You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@whimsical.apache.org by se...@apache.org on 2019/12/12 12:50:52 UTC

[whimsy] branch master updated: Add auth test settings

This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/whimsy.git


The following commit(s) were added to refs/heads/master by this push:
     new 4624c80  Add auth test settings
4624c80 is described below

commit 4624c8066da1c45b5bfa4bf7ec5c83fc262c3ac2
Author: Sebb <se...@apache.org>
AuthorDate: Thu Dec 12 12:50:30 2019 +0000

    Add auth test settings
---
 Rakefile                                   |  6 +++++-
 config/25-authz_ldap_group_membership.conf | 27 +++++++++++++++++++++++++++
 config/setupmymac                          | 13 +++++++++++++
 config/whimsy.conf                         | 27 +++++++++++++++++++++++++++
 docker/Dockerfile                          |  1 +
 5 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/Rakefile b/Rakefile
index 530f772..dc9a953 100644
--- a/Rakefile
+++ b/Rakefile
@@ -320,7 +320,7 @@ end
 
 # Docker support
 namespace :docker do
-  task :build => 'docker/work/whimsy.conf' do
+  task :build => ['docker/work/whimsy.conf', 'docker/work/25-authz_ldap_group_membership.conf'] do
     Dir.chdir File.join(__dir__, 'docker') do
       sh 'docker-compose build web'
     end
@@ -403,3 +403,7 @@ end
 file 'docker/work/whimsy.conf' => ['docker/work', 'config/whimsy.conf'] do
   cp 'config/whimsy.conf', 'docker/work/whimsy.conf'
 end
+
+file 'docker/work/25-authz_ldap_group_membership.conf' => ['docker/work', 'config/25-authz_ldap_group_membership.conf'] do
+  cp 'config/25-authz_ldap_group_membership.conf', 'docker/work/25-authz_ldap_group_membership.conf'
+end
diff --git a/config/25-authz_ldap_group_membership.conf b/config/25-authz_ldap_group_membership.conf
new file mode 100644
index 0000000..c78cdf2
--- /dev/null
+++ b/config/25-authz_ldap_group_membership.conf
@@ -0,0 +1,27 @@
+# LDAP alias: ASF member
+<AuthzProviderAlias ldap-group ldap-alias-member cn=member,ou=groups,dc=apache,dc=org>
+   AuthLDAPurl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+   AuthLDAPGroupAttribute memberUid
+   AuthLDAPGroupAttributeIsDN Off
+</AuthzProviderAlias>
+
+# LDAP alias: ASF committer
+<AuthzProviderAlias ldap-group ldap-alias-committer cn=committers,ou=role,ou=groups,dc=apache,dc=org>
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPGroupAttribute member
+  AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
+
+# LDAP alias: PMC chair
+<AuthzProviderAlias ldap-group ldap-alias-pmc-chair cn=pmc-chairs,ou=groups,ou=services,dc=apache,dc=org>
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPGroupAttribute member
+  AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
+
+# LDAP alias: Incubator PMC
+<AuthzProviderAlias ldap-group ldap-alias-incubator-pmc cn=incubator,ou=project,ou=groups,dc=apache,dc=org>
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  AuthLDAPGroupAttribute owner
+  AuthLDAPGroupAttributeIsDN on
+</AuthzProviderAlias>
diff --git a/config/setupmymac b/config/setupmymac
index 224c917..770e3a8 100755
--- a/config/setupmymac
+++ b/config/setupmymac
@@ -537,6 +537,19 @@ then
   restart_apache = true
 end
 
+confd_source = "#{WHIMSY}/config/25-authz_ldap_group_membership.conf"
+confd_target = '/private/etc/apache2/other/conf-enabled/25-authz_ldap_group_membership.conf'
+if 
+  not File.exist?(confd_target) or 
+  File.read(confd_target) != File.read(confd_source)
+then
+  sudo do
+    run 'cp', confd_source, confd_target
+  end
+
+  restart_apache = true
+end
+
 ### Make applications restart on change
 
 if not $root and force[:toucher] != nil
diff --git a/config/whimsy.conf b/config/whimsy.conf
index 8e1bf1d..02e83a7 100644
--- a/config/whimsy.conf
+++ b/config/whimsy.conf
@@ -317,4 +317,31 @@ Alias /project/icla/ /srv/whimsy/www/project/icla/public
   </RequireAny>
 </LocationMatch>
 
+<Directory /srv/whimsy/www/test/member>
+  AuthType Basic
+  AuthName "ASF Members"
+  AuthBasicProvider ldap
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  Require ldap-alias-member
+</Directory>
+
+<Directory /srv/whimsy/www/test/incubator>
+  AuthType Basic
+  AuthName "Incubator PMC"
+  AuthBasicProvider ldap
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  Require ldap-alias-incubator-pmc
+</Directory>
+
+<Directory /srv/whimsy/www/test/member-incubator>
+  AuthType Basic
+  AuthName "ASF Members and Incubator PMC"
+  AuthBasicProvider ldap
+  AuthLDAPUrl "ldaps://ldap-us-ro.apache.org:636 ldap-eu-ro.apache.org:636/ou=people,dc=apache,dc=org?uid"
+  <RequireAny>
+    Require ldap-alias-member
+    Require ldap-alias-incubator-pmc
+  </RequireAny>
+</Directory>
+
 </VirtualHost>
diff --git a/docker/Dockerfile b/docker/Dockerfile
index d256271..042d09f 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -63,6 +63,7 @@ RUN DEBIAN_FRONTEND='noninteractive' apt-get install -y ldap-utils
 # This should be last, as the source is likely to change
 # It also takes very little time, so it does not matter if it has to be redone
 COPY work/whimsy.conf /etc/apache2/sites-enabled/000-default.conf
+COPY work/25-authz_ldap_group_membership.conf /etc/apache2/conf-enabled/25-authz_ldap_group_membership.conf
 
 WORKDIR /srv/whimsy
 EXPOSE 80