You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/24 17:59:16 UTC
[4/4] airavata git commit: AIRAVATA-2430 Ansible template/vars for
PGA auth options
AIRAVATA-2430 Ansible template/vars for PGA auth options
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28006898
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28006898
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28006898
Branch: refs/heads/develop
Commit: 280068981af49e1f4d54f87d2e1f9dd7f06b9d8d
Parents: a445590
Author: Marcus Christie <ma...@apache.org>
Authored: Sat Jun 24 13:58:39 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Sat Jun 24 13:58:39 2017 -0400
----------------------------------------------------------------------
.../scigap/develop/pga_config/scigap/vars.yml | 3 ++-
.../scigap/develop/pga_config/seagrid/vars.yml | 9 ++++++++-
dev-tools/ansible/roles/pga/defaults/main.yml | 6 ++++++
.../ansible/roles/pga/templates/pga_config.php.j2 | 18 ++++++++++++++----
4 files changed, 30 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
index 099a9bd..ae0c2ba 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
@@ -39,7 +39,8 @@ oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
oauth_grant_type: "password"
oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"
-user_role_name: "airavata-user"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+initial_role_name: "gateway-provider"
gateway_id: "scigap"
# relative to document root dir
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
index 3f5c015..2e17fde 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
@@ -37,9 +37,16 @@ admin_username: "admin"
admin_password: "{{ vault_admin_password }}"
oauth_client_key: "{{ vault_oauth_client_key }}"
oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "password"
oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"
+auth_options:
+ - name: "SEAGrid"
+ oauth_grant_type: "password"
+ - name: "CILogon"
+ oauth_grant_type: "authorization_code"
+ oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+
gateway_id: "seagrid"
# relative to document root dir
experiment_data_dir: "{{ user_data_dir }}/dev-seagrid"
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 1801883..9635bfc 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -58,6 +58,12 @@ admin_readonly_role_name: "admin-read-only"
user_role_name: "gateway-user"
initial_role_name: "user-pending"
auth_verify_peer: "true"
+auth_options:
+ - name: "{{ portal_title }}"
+ oauth_grant_type: "password"
+# oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "http://{{ vhost_servername }}/callback-url"
+
## Airavata Client related variables
#airavata_server: "tls://gw77.iu.xsede.org"
http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 1981ccb..c102e65 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -57,14 +57,24 @@ return array(
'oauth-client-secret' => '{{ oauth_client_secret }}',
/**
- * OAuth Grant Type (password or authorization_code)
- */
- 'oauth-grant-type' => '{{ oauth_grant_type }}',
+ * Authentication options
+ */
+ 'auth-options' => [
+ {% for auth_option in auth_options %}
+ [
+ 'oauth-grant-type' => '{{ auth_option["oauth_grant_type"] }}',
+ 'name' => '{{ auth_option["name"] }}',
+ {% if "oauth_authorize_url_extra_params" in auth_option %}
+ 'oauth-authorize-url-extra-params' => '{{ auth_option["oauth_authorize_url_extra_params"] }}',
+ {% endif %}
+ ],
+ {% endfor %}
+ ],
/**
* OAuth call back url (only if the grant type is authorization_code)
*/
- 'oauth-callback-url' => 'http://localhost/callback-url',
+ 'oauth-callback-url' => '{{ oauth_callback_url }}',
/**
* For OIDC servers that support the discovery protocol.