Store saml remote user configuration separately from sssd lookup

saml configuration (mod_auth_mellon) uses a different delimiter from sssd type configurations. The templates have been changed to reflect this change. The appliance console is now respecting this change
ManageIQ · Sep 3, 2024 · 5e9e7a4 · 5e9e7a4
1 parent b77d60d
commit 5e9e7a4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/lib/manageiq/appliance_console/saml_authentication.rb b/lib/manageiq/appliance_console/saml_authentication.rb
@@ -90,13 +90,21 @@ def fetch_idp_metadata
 
       def copy_apache_saml_configfiles
         debug_msg("Copying Apache SAML Config files ...")
-        copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf")
+        # introduced manageiq-remote-user-saml.conf in 4.7.1.
+        # this File.exist? will no longer be needed after 4.7.2
+        if File.exist?(File.join(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-saml.conf"))
+          copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-saml.conf")
+        else
+          copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf")
+        end
         copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf")
       end
 
       def remove_apache_saml_configfiles
         debug_msg("Removing Apache SAML Config files ...")
+        # legacy systems may still  have it stored as the old name
         remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf"))
+        remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user-saml.conf"))
         remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf"))
       end
 

diff --git a/spec/saml_authentication_spec.rb b/spec/saml_authentication_spec.rb
@@ -35,6 +35,7 @@
       downloaded_idp_metadata = "/tmp/downloaded_idp_metadata.xml"
       subject = described_class.new(:saml_idp_metadata => downloaded_idp_metadata)
 
+      expect(File).to receive(:exist?).with("#{described_class::HTTPD_CONFIG_DIRECTORY}/manageiq-remote-user-saml.conf").and_return(true)
       expect(File).to receive(:exist?).with(downloaded_idp_metadata).and_return(true)
       expect(FileUtils).to receive(:cp).with(downloaded_idp_metadata, described_class::IDP_METADATA_FILE).and_return(true)
       allow(Dir).to receive(:chdir).with(described_class::SAML2_CONFIG_DIRECTORY).and_yield
@@ -43,7 +44,7 @@
                                                   :params => ["https://#{client_host}", "https://#{client_host}/saml2"])
 
       allow(subject).to receive(:copy_template)
-      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf").and_return(true)
+      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-saml.conf").and_return(true)
       expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf").and_return(true)
 
       expect(subject).to receive(:say).with("Setting Appliance Authentication Settings to SAML ...")
@@ -69,13 +70,14 @@
       idp_metadata_url = "http://idp.example.com/idp_metadata.xml"
       subject = described_class.new(:saml_idp_metadata => idp_metadata_url)
 
+      expect(File).to receive(:exist?).with("#{described_class::HTTPD_CONFIG_DIRECTORY}/manageiq-remote-user-saml.conf").and_return(true)
       allow(Dir).to receive(:chdir).with(described_class::SAML2_CONFIG_DIRECTORY).and_yield
       expect(AwesomeSpawn).to receive(:run!).with(described_class::MELLON_CREATE_METADATA_COMMAND,
                                                   :chdir  => described_class::SAML2_CONFIG_DIRECTORY,
                                                   :params => ["https://#{client_host}", "https://#{client_host}/saml2"])
 
       allow(subject).to receive(:copy_template)
-      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf").and_return(true)
+      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-saml.conf").and_return(true)
       expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf").and_return(true)
       expect(subject).to receive(:download_network_file).with(idp_metadata_url, described_class::IDP_METADATA_FILE).and_return(true)
 
@@ -105,6 +107,7 @@
                                     :saml_enable_sso   => true)
 
       expect(File).to receive(:exist?).with(downloaded_idp_metadata).and_return(true)
+      expect(File).to receive(:exist?).with("#{described_class::HTTPD_CONFIG_DIRECTORY}/manageiq-remote-user-saml.conf").and_return(true)
       allow(Dir).to receive(:chdir).with(described_class::SAML2_CONFIG_DIRECTORY).and_yield
       expect(AwesomeSpawn).to receive(:run!).with(described_class::MELLON_CREATE_METADATA_COMMAND,
                                                   :chdir  => described_class::SAML2_CONFIG_DIRECTORY,
@@ -113,7 +116,7 @@
       expect(FileUtils).to receive(:cp).with(downloaded_idp_metadata, described_class::IDP_METADATA_FILE).and_return(true)
 
       allow(subject).to receive(:copy_template)
-      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user.conf").and_return(true)
+      expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-saml.conf").and_return(true)
       expect(subject).to receive(:copy_template).with(described_class::HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-saml.conf").and_return(true)
 
       expect(subject).to receive(:say).with("Setting Appliance Authentication Settings to SAML ...")
@@ -138,6 +141,7 @@
       allow(subject).to receive(:remove_file)
       expect(subject).to receive(:remove_file).with(described_class::HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf")).and_return(true)
       expect(subject).to receive(:remove_file).with(described_class::HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user.conf")).and_return(true)
+      expect(subject).to receive(:remove_file).with(described_class::HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user-saml.conf")).and_return(true)
 
       expect(subject).to receive(:say).with(/Unconfiguring SAML Authentication .../)
       expect(subject).to receive(:say).with(/Setting Appliance Authentication Settings to Database .../)