Move from apache module mod_auth_kerb to mod_auth_gssapi

https://www.pivotaltracker.com/n/projects/1610127/stories/160659028
ManageIQ · Sep 24, 2018 · aa6cfa8 · aa6cfa8
1 parent 0f55ac5
commit aa6cfa8
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 38 deletions.
diff --git a/spec/tools/miqldap_to_sssd/configure_apache_spec.rb b/spec/tools/miqldap_to_sssd/configure_apache_spec.rb
@@ -11,31 +11,24 @@
 
   describe '#onfigure' do
     let(:manageiq_pam_conf) do
-      <<-EOT.strip_heredoc
+      <<-PAM_CONF.strip_heredoc
         manageiq pam conf data
-      EOT
+      PAM_CONF
     end
 
     let(:manageiq_remote_user_conf) do
-      <<-EOT.strip_heredoc
+      <<-REMOTE_USER_CONF.strip_heredoc
         manageiq remote user conf data
-      EOT
+      REMOTE_USER_CONF
     end
 
     let(:manageiq_external_auth_conf) do
-      <<-EOT.strip_heredoc
-        KrbMethodK5Passwd  Off
-        KrbAuthRealms      <%= realm %>
-        Krb5KeyTab         /etc/http.keytab
-      EOT
-    end
-
-    let(:expected_manageiq_external_auth_conf) do
-      <<-EOT.strip_heredoc
-        KrbMethodK5Passwd  Off
-        KrbAuthRealms      bob.your.uncle.com
-        Krb5KeyTab         /etc/http.keytab
-      EOT
+      <<-EXTERNAL_AUTH_CONF.strip_heredoc
+        AuthType           GSSAPI
+        AuthName           "GSSAPI Single Sign On Login"
+        GssapiCredStore    keytab:/etc/http.keytab
+        GssapiLocalName    on
+      EXTERNAL_AUTH_CONF
     end
 
     before do
@@ -70,19 +63,13 @@
       described_class.new(@initial_settings).configure
       expect(File.read("#{@pam_conf_dir}/httpd-auth")).to eq(manageiq_pam_conf)
       expect(File.read("#{@httpd_conf_dir}/manageiq-remote-user.conf")).to eq(manageiq_remote_user_conf)
-      expect(File.read("#{@httpd_conf_dir}/manageiq-external-auth.conf")).to eq(expected_manageiq_external_auth_conf)
+      expect(File.read("#{@httpd_conf_dir}/manageiq-external-auth.conf")).to eq(manageiq_external_auth_conf)
     end
 
     it 'raises an error when a TEMPLATE file is missing' do
       FileUtils.rm_f("#{@pam_template_dir}/httpd-auth")
       expect(MiqLdapToSssd::LOGGER).to receive(:fatal)
       expect { described_class.new(@initial_settings).configure }.to raise_error(MiqLdapToSssd::ConfigureApacheError)
     end
-
-    it 'raises an error when KrbAuthRealms is missing from manageiq-external-auth.conf' do
-      File.open("#{@httpd_template_dir}/manageiq-external-auth.conf.erb", "w") { |f| f.write("hello walls") }
-      expect(MiqLdapToSssd::LOGGER).to receive(:fatal)
-      expect { described_class.new(@initial_settings).configure }.to raise_error(MiqLdapToSssd::ConfigureApacheError)
-    end
   end
 end
diff --git a/tools/miqldap_to_sssd/configure_apache.rb b/tools/miqldap_to_sssd/configure_apache.rb
@@ -19,7 +19,6 @@ def initialize(initial_settings)
     def configure
       LOGGER.debug("Invoked #{self.class}\##{__method__} template_dir #{template_dir}")
       create_files
-      update_realm
     end
 
     private
@@ -37,18 +36,5 @@ def create_files
         raise ConfigureApacheError, err.message
       end
     end
-
-    def update_realm
-      LOGGER.debug("Invoked #{self.class}\##{__method__}")
-
-      begin
-        miq_ext_auth = File.read("#{HTTPD_CONF_DIR}/manageiq-external-auth.conf")
-        miq_ext_auth[/(\s*)KrbAuthRealms(\s*)(.*)/, 3] = initial_settings[:domain]
-        File.write("#{HTTPD_CONF_DIR}/manageiq-external-auth.conf", miq_ext_auth)
-      rescue Errno::ENOENT, IndexError => err
-        LOGGER.fatal(err.message)
-        raise ConfigureApacheError, err.message
-      end
-    end
   end
 end