adding oauth configuration directives #171 (proycon/clam#93)

bootstrap.sh

@@ -1427,6 +1427,14 @@ if [[ $FLAVOUR == "vagrant" ]] || [[ $FLAVOUR == "docker" ]] || [[ $FLAVOUR == "
 else
     echo "clam_include: \"$BASEDIR/$LM_NAME/etc/clam_base.config.yml\" #You can set this to a CLAM base configuration file that will be included from all the webservices, it allows you to do configure common traits like authentication" >> $STAGEDCONFIG
 fi
+echo "clam_base_config: {} #extra clam base configuration keys" >>$STAGEDCONFIG
+echo "oauth_client_id: \"\" #shared oauth client ID
+oauth_client_secret: \"\" #shared oauth client secret
+oauth_auth_url: \"\" #something like https://your-identity-provider/oauth/authenticate
+oauth_token_url: \"\" #something like https://your-identity-provider/oauth/token
+oauth_userinfo_url: \"\" #something like https://your-identity-provider/oauth/userinfo
+oauth_revoke_url: \"\" #(optional) something like https://your-identity-provider/oauth/revoke
+oauth_scope: [] #Set this to [ \"openid\", \"email\" ] if you want to use OpenID Connect" >> $STAGEDCONFIG
 if [[ $OS == "mac" ]] || [[ "$FLAVOUR" == "remote" ]]; then
     echo "lab: false #Enable Jupyter Lab environment, note that this opens the system to arbitrary code execution and file system access! (provided the below password is known)" >> $STAGEDCONFIG
 else

roles/lamachine-core/defaults/main.yml

@@ -25,6 +25,7 @@ force_https: no #force all urls to use https (can be set when behind a reverse p
 shared_www_data: no
 move_share_www_data: no #for docker, whether to actively move the www-data to the shared data volume on lamachine-start-webserver (shared_www_data is always no though)
 clam_include: "" #a base clam configuration file to include
+clam_base_config: {} #extra clam base configuration keys
 ignore_tests: false
 services:
   - all
@@ -34,6 +35,13 @@ lab_password_sha1: "sha1:fa40baddab88:c498070b5885ee26ed851104ddef37926459b0c4"
 lab_allow_origin: "*" #hosts that may access the lab environment
 flat_password: "flat" #admin password for flat
 custom_flat_settings: false  #set this to true if you customized your flat settings and want to prevent LaMachine from overwriting it again on update
+oauth_client_id: "" #shared oauth2 client ID
+oauth_client_secret: "" #shared oauth2 client secret
+oauth_auth_url: "" #something like https://your-identity-provider/oauth/authenticate
+oauth_token_url: "" #something like https://your-identity-provider/oauth/token
+oauth_userinfo_url: "" #something like https://your-identity-provider/oauth/userinfo
+oauth_revoke_url: "" #(optional) something like https://your-identity-provider/oauth/revoke
+oauth_scope: [] #Set this to [ "openid", "email" ] if you want to use OpenID Connect
 ssh_key_filename: "id_rsa"
 ssh_public_key: "" #ssh public key
 ssh_private_key: "" #ssh private key

roles/lamachine-core/templates/clam_base.config.yml

@@ -1,6 +1,21 @@
-README: "DO NOT EDIT THIS FILE, IT WILL BE OVERWRITTEN ON LAMACHINE UPDATE! Create your own base.config.yml instead and change clam_include in your LaMachine configuration"
+README: "DO NOT EDIT THIS FILE, IT WILL BE OVERWRITTEN ON LAMACHINE UPDATE! Create your own base.config.yml instead and change clam_include in your LaMachine configuration, OR set extra configuration options in clam_base_config"
 {% if "flat" in remote_services and remote_services.flat %}
 flaturl: "{{ remote_services.flat }}"
 {% elif webserver and ("flat" in services or "all" in services) %}
 flaturl: "{{ lm_base_url }}/flat"
 {% endif %}
+{% if oauth_client_id and oauth_client_secret and oauth_auth_url and oauth_token_url and oauth_userinfo_url %}
+oauth: true
+oauth_client_id: "{{ oauth_client_id }}"
+oauth_client_secret: "{{ oauth_client_secret }}"
+oauth_auth_url: "{{ oauth_auth_url }}"
+oauth_token_url: "{{ oauth_token_url }}"
+oauth_userinfo_url: "{{ oauth_userinfo_url }}"
+oauth_scope: {{ oauth_scope | to_json }}
+{% if oauth_revoke_url %}
+oauth_revoke_url: "{{ oauth_revoke_url }}"
+{% endif %}
+{% endif %}
+{% if clam_base_config %}
+{{ clam_base_config | to_yaml }}
+{% endif %}