openshift-origin-auth-kerberos 0.8.8 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/conf/openshift-origin-auth-kerberos.conf.example +0 -0
- data/config/initializers/openshift-origin-auth-kerberos.rb +14 -0
- data/{lib/openshift-kerberos-plugin/config → config}/routes.rb +0 -0
- data/lib/kerberos_auth_engine.rb +7 -0
- data/lib/openshift-origin-auth-kerberos.rb +8 -0
- data/lib/{openshift-kerberos-plugin/lib/openshift → openshift}/kerberos_auth_service.rb +7 -7
- data/openshift-origin-auth-kerberos.gemspec +8 -6
- data/rubygem-openshift-origin-auth-kerberos.spec +99 -81
- metadata +12 -12
- data/lib/openshift-kerberos-plugin.rb +0 -8
- data/lib/openshift-kerberos-plugin/app/controllers/account_controller.rb +0 -20
- data/lib/openshift-kerberos-plugin/app/models/rest_account.rb +0 -12
- data/lib/openshift-kerberos-plugin/engine/engine.rb +0 -12
File without changes
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'openshift-origin-common'
|
2
|
+
|
3
|
+
Broker::Application.configure do
|
4
|
+
conf_file = File.join(OpenShift::Config::PLUGINS_DIR, File.basename(__FILE__, '.rb') + '.conf')
|
5
|
+
if Rails.env.development?
|
6
|
+
dev_conf_file = File.join(OpenShift::Config::PLUGINS_DIR, File.basename(__FILE__, '.rb') + '-dev.conf')
|
7
|
+
if File.exist? dev_conf_file
|
8
|
+
conf_file = dev_conf_file
|
9
|
+
else
|
10
|
+
Rails.logger.info "Development configuration for #{File.basename(__FILE__, '.rb')} not found. Using production configuration."
|
11
|
+
end
|
12
|
+
end
|
13
|
+
conf = OpenShift::Config.new(conf_file)
|
14
|
+
end
|
File without changes
|
@@ -6,8 +6,8 @@ require 'krb5_auth'
|
|
6
6
|
|
7
7
|
include Krb5Auth
|
8
8
|
|
9
|
-
module
|
10
|
-
class KerberosAuthService < OpenShift
|
9
|
+
module OpenShift
|
10
|
+
class KerberosAuthService < OpenShift::AuthService
|
11
11
|
|
12
12
|
def initialize(auth_info = nil)
|
13
13
|
Rails.logger.debug "Initializing KerberosAuthService"
|
@@ -60,7 +60,7 @@ module Swingshift
|
|
60
60
|
json_token << cipher.final
|
61
61
|
rescue => e
|
62
62
|
Rails.logger.debug "Broker key authentication failed. #{e.backtrace.inspect}"
|
63
|
-
raise OpenShift
|
63
|
+
raise OpenShift::AccessDeniedException.new
|
64
64
|
end
|
65
65
|
|
66
66
|
token = JSON.parse(json_token)
|
@@ -69,10 +69,10 @@ module Swingshift
|
|
69
69
|
creation_time = token['creation_time']
|
70
70
|
|
71
71
|
user = CloudUser.find(username)
|
72
|
-
raise OpenShift
|
72
|
+
raise OpenShift::AccessDeniedException.new if user.nil?
|
73
73
|
app = Application.find(user, app_name)
|
74
74
|
|
75
|
-
raise OpenShift
|
75
|
+
raise OpenShift::AccessDeniedException.new if app.nil? or creation_time != app.creation_time
|
76
76
|
return {:username => username, :auth_method => :broker_auth}
|
77
77
|
end
|
78
78
|
|
@@ -81,7 +81,7 @@ module Swingshift
|
|
81
81
|
if params['broker_auth_key'] && params['broker_auth_iv']
|
82
82
|
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
|
83
83
|
else
|
84
|
-
raise OpenShift
|
84
|
+
raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? || password.empty?
