portusctl: added missing options

Moreover, I've created a small test to check that the config.yml file
and portusctl are always in sync in this regard.

Signed-off-by: Miquel Sabaté Solà <mikisabate@gmail.com>

.travis.yml

@@ -21,6 +21,7 @@ before_script:
   - mysql -e 'create database portus_test;'
 script:
   - bundle exec rspec spec
+  - bundle exec rspec packaging/suse/portusctl/spec
   - bundle exec rubocop -V
   - bundle exec rubocop -F
 env:

packaging/suse/portusctl/lib/cli.rb

@@ -1,8 +1,8 @@
 # Class implementing the cli interface of portusctl
 class Cli < Thor
   desc "setup", "Configure Portus"
-  option :secure, type: :boolean, default: true,
-    desc: "Toggle SSL usage for Portus"
+  option "secure", desc: "Toggle SSL usage for Portus", type: :boolean, default: true
+
   # SSL certificate options
   option "ssl-organization",
     desc:    "SSL certificate: organization",
@@ -22,27 +22,40 @@ class Cli < Thor
   option "ssl-state",
     desc:    "SSL certificate: state",
     default: "Bayern" # gensslcert -s
+
   # DB options
   option "db-host", desc: "Database: host", default: "localhost"
   option "db-username", desc: "Database: username", default: "portus"
   option "db-password", desc: "Database: password", default: "portus"
   option "db-name", desc: "Database: name", default: "portus_production"
+
   # Registry
   option "local-registry", desc: "Configure Docker registry running locally",
     type: :boolean, default: false
+
   # LDAP
   option "ldap-enable", desc: "LDAP: enable", type: :boolean, default: false
   option "ldap-hostname", desc: "LDAP: server hostname"
   option "ldap-port", desc: "LDAP: server port", default: "389"
-  option "ldap-base",
-    desc:    "LDAP: base",
-    default: "ou=users, dc=example, dc=com"
-  option "ldap-guess-email",
+  option "ldap-method",
+    desc:    "LDAP: encryption method (recommended: starttls)",
+    default: "plain"
+  option "ldap-base", desc: "LDAP: base", default: "ou=users, dc=example, dc=com"
+  option "ldap-filter", desc: "LDAP: filter users"
+  option "ldap-uid", desc: "LDAP: uid", default: "uid"
+  option "ldap-authentication-enable",
+    desc:    "LDAP: enable LDAP credentials for user lookup",
+    type:    :boolean,
+    default: false
+  option "ldap-authentication-bind-dn", desc: "LDAP: bind DN for authentication"
+  option "ldap-authentication-password", desc: "LDAP: password for authentication"
+  option "ldap-guess-email-enable",
     desc:    "LDAP: guess email address",
     type:    :boolean,
     default: false
   option "ldap-guess-email-attr",
     desc: "LDAP: attribute to use when guessing email address"
+
   # MAILER
   option "email-from",
     desc:    "MAIL: sender address",
@@ -68,10 +81,26 @@ class Cli < Thor
   option "email-smtp-domain",
     desc:    "MAIL: the domain of the SMTP server",
     default: "example.com"
+
+  # SIGNUP
+  option "signup-enable",
+    desc:    "Enable user signup",
+    type:    :boolean,
+    default: true
+
   # GRAVATAR
-  option "gravatar", desc: "Enable Gravatar usage", type: :boolean, default: true
+  option "gravatar-enable",
+    desc:    "Enable Gravatar usage",
+    type:    :boolean,
+    default: true
+
+  # JWT EXPIRATION TIME
+  option "jwt-expiration-time",
+    desc:    "Expiration time for the JWT token used by Portus",
+    default: "5.minutes"
+
   # FIRST USER
-  option "first-user-admin",
+  option "first-user-admin-enable",
     desc:    "Make the first registered user an admin",
     type:    :boolean,
     default: true

packaging/suse/portusctl/lib/constants.rb

@@ -8,5 +8,5 @@ def dockerized?
 # This one is set by the bash wrapper we deliver with our RPM
 # See packaging/suse/bin/portusctl
 BUNDLER_BIN = ENV["BUNDLER_BIN"]
-HOSTNAME    = (dockerized? ? `hostname -f` : `hostnamectl --static status`).chomp
+HOSTNAME    = (dockerized? || ENV["TRAVIS"] ? `hostname -f` : `hostnamectl --static status`).chomp
 PORTUS_ROOT = "/srv/Portus"

