manageiq-appliance_console 5.0.3 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4baaae9e551222520424d741df95ce3dc1649b18303ef9fd873c9964177da440
4
- data.tar.gz: b40882a8c0ac7f02cde200cbde365c3cc51f46a1a83608d9bde769ce77355138
3
+ metadata.gz: 842d9e3f4effbab338ffca56f0d10023b54089078d8a35f51e1af7c34a17f7cd
4
+ data.tar.gz: fa3019d794de206d44b82fb70f5afbfd6eb28a165c45344957b6bcf4cc6b3b36
5
5
  SHA512:
6
- metadata.gz: 79ed5ef8f7b163a48925057baf5f7938167a35e381b5fbdb114c07630ed412aa93a846bd99980e3728016ae5029b6c0d0dc9c87653a7184b00a05ca5f5ae8768
7
- data.tar.gz: 4e541333c7e5eb1a1d77aba86e2a865317ac95a2822b31d2520b893c3a04434a6745f2f5fc249fd462a62c5c94534a13aaa80b2c8f3f9e19df8d724b434dcfae
6
+ metadata.gz: 32782c59824479eea39097a7adf542b0654ac77a02342e6b398113abbd76426ff5fb0908b5c4eccfeffca22b829b16862322357f286288a41fbf4f1c06fb3335
7
+ data.tar.gz: 2e9fcbc67a7ad8baff5cbcdba421bfc6c6ba99706a97b53d4a1c4137f606178cb0d74ac5d295c99c9de00478c65b208ef6cf23fa416c2e99dba12d73c79859e9
data/.travis.yml CHANGED
@@ -1,7 +1,8 @@
1
+ ---
1
2
  language: ruby
2
3
  rvm:
3
- - 2.4.6
4
- - 2.5.3
4
+ - 2.5.7
5
+ - 2.6.5
5
6
  sudo: false
6
7
  cache: bundler
7
8
  env:
@@ -44,6 +44,7 @@ require 'manageiq/appliance_console/key_configuration'
44
44
  require 'manageiq/appliance_console/logfile_configuration'
45
45
  require 'manageiq/appliance_console/logical_volume_management'
46
46
  require 'manageiq/appliance_console/principal'
47
+ require 'manageiq/appliance_console/saml_authentication'
47
48
  require 'manageiq/appliance_console/scap'
48
49
  require 'manageiq/appliance_console/temp_storage_configuration'
49
50
  require 'manageiq/appliance_console/timezone_configuration'
@@ -77,6 +77,14 @@ module ApplianceConsole
77
77
  options[:extauth_opts]
78
78
  end
79
79
 
80
+ def saml_config?
81
+ options[:saml_config]
82
+ end
83
+
84
+ def saml_unconfig?
85
+ options[:saml_unconfig]
86
+ end
87
+
80
88
  def set_server_state?
81
89
  options[:server]
82
90
  end
@@ -145,6 +153,11 @@ module ApplianceConsole
145
153
  opt :datetime, "Date and time, in YYYY-MM-DDTHH:MM:SS (ISO8601) format", :type => :string
146
154
  opt :http_cert, "install certs for http server", :type => :boolean
147
155
  opt :extauth_opts, "External Authentication Options", :type => :string
156
+ opt :saml_config, "Configure Appliance for SAML Authentication", :type => :boolean, :default => false
157
+ opt :saml_client_host, "Optional Appliance host used for SAML registration", :type => :string
158
+ opt :saml_idp_metadata, "The file path or URL of the SAML IDP Metadata", :type => :string
159
+ opt :saml_enable_sso, "Optionally enable SSO with SAML Authentication", :type => :boolean, :default => false
160
+ opt :saml_unconfig, "Unconfigure Appliance SAML Authentication", :type => :boolean, :default => false
148
161
  opt :server, "{start|stop|restart} actions on evmserverd Server", :type => :string
149
162
  end
150
163
  Optimist.die :region, "needed when setting up a local database" if region_number_required? && options[:region].nil?
@@ -157,8 +170,9 @@ module ApplianceConsole
157
170
 
158
171
  def run
159
172
  Optimist.educate unless set_host? || key? || database? || tmp_disk? || log_disk? ||
160
- uninstall_ipa? || install_ipa? || certs? || extauth_opts? ||
161
- time_zone? || date_time? || set_server_state? || set_replication?
173
+ uninstall_ipa? || install_ipa? || certs? || extauth_opts? ||
174
+ time_zone? || date_time? || set_server_state? || set_replication? ||
175
+ saml_config? || saml_unconfig?
162
176
  if set_host?
163
177
  system_hosts = LinuxAdmin::Hosts.new
164
178
  system_hosts.hostname = options[:host]
@@ -177,6 +191,8 @@ module ApplianceConsole
177
191
  install_ipa if install_ipa?
178
192
  install_certs if certs?
179
193
  extauth_opts if extauth_opts?
