manageiq-appliance_console 5.0.3 → 5.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 842d9e3f4effbab338ffca56f0d10023b54089078d8a35f51e1af7c34a17f7cd
|
4
|
+
data.tar.gz: fa3019d794de206d44b82fb70f5afbfd6eb28a165c45344957b6bcf4cc6b3b36
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 32782c59824479eea39097a7adf542b0654ac77a02342e6b398113abbd76426ff5fb0908b5c4eccfeffca22b829b16862322357f286288a41fbf4f1c06fb3335
|
7
|
+
data.tar.gz: 2e9fcbc67a7ad8baff5cbcdba421bfc6c6ba99706a97b53d4a1c4137f606178cb0d74ac5d295c99c9de00478c65b208ef6cf23fa416c2e99dba12d73c79859e9
|
data/.travis.yml
CHANGED
@@ -44,6 +44,7 @@ require 'manageiq/appliance_console/key_configuration'
|
|
44
44
|
require 'manageiq/appliance_console/logfile_configuration'
|
45
45
|
require 'manageiq/appliance_console/logical_volume_management'
|
46
46
|
require 'manageiq/appliance_console/principal'
|
47
|
+
require 'manageiq/appliance_console/saml_authentication'
|
47
48
|
require 'manageiq/appliance_console/scap'
|
48
49
|
require 'manageiq/appliance_console/temp_storage_configuration'
|
49
50
|
require 'manageiq/appliance_console/timezone_configuration'
|
@@ -77,6 +77,14 @@ module ApplianceConsole
|
|
77
77
|
options[:extauth_opts]
|
78
78
|
end
|
79
79
|
|
80
|
+
def saml_config?
|
81
|
+
options[:saml_config]
|
82
|
+
end
|
83
|
+
|
84
|
+
def saml_unconfig?
|
85
|
+
options[:saml_unconfig]
|
86
|
+
end
|
87
|
+
|
80
88
|
def set_server_state?
|
81
89
|
options[:server]
|
82
90
|
end
|
@@ -145,6 +153,11 @@ module ApplianceConsole
|
|
145
153
|
opt :datetime, "Date and time, in YYYY-MM-DDTHH:MM:SS (ISO8601) format", :type => :string
|
146
154
|
opt :http_cert, "install certs for http server", :type => :boolean
|
147
155
|
opt :extauth_opts, "External Authentication Options", :type => :string
|
156
|
+
opt :saml_config, "Configure Appliance for SAML Authentication", :type => :boolean, :default => false
|
157
|
+
opt :saml_client_host, "Optional Appliance host used for SAML registration", :type => :string
|
158
|
+
opt :saml_idp_metadata, "The file path or URL of the SAML IDP Metadata", :type => :string
|
159
|
+
opt :saml_enable_sso, "Optionally enable SSO with SAML Authentication", :type => :boolean, :default => false
|
160
|
+
opt :saml_unconfig, "Unconfigure Appliance SAML Authentication", :type => :boolean, :default => false
|
148
161
|
opt :server, "{start|stop|restart} actions on evmserverd Server", :type => :string
|
149
162
|
end
|
150
163
|
Optimist.die :region, "needed when setting up a local database" if region_number_required? && options[:region].nil?
|
@@ -157,8 +170,9 @@ module ApplianceConsole
|
|
157
170
|
|
158
171
|
def run
|
159
172
|
Optimist.educate unless set_host? || key? || database? || tmp_disk? || log_disk? ||
|
160
|
-
|
161
|
-
|
173
|
+
uninstall_ipa? || install_ipa? || certs? || extauth_opts? ||
|
174
|
+
time_zone? || date_time? || set_server_state? || set_replication? ||
|
175
|
+
saml_config? || saml_unconfig?
|
162
176
|
if set_host?
