Add TOTP support
Horizon recently introduced TOTP support. This introduces a few new parameters to allow users to enable the feature. Depends-on: https://review.opendev.org/c/openstack/horizon/+/885570 Change-Id: I0b8d86c292715ffbb6d75dadcda7b51b1c190641
This commit is contained in:
parent
0eebd89391
commit
d94647073a
@ -373,6 +373,10 @@
|
||||
# (optional) The default theme to use from list of available themes. Value should be theme_name.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*authentication_plugins*]
|
||||
# (optional) List of authentication plugins to be used.
|
||||
# Defaults to []
|
||||
#
|
||||
# [*password_autocomplete*]
|
||||
# (optional) Whether to instruct the client browser to autofill the login form password
|
||||
# Valid values are 'on' and 'off'
|
||||
@ -478,6 +482,10 @@
|
||||
# the identity provider.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*totp_enabled*]
|
||||
# (optional) Activate TOTP support.
|
||||
# Defaults to false
|
||||
#
|
||||
# [*password_validator*]
|
||||
# (optional) Horizon provides a password validation check, which OpenStack cloud
|
||||
# operators can use to enforce password complexity checks for users within horizon.
|
||||
@ -604,6 +612,7 @@ class horizon(
|
||||
$vhost_extra_params = undef,
|
||||
$available_themes = false,
|
||||
$default_theme = false,
|
||||
Array[String[1]] $authentication_plugins = [],
|
||||
Enum['on', 'off'] $password_autocomplete = 'off',
|
||||
$create_image_defaults = undef,
|
||||
Boolean $password_retrieve = false,
|
||||
@ -621,6 +630,7 @@ class horizon(
|
||||
$websso_default_redirect_protocol = undef,
|
||||
$websso_default_redirect_region = undef,
|
||||
$websso_default_redirect_logout = undef,
|
||||
Boolean $totp_enabled = false,
|
||||
$password_validator = undef,
|
||||
$password_validator_help = undef,
|
||||
$customization_module = undef,
|
||||
|
11
releasenotes/notes/totp-support-c31e3b9213c8d68d.yaml
Normal file
11
releasenotes/notes/totp-support-c31e3b9213c8d68d.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The new ``horizon::totp_enabled`` parameter has been added. This parameter
|
||||
can be used to customize the ``OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED`` option
|
||||
in Horizon to enable TOTP support.
|
||||
|
||||
- |
|
||||
The ``authentication_plugins`` parameter has been added to allow
|
||||
customizing the ``AUTHENTICATION_PLUGINS`` option, which is required to
|
||||
enable TOTP support.
|
@ -661,6 +661,28 @@ describe 'horizon' do
|
||||
end
|
||||
end
|
||||
|
||||
context 'with totp enabled' do
|
||||
before do
|
||||
params.merge!({
|
||||
:totp_enabled => true,
|
||||
:authentication_plugins => [
|
||||
'openstack_auth.plugin.totp.TotpPlugin',
|
||||
'openstack_auth.plugin.password.PasswordPlugin',
|
||||
'openstack_auth.plugin.token.TokenPlugin'
|
||||
]
|
||||
})
|
||||
end
|
||||
it 'configures totp options' do
|
||||
verify_concat_fragment_contents(catalogue, 'local_settings.py', [
|
||||
'OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True',
|
||||
'AUTHENTICATION_PLUGINS = [',
|
||||
" 'openstack_auth.plugin.totp.TotpPlugin',",
|
||||
" 'openstack_auth.plugin.password.PasswordPlugin',",
|
||||
" 'openstack_auth.plugin.token.TokenPlugin',",
|
||||
])
|
||||
end
|
||||
end
|
||||
|
||||
context 'with help_url, bug_url and customization_module provided' do
|
||||
before do
|
||||
params.merge!({
|
||||
|
@ -358,6 +358,10 @@ WEBSSO_DEFAULT_REDIRECT_REGION = "<%= @websso_default_redirect_region %>"
|
||||
WEBSSO_DEFAULT_REDIRECT_LOGOUT = "<%= @websso_default_redirect_logout %>"
|
||||
<% end -%>
|
||||
|
||||
<% if @totp_enabled -%>
|
||||
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True
|
||||
|
||||
<% end -%>
|
||||
# Disable SSL certificate checks (useful for self-signed certificates):
|
||||
#OPENSTACK_SSL_NO_VERIFY = False
|
||||
<% if @ssl_no_verify -%>
|
||||
@ -694,6 +698,14 @@ AVAILABLE_THEMES = [
|
||||
<% if @default_theme -%>
|
||||
DEFAULT_THEME = '<%= @default_theme %>'
|
||||
|
||||
<% end -%>
|
||||
<% if !(@authentication_plugins.empty?) -%>
|
||||
AUTHENTICATION_PLUGINS = [
|
||||
<% @authentication_plugins.each do |r| -%>
|
||||
'<%= r -%>',
|
||||
<% end -%>
|
||||
]
|
||||
|
||||
<% end -%>
|
||||
# Modules that provide /auth routes that can be used to handle different types
|
||||
# of user authentication. Add auth plugins that require extra route handling to
|
||||
|
Loading…
Reference in New Issue
Block a user