|
85
85
|
krb5 = Krb5.new
|
86
86
|
|
87
87
|
# get the default realm
|
@@ -99,7 +99,7 @@ module Swingshift
|
|
99
99
|
return {:username => login, :auth_method => :login}
|
100
100
|
else
|
101
101
|
krb5.close
|
102
|
-
raise OpenShift
|
102
|
+
raise OpenShift::AccessDeniedException
|
103
103
|
end
|
104
104
|
|
105
105
|
end
|
@@ -1,21 +1,23 @@
|
|
1
1
|
# -*- encoding: utf-8 -*-
|
2
|
+
config_dir = File.join(File.join("config", "**"), "*")
|
2
3
|
$:.push File.expand_path("../lib", __FILE__)
|
3
4
|
lib_dir = File.join(File.join("lib", "**"), "*")
|
4
5
|
test_dir = File.join(File.join("test", "**"), "*")
|
5
6
|
bin_dir = File.join("bin","*")
|
7
|
+
conf_dir = File.join(File.join("conf", "**"), "*")
|
6
8
|
spec_file = "rubygem-openshift-origin-auth-kerberos.spec"
|
7
9
|
|
8
10
|
Gem::Specification.new do |s|
|
9
11
|
s.name = "openshift-origin-auth-kerberos"
|
10
|
-
s.version = `rpm -q --qf "%{version}\n" --specfile #{spec_file}`.split[0]
|
11
|
-
s.license = `rpm -q --qf "%{license}\n" --specfile #{spec_file}`.split[0]
|
12
|
+
s.version = `rpm -q --define 'rhel 7' --qf "%{version}\n" --specfile #{spec_file}`.split[0]
|
13
|
+
s.license = `rpm -q --define 'rhel 7' --qf "%{license}\n" --specfile #{spec_file}`.split[0]
|
12
14
|
s.authors = ["Jason DeTiberus"]
|
13
15
|
s.email = ["jdetiber@redhat.com"]
|
14
|
-
s.homepage = `rpm -q --qf "%{url}\n" --specfile #{spec_file}`.split[0]
|
15
|
-
s.summary = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
|
16
|
-
s.description = `rpm -q --qf "%{description}\n" --specfile #{spec_file}`.split[0]
|
16
|
+
s.homepage = `rpm -q --define 'rhel 7' --qf "%{url}\n" --specfile #{spec_file}`.split[0]
|
17
|
+
s.summary = `rpm -q --define 'rhel 7' --qf "%{description}\n" --specfile #{spec_file}`.split[0]
|
18
|
+
s.description = `rpm -q --define 'rhel 7' --qf "%{description}\n" --specfile #{spec_file}`.split[0]
|
17
19
|
|
18
|
-
s.files = Dir[lib_dir] + Dir[bin_dir]
|
20
|
+
s.files = Dir[lib_dir] + Dir[bin_dir] + Dir[conf_dir] + Dir[config_dir]
|
19
21
|
s.test_files = Dir[test_dir]
|
20
22
|
s.executables = Dir[bin_dir].map {|binary| File.basename(binary)}
|
21
23
|
s.files += %w(README.md Rakefile Gemfile rubygem-openshift-origin-auth-kerberos.spec openshift-origin-auth-kerberos.gemspec LICENSE COPYRIGHT)
|
@@ -1,112 +1,130 @@
|
|
1
|
-
%
|
2
|
-
%global
|
3
|
-
%global
|
4
|
-
%
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
1
|
+
%if 0%{?fedora}%{?rhel} <= 6
|
2
|
+
%global scl ruby193
|
3
|
+
%global scl_prefix ruby193-
|
4
|
+
%endif
|
5
|
+
%{!?scl:%global pkg_name %{name}}
|
6
|
+
%{?scl:%scl_package rubygem-%{gem_name}}
|
7
|
+
%global gem_name openshift-origin-auth-kerberos
|
8
|
+
%global rubyabi 1.9.1
|
9
|
+
|
10
|
+
Summary: OpenShift plugin for kerberos auth service
|
11
|
+