|
163
177
|
system_hosts = LinuxAdmin::Hosts.new
|
164
178
|
system_hosts.hostname = options[:host]
|
@@ -177,6 +191,8 @@ module ApplianceConsole
|
|
177
191
|
install_ipa if install_ipa?
|
178
192
|
install_certs if certs?
|
179
193
|
extauth_opts if extauth_opts?
|
194
|
+
saml_config if saml_config?
|
195
|
+
saml_unconfig if saml_unconfig?
|
180
196
|
set_server_state if set_server_state?
|
181
197
|
rescue CliError => e
|
182
198
|
say(e.message)
|
@@ -388,6 +404,14 @@ module ApplianceConsole
|
|
388
404
|
extauthopts.update_configuration(extauthopts_hash)
|
389
405
|
end
|
390
406
|
|
407
|
+
def saml_config
|
408
|
+
SamlAuthentication.new(options).configure(options[:saml_client_host] || host)
|
409
|
+
end
|
410
|
+
|
411
|
+
def saml_unconfig
|
412
|
+
SamlAuthentication.new(options).unconfigure
|
413
|
+
end
|
414
|
+
|
391
415
|
def set_server_state
|
392
416
|
service = LinuxAdmin::Service.new("evmserverd")
|
393
417
|
service_running = service.running?
|
@@ -0,0 +1,208 @@
|
|
1
|
+
require "uri"
|
2
|
+
|
3
|
+
module ManageIQ
|
4
|
+
module ApplianceConsole
|
5
|
+
class SamlAuthentication
|
6
|
+
MELLON_CREATE_METADATA_COMMAND = Pathname.new("/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh")
|
7
|
+
|
8
|
+
HTTPD_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/conf.d")
|
9
|
+
SAML2_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/saml2")
|
10
|
+
IDP_METADATA_FILE = SAML2_CONFIG_DIRECTORY.join("idp-metadata.xml")
|
11
|
+
|
12
|
+
attr_accessor :host, :options
|
13
|
+
|
14
|
+
def initialize(options)
|
15
|
+
@options = options
|
16
|
+
end
|
17
|
+
|
18
|
+
def configure(host)
|
19
|
+
@host = host
|
20
|
+
validate_saml_idp_metadata_option
|
21
|
+
|
22
|
+
say("Configuring SAML Authentication for https://#{host} ...")
|
23
|
+
copy_apache_saml_configfiles
|
24
|
+
FileUtils.mkdir_p(SAML2_CONFIG_DIRECTORY)
|
25
|
+
AwesomeSpawn.run!(MELLON_CREATE_METADATA_COMMAND,
|
26
|
+
:chdir => SAML2_CONFIG_DIRECTORY,
|
27
|
+
:params => ["https://#{host}", "https://#{host}/saml2"])
|
28
|
+
rename_mellon_configfiles
|
29
|
+
fetch_idp_metadata
|
30
|
+
configure_auth_settings_saml
|
31
|
+
restart_httpd
|
32
|
+
true
|
33
|
+
rescue AwesomeSpawn::CommandResultError => e
|
34
|
+
log_command_error(e)
|
35
|
+
say("Failed to Configure SAML Authentication - #{e}")
|
36
|
+
false
|
37
|
+
rescue => e
|
38
|
+
say("Failed to Configure SAML Authentication - #{e}")
|
39
|
+
false
|
40
|
+
end
|
41
|
+
|
42
|
+
def unconfigure
|
43
|
+
raise "Appliance is not currently configured for SAML" unless configured?
|
44
|
+
|
45
|
+
say("Unconfiguring SAML Authentication ...")
