From 21e5bcf1e40acc06af94c6cad9389a888c05b2bd Mon Sep 17 00:00:00 2001 From: Joe VLcek Date: Wed, 3 Oct 2018 14:28:36 -0400 Subject: [PATCH] Support both Krb and Gssapi when updating config file --- .../miqldap_to_sssd/configure_apache_spec.rb | 40 ++++++++++++------- tools/miqldap_to_sssd/configure_apache.rb | 2 +- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/spec/tools/miqldap_to_sssd/configure_apache_spec.rb b/spec/tools/miqldap_to_sssd/configure_apache_spec.rb index f0ea44ce7fe..012de72060f 100644 --- a/spec/tools/miqldap_to_sssd/configure_apache_spec.rb +++ b/spec/tools/miqldap_to_sssd/configure_apache_spec.rb @@ -11,31 +11,40 @@ describe '#onfigure' do let(:manageiq_pam_conf) do - <<-EOT.strip_heredoc + <<-PAM_CONF.strip_heredoc manageiq pam conf data - EOT + PAM_CONF end let(:manageiq_remote_user_conf) do - <<-EOT.strip_heredoc + <<-REMOTE_USER_CONF.strip_heredoc manageiq remote user conf data - EOT + REMOTE_USER_CONF end let(:manageiq_external_auth_conf) do - <<-EOT.strip_heredoc + <<-EXTERNAL_AUTH_KERB_CONF.strip_heredoc KrbMethodK5Passwd Off KrbAuthRealms <%= realm %> Krb5KeyTab /etc/http.keytab - EOT + EXTERNAL_AUTH_KERB_CONF end let(:expected_manageiq_external_auth_conf) do - <<-EOT.strip_heredoc + <<-EXPECTED_EXTERNAL_AUTH_KERB_CONF.strip_heredoc KrbMethodK5Passwd Off KrbAuthRealms bob.your.uncle.com Krb5KeyTab /etc/http.keytab - EOT + EXPECTED_EXTERNAL_AUTH_KERB_CONF + end + + let(:manageiq_external_auth_gssapi_conf) do + <<-EXTERNAL_AUTH_GSSAPI_CONF.strip_heredoc + AuthType GSSAPI + AuthName "GSSAPI Single Sign On Login" + GssapiCredStore keytab:/etc/http.keytab + GssapiLocalName on + EXTERNAL_AUTH_GSSAPI_CONF end before do @@ -73,14 +82,17 @@ expect(File.read("#{@httpd_conf_dir}/manageiq-external-auth.conf")).to eq(expected_manageiq_external_auth_conf) end - it 'raises an error when a TEMPLATE file is missing' do - FileUtils.rm_f("#{@pam_template_dir}/httpd-auth") - expect(MiqLdapToSssd::LOGGER).to receive(:fatal) - expect { described_class.new(@initial_settings).configure }.to raise_error(MiqLdapToSssd::ConfigureApacheError) + it 'silently ignores missing KrbAuthRealms when creating the gssapi httpd config file' do + File.open("#{@httpd_template_dir}/manageiq-external-auth.conf.erb", "w") do |f| + f.write(manageiq_external_auth_gssapi_conf) + end + + described_class.new(@initial_settings).configure + expect(File.read("#{@httpd_conf_dir}/manageiq-external-auth.conf")).to eq(manageiq_external_auth_gssapi_conf) end - it 'raises an error when KrbAuthRealms is missing from manageiq-external-auth.conf' do - File.open("#{@httpd_template_dir}/manageiq-external-auth.conf.erb", "w") { |f| f.write("hello walls") } + it 'raises an error when a TEMPLATE file is missing' do + FileUtils.rm_f("#{@pam_template_dir}/httpd-auth") expect(MiqLdapToSssd::LOGGER).to receive(:fatal) expect { described_class.new(@initial_settings).configure }.to raise_error(MiqLdapToSssd::ConfigureApacheError) end diff --git a/tools/miqldap_to_sssd/configure_apache.rb b/tools/miqldap_to_sssd/configure_apache.rb index 1aa5ba0ae57..c0f7a30639c 100644 --- a/tools/miqldap_to_sssd/configure_apache.rb +++ b/tools/miqldap_to_sssd/configure_apache.rb @@ -43,7 +43,7 @@ def update_realm begin miq_ext_auth = File.read("#{HTTPD_CONF_DIR}/manageiq-external-auth.conf") - miq_ext_auth[/(\s*)KrbAuthRealms(\s*)(.*)/, 3] = initial_settings[:domain] + miq_ext_auth[/(\s*)KrbAuthRealms(\s*)(.*)/, 3] = initial_settings[:domain] if miq_ext_auth.include?("KrbAuthRealms") File.write("#{HTTPD_CONF_DIR}/manageiq-external-auth.conf", miq_ext_auth) rescue Errno::ENOENT, IndexError => err LOGGER.fatal(err.message)