From 129b55dbaf4c13e06e3cf8433c085d29508b4a22 Mon Sep 17 00:00:00 2001 From: Luther Monson Date: Mon, 20 Jan 2020 13:04:51 -0700 Subject: [PATCH] added shibboleth saml provider --- apis/management.cattle.io/v3/authn_types.go | 60 +++++++++++-------- apis/management.cattle.io/v3/schema/schema.go | 1 + .../v3public/authn_types.go | 4 ++ .../v3public/schema/public_schema.go | 11 ++++ 4 files changed, 50 insertions(+), 26 deletions(-) diff --git a/apis/management.cattle.io/v3/authn_types.go b/apis/management.cattle.io/v3/authn_types.go index b21e8d5a..c75cec95 100644 --- a/apis/management.cattle.io/v3/authn_types.go +++ b/apis/management.cattle.io/v3/authn_types.go @@ -256,36 +256,39 @@ type ActiveDirectoryTestAndApplyInput struct { Enabled bool `json:"enabled,omitempty"` } +type LdapFields struct { + Servers []string `json:"servers,omitempty" norman:"type=array[string],notnullable,required"` + Port int64 `json:"port,omitempty" norman:"default=389,notnullable,required"` + TLS bool `json:"tls,omitempty" norman:"default=false,notnullable,required"` + Certificate string `json:"certificate,omitempty"` + ServiceAccountDistinguishedName string `json:"serviceAccountDistinguishedName,omitempty" norman:"required"` + ServiceAccountPassword string `json:"serviceAccountPassword,omitempty" norman:"type=password,required"` + UserDisabledBitMask int64 `json:"userDisabledBitMask,omitempty"` + UserSearchBase string `json:"userSearchBase,omitempty" norman:"notnullable,required"` + UserSearchAttribute string `json:"userSearchAttribute,omitempty" norman:"default=uid|sn|givenName,notnullable,required"` + UserSearchFilter string `json:"userSearchFilter,omitempty"` + UserLoginAttribute string `json:"userLoginAttribute,omitempty" norman:"default=uid,notnullable,required"` + UserObjectClass string `json:"userObjectClass,omitempty" norman:"default=inetOrgPerson,notnullable,required"` + UserNameAttribute string `json:"userNameAttribute,omitempty" norman:"default=cn,notnullable,required"` + UserMemberAttribute string `json:"userMemberAttribute,omitempty" norman:"default=memberOf,notnullable,required"` + UserEnabledAttribute string `json:"userEnabledAttribute,omitempty"` + GroupSearchBase string `json:"groupSearchBase,omitempty"` + GroupSearchAttribute string `json:"groupSearchAttribute,omitempty" norman:"default=cn,notnullable,required"` + GroupSearchFilter string `json:"groupSearchFilter,omitempty"` + GroupObjectClass string `json:"groupObjectClass,omitempty" norman:"default=groupOfNames,notnullable,required"` + GroupNameAttribute string `json:"groupNameAttribute,omitempty" norman:"default=cn,notnullable,required"` + GroupDNAttribute string `json:"groupDNAttribute,omitempty" norman:"default=entryDN,notnullable"` + GroupMemberUserAttribute string `json:"groupMemberUserAttribute,omitempty" norman:"default=entryDN,notnullable"` + GroupMemberMappingAttribute string `json:"groupMemberMappingAttribute,omitempty" norman:"default=member,notnullable,required"` + ConnectionTimeout int64 `json:"connectionTimeout,omitempty" norman:"default=5000,notnullable,required"` + NestedGroupMembershipEnabled bool `json:"nestedGroupMembershipEnabled" norman:"default=false"` +} + type LdapConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` AuthConfig `json:",inline" mapstructure:",squash"` - - Servers []string `json:"servers,omitempty" norman:"type=array[string],notnullable,required"` - Port int64 `json:"port,omitempty" norman:"default=389,notnullable,required"` - TLS bool `json:"tls,omitempty" norman:"default=false,notnullable,required"` - Certificate string `json:"certificate,omitempty"` - ServiceAccountDistinguishedName string `json:"serviceAccountDistinguishedName,omitempty" norman:"required"` - ServiceAccountPassword string `json:"serviceAccountPassword,omitempty" norman:"type=password,required"` - UserDisabledBitMask int64 `json:"userDisabledBitMask,omitempty"` - UserSearchBase string `json:"userSearchBase,omitempty" norman:"notnullable,required"` - UserSearchAttribute string `json:"userSearchAttribute,omitempty" norman:"default=uid|sn|givenName,notnullable,required"` - UserSearchFilter