|
46
|
+
remove_apache_saml_configfiles
|
47
|
+
configure_auth_settings_database
|
48
|
+
restart_httpd
|
49
|
+
true
|
50
|
+
rescue AwesomeSpawn::CommandResultError => e
|
51
|
+
log_command_error(e)
|
52
|
+
say("Failed to Unconfigure SAML Authentication - #{e}")
|
53
|
+
false
|
54
|
+
rescue => e
|
55
|
+
say("Failed to Unconfigure SAML Authentication - #{e}")
|
56
|
+
false
|
57
|
+
end
|
58
|
+
|
59
|
+
private
|
60
|
+
|
61
|
+
# Apache SAML Configuration
|
62
|
+
|
63
|
+
def rename_mellon_configfiles
|
64
|
+
debug_msg("Renaming mellon config files ...")
|
65
|
+
Dir.chdir(SAML2_CONFIG_DIRECTORY) do
|
66
|
+
Dir.glob("https_*.*") do |mellon_file|
|
67
|
+
saml2_file =
|
68
|
+
case mellon_file
|
69
|
+
when /^https_.*\.key$/ then "miqsp-key.key"
|
70
|
+
when /^https_.*\.cert$/ then "miqsp-cert.cert"
|
71
|
+
when /^https_.*\.xml$/ then "miqsp-metadata.xml"
|
72
|
+
end
|
73
|
+
if saml2_file
|
74
|
+
debug_msg("Renaming #{mellon_file} to #{saml2_file}")
|
75
|
+
File.rename(mellon_file, saml2_file)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def fetch_idp_metadata
|
82
|
+
idp_metadata = options[:saml_idp_metadata]
|
83
|
+
if path_is_file?(idp_metadata) && idp_metadata != IDP_METADATA_FILE
|
84
|
+
debug_msg("Copying IDP metadata file #{idp_metadata} to #{IDP_METADATA_FILE} ...")
|
85
|
+
FileUtils.cp(idp_metadata, IDP_METADATA_FILE)
|
86
|
+
elsif path_is_url?(idp_metadata)
|
87
|
+
debug_msg("Downloading IDP metadata file from #{idp_metadata}")
|
88
|
+
download_network_file(idp_metadata, IDP_METADATA_FILE)
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def copy_apache_saml_configfiles
|
93
|
+
debug_msg("Copying Apache SAML Config files ...")
|
94
|
+
copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf")
|
95
|
+
copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf")
|
96
|
+
end
|
97
|
+
|
98
|
+
def remove_apache_saml_configfiles
|
99
|
+
debug_msg("Removing Apache SAML Config files ...")
|
100
|
+
remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf"))
|
101
|
+
remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf"))
|
102
|
+
end
|
103
|
+
|
104
|
+
def configured?
|
105
|
+
HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf").exist?
|
106
|
+
end
|
107
|
+
|
108
|
+
def restart_httpd
|
109
|
+
httpd_service = LinuxAdmin::Service.new("httpd")
|
110
|
+
if httpd_service.running?
|
111
|
+
say("Restarting httpd ...")
|
112
|
+
httpd_service.restart
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
# SAML IDP Metadata
|
117
|
+
|
118
|
+
def validate_saml_idp_metadata_option
|
119
|
+
idp_metadata = options[:saml_idp_metadata]
|
120
|
+
raise "Must specify the SAML IDP metadata file or URL via --saml-idp-metadata" if idp_metadata.blank?
|
121
|
+
|
122
|
+
raise "Missing SAML IDP metadata file #{idp_metadata}" if path_is_file?(idp_metadata) && !File.exist?(idp_metadata)
|
123
|
+
end
|
124
|
+
|
125
|
+
def path_is_file?(path)
|
126
|
+
path.present? && !path_is_url?(path)
|
127
|
+
end
|
128
|
+
|
129
|
+
def path_is_url?(path)
|
130
|
+
path =~ /\A#{URI.regexp(["http", "https"])}\z/x
|
131
|
+
end
|
132
|
+
|
133
|
+
# File Management
|
134
|
+
|
135
|
+
def remove_file(path)
|
136
|
+
if path.exist?
|
137
|
+
debug_msg("Removing #{path} ...")