194
+ saml_config if saml_config?
195
+ saml_unconfig if saml_unconfig?
180
196
  set_server_state if set_server_state?
181
197
  rescue CliError => e
182
198
  say(e.message)
@@ -388,6 +404,14 @@ module ApplianceConsole
388
404
  extauthopts.update_configuration(extauthopts_hash)
389
405
  end
390
406
 
407
+ def saml_config
408
+ SamlAuthentication.new(options).configure(options[:saml_client_host] || host)
409
+ end
410
+
411
+ def saml_unconfig
412
+ SamlAuthentication.new(options).unconfigure
413
+ end
414
+
391
415
  def set_server_state
392
416
  service = LinuxAdmin::Service.new("evmserverd")
393
417
  service_running = service.running?
@@ -0,0 +1,208 @@
1
+ require "uri"
2
+
3
+ module ManageIQ
4
+ module ApplianceConsole
5
+ class SamlAuthentication
6
+ MELLON_CREATE_METADATA_COMMAND = Pathname.new("/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh")
7
+
8
+ HTTPD_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/conf.d")
9
+ SAML2_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/saml2")
10
+ IDP_METADATA_FILE = SAML2_CONFIG_DIRECTORY.join("idp-metadata.xml")
11
+
12
+ attr_accessor :host, :options
13
+
14
+ def initialize(options)
15
+ @options = options
16
+ end
17
+
18
+ def configure(host)
19
+ @host = host
20
+ validate_saml_idp_metadata_option
21
+
22
+ say("Configuring SAML Authentication for https://#{host} ...")
23
+ copy_apache_saml_configfiles
24
+ FileUtils.mkdir_p(SAML2_CONFIG_DIRECTORY)
25
+ AwesomeSpawn.run!(MELLON_CREATE_METADATA_COMMAND,
26
+ :chdir => SAML2_CONFIG_DIRECTORY,
27
+ :params => ["https://#{host}", "https://#{host}/saml2"])
28
+ rename_mellon_configfiles
29
+ fetch_idp_metadata
30
+ configure_auth_settings_saml
31
+ restart_httpd
32
+ true
33
+ rescue AwesomeSpawn::CommandResultError => e
34
+ log_command_error(e)
35
+ say("Failed to Configure SAML Authentication - #{e}")
36
+ false
37
+ rescue => e
38
+ say("Failed to Configure SAML Authentication - #{e}")
39
+ false
40
+ end
41
+
42
+ def unconfigure
43
+ raise "Appliance is not currently configured for SAML" unless configured?
44
+
45
+ say("Unconfiguring SAML Authentication ...")
46
+ remove_apache_saml_configfiles
47
+ configure_auth_settings_database
48
+ restart_httpd
49
+ true
50
+ rescue AwesomeSpawn::CommandResultError => e
51
+ log_command_error(e)
52
+ say("Failed to Unconfigure SAML Authentication - #{e}")
53
+ false
54
+ rescue => e
55
+ say("Failed to Unconfigure SAML Authentication - #{e}")
56
+ false
57
+ end
58
+
59
+ private
60
+
61
+ # Apache SAML Configuration
62
+
63
+ def rename_mellon_configfiles
64
+ debug_msg("Renaming mellon config files ...")
65
+ Dir.chdir(SAML2_CONFIG_DIRECTORY) do
66
+ Dir.glob("https_*.*") do |mellon_file|
67
+ saml2_file =
68
+ case mellon_file
69
+ when /^https_.*\.key$/ then "miqsp-key.key"
70
+ when /^https_.*\.cert$/ then "miqsp-cert.cert"
71
+ when /^https_.*\.xml$/ then "miqsp-metadata.xml"
72
+ end
73
+ if saml2_file
74
+ debug_msg("Renaming #{mellon_file} to #{saml2_file}")
75
+ File.rename(mellon_file, saml2_file)
76
+ end
77
+ end
78
+ end
79
+ end
80
+
81
+ def fetch_idp_metadata
82
+ idp_metadata = options[:saml_idp_metadata]
83
+ if path_is_file?(idp_metadata) && idp_metadata != IDP_METADATA_FILE
84
+ debug_msg("Copying IDP metadata file #{idp_metadata} to #{IDP_METADATA_FILE} ...")
85
+ FileUtils.cp(idp_metadata, IDP_METADATA_FILE)
86
+ elsif path_is_url?(idp_metadata)
87
+ debug_msg("Downloading IDP metadata file from #{idp_metadata}")
88
+ download_network_file(idp_metadata, IDP_METADATA_FILE)
89
+ end
90
+ end
91
+
92
+ def copy_apache_saml_configfiles
93
+ debug_msg("Copying Apache SAML Config files ...")
94
+ copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf")
95
+ copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf")
96
+ end
97
+
98
+ def remove_apache_saml_configfiles
99
+ debug_msg("Removing Apache SAML Config files ...")
