Add support for websso-fid-service-provider relation.

This change adds support to relate the keystone-openidc charm to
openstack-dashboard allowing it expose a OpenID Connect backend for
logging into Horizon.

The configuration option 'user-facing-name' allows operator to set a
user friendly name that gets displayed in the list of choices available
for logging in.

Change-Id: Ia09cb5b68bc35d25f5b012f0011697966827eb03
This commit is contained in:
Felipe Reyes 2022-09-21 18:48:08 -03:00
parent 0dd5f3807f
commit 43a2215d3c
4 changed files with 52 additions and 13 deletions

View File

@ -108,3 +108,9 @@ options:
OAuth 2.0 Authorization Server token introspection endpoint. When
`enable-oauth` is set to true and this option unset (the default), the
introspection endpoint available in the metadata will be used.
user-facing-name:
type: string
default: 'OpenID Connect via mapped'
description: |
A user-facing name to be used for the identity provider and protocol
combination. Used in the OpenStack dashboard.

View File

@ -91,12 +91,12 @@ class KeystoneOpenIDCOptions(ConfigurationAdapter):
@property
def oidc_auth_path(self) -> str:
service_name = self.charm_instance.unit.app.name
return (f'/v3/OS-FEDERATION/identity_providers/{service_name}'
return (f'/v3/OS-FEDERATION/identity_providers/{self.idp_id}'
f'/protocols/openid/auth')
@property
def idp_id(self) -> str:
"""Identity provider name to use for URL generation."""
return 'openid'
@property
@ -215,10 +215,6 @@ class KeystoneOpenIDCCharm(ops_openstack.core.OSBaseCharm):
)
# websso-fid-service-provider
self.framework.observe(
self.on.websso_fid_service_provider_relation_joined,
self._on_websso_fid_service_provider_relation_joined
)
self.framework.observe(
self.on.websso_fid_service_provider_relation_changed,
self._on_websso_fid_service_provider_relation_changed
@ -269,14 +265,27 @@ class KeystoneOpenIDCCharm(ops_openstack.core.OSBaseCharm):
data['remote-id-attribute'] = json.dumps(
self.options.remote_id_attribute)
def _on_websso_fid_service_provider_relation_joined(self, event):
pass
def _on_websso_fid_service_provider_relation_changed(self, event):
pass
self._update_websso_data()
def _update_websso_data(self):
pass
"""Update websso-fid-service-provider relation data.
When there is a relation established via websso-fid-service-provider
this handler will take care of update the relation data with the
information that openstack-dashboard expects to enable WebSSO
Federation.
"""
relation = self.model.get_relation('websso-fid-service-provider')
if not relation:
logger.debug('There is not relation established via '
'websso-fid-service-provider interface')
return
data = relation.data[self.unit]
data['protocol-name'] = json.dumps(self.options.idp_id)
data['idp-name'] = json.dumps(self.options.protocol_id)
data['user-facing-name'] = json.dumps(self.options.user_facing_name)
def _on_config_changed(self, event):
if not self.is_data_ready():
@ -289,6 +298,7 @@ class KeystoneOpenIDCCharm(ops_openstack.core.OSBaseCharm):
self._stored.is_started = True
self.update_config_if_needed()
self.update_principal_data()
self._update_websso_data()
def update_config_if_needed(self):
with ch_host.restart_on_change(

View File

@ -2,5 +2,5 @@ coverage
flake8
stestr
git+https://github.com/openstack-charmers/zaza.git#egg=zaza
git+https://github.com/freyes/zaza-openstack-tests.git@keystone-openidc#egg=zaza.openstack
git+https://github.com/openstack-charmers/zaza-openstack-tests.git#egg=zaza.openstack
requests-mock

View File

@ -1,3 +1,4 @@
import json
import logging
import os
import shutil
@ -177,3 +178,25 @@ class TestCharm(BaseTestCharm):
m.get(WELL_KNOWN_URL, json=well_known_url_content)
self.assertRaises(charm.CharmConfigError,
self.harness.charm.find_missing_keys)
def test_update_websso_data(self):
rid = self.harness.add_relation('websso-fid-service-provider',
'openstack-dashboard')
self.harness.add_relation_unit(rid, 'openstack-dashboard/0')
self.harness.charm._update_websso_data()
data = self.harness.get_relation_data(rid, 'keystone-openidc/0')
options = self.harness.charm.options
expected = {'protocol-name': json.dumps(options.idp_id),
'idp-name': json.dumps(options.protocol_id),
'user-facing-name': json.dumps(options.user_facing_name)}
self.assertDictEqual(data, expected)
# check that on config-changed the data is updated on the relation.
self.harness.update_config(key_values={'user-facing-name': 'My IdP'})
self.harness.charm.options = charm.KeystoneOpenIDCOptions(
self.harness.charm
)
self.harness.charm._update_websso_data()
data = self.harness.get_relation_data(rid, 'keystone-openidc/0')
expected['user-facing-name'] = json.dumps('My IdP')
self.assertDictEqual(data, expected)