Add OpenID login provider support to Zanata config

We want users to sign in using openstackid.org. This requires changes to the Zanata config to specify an OpenID provider and to disable the existing internal login so we don't wind up with multiple login buttons. Make OpenID configuration optional so others can still use the module without it. Also allow the admin user list to be configured. Change-Id: I3688688ef37fea602b107fba17dcc8d6f40f9275
2015-03-19 18:31:58 -07:00 · 2015-03-19 18:31:58 -07:00 · 4eb426f70d
commit 4eb426f70d
parent 5a05d35e14
2 changed files with 18 additions and 6 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -32,6 +32,8 @@ class zanata(
  $zanata_default_from_address = '',
  $zanata_storage_dir = '/home/wildfly/zanata',

+  $zanata_openid_provider_url = '',
+  $zanata_admin_users = '',

 ) {

--- a/templates/standalone.xml.erb
+++ b/templates/standalone.xml.erb
@ -163,9 +163,9 @@
                    </pool>
                    <security>
                        <user-name><%= @zanata_db_username %></user-name>
-			<% if @zanata_db_password != '' -%>
+<% if @zanata_db_password != '' -%>
                        <password><%= @zanata_db_password %></password>
-			<% end -%>
+<% end -%>
                    </security>
                    <statement>
                        <track-statements>NOWARN</track-statements>
@ -413,14 +413,19 @@
        </subsystem>
        <subsystem xmlns="urn:jboss:domain:naming:2.0">
            <bindings>
+<% if @zanata_openid_provider_url == '' -%>
                <simple name="java:global/zanata/security/auth-policy-names/internal" value="zanata.internal"/>
+<% end -%>
                <simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/>
-                <!--<simple name="java:global/zanata/security/admin-users" value=""/>-->
+<% if @zanata_admin_users != '' -%>
+                <simple name="java:global/zanata/security/admin-users" value="<%= @zanata_admin_users %>"/>
+<% else -%>
                <simple name="java:global/zanata/security/admin-users" value="admin"/>
+<% end -%>
                <simple name="java:global/zanata/files/document-storage-directory" value="<%= @zanata_storage_dir %>/files"/>
-		<% if @zanata_default_from_address != '' -%>
+<% if @zanata_default_from_address != '' -%>
                <simple name="java:global/zanata/email/default-from-address" value="<%= @zanata_default_from_address %>"/>
-		<% end -%>
+<% end -%>
            </bindings>
            <remote-naming/>
        </subsystem>
@ -445,7 +450,12 @@
                </security-domain>
                <security-domain name="zanata.openid">
                    <authentication>
-                        <login-module code="org.zanata.security.OpenIdLoginModule" flag="required"/>
+
+                        <login-module code="org.zanata.security.OpenIdLoginModule" flag="required">
+<% if @zanata_openid_provider_url != '' -%>
+                            <module-option name="providerURL" value="<%= @zanata_openid_provider_url %>" />
+<% end -%>
+                        </login-module>
                    </authentication>
                </security-domain>
                <security-domain name="zanata.jaas">