Class: ManageIQ::ApplianceConsole::ExternalHttpdAuthentication

Inherits:

Object

• Object
• ManageIQ::ApplianceConsole::ExternalHttpdAuthentication

Includes:

ExternalHttpdConfiguration

Defined in:

lib/manageiq/appliance_console/external_httpd_authentication.rb,
lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb

Defined Under Namespace

Modules: ExternalHttpdConfiguration

Constant Summary

Constants included from ExternalHttpdConfiguration

ExternalHttpdConfiguration::APACHE_USER, ExternalHttpdConfiguration::GETENFORCE_COMMAND, ExternalHttpdConfiguration::GETSEBOOL_COMMAND, ExternalHttpdConfiguration::HTTP_EXTERNAL_AUTH, ExternalHttpdConfiguration::HTTP_EXTERNAL_AUTH_TEMPLATE, ExternalHttpdConfiguration::HTTP_KEYTAB, ExternalHttpdConfiguration::HTTP_REMOTE_USER, ExternalHttpdConfiguration::HTTP_REMOTE_USER_OIDC, ExternalHttpdConfiguration::IPA_COMMAND, ExternalHttpdConfiguration::IPA_GETKEYTAB, ExternalHttpdConfiguration::IPA_INSTALL_COMMAND, ExternalHttpdConfiguration::KERBEROS_CONFIG_FILE, ExternalHttpdConfiguration::LDAP_ATTRS, ExternalHttpdConfiguration::PAM_CONFIG, ExternalHttpdConfiguration::SETSEBOOL_COMMAND, ExternalHttpdConfiguration::SSSD_CONFIG, ExternalHttpdConfiguration::TIMESTAMP_FORMAT

Class Method Summary

• .config_file_read(path) ⇒ Object
• .config_status ⇒ Object
• .fetch_ipa_configuration(what, config = nil) ⇒ Object
• .fetch_sssd_domain ⇒ Object
• .ipa_client_configured? ⇒ Boolean
• .oidc_status ⇒ Object
• .saml_status ⇒ Object

Instance Method Summary

• #activate ⇒ Object
• #ask_for_parameters ⇒ Object
• #ask_questions ⇒ Object
• #initialize(host = nil, options = {}) ⇒ ExternalHttpdAuthentication constructor

  A new instance of ExternalHttpdAuthentication.

• #post_activation ⇒ Object
• #show_current_configuration ⇒ Object
• #show_parameters ⇒ Object

Methods included from ExternalHttpdConfiguration

#config_file_write, #configure_httpd_application, #configure_sssd_domain, #configure_sssd_ifp, #configure_sssd_service, #cp_template, #deactivate, #enable_kerberos_dns_lookups, #host_reachable?, #installation_valid?, #ipa_client_configure, #ipa_client_unconfigure, #path_join, #rm_file, #template_directory, #unconfigure_httpd, #unconfigure_httpd_application, #valid_environment?, #valid_parameters?

Constructor Details

#initialize(host = nil, options = {}) ⇒ ExternalHttpdAuthentication

Returns a new instance of ExternalHttpdAuthentication.

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 8

def initialize(host = nil, options = {})
  @ipaserver, @domain, @password = nil
  @host      = host
  @domain    = options[:domain] || domain_from_host(host)
  @realm     = options[:realm]
  @ipaserver = options[:ipaserver]
  @principal = options[:principal] || "admin"
  @password  = options[:password]
  @timestamp = Time.now.strftime(TIMESTAMP_FORMAT)

  @ipaserver = fqdn(@ipaserver, @domain)
end

Class Method Details

.config_file_read(path) ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 234

def self.config_file_read(path)
  File.read(path)
end

.config_status ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 222

def self.config_status
  fetch_ipa_configuration("ipa_server") ||
    fetch_sssd_domain                   ||
    oidc_status                         ||
    saml_status                         ||
    "not configured"
end

.fetch_ipa_configuration(what, config = nil) ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 238

def self.fetch_ipa_configuration(what, config = nil)
  unless config
    return nil unless ipa_client_configured?
    config = config_file_read(SSSD_CONFIG)
  end
  pattern = "[domain/.*].*(\n.*)+#{Regexp.escape(what)} = (.*)"
  config[/#{pattern}/, 2]
end

.fetch_sssd_domain ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 247

def self.fetch_sssd_domain
  config_file_read(SSSD_CONFIG)[/\[domain\/(.*)\]/, 1] if File.exist?(SSSD_CONFIG)
end

.ipa_client_configured? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 230

def self.ipa_client_configured?
  File.exist?(SSSD_CONFIG)
end

.oidc_status ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 255

def self.oidc_status
  "External Auth OpenID Connect" if File.exist?(HTTP_REMOTE_USER_OIDC)
end

.saml_status ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 251

def self.saml_status
  "External Auth SAML" if File.exist?(HTTP_REMOTE_USER)
end

Instance Method Details

#activate ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 60

def activate
  begin
    configure_ipa
    configure_pam
    configure_sssd
    configure_ipa_http_service
    configure_httpd
    configure_selinux
  rescue AwesomeSpawn::CommandResultError => e
    say e.result.output
    say e.result.error
    say ""
    say("Failed to Configure External Authentication - #{e}")
    return false
  rescue => e
    say("Failed to Configure External Authentication - #{e}")
    return false
  end
  true
end

#ask_for_parameters ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 21

def ask_for_parameters
  say("\nIPA Server Parameters:\n\n")
  @ipaserver = ask_for_hostname("IPA Server Hostname", @ipaserver)
  @domain    = ask_for_domain("IPA Server Domain", @domain)
  @realm     = ask_for_string("IPA Server Realm", realm)
  @principal = ask_for_string("IPA Server Principal", @principal)
  @password  = ask_for_password("IPA Server Principal Password", @password)

  @ipaserver = fqdn(@ipaserver, @domain)
end

#ask_questions ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 51

def ask_questions
  return false unless valid_environment?
  ask_for_parameters
  show_parameters
  return false unless agree("\nProceed? (Y/N): ")
  return false unless valid_parameters?(@ipaserver)
  true
end

#post_activation ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 81

def post_activation
  say("\nRestarting httpd, if running ...")
  httpd_service = LinuxAdmin::Service.new("httpd")
  httpd_service.restart if httpd_service.running?

  say("Restarting sssd and configure it to start on reboots ...")
  LinuxAdmin::Service.new("sssd").restart.enable
end

#show_current_configuration ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 42

def show_current_configuration
  return unless ipa_client_configured?
  config = config_file_read(SSSD_CONFIG)
  say("\nCurrent External Authentication (httpd) Configuration:\n")
  say("IPA Server Details:\n")
  say("  Hostname:       #{fetch_ipa_configuration("ipa_server", config)}\n")
  say("  Domain:         #{fetch_ipa_configuration("ipa_domain", config)}\n")
end

#show_parameters ⇒ Object

# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 32

def show_parameters
  say("\nExternal Authentication (httpd) Configuration:\n")
  say("IPA Server Details:\n")
  say("  Hostname:       #{@ipaserver}\n")
  say("  Domain:         #{@domain}\n")
  say("  Realm:          #{realm}\n")
  say("  Naming Context: #{domain_naming_context}\n")
  say("  Principal:      #{@principal}\n")
end