/
auth.go
114 lines (106 loc) · 3.92 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package defaults
import (
"github.com/pkg/errors"
api "github.com/spolti/kie-cloud-operator-new/api/v2"
"github.com/spolti/kie-cloud-operator-new/controllers/kieapp/constants"
"github.com/spolti/kie-cloud-operator-new/controllers/kieapp/shared"
corev1 "k8s.io/api/core/v1"
"path/filepath"
)
const ssoHostnameVar = "HOSTNAME_HTTPS"
const ssoClientVar = "SSO_CLIENT"
// ConfigureHostname sets the HOSTNAME_HTTPS environment variable with the provided hostname
// IF not yet set AND SSO auth is configured AND SSO_CLIENT exists
func ConfigureHostname(object *api.CustomObject, cr *api.KieApp, hostname string) {
if cr.Spec.Auth == nil || cr.Spec.Auth.SSO == nil {
return
}
for dcIdx := range object.DeploymentConfigs {
dc := &object.DeploymentConfigs[dcIdx]
for containerIdx := range dc.Spec.Template.Spec.Containers {
container := &dc.Spec.Template.Spec.Containers[containerIdx]
if pos := shared.GetEnvVar(ssoClientVar, container.Env); pos == -1 {
continue
}
if pos := shared.GetEnvVar(ssoHostnameVar, container.Env); pos == -1 {
container.Env = append(container.Env, corev1.EnvVar{
Name: ssoHostnameVar,
Value: hostname,
})
} else if len(container.Env[pos].Value) == 0 {
container.Env[pos].Value = hostname
}
}
}
}
func configureAuth(cr *api.KieApp, envTemplate *api.EnvTemplate) (err error) {
if cr.Spec.Auth.SSO == nil && cr.Spec.Auth.LDAP == nil && cr.Spec.Auth.RoleMapper == nil {
return
}
if cr.Spec.Auth.SSO != nil && cr.Spec.Auth.LDAP != nil {
err = errors.New("multiple authentication types not supported")
} else if cr.Spec.Auth.SSO == nil && cr.Spec.Auth.LDAP == nil && cr.Spec.Auth.RoleMapper != nil {
err = errors.New("roleMapper configuration must be declared together with SSO or LDAP")
} else if cr.Spec.Auth.SSO != nil {
err = configureSSO(cr, envTemplate)
} else if cr.Spec.Auth.LDAP != nil {
err = configureLDAP(cr.Spec.Auth.LDAP, envTemplate)
}
if cr.Spec.Auth.RoleMapper != nil {
configureRoleMapper(cr.Spec.Auth.RoleMapper, envTemplate)
}
return
}
func configureSSO(cr *api.KieApp, envTemplate *api.EnvTemplate) error {
if len(cr.Spec.Auth.SSO.URL) == 0 || len(cr.Spec.Auth.SSO.Realm) == 0 {
return errors.New("neither url nor realm can be empty")
}
// Set defaults
if len(cr.Spec.Auth.SSO.PrincipalAttribute) == 0 {
if cr.Status.Applied.Auth == nil {
cr.Status.Applied.Auth = &api.KieAppAuthObject{SSO: &api.SSOAuthConfig{}}
}
cr.Status.Applied.Auth.SSO.PrincipalAttribute = constants.SSODefaultPrincipalAttribute
}
if cr.Status.Applied.Objects.Console != nil {
if cr.Status.Applied.Objects.Console.SSOClient != nil {
envTemplate.Console.SSOAuthClient = *cr.Status.Applied.Objects.Console.SSOClient.DeepCopy()
}
}
if cr.Status.Applied.Auth.SSO != nil {
envTemplate.Auth.SSO = *cr.Status.Applied.Auth.SSO.DeepCopy()
for index := range envTemplate.Servers {
serverSet, _ := GetServerSet(cr, index)
if serverSet.SSOClient != nil {
envTemplate.Servers[index].SSOAuthClient = *serverSet.SSOClient.DeepCopy()
}
}
}
return nil
}
func configureLDAP(config *api.LDAPAuthConfig, envTemplate *api.EnvTemplate) error {
if len(config.URL) == 0 {
return errors.New("the url must not be empty")
}
envTemplate.Auth.LDAP = *config.DeepCopy()
return nil
}
func configureRoleMapper(config *api.RoleMapperAuthConfig, envTemplate *api.EnvTemplate) {
if config != nil {
envTemplate.Auth.RoleMapper.RoleMapperAuthConfig = *config.DeepCopy()
if len(filepath.Ext(envTemplate.Auth.RoleMapper.RoleMapperAuthConfig.RolesProperties)) > 0 {
pos := -1
for i, c := range config.RolesProperties {
if c == '/' {
pos = i
}
}
if pos != -1 {
envTemplate.Auth.RoleMapper.MountPath = config.RolesProperties[:pos]
} else {
envTemplate.Auth.RoleMapper.RolesProperties = constants.RoleMapperDefaultDir + "/" + envTemplate.Auth.RoleMapper.RolesProperties
envTemplate.Auth.RoleMapper.MountPath = constants.RoleMapperDefaultDir
}
}
}
}