You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/24 17:59:16 UTC

[4/4] airavata git commit: AIRAVATA-2430 Ansible template/vars for PGA auth options

AIRAVATA-2430 Ansible template/vars for PGA auth options


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28006898
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28006898
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28006898

Branch: refs/heads/develop
Commit: 280068981af49e1f4d54f87d2e1f9dd7f06b9d8d
Parents: a445590
Author: Marcus Christie <ma...@apache.org>
Authored: Sat Jun 24 13:58:39 2017 -0400
Committer: Marcus Christie <ma...@apache.org>
Committed: Sat Jun 24 13:58:39 2017 -0400

----------------------------------------------------------------------
 .../scigap/develop/pga_config/scigap/vars.yml     |  3 ++-
 .../scigap/develop/pga_config/seagrid/vars.yml    |  9 ++++++++-
 dev-tools/ansible/roles/pga/defaults/main.yml     |  6 ++++++
 .../ansible/roles/pga/templates/pga_config.php.j2 | 18 ++++++++++++++----
 4 files changed, 30 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
index 099a9bd..ae0c2ba 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml
@@ -39,7 +39,8 @@ oauth_client_key: "{{ vault_oauth_client_key }}"
 oauth_client_secret: "{{ vault_oauth_client_secret }}"
 oauth_grant_type: "password"
 oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"
-user_role_name: "airavata-user"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+initial_role_name: "gateway-provider"
 
 gateway_id: "scigap"
 # relative to document root dir

http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
index 3f5c015..2e17fde 100644
--- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
+++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml
@@ -37,9 +37,16 @@ admin_username: "admin"
 admin_password: "{{ vault_admin_password }}"
 oauth_client_key: "{{ vault_oauth_client_key }}"
 oauth_client_secret: "{{ vault_oauth_client_secret }}"
-oauth_grant_type: "password"
 oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"
 
+auth_options:
+  - name: "SEAGrid"
+    oauth_grant_type: "password"
+  - name: "CILogon"
+    oauth_grant_type: "authorization_code"
+    oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "https://{{ vhost_servername }}/callback-url"
+
 gateway_id: "seagrid"
 # relative to document root dir
 experiment_data_dir: "{{ user_data_dir }}/dev-seagrid"

http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/defaults/main.yml
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml
index 1801883..9635bfc 100644
--- a/dev-tools/ansible/roles/pga/defaults/main.yml
+++ b/dev-tools/ansible/roles/pga/defaults/main.yml
@@ -58,6 +58,12 @@ admin_readonly_role_name: "admin-read-only"
 user_role_name: "gateway-user"
 initial_role_name: "user-pending"
 auth_verify_peer: "true"
+auth_options:
+  - name: "{{ portal_title }}"
+    oauth_grant_type: "password"
+#    oauth_authorize_url_extra_params: "kc_idp_hint=oidc"
+oauth_callback_url: "http://{{ vhost_servername }}/callback-url"
+
 
 ## Airavata Client related variables
 #airavata_server: "tls://gw77.iu.xsede.org"

http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
----------------------------------------------------------------------
diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
index 1981ccb..c102e65 100644
--- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
+++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2
@@ -57,14 +57,24 @@ return array(
         'oauth-client-secret' => '{{ oauth_client_secret }}',
 
         /**
-         * OAuth Grant Type (password or authorization_code)
-         */
-        'oauth-grant-type' => '{{ oauth_grant_type }}',
+         * Authentication options
+         */
+        'auth-options' => [
+            {% for auth_option in auth_options %}
+            [
+                'oauth-grant-type' => '{{ auth_option["oauth_grant_type"] }}',
+                'name' => '{{ auth_option["name"] }}',
+                {% if "oauth_authorize_url_extra_params" in auth_option %}
+                'oauth-authorize-url-extra-params' => '{{ auth_option["oauth_authorize_url_extra_params"] }}',
+                {% endif %}
+            ],
+            {% endfor %}
+        ],
 
         /**
          * OAuth call back url (only if the grant type is authorization_code)
          */
-        'oauth-callback-url' => 'http://localhost/callback-url',
+        'oauth-callback-url' => '{{ oauth_callback_url }}',
 
         /**
          * For OIDC servers that support the discovery protocol.