From 403fa9154999265f948489c290a6b315e41886df Mon Sep 17 00:00:00 2001 From: David Ames Date: Tue, 26 Mar 2019 17:43:09 +0000 Subject: [PATCH] WIP --- src/README.md | 1 + .../charm/openstack/keystone_saml_mellon.py | 56 ++++--------------- src/reactive/keystone_saml_mellon_handlers.py | 17 +++--- src/templates/mellon-sp-metadata.xml | 6 +- 4 files changed, 23 insertions(+), 57 deletions(-) diff --git a/src/README.md b/src/README.md index f7fda9f..f40aa89 100644 --- a/src/README.md +++ b/src/README.md @@ -47,6 +47,7 @@ In a bundle: idp-name: 'samltest' protocol-name: 'mapped' user-facing-name: "samltest.id' + nameid-formats="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" resources: idp-metadata: "./idp-metadata.xml" sp-signing-keyinfo: "./sp-keyinfo.xml" diff --git a/src/lib/charm/openstack/keystone_saml_mellon.py b/src/lib/charm/openstack/keystone_saml_mellon.py index b49f59b..b964b80 100644 --- a/src/lib/charm/openstack/keystone_saml_mellon.py +++ b/src/lib/charm/openstack/keystone_saml_mellon.py @@ -54,7 +54,6 @@ class KeystoneSAMLMellonConfigurationAdapter( self._sp_private_key = None self._sp_signing_keyinfo = None self._validation_errors = {} - self._fid_data = self.get_fid_data() @property def validation_errors(self): @@ -83,31 +82,6 @@ class KeystoneSAMLMellonConfigurationAdapter( def sp_location_config(self): return SP_LOCATION_CONFIG - def get_fid_data(self): - fid_sp = endpoint_from_flag(KEYSTONE_FID_ENDPOINT) - if fid_sp: - return fid_sp.all_joined_units.received - else: - return {} - - @property - def keystone_host(self): - return self.get_fid_data().get("hostname") - - @property - def keystone_port(self): - return self.get_fid_data().get("port") - - @property - def tls_enabled(self): - return self.get_fid_data().get("tls-enabled") - - @property - def keystone_base_url(self): - scheme = 'https' if self.tls_enabled else 'http' - return ('{}://{}:{}'.format(scheme, self.keystone_host, - self.keystone_port)) - @property def sp_idp_path(self): return ('/v3/OS-FEDERATION/identity_providers/{}' @@ -147,21 +121,6 @@ class KeystoneSAMLMellonConfigurationAdapter( def sp_logout_path(self): return '{}/logout'.format(self.mellon_endpoint_path) - @property - def sp_auth_url(self): - return '{}{}'.format(self.keystone_base_url, - self.sp_auth_path) - - @property - def sp_logout_url(self): - return '{}{}'.format(self.keystone_base_url, - self.sp_logout_path) - - @property - def sp_post_response_url(self): - return '{}{}'.format(self.keystone_base_url, - self.sp_post_response_path) - @property def mellon_subject_confirmation_data_address_check(self): return ('On' if self.subject_confirmation_data_address_check @@ -310,7 +269,7 @@ class KeystoneSAMLMellonCharm(charms_openstack.charm.OpenStackCharm): # Nothing to report return None, None - def render_config(self): + def render_config(self, *args): """ Render Service Provider configuration file to be used by Apache and provided to idP out of band to establish mutual trust. @@ -327,14 +286,23 @@ class KeystoneSAMLMellonCharm(charms_openstack.charm.OpenStackCharm): # ensure that a directory we need is there ch_host.mkdir('/etc/apache2/mellon', perms=dperms, owner=owner, group=group) + _template_map = { + os.path.basename(self.options.sp_metadata_file): 'mellon-sp-metadata.xml', + os.path.basename(self.options.sp_location_config): 'apache-mellon-location.conf', + } + # idp-metadata.xml and sp-private-key are rendered purely from resources + #self.render_with_interfaces(args, template_map=_template_map) self.render_configs(self.string_templates.keys()) + # For now the template name does not match the basename(file_name) + # So not using self.render_with_interfaces(args) + # TODO: Make a mapping mechanism between target and source templates core.templating.render( source='mellon-sp-metadata.xml', template_loader=os_templating.get_loader( 'templates/', self.release), target=self.options.sp_metadata_file, - context=self.adapters_instance, + context=self.adapters_class(args, charm_instance=self), owner=owner, group=group, perms=fileperms @@ -345,7 +313,7 @@ class KeystoneSAMLMellonCharm(charms_openstack.charm.OpenStackCharm): template_loader=os_templating.get_loader( 'templates/', self.release), target=self.options.sp_location_config, - context=self.adapters_instance, + context=self.adapters_class(args, charm_instance=self), owner=owner, group=group, perms=fileperms diff --git a/src/reactive/keystone_saml_mellon_handlers.py b/src/reactive/keystone_saml_mellon_handlers.py index 2affbd1..f3566b0 100644 --- a/src/reactive/keystone_saml_mellon_handlers.py +++ b/src/reactive/keystone_saml_mellon_handlers.py @@ -40,30 +40,27 @@ def keystone_departed(): @reactive.when('keystone-fid-service-provider.connected') -def publish_sp_fid(): +def publish_sp_fid(fid_sp): # don't always have a relation context - obtain from the flag - fid_sp = endpoint_from_flag( - keystone_saml_mellon.KEYSTONE_FID_ENDPOINT) + #fid_sp = endpoint_from_flag( + # keystone_saml_mellon.KEYSTONE_FID_ENDPOINT) with charm.provide_charm_instance() as charm_instance: fid_sp.publish(charm_instance.options.protocol_name, charm_instance.options.remote_id_attribute) @reactive.when('keystone-fid-service-provider.available') -def render_config(): +def render_config(fid_sp): # don't always have a relation context - obtain from the flag - fid_sp = endpoint_from_flag( - keystone_saml_mellon.KEYSTONE_FID_ENDPOINT) + #fid_sp = endpoint_from_flag( + # keystone_saml_mellon.KEYSTONE_FID_ENDPOINT) with charm.provide_charm_instance() as charm_instance: if charm_instance.configuration_complete(): - print("COMPLETE") - charm_instance.render_config() + charm_instance.render_config(fid_sp) # Trigger keystone restart. The relation is container-scoped # so a per-unit db of a remote unit will only contain a nonce # of a single subordinate - print("CHECK_anyfile") if reactive.any_file_changed(keystone_saml_mellon.CONFIGS): - print("TRUE_anyfile") fid_sp.request_restart() diff --git a/src/templates/mellon-sp-metadata.xml b/src/templates/mellon-sp-metadata.xml index 9472497..6dd6356 100644 --- a/src/templates/mellon-sp-metadata.xml +++ b/src/templates/mellon-sp-metadata.xml @@ -1,5 +1,5 @@ {% endif %} - + {% for format in options.supported_nameid_formats -%} {{ format }} {% endfor -%} - +