Class: ManageIQ::ApplianceConsole::ExternalAuthOptions

Inherits:

Object

• Object
• ManageIQ::ApplianceConsole::ExternalAuthOptions

Includes:

Logging

Defined in:

lib/manageiq/appliance_console/external_auth_options.rb

Constant Summary

AUTH_PATH =

"/authentication".freeze

EXT_AUTH_OPTIONS =

{
  "#{AUTH_PATH}/sso_enabled"          => {:label => "Single Sign-On",               :logic  => true},
  "#{AUTH_PATH}/saml_enabled"         => {:label => "SAML",                         :logic  => true},
  "#{AUTH_PATH}/oidc_enabled"         => {:label => "OIDC",                         :logic  => true},
  "#{AUTH_PATH}/local_login_disabled" => {:label => "Local Login for SAML or OIDC", :logic  => false}
}.freeze

Class Method Summary

• .configured? ⇒ Boolean

Instance Method Summary

• #any_updates? ⇒ Boolean
• #ask_questions ⇒ Object
• #configure_none!(params) ⇒ Object
• #configure_oidc!(params) ⇒ Object
• #configure_provider_type!(params) ⇒ Object
• #configure_saml!(params) ⇒ Object
• #initialize ⇒ ExternalAuthOptions constructor

  A new instance of ExternalAuthOptions.

• #parse(options) ⇒ Object

  extauth_opts option parser: syntax is key=value,key=value key is one of the EXT_AUTH_OPTIONS keys.

• #selected_value(key) ⇒ Object
• #selected_verb(key, flag) ⇒ Object
• #show_updates ⇒ Object
• #update_configuration(update_hash = nil) ⇒ Object
• #validate_provider_type ⇒ Object

Methods included from Logging

#error_and_logging_from_command_result_error, #error_and_logging_from_standard_error, #interactive, #interactive=, interactive?, #interactive?, #log_and_feedback, #log_and_feedback_exception, #log_and_feedback_info, #log_error, #log_prefix, #logger, #logger=, #say_error, #say_info

Constructor Details

#initialize ⇒ ExternalAuthOptions

Returns a new instance of ExternalAuthOptions.

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 18

def initialize
  @updates = {}
  @current_config = {}
end

Class Method Details

.configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 146

def self.configured?
  # DB Up and running
  true
end

Instance Method Details

#any_updates? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 75

def any_updates?
  @updates.present?
end

#ask_questions ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 23

def ask_questions
  @current_config = load_current
  apply = EXT_AUTH_OPTIONS.keys.count + 1
  skip = apply + 1
  selection = 0
  while selection < apply
    say("\nExternal Authentication Options:")
    cnt = 1
    EXT_AUTH_OPTIONS.keys.each do |key|
      current_state = selected_value(key)
      say("#{cnt}) #{selected_verb(key, !current_state)} #{EXT_AUTH_OPTIONS[key][:label]}")
      cnt += 1
    end
    say("#{apply}) Apply updates")
    say("#{skip}) Skip updates")
    show_updates
    selection = ask_for_integer("option number to apply", 1..skip)
    if selection < apply
      key = EXT_AUTH_OPTIONS.keys[selection - 1]
      @updates[key] = !selected_value(key)
    end
  end
  @updates = {} if selection == skip
  @updates = {} unless validate_provider_type
  true
end

#configure_none!(params) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 118

def configure_none!(params)
  params << "/authentication/oidc_enabled=false"
  params << "/authentication/saml_enabled=false"
  params << "/authentication/provider_type=none"
end

#configure_oidc!(params) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 113

def configure_oidc!(params)
  params << "/authentication/saml_enabled=false"
  params << "/authentication/provider_type=oidc"
end

#configure_provider_type!(params) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 96

def configure_provider_type!(params)
  if params.include?("/authentication/saml_enabled=true")
    configure_saml!(params)
  elsif params.include?("/authentication/oidc_enabled=true")
    configure_oidc!(params)
  elsif params.include?("/authentication/oidc_enabled=false") || params.include?("/authentication/saml_enabled=false")
    configure_none!(params)
  else
    params
  end
end

#configure_saml!(params) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 108

def configure_saml!(params)
  params << "/authentication/oidc_enabled=false"
  params << "/authentication/provider_type=saml"
end

#parse(options) ⇒ Object

extauth_opts option parser: syntax is key=value,key=value

key is one of the EXT_AUTH_OPTIONS keys.
value is one of 1, true, 0 or false.

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 128

def parse(options)
  parsed_updates = {}
  options.split(",").each do |keyval|
    key, val = keyval.split('=')
    key, val = normalize_key(key.to_s.strip), val.to_s.strip
    unless EXT_AUTH_OPTIONS.key?(key)
      message = "Unknown external authentication option #{key} specified"
      message << ", supported options are #{EXT_AUTH_OPTIONS.keys.join(', ')}"
      raise message
    end

    value = option_value(val)
    raise("Invalid #{key} option value #{val} specified, must be true or false") if value.nil?
    parsed_updates[key] = value
  end
  parsed_updates
end

#selected_value(key) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 61

def selected_value(key)
  return @updates[key] if @updates.key?(key)
  return @current_config[key] if @current_config.key?(key)
  false
end

#selected_verb(key, flag) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 67

def selected_verb(key, flag)
  if EXT_AUTH_OPTIONS[key][:logic]
    flag ? "Enable" : "Disable"
  else
    flag ? "Disable" : "Enable"
  end
end

#show_updates ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 50

def show_updates
  updates_todo = ""
  EXT_AUTH_OPTIONS.keys.each do |key|
    next unless @updates.key?(key)
    updates_todo << ", " if updates_todo.present?
    updates_todo << " #{selected_verb(key, @updates[key])} #{EXT_AUTH_OPTIONS[key][:label]}"
  end
  updates_to_apply = updates_todo.present? ? "Updates to apply: #{updates_todo}" : ""
  say("\n#{updates_to_apply}")
end

#update_configuration(update_hash = nil) ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 79

def update_configuration(update_hash = nil)
  update_hash ||= @updates
  if update_hash.present?
    say("\nUpdating external authentication options on appliance ...")
    params = update_hash.collect { |key, value| "#{key}=#{value}" }
    params = configure_provider_type!(params)
    result = ManageIQ::ApplianceConsole::Utilities.rake_run("evm:settings:set", params)
    raise parse_errors(result).join(', ') if result.failure?
  end
end

#validate_provider_type ⇒ Object

# File 'lib/manageiq/appliance_console/external_auth_options.rb', line 90

def validate_provider_type
  return true unless @updates["/authentication/oidc_enabled"] == true && @updates["/authentication/saml_enabled"] == true
  say("\Error: Both SAML and OIDC can not be enabled ...")
  false
end