100
+ remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf"))
101
+ remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf"))
102
+ end
103
+
104
+ def configured?
105
+ HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf").exist?
106
+ end
107
+
108
+ def restart_httpd
109
+ httpd_service = LinuxAdmin::Service.new("httpd")
110
+ if httpd_service.running?
111
+ say("Restarting httpd ...")
112
+ httpd_service.restart
113
+ end
114
+ end
115
+
116
+ # SAML IDP Metadata
117
+
118
+ def validate_saml_idp_metadata_option
119
+ idp_metadata = options[:saml_idp_metadata]
120
+ raise "Must specify the SAML IDP metadata file or URL via --saml-idp-metadata" if idp_metadata.blank?
121
+
122
+ raise "Missing SAML IDP metadata file #{idp_metadata}" if path_is_file?(idp_metadata) && !File.exist?(idp_metadata)
123
+ end
124
+
125
+ def path_is_file?(path)
126
+ path.present? && !path_is_url?(path)
127
+ end
128
+
129
+ def path_is_url?(path)
130
+ path =~ /\A#{URI.regexp(["http", "https"])}\z/x
131
+ end
132
+
133
+ # File Management
134
+
135
+ def remove_file(path)
136
+ if path.exist?
137
+ debug_msg("Removing #{path} ...")
138
+ File.delete(path)
139
+ end
140
+ end
141
+
142
+ def copy_template(dir, file)
143
+ src_path = template_directory.join(relative_from_root(dir), file)
144
+ dest_path = dir.join(file)
145
+ debug_msg("Copying template #{src_path} to #{dest_path} ...")
146
+ FileUtils.cp(src_path, dest_path)
147
+ end
148
+
149
+ def download_network_file(source_file_url, target_file)
150
+ require "net/http"
151
+
152
+ say("Downloading #{source_file_url} ...")
153
+ result = Net::HTTP.get_response(URI(source_file_url))
154
+ raise "Failed to download file from #{source_file_url}" unless result.kind_of?(Net::HTTPSuccess)
155
+
156
+ File.write(target_file, result.body)
157
+ end
158
+
159
+ def template_directory
160
+ @template_directory ||= Pathname.new(ENV.fetch("APPLIANCE_TEMPLATE_DIRECTORY"))
161
+ end
162
+
163
+ def relative_from_root(path)
164
+ path.absolute? ? path.relative_path_from(Pathname.new("/")) : path
165
+ end
166
+
167
+ # Appliance Settings
168
+
169
+ def configure_auth_settings_saml
170
+ say("Setting Appliance Authentication Settings to SAML ...")
171
+ params = [
172
+ "/authentication/mode=httpd",
173
+ "/authentication/httpd_role=true",
174
+ "/authentication/saml_enabled=true",
175
+ "/authentication/oidc_enabled=false",
176
+ "/authentication/sso_enabled=#{options[:saml_enable_sso] ? 'true' : 'false'}",
177
+ "/authentication/provider_type=saml"
178
+ ]
179
+ Utilities.rake_run("evm:settings:set", params)
180
+ end
181
+
182
+ def configure_auth_settings_database
183
+ say("Setting Appliance Authentication Settings to Database ...")
184
+ params = [
185
+ "/authentication/mode=database",
186
+ "/authentication/httpd_role=false",
187
+ "/authentication/saml_enabled=false",
188
+ "/authentication/oidc_enabled=false",
189
+ "/authentication/sso_enabled=false",
190
+ "/authentication/provider_type=none"
191
+ ]
192
+ Utilities.rake_run("evm:settings:set", params)
193
+ end
194
+
195
+ # Logging
196
+
197
+ def debug_msg(msg)
198
+ say(msg) if options[:verbose]
199
+ end
200
+
201
+ def log_command_error(err)
202
+ say(err.result.output)
203
+ say(err.result.error)
204
+ say("")
205
+ end
206
+ end
207
+ end
208
+ end
@@ -1,5 +1,5 @@
1
1
  module ManageIQ
2
2
  module ApplianceConsole
3
- VERSION = '5.0.3'.freeze
3
+ VERSION = '5.1.0'.freeze
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: manageiq-appliance_console
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.3
4
+ version: 5.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - ManageIQ Developers
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-09-19 00:00:00.000000000 Z
11
+ date: 2019-11-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -287,6 +287,7 @@ files:
287
287
  - lib/manageiq/appliance_console/logical_volume_management.rb
288
288
  - lib/manageiq/appliance_console/principal.rb
289
289
  - lib/manageiq/appliance_console/prompts.rb
290
+ - lib/manageiq/appliance_console/saml_authentication.rb
290
291
  - lib/manageiq/appliance_console/scap.rb
291
292
  - lib/manageiq/appliance_console/temp_storage_configuration.rb
292
293
  - lib/manageiq/appliance_console/timezone_configuration.rb