Name: rubygem-%{gem_name}
|
12
|
+
Version: 1.1.1
|
9
13
|
Release: 1%{?dist}
|
10
14
|
Group: Development/Languages
|
11
15
|
License: ASL 2.0
|
12
16
|
URL: http://openshift.redhat.com
|
13
|
-
Source0: rubygem-%{
|
17
|
+
Source0: rubygem-%{gem_name}-%{version}.tar.gz
|
14
18
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
15
|
-
Requires: ruby(abi) =
|
16
|
-
Requires:
|
19
|
+
Requires: %{?scl:%scl_prefix}ruby(abi) = %{rubyabi}
|
20
|
+
Requires: %{?scl:%scl_prefix}ruby
|
21
|
+
Requires: %{?scl:%scl_prefix}rubygems
|
22
|
+
Requires: %{?scl:%scl_prefix}rubygem(json)
|
23
|
+
Requires: %{?scl:%scl_prefix}rubygem(krb5-auth)
|
24
|
+
Requires: %{?scl:%scl_prefix}rubygem(mocha)
|
17
25
|
Requires: rubygem(openshift-origin-common)
|
18
|
-
Requires: rubygem(json)
|
19
|
-
Requires: rubygem(mocha)
|
20
26
|
Requires: openshift-origin-broker
|
21
|
-
Requires:
|
22
|
-
Requires:
|
23
|
-
|
24
|
-
|
25
|
-
BuildRequires:
|
26
|
-
|
27
|
+
Requires: selinux-policy-targeted
|
28
|
+
Requires: policycoreutils-python
|
29
|
+
%if 0%{?fedora}%{?rhel} <= 6
|
30
|
+
BuildRequires: ruby193-build
|
31
|
+
BuildRequires: scl-utils-build
|
32
|
+
%endif
|
33
|
+
BuildRequires: %{?scl:%scl_prefix}ruby(abi) = %{rubyabi}
|
34
|
+
BuildRequires: %{?scl:%scl_prefix}ruby
|
35
|
+
BuildRequires: %{?scl:%scl_prefix}rubygems
|
36
|
+
BuildRequires: %{?scl:%scl_prefix}rubygems-devel
|
27
37
|
BuildArch: noarch
|
28
|
-
Provides: rubygem(%{
|
38
|
+
Provides: rubygem(%{gem_name}) = %version
|
29
39
|
|
30
|
-
%package -n ruby-%{gemname}
|
31
|
-
Summary: OpenShift Origin plugin for kerberos auth service
|
32
|
-
Requires: rubygem(%{gemname}) = %version
|
33
|
-
Provides: ruby(%{gemname}) = %version
|
34
|
-
Obsoletes: rubygem-swingshift-kerberos-plugin
|
35
40
|
|
36
41
|
%description
|
37
42
|
Provides a kerberos auth service based plugin
|
38
43
|
|
39
|
-
%
|
40
|
-
|
44
|
+
%package doc
|
45
|
+
Summary: OpenShift plugin for kerberos auth service documentation
|
46
|
+
|
47
|
+
%description doc
|
48
|
+
Provides a kerberos auth service based plugin documentation
|
41
49
|
|
42
50
|
%prep
|
43
51
|
%setup -q
|
44
52
|
|
45
53
|
%build
|
54
|
+
%{?scl:scl enable %scl - << \EOF}
|
55
|
+
mkdir -p .%{gem_dir}
|
56
|
+
# Create the gem as gem install only works on a gem file
|
57
|
+
gem build %{gem_name}.gemspec
|
58
|
+
|
59
|
+
export CONFIGURE_ARGS="--with-cflags='%{optflags}'"
|
60
|
+
# gem install compiles any C extensions and installs into a directory
|
61
|
+
# We set that to be a local directory so that we can move it into the
|
62
|
+
# buildroot in %%install
|
63
|
+
gem install -V \
|
64
|
+
--local \
|
65
|
+
--install-dir .%{gem_dir} \
|
66
|
+
--bindir ./%{_bindir} \
|
67
|
+
--force \
|
68
|
+
--rdoc \
|
69
|
+
%{gem_name}-%{version}.gem
|
70
|
+
%{?scl:EOF}
|
46
71
|
