From 227e1d07ddf75e6757d6569e4b1028d233488057 Mon Sep 17 00:00:00 2001
From: CVL-GitHub <jupiter.hu@monash.edu>
Date: Fri, 4 Sep 2015 08:43:55 +1000
Subject: [PATCH] refactoring
---
roles/karaage3.1.17/tasks/karaage.yml | 10 +++
roles/karaage3.1.17/templates/index.html.j2 | 4 +
.../templates/karaage3-wsgi.conf.j2 | 3 +-
roles/karaage3.1.17/templates/kg-idps.j2 | 74 +++++++++++++++++++
4 files changed, 90 insertions(+), 1 deletion(-)
create mode 100644 roles/karaage3.1.17/templates/index.html.j2
create mode 100644 roles/karaage3.1.17/templates/kg-idps.j2
diff --git a/roles/karaage3.1.17/tasks/karaage.yml b/roles/karaage3.1.17/tasks/karaage.yml
index e406942b..8cf4f63d 100644
--- a/roles/karaage3.1.17/tasks/karaage.yml
+++ b/roles/karaage3.1.17/tasks/karaage.yml
@@ -95,6 +95,13 @@
template: src=karaage3-wsgi.conf.j2 dest=/etc/apache2/conf-available/karaage3-wsgi.conf
sudo: true
+- name: install karaage3-wsgi.conf
+ template: src=index.html.j2 dest=/var/www/index.html
+ sudo: true
+
+- name: install karaage3-wsgi.conf
+ template: src=kg-idps.j2 dest=/usr/bin/kg-idps
+ sudo: true
-
name: "enabling Karaage configuration"
shell: a2enconf karaage3-wsgi
@@ -152,4 +159,7 @@
sudo: true
when: ansible_os_family == "RedHat"
+- name: "Start cron job for creating idps"
+ cron: name=idps job=/usr/bin/kg-idps user=root day=*/1 state=present
+ sudo: true
diff --git a/roles/karaage3.1.17/templates/index.html.j2 b/roles/karaage3.1.17/templates/index.html.j2
new file mode 100644
index 00000000..750ce998
--- /dev/null
+++ b/roles/karaage3.1.17/templates/index.html.j2
@@ -0,0 +1,4 @@
+<html><body><h3>HPC identity management</h3>
+<p>To log in via AAF authentication, connect to URL: https://{{ ansible_fqdn }}/aafbootstrap</p>
+<p>To log in without AAF authentication, connect to URL: https://{{ ansible_fqdn }}/users</p>
+</body></html>
diff --git a/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2 b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
index 9ce8c092..813a86f4 100644
--- a/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
+++ b/roles/karaage3.1.17/templates/karaage3-wsgi.conf.j2
@@ -12,6 +12,7 @@ WSGIScriptAlias /karaage /etc/karaage3/karaage.wsgi
# support old URLs.
Redirect permanent /kgadmin /karaage
Redirect permanent /users /karaage
+Redirect permanent /aafbootstrap /karaage/aafbootstrap
Alias /kgstatic "/var/lib/karaage3/static"
<Location "/kgstatic">
@@ -29,7 +30,7 @@ Alias /kgfiles "/var/cache/karaage3/files"
</IfVersion>
</Location>
-<Location /karaage>
+<Location /karaage/aafbootstrap>
AuthType Shibboleth
ShibRequireSession On
ShibUseHeaders On
diff --git a/roles/karaage3.1.17/templates/kg-idps.j2 b/roles/karaage3.1.17/templates/kg-idps.j2
new file mode 100644
index 00000000..e1144a51
--- /dev/null
+++ b/roles/karaage3.1.17/templates/kg-idps.j2
@@ -0,0 +1,74 @@
+import os
+import django
+os.environ['DJANGO_SETTINGS_MODULE'] = "karaage.conf.settings"
+
+def get_idps_from_metadata():
+ import xml.etree.ElementTree as ET
+ tree = ET.parse('/var/cache/shibboleth/metadata.aaf.xml')
+ root=tree.getroot()
+ idps=[]
+ for entity in root.findall("{urn:oasis:names:tc:SAML:2.0:metadata}EntityDescriptor"):
+ idp=False
+ # %s"%entity.attrib['entityID']
+ for idp in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor'):
+ idp=True
+ if idp:
+ for o in entity.findall('{urn:oasis:names:tc:SAML:2.0:metadata}Organization'):
+ for c in o.findall('{urn:oasis:names:tc:SAML:2.0:metadata}OrganizationDisplayName'):
+ idps.append({'entityID':entity.attrib['entityID'],'name':c.text})
+
+ return idps
+
+def get_next_idp_group():
+ from karaage.people.models import Group
+ i=-1
+ available=False
+ nextgroup=None
+ groupname='idpgroup{idx}'
+ while not available:
+ i=i+1
+ try:
+ group =Group.objects.get(name=groupname.format(idx=i))
+ except Group.DoesNotExist:
+ available=True
+ nextgroup=groupname.format(idx=i)
+ return nextgroup
+
+
+def get_or_create_idp(entityID,name):
+ print "get_or_create %s"%name
+ from karaage.institutes.forms import InstituteForm
+ from karaage.institutes.models import Institute
+ from karaage.people.models import Group
+ try:
+ Institute.objects.get(saml_entityid=entityID)
+ return
+ except Institute.DoesNotExist:
+ print "does not exists, creating"
+ groupname=get_next_idp_group()
+ group, _ =Group.objects.get_or_create(name=groupname)
+ institute=Institute(name=name,group=group,saml_entityid=entityID,is_active=True)
+ institute.save()
+#
+# d={}
+# d['name']=name
+# d['group_id']=group
+# d['saml_entityid']=entityID
+# d['is_active']=True
+# form=InstituteForm(d)
+# if form.is_valid():
+# print "tying to save"
+# form.save()
+# else:
+# print "form not valid"
+# print dir(form)
+# #print "not actually saving my form"
+
+django.setup()
+idps = get_idps_from_metadata()
+for idp in idps:
+ try:
+ get_or_create_idp(entityID=idp['entityID'],name=idp['name'])
+ except:
+ pass
+
--
GitLab