38861a371d657ffc4be786e9f109bc6a39c9c68b3df88ae4ccf701d4c0720b9dee95d28deada418ce8c2c21a25561760e6bbd3bd985791f5
|
|
@@ -102,21 +102,22 @@ module ManageIQ
|
|
|
102
102
|
Example: 'amazon_aws_user'
|
|
103
103
|
PROMPT
|
|
104
104
|
|
|
105
|
-
@
|
|
105
|
+
@filename = just_ask(*filename_prompt_args) unless action == :restore
|
|
106
|
+
@uri = ask_for_uri(*remote_file_prompt_args_for("s3"), :optional_path => true)
|
|
107
|
+
region = just_ask("Amazon Region for database file", "us-east-1")
|
|
106
108
|
user = just_ask(access_key_prompt)
|
|
107
109
|
pass = ask_for_password("Secret Access Key for #{user}")
|
|
108
|
-
|
|
110
|
+
|
|
111
|
+
params = {
|
|
112
|
+
:uri => uri,
|
|
113
|
+
:uri_username => user,
|
|
114
|
+
:uri_password => pass,
|
|
115
|
+
:aws_region => region
|
|
116
|
+
}
|
|
117
|
+
params[:remote_file_name] = filename if filename
|
|
109
118
|
|
|
110
119
|
@task = "evm:db:#{action}:remote"
|
|
111
|
-
@task_params = [
|
|
112
|
-
"--",
|
|
113
|
-
{
|
|
114
|
-
:uri => uri,
|
|
115
|
-
:uri_username => user,
|
|
116
|
-
:uri_password => pass,
|
|
117
|
-
:aws_region => region
|
|
118
|
-
}
|
|
119
|
-
]
|
|
120
|
+
@task_params = ["--", params]
|
|
120
121
|
end
|
|
121
122
|
|
|
122
123
|
def ask_to_delete_backup_after_restore
|
|
@@ -7,10 +7,10 @@ module ApplianceConsole
|
|
|
7
7
|
AUTH_PATH = "/authentication".freeze
|
|
8
8
|
|
|
9
9
|
EXT_AUTH_OPTIONS = {
|
|
10
|
-
"#{AUTH_PATH}/sso_enabled" => {:label => "Single Sign-On",
|
|
11
|
-
"#{AUTH_PATH}/saml_enabled" => {:label => "SAML",
|
|
12
|
-
"#{AUTH_PATH}/oidc_enabled" => {:label => "OIDC",
|
|
13
|
-
"#{AUTH_PATH}/local_login_disabled" => {:label => "Local Login",
|
|
10
|
+
"#{AUTH_PATH}/sso_enabled" => {:label => "Single Sign-On", :logic => true},
|
|
11
|
+
"#{AUTH_PATH}/saml_enabled" => {:label => "SAML", :logic => true},
|
|
12
|
+
"#{AUTH_PATH}/oidc_enabled" => {:label => "OIDC", :logic => true},
|
|
13
|
+
"#{AUTH_PATH}/local_login_disabled" => {:label => "Local Login for SAML or OIDC", :logic => false}
|
|
14
14
|
}.freeze
|
|
15
15
|
|
|
16
16
|
include ManageIQ::ApplianceConsole::Logging
|
|
@@ -100,6 +100,8 @@ module ApplianceConsole
|
|
|
100
100
|
configure_oidc!(params)
|
|
101
101
|
elsif params.include?("/authentication/oidc_enabled=false") || params.include?("/authentication/saml_enabled=false")
|
|
102
102
|
configure_none!(params)
|
|
103
|
+
else
|
|
104
|
+
params
|
|
103
105
|
end
|
|
104
106
|
end
|
|
105
107
|
|
data/lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb
CHANGED
|
@@ -8,28 +8,29 @@ module ApplianceConsole
|
|
|
8
8
|
#
|
|
9
9
|
# External Authentication Definitions
|
|
10
10
|
#
|
|
11
|
-
IPA_COMMAND
|
|
12
|
-
IPA_INSTALL_COMMAND
|
|
13
|
-
IPA_GETKEYTAB
|
|
14
|
-
|
|
15
|
-
KERBEROS_CONFIG_FILE
|
|
16
|
-
|
|
17
|
-
SSSD_CONFIG
|
|
18
|
-
PAM_CONFIG
|
|
19
|
-
HTTP_KEYTAB
|
|
20
|
-
HTTP_REMOTE_USER
|
|
21
|
-
|
|
11
|
+
IPA_COMMAND = "/usr/bin/ipa".freeze
|
|
12
|
+
IPA_INSTALL_COMMAND = "/usr/sbin/ipa-client-install".freeze
|
|
13
|
+
IPA_GETKEYTAB = "/usr/sbin/ipa-getkeytab".freeze
|
|
14
|
+
|
|
15
|
+
KERBEROS_CONFIG_FILE = "/etc/krb5.conf".freeze
|
|
16
|
+
|
|
17
|
+
SSSD_CONFIG = "/etc/sssd/sssd.conf".freeze
|
|
18
|
+