|
47
72
|
%install
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
gem build %{gemname}.gemspec
|
54
|
-
gem install --local --install-dir %{buildroot}%{gemdir} --force %{gemname}-%{version}.gem
|
55
|
-
|
56
|
-
# Symlink into the ruby site library directories
|
57
|
-
ln -s %{geminstdir}/lib/%{gemname} %{buildroot}%{ruby_sitelib}
|
58
|
-
ln -s %{geminstdir}/lib/%{gemname}.rb %{buildroot}%{ruby_sitelib}
|
59
|
-
|
60
|
-
mkdir -p %{buildroot}/var/www/openshift/broker/config/environments/plugin-config
|
61
|
-
cat <<EOF > %{buildroot}/var/www/openshift/broker/config/environments/plugin-config/openshift-origin-auth-kerberos.rb
|
62
|
-
Broker::Application.configure do
|
63
|
-
config.auth = {
|
64
|
-
:salt => "ClWqe5zKtEW4CJEMyjzQ",
|
65
|
-
:privkeyfile => "/var/www/openshift/broker/config/server_priv.pem",
|
66
|
-
:privkeypass => "",
|
67
|
-
:pubkeyfile => "/var/www/openshift/broker/config/server_pub.pem",
|
68
|
-
}
|
69
|
-
end
|
70
|
-
EOF
|
73
|
+
mkdir -p %{buildroot}%{gem_dir}
|
74
|
+
cp -a .%{gem_dir}/* %{buildroot}%{gem_dir}/
|
75
|
+
|
76
|
+
mkdir -p %{buildroot}/etc/openshift/plugins.d
|
77
|
+
cp conf/openshift-origin-auth-kerberos.conf.example %{buildroot}/etc/openshift/plugins.d/
|
71
78
|
|
72
79
|
%clean
|
73
80
|
rm -rf %{buildroot}
|
74
81
|
|
75
|
-
%post
|
76
|
-
/usr/bin/openssl genrsa -out /var/www/openshift/broker/config/server_priv.pem 2048
|
77
|
-
/usr/bin/openssl rsa -in /var/www/openshift/broker/config/server_priv.pem -pubout > /var/www/openshift/broker/config/server_pub.pem
|
78
|
-
|
79
|
-
echo "The following variables need to be set in your rails config to use openshift-origin-auth-kerberos:"
|
80
|
-
echo "auth[:salt] - salt for the password hash"
|
81
|
-
echo "auth[:privkeyfile] - RSA private key file for node-broker authentication"
|
82
|
-
echo "auth[:privkeypass] - RSA private key password"
|
83
|
-
echo "auth[:pubkeyfile] - RSA public key file for node-broker authentication"
|
84
|
-
|
85
82
|
%files
|
86
83
|
%defattr(-,root,root,-)
|
87
|
-
%
|
88
|
-
%
|
89
|
-
%{
|
90
|
-
%{
|
91
|
-
%{gemdir}/cache/%{gemname}-%{version}.gem
|
92
|
-
%{gemdir}/specifications/%{gemname}-%{version}.gemspec
|
84
|
+
%doc LICENSE COPYRIGHT Gemfile
|
85
|
+
%exclude %{gem_cache}
|
86
|
+
%{gem_instdir}
|
87
|
+
%{gem_spec}
|
93
88
|
|
94
|
-
|
89
|
+
/etc/openshift/plugins.d/openshift-origin-auth-kerberos.conf.example
|
95
90
|
|
96
|
-
%files
|
97
|
-
%{
|
98
|
-
%{ruby_sitelib}/%{gemname}.rb
|
91
|
+
%files doc
|
92
|
+
%doc %{gem_docdir}
|
99
93
|
|
100
94
|
%changelog
|
101
|
-
* Fri
|
102
|
-
-
|
103
|
-
|
104
|
-
|
105
|
-
-
|
106
|
-
|
107
|
-
|
108
|
-
-
|
109
|
-
|
110
|
-
|
111
|
-
-
|
95
|
+
* Fri Jan 11 2013 Troy Dawson <tdawson@redhat.com> 1.1.1-1
|
96
|
+
- updated gemspecs so they work with scl rpm spec files. (tdawson@redhat.com)
