| |
@@ -1,27 +1,8 @@
|
| |
from ipsilon.util import config as pconfig
|
| |
+ from ipsilon.info.common import InfoProviderBase
|
| |
from ipsilon.info.infosssd import InfoProvider as SSSDInfoProvider
|
| |
|
| |
|
| |
- AWS_IDP_ARN = "arn:aws:iam::125523088429:saml-provider/id.fedoraproject.org"
|
| |
- AWS_GROUPS = {
|
| |
- "aws-master": "arn:aws:iam::125523088429:role/aws-master",
|
| |
- "aws-iam": "arn:aws:iam::125523088429:role/aws-iam",
|
| |
- "aws-billing": "arn:aws:iam::125523088429:role/aws-billing",
|
| |
- "aws-atomic": "arn:aws:iam::125523088429:role/aws-atomic",
|
| |
- "aws-s3-readonly": "arn:aws:iam::125523088429:role/aws-s3-readonly",
|
| |
- "aws-fedoramirror": "arn:aws:iam::125523088429:role/aws-fedoramirror",
|
| |
- "aws-s3": "arn:aws:iam::125523088429:role/aws-s3",
|
| |
- "aws-cloud-poc": "arn:aws:iam::125523088429:role/aws-cloud-poc",
|
| |
- "aws-infra": "arn:aws:iam::125523088429:role/aws-infra",
|
| |
- "aws-docs": "arn:aws:iam::125523088429:role/aws-docs",
|
| |
- "aws-copr": "arn:aws:iam::125523088429:role/aws-copr",
|
| |
- "aws-centos": "arn:aws:iam::125523088429:role/aws-centos",
|
| |
- "aws-min": "arn:aws:iam::125523088429:role/aws-min",
|
| |
- "aws-fedora-ci": "arn:aws:iam::125523088429:role/aws-fedora-ci",
|
| |
- "aws-fcos-mgmt": "arn:aws:iam::125523088429:role/aws-fcos-mgmt",
|
| |
- }
|
| |
-
|
| |
-
|
| |
class InfoProvider(SSSDInfoProvider):
|
| |
def __init__(self, *kwargs):
|
| |
super().__init__(*kwargs)
|
| |
@@ -32,16 +13,37 @@
|
| |
self.new_config(
|
| |
self.name,
|
| |
pconfig.Condition(
|
| |
- "preconfigured", "SSSD can only be used when pre-configured", False
|
| |
- ),
|
| |
+ 'preconfigured',
|
| |
+ 'FAS can only be used when SSSd is pre-configured',
|
| |
+ False),
|
| |
+ pconfig.String(
|
| |
+ 'aws idp arn',
|
| |
+ 'The AWS IDP ARN.',
|
| |
+ ''),
|
| |
+ pconfig.MappingList(
|
| |
+ 'aws groups',
|
| |
+ 'AWS groups mapping',
|
| |
+ []),
|
| |
)
|
| |
|
| |
def get_user_attrs(self, user):
|
| |
reply = super().get_user_attrs(user)
|
| |
reply["_extras"]["awsroles"] = []
|
| |
+ aws_idp_arn = self.get_config_value("aws idp arn")
|
| |
+ if not aws_idp_arn:
|
| |
+ return reply
|
| |
+ aws_groups = dict(self.get_config_value("aws groups"))
|
| |
for group in reply["_groups"]:
|
| |
- if group in AWS_GROUPS:
|
| |
+ if group in aws_groups:
|
| |
reply["_extras"]["awsroles"].append(
|
| |
- "%s,%s" % (AWS_IDP_ARN, AWS_GROUPS[group])
|
| |
+ "%s,%s" % (aws_idp_arn, aws_groups[group])
|
| |
)
|
| |
return reply
|
| |
+
|
| |
+ # SSSD disables the admin UI, but we want it.
|
| |
+
|
| |
+ def get_config_obj(self):
|
| |
+ return InfoProviderBase.get_config_obj(self)
|
| |
+
|
| |
+ def save_plugin_config(self, config=None):
|
| |
+ return InfoProviderBase.save_plugin_config(self, config)
|
| |
abompard
commented 2 years ago
Also, update the default when installing with IPA.