fbafc06ac6
In a previous patch, I implemented a Devstack plugin to enable federation and idp features in keystone. The plugin was to be configured from environment variables for the idp entityID, metadata, sp_auth_url, sp_url, etc. Providing an endless and untestable matrix of combinations. Therefore the review was gathering dust waiting for brave reviewers. This review extracts the meat of the previous patch and removes all the configuration options. This plugin now does one thing only: It installs mod_shibboleth and sets up testshib.org as the IdP for keystone. While testshib.org will not be used in our functional testing, this is a necessary first step to make such complex changes more testable reproducible and reviewable. A follow-up patch will install a shibboleth-idp, and either that one, or a later one, will switch from testshib.org to the local shibboleth. This plugin will not yet be run as part of the gate, as "enable_service federation" needs to be added to the Devstack options. To run add the following after the lines that set up keystone from a gerrit review: enable_plugin keystone $KEYSTONE_REPO enable_service keystone-saml2-federation Change-Id: I6f7491ff063359d7065c77b00fe5bfc76f8587d6
59 lines
2.0 KiB
Bash
59 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
# Copyright 2016 Massachusetts Open Cloud
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
KEYSTONE_PLUGIN=$DEST/keystone/devstack
|
|
source $KEYSTONE_PLUGIN/lib/federation.sh
|
|
|
|
# For more information on Devstack plugins, including a more detailed
|
|
# explanation on when the different steps are executed please see:
|
|
# http://docs.openstack.org/developer/devstack/plugins.html
|
|
|
|
if [[ "$1" == "stack" && "$2" == "install" ]]; then
|
|
# This phase is executed after the projects have been installed
|
|
echo "Keystone plugin - Install phase"
|
|
if is_service_enabled keystone-saml2-federation; then
|
|
install_federation
|
|
fi
|
|
|
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
|
# This phase is executed after the projects have been configured and
|
|
# before they are started
|
|
echo "Keystone plugin - Post-config phase"
|
|
if is_service_enabled keystone-saml2-federation; then
|
|
configure_federation
|
|
fi
|
|
|
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|
# This phase is executed after the projects have been started
|
|
echo "Keystone plugin - Extra phase"
|
|
if is_service_enabled keystone-saml2-federation; then
|
|
register_federation
|
|
fi
|
|
fi
|
|
|
|
if [[ "$1" == "unstack" ]]; then
|
|
# Called by unstack.sh and clean.sh
|
|
# Undo what was performed during the "post-config" and "extra" phases
|
|
:
|
|
fi
|
|
|
|
if [[ "$1" == "clean" ]]; then
|
|
# Called by clean.sh after the "unstack" phase
|
|
# Undo what was performed during the "install" phase
|
|
if is_service_enabled keystone-saml2-federation; then
|
|
uninstall_federation
|
|
fi
|
|
fi
|