|
97
|
+
- improve the description of the kerberos plugin (misc@zarb.org)
|
98
|
+
- add instruction to generate the certificate (misc@zarb.org)
|
99
|
+
- use a random salt, so someone doing cut and paste from the documentation
|
100
|
+
doesn't end with a know salt by neglect (misc@zarb.org)
|
101
|
+
- remove uneeded object creation, as they are not used later (misc@zarb.org)
|
102
|
+
- add config to gemspec (dmcphers@redhat.com)
|
103
|
+
- Moving plugins to Rails 3.2.8 engine (kraman@gmail.com)
|
104
|
+
- getting specs up to 1.9 sclized (dmcphers@redhat.com)
|
105
|
+
- Bug 871436 - moving the default path for AUTH_PRIVKEYFILE and AUTH_PUBKEYFILE
|
106
|
+
under /etc (bleanhar@redhat.com)
|
107
|
+
- Moving broker config to /etc/openshift/broker.conf Rails app and all oo-*
|
108
|
+
scripts will load production environment unless the
|
109
|
+
/etc/openshift/development marker is present Added param to specify default
|
110
|
+
when looking up a config value in OpenShift::Config Moved all defaults into
|
111
|
+
plugin initializers instead of separate defaults file No longer require
|
112
|
+
loading 'openshift-origin-common/config' if 'openshift-origin-common' is
|
113
|
+
loaded openshift-origin-common selinux module is merged into F16 selinux
|
114
|
+
policy. Removing from broker %%postrun (kraman@gmail.com)
|
115
|
+
- Fixed broker/node setup scripts to install cgroup services. Fixed
|
116
|
+
mcollective-qpid plugin so it installs during origin package build. Updated
|
117
|
+
cgroups init script to work with both systemd and init.d Updated oo-trap-user
|
118
|
+
script Renamed oo-cgroups to openshift-cgroups (service and init.d) and
|
119
|
+
created oo-admin-ctl-cgroups Pulled in oo-get-mcs-level and abstract/util
|
120
|
+
from origin-selinux branch Fixed invalid file path in rubygem-openshift-
|
121
|
+
origin-auth-mongo spec Fixed invlaid use fo Mcollective::Config in
|
122
|
+
mcollective-qpid-plugin (kraman@gmail.com)
|
123
|
+
- Centralize plug-in configuration (miciah.masters@gmail.com)
|
124
|
+
- Removing old build scripts Moving broker/node setup utilities into util
|
125
|
+
packages Fix Auth service module name conflicts (kraman@gmail.com)
|
126
|
+
- Module name and gem path fixes for auth plugins (kraman@gmail.com)
|
127
|
+
|
128
|
+
* Mon Oct 08 2012 Dan McPherson <dmcphers@redhat.com> 0.8.9-1
|
129
|
+
-
|
112
130
|
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openshift-origin-auth-kerberos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 17
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
|
-
-
|
8
|
-
-
|
9
|
-
-
|
10
|
-
version:
|
7
|
+
- 1
|
8
|
+
- 1
|
9
|
+
- 1
|
10
|
+
version: 1.1.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Jason DeTiberus
