search

rhtconsulting / rhc-ose

OpenShift Automation and Utilities by Red Hat Consulting
42 stars 34 forks source link

Adding support for defining a custom auth provider #54

Closed etsauer closed 9 years ago

etsauer commented 9 years ago

What does this PR do?

In previous versions, we hard coded a basic htpasswd based authentication provider. This PR gives the user the ability to define thier own.

How should this be manually tested?

  1. Test that defaults still work.
./provisioning/osc-provision --num-nodes=2 --key=<key>
  1. Set up an LDAP provider

Create a file with the json code for your LDAP provider:

$ cat ldap_provider.json
{'name':'paas_ldap_provider','login':'true','challenge':'true','kind':'LDAPPasswordIdentityProvider','attributes':{'id':['dn'],'email':['mail'],'name':['displayName'],'preferredUsername':['uid']},'insecure':'false','ca':'/etc/pki/CA/certs/ipa-ca.crt','bindDN':'uid=ldap,cn=users,cn=compat,dc=rhc-ose,dc=labs,dc=redhat,dc=com','bindPassword':'<password>','url':'ldaps://<host>:636/dc=rhc-ose,dc=labs,dc=redhat,dc=com?uid?sub?(memberOf=cn=ose_users,cn=groups,cn=accounts,dc=rhc-ose,dc=labs,dc=redhat,dc=com)'}

Configure sample.cfg to load ldap provider json file and CA cert

## Platform Configs
#CONF_ENV_ID= # Default: random 8 character string
CONF_IMAGE_NAME=ose3-base # Default: ose3-base
CONF_SECURITY_GROUP_MASTER=ose3-master # Default: ose3-master
CONF_SECURITY_GROUP_NODE=ose3-node # Default: ose3-node
#CONF_LOGFILE=~/openstack_provision.log # Default: ~/openstack_provision.log
## OpenShift Configs
CONF_OPENSHIFT_BASE_DOMAIN=openshift.example.com # Default: ose.example.com
CONF_OPENSHIFT_CLOUDAPPS_SUBDOMAIN=cloudapps # Default: apps
CONF_PROVISION_COMPONENTS=openshift # Comman separated list. Supported values are: openshift,cicd. Default: openshift
CONF_OPENSHIFT_IDENTITY_PROVIDER=/root/repository/rhc-ose-env-configs/d1.rhc-ose.labs.redhat.com/files/paas_ldap_provider.json
CONF_OPENSHIFT_MASTER_FILES=/root/repository/rhc-ose-env-configs/d1.rhc-ose.labs.redhat.com/files/ipa-ca.crt:/etc/pki/CA/certs/ipa-ca.crt

Now run a provision with the above config file

./rhc-ose-etsauer/provisioning/osc-provision --num-nodes=2 --key=esauer --config=./rhc-ose-etsauer/provisioning/ldap_provider_env.cfg

Is there a relevant Issue open for this?

n/a

Who would you like to review this?

/cc @oybed

oybed commented 9 years ago

Beyond my comments in the code, the tests passed and feature seems to be complete. Good job.

etsauer commented 9 years ago

@oybed added some comments where we discussed. Please take a look and merge if its good.