Add "idp-metadata-auto-update" option
Add option to allow auto-updating the IDP metadata from a URL. Auto update occurs on every "update-status" hook. Change-Id: I65b20e52835497a3fe57571794f332b2b4327fba Signed-off-by: Yanos Angelopoulos <yanos@admin.grnet.gr>
This commit is contained in:
parent
0947cb7f86
commit
990b708dea
|
@ -62,3 +62,11 @@ options:
|
|||
description: |
|
||||
Indicates a requirement for the <saml:Assertion> elements received
|
||||
by this service provider to be signed.
|
||||
idp-metadata-auto-update:
|
||||
type: string
|
||||
default:
|
||||
description: |
|
||||
If set to anything other than "" then a URL is expected in which the
|
||||
IDP XML metadata are being served. Also, if set then the "idp-metadata"
|
||||
resource will be ignored. Auto update will occur on every "update-status"
|
||||
hook.
|
|
@ -29,6 +29,11 @@ from lxml import etree
|
|||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
|
||||
try:
|
||||
import urllib.request as urllib2
|
||||
except ImportError:
|
||||
import urllib2
|
||||
|
||||
CONFIGS = (IDP_METADATA, SP_METADATA, SP_PRIVATE_KEY,
|
||||
SP_LOCATION_CONFIG,) = [
|
||||
os.path.join('/etc/apache2/mellon',
|
||||
|
@ -129,18 +134,26 @@ class KeystoneSAMLMellonConfigurationAdapter(
|
|||
|
||||
@property
|
||||
def idp_metadata(self):
|
||||
idp_metadata_path = hookenv.resource_get('idp-metadata')
|
||||
if os.path.exists(idp_metadata_path) and not self._idp_metadata:
|
||||
with open(idp_metadata_path) as f:
|
||||
content = f.read()
|
||||
try:
|
||||
etree.fromstring(content.encode())
|
||||
self._idp_metadata = content
|
||||
self._validation_errors['idp-metadata'] = None
|
||||
except etree.XMLSyntaxError:
|
||||
self._idp_metadata = ''
|
||||
self._validation_errors['idp-metadata'] = (
|
||||
self.IDP_METADATA_INVALID)
|
||||
if self.idp_metadata_auto_update is None:
|
||||
idp_metadata_path = hookenv.resource_get('idp-metadata')
|
||||
if os.path.exists(idp_metadata_path) and not self._idp_metadata:
|
||||
with open(idp_metadata_path, 'r', encoding='utf-8') as f:
|
||||
content = f.read()
|
||||
else:
|
||||
# Get metadata from URL in "self.idp_metadata_auto_update"
|
||||
response = urllib2.urlopen(self.idp_metadata_auto_update)
|
||||
encoded_content = response.read()
|
||||
content = encoded_content.decode("utf-8")
|
||||
|
||||
try:
|
||||
etree.fromstring(content.encode())
|
||||
self._idp_metadata = content
|
||||
self._validation_errors['idp-metadata'] = None
|
||||
except etree.XMLSyntaxError:
|
||||
self._idp_metadata = ''
|
||||
self._validation_errors['idp-metadata'] = (
|
||||
self.IDP_METADATA_INVALID)
|
||||
|
||||
return self._idp_metadata
|
||||
|
||||
SP_SIGNING_KEYINFO_INVALID = ('sp-signing-keyinfo resource is not a'
|
||||
|
|
Loading…
Reference in New Issue