packaging/suse/portusctl/spec/options_spec.rb

@@ -0,0 +1,48 @@
+require_relative "spec_helper"
+require "yaml"
+
+# Format the given key from the config to portusctl's expectations.
+def format_key(key)
+  key.gsub("_", "-")
+    .gsub("enabled", "enable")
+    .gsub("user-name", "username")
+    .gsub(/^jwt-expiration-time-value$/, "jwt-expiration-time")
+    .gsub(/^check-ssl-usage-enable$/, "secure")
+end
+
+# Get the keys as given by the config.yml file.
+def get_keys(hsh, prefix = "")
+  keys = []
+
+  hsh.each do |k, v|
+    if v.is_a? Hash
+      subprefix = k
+      subprefix = prefix + "-" + subprefix unless prefix.empty?
+      keys += get_keys(v, subprefix)
+    else
+      key = prefix + "-" + k unless prefix.empty?
+      keys << key
+    end
+  end
+
+  keys
+end
+
+describe Cli do
+  it "matches with the options available in the config.yml file" do
+    path = File.expand_path("../../../../../config/config.yml", __FILE__)
+    yml  = YAML.load(IO.read(path))
+
+    # Get the keys from the config and from the setup command. Then get the
+    # difference between the config and the intersection of the config and the
+    # setup command.
+    config_keys = get_keys(yml).map { |k| format_key(k) }
+    config_keys.delete("machine-fqdn-value")
+    setup_keys  = Cli.commands["setup"].options.keys
+    diff        = config_keys - (config_keys & setup_keys)
+
+    raw = "The following keys are available in the config but not in the setup command: "
+    msg = raw + diff.join(", ") + "."
+    expect(diff).to be_empty, msg
+  end
+end

packaging/suse/portusctl/spec/spec_helper.rb

@@ -0,0 +1 @@
+require_relative "../lib/portusctl"

packaging/suse/portusctl/templates/config-local.yml.erb

@@ -27,7 +27,7 @@ email:
 # If enabled, then the profile picture will be picked from the Gravatar
 # associated with each user. See: https://en.gravatar.com/
 gravatar:
-  enabled: <%= @options["gravatar"] %>
+  enabled: <%= @options["gravatar-enable"] %>
 
 # LDAP support. If enabled, then only users of the specified LDAP server will
 # be able to use Portus.
@@ -38,9 +38,27 @@ ldap:
   hostname: <%= @options["ldap-hostname"] %>
   port: <%= @options["ldap-port"] %>
 
+  # Available options: "plain", "simple_tls" and "starttls". The default is
+  # "plain", the recommended is "starttls".
+  method: <%= @options["ldap-method"] %>
+
   # The base where users are located (e.g. "ou=users,dc=example,dc=com").
   base: <%= @options["ldap-base"] %>
 
+  # User filter (e.g. "mail=george*").
+  filter: <%= @options["ldap-filter"] %>
+
+  # The LDAP attribute where to search for username. The default is 'uid'.
+  uid: <%= @options["ldap-uid"] %>
+
+  # LDAP credentials used to search for a user.
+  authentication:
+    enabled: <%= @options["ldap-authentication-enable"] %>
+    <% if @options["ldap-authentication-enable"] %>
+    bind_dn: <%= @options["ldap-authentication-bind-dn"] %>
+    password: <%= @options["ldap-authentication-password"] %>
+    <% end %>
+
   # Portus needs an email for each user, but there's no standard way to get
   # that from LDAP servers. You can tell Portus how to get the email from users
   # registered in the LDAP server with this configurable value. There are three
@@ -60,7 +78,7 @@ ldap:
   # If something goes wrong when trying to guess the email, then it just falls
   # back to the default behavior (empty email).
   guess_email:
-    enabled: <%= @options["ldap-guess-email"] %>
+    enabled: <%= @options["ldap-guess-email-enable"] %>
     attr: <%= @options["ldap-guess-email-attr"] %>
 <% end %>
 
@@ -71,7 +89,15 @@ ldap:
 #   rake portus:make_admin[USERNAME]
 # in order to set the admin user
 first_user_admin:
-  enabled: <%= @options["first-user-admin"] %>
+  enabled: <%= @options["first-user-admin-enable"] %>
+
+# If enabled, then users can signup with the signup form. Otherwise, the admin
+# is responsible of creating new users by either:
+#   - Using the "portus:create_user" rake task.
+#   - Using the form available in the admin panel.
+# This is ignored if LDAP is enabled.
+signup:
+  enabled: <%= @options["signup-enable"] %>
 
 # By default require ssl to be enabled when running on production
 check_ssl_usage:
@@ -84,7 +110,7 @@ check_ssl_usage:
 #
 # See: https://github.com/SUSE/Portus/issues/510
 jwt_expiration_time:
-  value: "5.minutes"
+  value: <%= @options["jwt-expiration-time"] %>
 
 # The FQDN of the machine where Portus is being deployed.
 machine_fqdn: