x/ci-cd-pipeline-app-murano
Code Issues Proposed changes

Change the way of users creation in LDAP

Browse Source 
Change-Id: I82b43edff5e7db98698d8538d7276c7199d53bca
This commit is contained in:
Anastasia Kuznetsova 2016-03-24 18:11:11 +03:00 committed by Alexey Khivin
parent ce24a83066
commit dcf2e058eb
5 changed files with 86 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
murano-apps/OpenLDAP2/package/Classes/OpenLDAP.yaml
View File

@ -17,13 +17,17 @@ Properties:
Contract: $.string().notNull()
domain:
Contract: $.string().notNull()
ldapRootUser:
Contract: $.string().notNull()
ldapRootPass:
Contract: $.string().notNull()
ldapUser:
Contract: $.string().notNull()
Contract: $.string()
ldapPass:
Contract: $.string().notNull()
Contract: $.string()
Methods:
initialize:
.init:
Body:
- $._environment: $.find(std:Environment).require()
@ -49,14 +53,19 @@ Methods:
- $.createConfiguration()
- $resources: new(sys:Resources)
- $template: $resources.yaml('DeployOpenLDAP.template')
- $._environment.reporter.report($this, 'OpenLDAP deploying')
- $.instance.agent.call($template, $resources)
- $._environment.reporter.report($this, format('OpenLDAP is available at {0}', $.instance.floatingIpAddress))
- $.configureOpenLDAPUser($.domain, $.ldapUser, $.ldapPass)
- $._environment.reporter.report($this, format('Configuring root LDAP user'))
- $.configureOpenLDAPRootUser()
- If: $.ldapUser != '' and $.ldapUser != null
Then:
- $._environment.reporter.report($this, format('Configuring base non-admin LDAP user'))
- $.configureOpenLDAPUser($.ldapUser, $.ldapPass)
- $.setAttr(deployed, true)
- $._environment.reporter.report($this, 'OpenLDAP is deployed!')
@ -65,11 +74,13 @@ Methods:
Body:
- $.instance.setHieraValue('ldap_domain', $.domain)
- $.instance.setHieraValue('ldap_dc', $.domain.split('.')[0])
- $.instance.setHieraValue('ldap_root_user', $.ldapRootUser)
- $.instance.setHieraValue('ldap_root_password', $.ldapRootPass)
- $.instance.setHieraValue('ldap_user', $.ldapUser)
- $.instance.setHieraValue('ldap_password', $.ldapPass)
- !yaql "$.instance.setHieraValue('ldap::client::uri', 'localhost')"
- !yaql "$.instance.setHieraValue('ldap::server::rootpw', $.ldapPass)"
- !yaql "$.instance.setHieraValue('ldap::server::rootpw', $.ldapRootPass)"
- !yaql "$.instance.setHieraValue('ldap::client::ssl_cert', '')"
#
@ -78,31 +89,42 @@ Methods:
#- !yaql "$.instance.setHieraValue('ldap::client::base', 'dc=example,dc=com')"
#- !yaql "$.instance.setHieraValue('ldap::client::ssl', 'false')"
#- !yaql "$.instance.setHieraValue('ldap::server::suffix', 'dc=example,dc=com')"
#- !yaql "$.instance.setHieraValue('ldap::server::rootdn', 'cn=admin,dc=example,dc=com')"
#- !yaql "$.instance.setHieraValue('ldap::server::rootdn', format('cn={0},dc=example,dc=com', $.ldapRootUser))"
#- !yaql "$.instance.setHieraValue('ldap::server::ssl', false)"
#- !yaql "$.instance.setHieraValue('ldap::server::ssl_cacert', '')"
#- !yaql "$.instance.setHieraValue('ldap::server::ssl_cert', '')"
#- !yaql "$.instance.setHieraValue('ldap::server::ssl_key', '')"
configureOpenLDAPRootUser:
Body:
- $resources: new(sys:Resources)
- $template: $resources.yaml('ConfigureOpenLDAPUser.template').bind(dict(
domain => $this.domain,
rootUser => $this.ldapRootUser,
rootPass => $this.ldapRootPass,
user => '',
password => ''
))
- $.instance.agent.call($template, $resources)
configureOpenLDAPUser:
Arguments:
- domain:
- user:
Contract: $.string().notNull()
- ldapUser:
Contract: $.string().notNull()
- ldapPass:
- password:
Contract: $.string().notNull()
Body:
- $resources: new(sys:Resources)
- $template: $resources.yaml('ConfigureOpenLDAPUser.template').bind(dict(
domain => $domain,
ldapUser => $ldapUser,
ldapPass => $ldapPass
domain => $this.domain,
rootUser => $this.ldapRootUser,
rootPass => $this.ldapRootPass,
user => $user,
password => $password
))
- $.instance.agent.call($template, $resources)
- $._environment.reporter.report($this, 'OpenLDAP user {0} is added'.format($ldapUser))
destroy:
Body:
- $.reportDestroyed()
- $.setAttr(deployed, false)
- $.setAttr(deployed, false)