string `json:"userSearchFilter,omitempty"` - UserLoginAttribute string `json:"userLoginAttribute,omitempty" norman:"default=uid,notnullable,required"` - UserObjectClass string `json:"userObjectClass,omitempty" norman:"default=inetOrgPerson,notnullable,required"` - UserNameAttribute string `json:"userNameAttribute,omitempty" norman:"default=cn,notnullable,required"` - UserMemberAttribute string `json:"userMemberAttribute,omitempty" norman:"default=memberOf,notnullable,required"` - UserEnabledAttribute string `json:"userEnabledAttribute,omitempty"` - GroupSearchBase string `json:"groupSearchBase,omitempty"` - GroupSearchAttribute string `json:"groupSearchAttribute,omitempty" norman:"default=cn,notnullable,required"` - GroupSearchFilter string `json:"groupSearchFilter,omitempty"` - GroupObjectClass string `json:"groupObjectClass,omitempty" norman:"default=groupOfNames,notnullable,required"` - GroupNameAttribute string `json:"groupNameAttribute,omitempty" norman:"default=cn,notnullable,required"` - GroupDNAttribute string `json:"groupDNAttribute,omitempty" norman:"default=entryDN,notnullable"` - GroupMemberUserAttribute string `json:"groupMemberUserAttribute,omitempty" norman:"default=entryDN,notnullable"` - GroupMemberMappingAttribute string `json:"groupMemberMappingAttribute,omitempty" norman:"default=member,notnullable,required"` - ConnectionTimeout int64 `json:"connectionTimeout,omitempty" norman:"default=5000,notnullable,required"` - NestedGroupMembershipEnabled bool `json:"nestedGroupMembershipEnabled" norman:"default=false"` + LdapFields `json:",inline" mapstructure:",squash"` } type LdapTestAndApplyInput struct { @@ -349,6 +352,11 @@ type OKTAConfig struct { SamlConfig `json:",inline" mapstructure:",squash"` } +type ShibbolethConfig struct { + SamlConfig `json:",inline" mapstructure:",squash"` + LdapFields `json:",inline" mapstructure:",squash"` +} + type AuthSystemImages struct { KubeAPIAuth string `json:"kubeAPIAuth,omitempty"` } diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go index a6c98a59..7e645c6c 100644 --- a/apis/management.cattle.io/v3/schema/schema.go +++ b/apis/management.cattle.io/v3/schema/schema.go @@ -566,6 +566,7 @@ func authnTypes(schemas *types.Schemas) *types.Schemas { MustImportAndCustomize(&Version, v3.ADFSConfig{}, configSchema). MustImportAndCustomize(&Version, v3.KeyCloakConfig{}, configSchema). MustImportAndCustomize(&Version, v3.OKTAConfig{}, configSchema). + MustImportAndCustomize(&Version, v3.ShibbolethConfig{}, configSchema). MustImport(&Version, v3.SamlConfigTestInput{}). MustImport(&Version, v3.SamlConfigTestOutput{}). //GoogleOAuth Config diff --git a/apis/management.cattle.io/v3public/authn_types.go b/apis/management.cattle.io/v3public/authn_types.go index 16584886..4a0c44a4 100644 --- a/apis/management.cattle.io/v3public/authn_types.go +++ b/apis/management.cattle.io/v3public/authn_types.go @@ -100,6 +100,10 @@ type PingProvider struct { SamlProvider `json:",inline"` } +type ShibbolethProvider struct { + SamlProvider `json:",inline"` +} + type ADFSProvider struct { SamlProvider `json:",inline"` } diff --git a/apis/management.cattle.io/v3public/schema/public_schema.go b/apis/management.cattle.io/v3public/schema/public_schema.go index 897ffab5..1f6f7f89 100644 --- a/apis/management.cattle.io/v3public/schema/public_schema.go +++ b/apis/management.cattle.io/v3public/schema/public_schema.go @@ -139,6 +139,17 @@ func authProvidersTypes(schemas *types.Schemas) *types.Schemas { schema.CollectionMethods = []string{} schema.ResourceMethods = []string{http.MethodGet} }). + MustImportAndCustomize(&PublicVersion, v3public.ShibbolethProvider{}, func(schema *types.Schema) { + schema.BaseType = "authProvider" + schema.ResourceActions = map[string]types.Action{ + "login": { + Input: "samlLoginInput", + Output: "samlLoginOutput", + }, + } + schema.CollectionMethods = []string{} + schema.ResourceMethods = []string{http.MethodGet} + }). MustImport(&PublicVersion, v3public.SamlLoginInput{}). MustImport(&PublicVersion, v3public.SamlLoginOutput{}). // OpenLdap provider