AIRAVATA-2430 Ansible template/vars for PGA auth options
Project: http://git-wip-us.apache.org/repos/asf/airavata/repo Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/28006898 Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/28006898 Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/28006898 Branch: refs/heads/develop Commit: 280068981af49e1f4d54f87d2e1f9dd7f06b9d8d Parents: a445590 Author: Marcus Christie <[email protected]> Authored: Sat Jun 24 13:58:39 2017 -0400 Committer: Marcus Christie <[email protected]> Committed: Sat Jun 24 13:58:39 2017 -0400 ---------------------------------------------------------------------- .../scigap/develop/pga_config/scigap/vars.yml | 3 ++- .../scigap/develop/pga_config/seagrid/vars.yml | 9 ++++++++- dev-tools/ansible/roles/pga/defaults/main.yml | 6 ++++++ .../ansible/roles/pga/templates/pga_config.php.j2 | 18 ++++++++++++++---- 4 files changed, 30 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml index 099a9bd..ae0c2ba 100644 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/scigap/vars.yml @@ -39,7 +39,8 @@ oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" oauth_grant_type: "password" oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/scigap/.well-known/openid-configuration"; -user_role_name: "airavata-user" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" +initial_role_name: "gateway-provider" gateway_id: "scigap" # relative to document root dir http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml index 3f5c015..2e17fde 100644 --- a/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml +++ b/dev-tools/ansible/inventories/scigap/develop/pga_config/seagrid/vars.yml @@ -37,9 +37,16 @@ admin_username: "admin" admin_password: "{{ vault_admin_password }}" oauth_client_key: "{{ vault_oauth_client_key }}" oauth_client_secret: "{{ vault_oauth_client_secret }}" -oauth_grant_type: "password" oidc_discovery_url: "https://iamdev.scigap.org/auth/realms/seagrid/.well-known/openid-configuration"; +auth_options: + - name: "SEAGrid" + oauth_grant_type: "password" + - name: "CILogon" + oauth_grant_type: "authorization_code" + oauth_authorize_url_extra_params: "kc_idp_hint=oidc" +oauth_callback_url: "https://{{ vhost_servername }}/callback-url" + gateway_id: "seagrid" # relative to document root dir experiment_data_dir: "{{ user_data_dir }}/dev-seagrid" http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/defaults/main.yml ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/pga/defaults/main.yml b/dev-tools/ansible/roles/pga/defaults/main.yml index 1801883..9635bfc 100644 --- a/dev-tools/ansible/roles/pga/defaults/main.yml +++ b/dev-tools/ansible/roles/pga/defaults/main.yml @@ -58,6 +58,12 @@ admin_readonly_role_name: "admin-read-only" user_role_name: "gateway-user" initial_role_name: "user-pending" auth_verify_peer: "true" +auth_options: + - name: "{{ portal_title }}" + oauth_grant_type: "password" +# oauth_authorize_url_extra_params: "kc_idp_hint=oidc" +oauth_callback_url: "http://{{ vhost_servername }}/callback-url" + ## Airavata Client related variables #airavata_server: "tls://gw77.iu.xsede.org" http://git-wip-us.apache.org/repos/asf/airavata/blob/28006898/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 ---------------------------------------------------------------------- diff --git a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 index 1981ccb..c102e65 100644 --- a/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 +++ b/dev-tools/ansible/roles/pga/templates/pga_config.php.j2 @@ -57,14 +57,24 @@ return array( 'oauth-client-secret' => '{{ oauth_client_secret }}', /** - * OAuth Grant Type (password or authorization_code) - */ - 'oauth-grant-type' => '{{ oauth_grant_type }}', + * Authentication options + */ + 'auth-options' => [ + {% for auth_option in auth_options %} + [ + 'oauth-grant-type' => '{{ auth_option["oauth_grant_type"] }}', + 'name' => '{{ auth_option["name"] }}', + {% if "oauth_authorize_url_extra_params" in auth_option %} + 'oauth-authorize-url-extra-params' => '{{ auth_option["oauth_authorize_url_extra_params"] }}', + {% endif %} + ], + {% endfor %} + ], /** * OAuth call back url (only if the grant type is authorization_code) */ - 'oauth-callback-url' => 'http://localhost/callback-url', + 'oauth-callback-url' => '{{ oauth_callback_url }}', /** * For OIDC servers that support the discovery protocol.