|
138
|
+
File.delete(path)
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
def copy_template(dir, file)
|
143
|
+
src_path = template_directory.join(relative_from_root(dir), file)
|
144
|
+
dest_path = dir.join(file)
|
145
|
+
debug_msg("Copying template #{src_path} to #{dest_path} ...")
|
146
|
+
FileUtils.cp(src_path, dest_path)
|
147
|
+
end
|
148
|
+
|
149
|
+
def download_network_file(source_file_url, target_file)
|
150
|
+
require "net/http"
|
151
|
+
|
152
|
+
say("Downloading #{source_file_url} ...")
|
153
|
+
result = Net::HTTP.get_response(URI(source_file_url))
|
154
|
+
raise "Failed to download file from #{source_file_url}" unless result.kind_of?(Net::HTTPSuccess)
|
155
|
+
|
156
|
+
File.write(target_file, result.body)
|
157
|
+
end
|
158
|
+
|
159
|
+
def template_directory
|
160
|
+
@template_directory ||= Pathname.new(ENV.fetch("APPLIANCE_TEMPLATE_DIRECTORY"))
|
161
|
+
end
|
162
|
+
|
163
|
+
def relative_from_root(path)
|
164
|
+
path.absolute? ? path.relative_path_from(Pathname.new("/")) : path
|
165
|
+
end
|
166
|
+
|
167
|
+
# Appliance Settings
|
168
|
+
|
169
|
+
def configure_auth_settings_saml
|
170
|
+
say("Setting Appliance Authentication Settings to SAML ...")
|
171
|
+
params = [
|
172
|
+
"/authentication/mode=httpd",
|
173
|
+
"/authentication/httpd_role=true",
|
174
|
+
"/authentication/saml_enabled=true",
|
175
|
+
"/authentication/oidc_enabled=false",
|
176
|
+
"/authentication/sso_enabled=#{options[:saml_enable_sso] ? 'true' : 'false'}",
|
177
|
+
"/authentication/provider_type=saml"
|
178
|
+
]
|
179
|
+
Utilities.rake_run("evm:settings:set", params)
|
180
|
+
end
|
181
|
+
|
182
|
+
def configure_auth_settings_database
|
183
|
+
say("Setting Appliance Authentication Settings to Database ...")
|
184
|
+
params = [
|
185
|
+
"/authentication/mode=database",
|
186
|
+
"/authentication/httpd_role=false",
|
187
|
+
"/authentication/saml_enabled=false",
|
188
|
+
"/authentication/oidc_enabled=false",
|
189
|
+
"/authentication/sso_enabled=false",
|
190
|
+
"/authentication/provider_type=none"
|
191
|
+
]
|
192
|
+
Utilities.rake_run("evm:settings:set", params)
|
193
|
+
end
|
194
|
+
|
195
|
+
# Logging
|
196
|
+
|
197
|
+
def debug_msg(msg)
|
198
|
+
say(msg) if options[:verbose]
|
199
|
+
end
|
200
|
+
|
201
|
+
def log_command_error(err)
|
202
|
+
say(err.result.output)
|
203
|
+
say(err.result.error)
|
204
|
+
say("")
|
205
|
+
end
|
206
|
+
end
|
207
|
+
end
|
208
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: manageiq-appliance_console
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.0
|
4
|
+
version: 5.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- ManageIQ Developers
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activerecord
|
@@ -287,6 +287,7 @@ files:
|
|
287
287
|
- lib/manageiq/appliance_console/logical_volume_management.rb
|
288
288
|
- lib/manageiq/appliance_console/principal.rb
|
289
289
|
- lib/manageiq/appliance_console/prompts.rb
|
290
|
+
- lib/manageiq/appliance_console/saml_authentication.rb
|
290
291
|
- lib/manageiq/appliance_console/scap.rb
|
291
292
|
- lib/manageiq/appliance_console/temp_storage_configuration.rb
|
292
293
|
- lib/manageiq/appliance_console/timezone_configuration.rb
|