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date:
|
18
|
+
date: 2013-01-11 00:00:00 -05:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -112,12 +112,12 @@ extensions: []
|
|
112
112
|
extra_rdoc_files: []
|
113
113
|
|
114
114
|
files:
|
115
|
-
- lib/openshift
|
116
|
-
- lib/openshift-kerberos
|
117
|
-
- lib/
|
118
|
-
-
|
119
|
-
-
|
120
|
-
-
|
115
|
+
- lib/openshift/kerberos_auth_service.rb
|
116
|
+
- lib/openshift-origin-auth-kerberos.rb
|
117
|
+
- lib/kerberos_auth_engine.rb
|
118
|
+
- conf/openshift-origin-auth-kerberos.conf.example
|
119
|
+
- config/routes.rb
|
120
|
+
- config/initializers/openshift-origin-auth-kerberos.rb
|
121
121
|
- README.md
|
122
122
|
- Rakefile
|
123
123
|
- Gemfile
|
@@ -1,8 +0,0 @@
|
|
1
|
-
module Swingshift
|
2
|
-
module AuthService
|
3
|
-
require 'openshift-origin-auth-kerberos/engine/engine' if defined?(Rails) && Rails::VERSION::MAJOR == 3
|
4
|
-
end
|
5
|
-
end
|
6
|
-
|
7
|
-
require "openshift-origin-auth-kerberos/lib/openshift/kerberos_auth_service.rb"
|
8
|
-
OpenShift Origin::AuthService.provider=Swingshift::KerberosAuthService
|
@@ -1,20 +0,0 @@
|
|
1
|
-
class AccountController < BaseController
|
2
|
-
respond_to :xml, :json
|
3
|
-
before_filter :authenticate, :check_version
|
4
|
-
|
5
|
-
def create
|
6
|
-
username = params[:username]
|
7
|
-
|
8
|
-
auth_config = Rails.application.config.auth
|
9
|
-
auth_service = Swingshift::KerberosAuthService.new(auth_config)
|
10
|
-
|
11
|
-
Rails.logger.debug "username = #{username}"
|
12
|
-
|
13
|
-
log_action('nil', 'nil', username, "ADD_USER", false, "Cannot create account, managed by kerberos")
|
14
|
-
@reply = RestReply.new(:unprocessable_entity)
|
15
|
-
@reply.messages.push(Message.new(:error, "Cannot create account, managed by kerberos", 1001, "username"))
|
16
|
-
respond_with @reply, :status => @reply.status
|
17
|
-
return
|
18
|
-
|
19
|
-
end
|
20
|
-
end
|
@@ -1,12 +0,0 @@
|
|
1
|
-
class RestAccount < OpenShift Origin::Model
|
2
|
-
attr_accessor :username, :created_on
|
3
|
-
|
4
|
-
def initialize(username, created_on)
|
5
|
-
self.username, self.created_on = username, created_on
|
6
|
-
end
|
7
|
-
|
8
|
-
def to_xml(options={})
|
9
|
-
options[:tag_name] = "account"
|
10
|
-
super(options)
|
11
|
-
end
|
12
|
-
end
|
@@ -1,12 +0,0 @@
|
|
1
|
-
require 'openshift-origin-controller'
|
2
|
-
require 'rails'
|
3
|
-
|
4
|
-
module OpenShift Origin
|
5
|
-
class KerberosAuthServiceEngine < Rails::Engine
|
6
|
-
paths.app.controllers << "lib/openshift-kerberos-plugin/app/controllers"
|
7
|
-
paths.lib << "lib/openshift-kerberos-plugin/lib"
|
8
|
-
paths.config << "lib/openshift-kerberos-plugin/config"
|
9
|
-
paths.app.models << "lib/openshift-kerberos-plugin/app/models"
|
10
|
-
config.autoload_paths += %W(#{config.root}/lib)
|
11
|
-
end
|
12
|
-
end
|