14
murano-apps/OpenLDAP2/package/Resources/ConfigureOpenLDAPUser.template
View File

@ -4,11 +4,19 @@ Name: Configure OpenLDAP
Parameters:
domain: $domain
ldapUser: $ldapUser
ldapPass: $ldapPass
rootUser: $rootUser
rootPass: $rootPass
user: $user
password: $password
Body: |
return configure('{0} {1} {2}'.format(args.domain, args.ldapUser, args.ldapPass)).stdout
return configure(
'{0} {1} {2} {3} {4}'.format(
args.domain,
args.rootUser,
args.rootPass,
args.user,
args.password)).stdout
Scripts:
configure:

23
murano-apps/OpenLDAP2/package/Resources/scripts/configureOpenLDAPUser.sh
View File

@ -1,15 +1,26 @@
#!/bin/bash
DOMAIN="$1"
USERNAME="$2"
PASSWORD="$3"
ADMIN_USERNAME="$2"
ADMIN_PASSWORD="$3"
USERNAME="$4"
PASSWORD="$5"
DOMAIN_PASSWORD=$PASSWORD
DOMAIN_PASSWORD="$ADMIN_PASSWORD"
NAME="`echo "$DOMAIN" | cut -d. -f1`"
TLD="`echo "$DOMAIN" | cut -d. -f2`"
# If user doesn't specify non-admin username/password then
# script will create just admin user
ldapadd -x -w $DOMAIN_PASSWORD -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" << USER
if [ -z $USERNAME ];
then
USERNAME="$ADMIN_USERNAME";
PASSWORD="$ADMIN_PASSWORD";
fi
ldapadd -x -w $DOMAIN_PASSWORD -D "cn=${ADMIN_USERNAME},dc=${NAME},dc=${TLD}" << USER
dn: uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD}
objectClass: top
objectClass: account
@ -28,7 +39,7 @@ shadowMax: 0
shadowWarning: 0
USER
ldappasswd -w $DOMAIN_PASSWORD -s ${PASSWORD} -D "cn=${USERNAME},dc=${NAME},dc=${TLD}" -x uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD}
ldappasswd -w $DOMAIN_PASSWORD -s ${PASSWORD} -D "cn=${ADMIN_USERNAME},dc=${NAME},dc=${TLD}" -x uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD}
# check if user been created
ldapwhoami -x -w ${PASSWORD} -D uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} -hlocalhost -p389
ldapwhoami -x -w ${PASSWORD} -D uid=${USERNAME},ou=users,dc=${NAME},dc=${TLD} -hlocalhost -p389

6
murano-apps/OpenLDAP2/package/Resources/scripts/site.pp
View File

@ -2,12 +2,12 @@ node default {
$dc = hiera("ldap_dc")
$dn = domain2dn(hiera("ldap_domain"))
$user = hiera('ldap_user')
$user = hiera('ldap_root_user')
class { 'ldap::server':
suffix => $dn,
rootdn => "cn=$user,$dn",
rootpw => hiera('ldap_password'),
rootpw => hiera('ldap_root_password'),
}
$ldap_defaults = {
@ -17,7 +17,7 @@ node default {
port => 389,
ssl => false,
username => "cn=$user,${dn}",
password => hiera('ldap_password')
password => hiera('ldap_root_password')
}
$ldap_entries = {

17
murano-apps/OpenLDAP2/package/UI/ui.yaml
View File

@ -5,6 +5,8 @@ Application:
type: io.murano.opaas.OpenLDAP
name: $.appConfiguration.name
domain: $.appConfiguration.domain
ldapRootUser: $.appConfiguration.ldapRootUser
ldapRootPass: $.appConfiguration.ldapRootPass
ldapUser: $.appConfiguration.ldapUser
ldapPass: $.appConfiguration.ldapPass
instance:
@ -34,15 +36,30 @@ Forms:
descriptionTitle: Domain
description: >-
Please, provide domain for the OpenLDAP instance
- name: ldapRootUser
type: string
label: Root Username
initial: admin
descriptionTitle: LDAP Root User
description: >-
Please, provide admin username
- name: ldapRootPass
type: password
label: Root Password
descriptionTitle: LDAP Root Password
description: >-
Please, provide admin password
- name: ldapUser
type: string
label: Username
required: false
descriptionTitle: LDAP User
description: >-
Please, provide username
- name: ldapPass
type: password
label: Password
required: false
descriptionTitle: LDAP Password
description: >-
Please, provide password