PAM_CONFIG = "/etc/pam.d/httpd-auth".freeze
|
|
19
|
+
HTTP_KEYTAB = "/etc/http.keytab".freeze
|
|
20
|
+
HTTP_REMOTE_USER = "/etc/httpd/conf.d/manageiq-remote-user.conf".freeze
|
|
21
|
+
HTTP_REMOTE_USER_OIDC = "/etc/httpd/conf.d/manageiq-remote-user-openidc.conf".freeze
|
|
22
|
+
HTTP_EXTERNAL_AUTH = "/etc/httpd/conf.d/manageiq-external-auth.conf".freeze
|
|
22
23
|
HTTP_EXTERNAL_AUTH_TEMPLATE = "#{HTTP_EXTERNAL_AUTH}.erb".freeze
|
|
23
24
|
|
|
24
|
-
GETSEBOOL_COMMAND
|
|
25
|
-
SETSEBOOL_COMMAND
|
|
26
|
-
GETENFORCE_COMMAND
|
|
25
|
+
GETSEBOOL_COMMAND = "/usr/sbin/getsebool".freeze
|
|
26
|
+
SETSEBOOL_COMMAND = "/usr/sbin/setsebool".freeze
|
|
27
|
+
GETENFORCE_COMMAND = "/usr/sbin/getenforce".freeze
|
|
27
28
|
|
|
28
|
-
APACHE_USER
|
|
29
|
+
APACHE_USER = "apache".freeze
|
|
29
30
|
|
|
30
|
-
TIMESTAMP_FORMAT
|
|
31
|
+
TIMESTAMP_FORMAT = "%Y%m%d_%H%M%S".freeze
|
|
31
32
|
|
|
32
|
-
LDAP_ATTRS
|
|
33
|
+
LDAP_ATTRS = {
|
|
33
34
|
"mail" => "REMOTE_USER_EMAIL",
|
|
34
35
|
"givenname" => "REMOTE_USER_FIRSTNAME",
|
|
35
36
|
"sn" => "REMOTE_USER_LASTNAME",
|
|
@@ -219,7 +220,11 @@ module ApplianceConsole
|
|
|
219
220
|
end
|
|
220
221
|
|
|
221
222
|
def self.config_status
|
|
222
|
-
fetch_ipa_configuration("ipa_server") ||
|
|
223
|
+
fetch_ipa_configuration("ipa_server") ||
|
|
224
|
+
fetch_sssd_domain ||
|
|
225
|
+
oidc_status ||
|
|
226
|
+
saml_status ||
|
|
227
|
+
"not configured"
|
|
223
228
|
end
|
|
224
229
|
|
|
225
230
|
def self.ipa_client_configured?
|
|
@@ -243,6 +248,14 @@ module ApplianceConsole
|
|
|
243
248
|
config_file_read(SSSD_CONFIG)[/\[domain\/(.*)\]/, 1] if File.exist?(SSSD_CONFIG)
|
|
244
249
|
end
|
|
245
250
|
|
|
251
|
+
def self.saml_status
|
|
252
|
+
"External Auth SAML" if File.exist?(HTTP_REMOTE_USER)
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
def self.oidc_status
|
|
256
|
+
"External Auth OpenID Connect" if File.exist?(HTTP_REMOTE_USER_OIDC)
|
|
257
|
+
end
|
|
258
|
+
|
|
246
259
|
delegate :ipa_client_configured?, :config_file_read, :fetch_ipa_configuration, :config_status, :to => self
|
|
247
260
|
end
|
|
248
261
|
end
|
|
@@ -25,7 +25,7 @@ module ApplianceConsole
|
|
|
25
25
|
SAMPLE_URLS[scheme]
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
def ask_for_uri(prompt, expected_scheme)
|
|
28
|
+
def ask_for_uri(prompt, expected_scheme, opts = {})
|
|
29
29
|
require 'uri'
|
|
30
30
|
just_ask(prompt, nil, nil, 'a valid URI') do |q|
|
|
31
31
|
q.validate = lambda do |a|
|
|
@@ -36,14 +36,14 @@ module ApplianceConsole
|
|
|
36
36
|
# validate it has a hostname/ip and a share
|
|
37
37
|
u.scheme == expected_scheme &&
|
|
38
38
|
(u.host =~ HOSTNAME_REGEXP || u.hostname =~ IP_REGEXP) &&
|
|
39
|
-
!u.path.empty?
|
|
39
|
+
(opts[:optional_path] || !u.path.empty?)
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
def press_any_key
|
|
45
45
|
say("\nPress any key to continue.")
|
|
46
|
-
STDIN.noecho(&:
|
|
46
|
+
STDIN.noecho(&:getch)
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def clear_screen
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: manageiq-appliance_console
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- ManageIQ Developers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|