Create a resource for downloading attribute map files

redhat-openstack · Sep 29, 2014 · 8046a26 · 8046a26
1 parent 4bb1576
commit 8046a26
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 22 deletions.
diff --git a/manifests/mod/shib/attribute_map.pp b/manifests/mod/shib/attribute_map.pp
@@ -0,0 +1,32 @@
+define apache::mod::shib::attribute_map(
+	$attribute_map_uri,
+	$attribute_map_dir 	= $apache::mod::shib::shib_conf_dir,
+	$attribute_map_name = inline_template("<%= attribute_map_uri.split('/').last  %>"),
+	$max_age	= '21'
+){
+
+	require apache::mod::shib
+
+	$attribute_map = "${attribute_map_dir}/${attribute_map_name}"
+
+	# Download the attribute map, refresh after $max_age days
+	exec{"get_${name}_attribute_map":
+		path	=> ['/usr/bin'],
+		command => "wget ${attribute_map_uri} -O ${attribute_map}",
+		unless	=> "test `find ${attribute_map} -mtime +${max_age}`",
+		notify	=> Service['httpd'],
+	}
+
+	# Make sure the shibboleth config is pointing at the attribute map
+	augeas{"shib_${name}_attribute_map":
+		lens		=> 'Xml.lns',
+		incl		=> $apache::mod::shib::shib_conf,
+		context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults",
+		changes => [
+			"set AttributeExtractor/#attribute/path ${attribute_map_name}",
+		],
+		notify	=> Service['httpd'],
+		require => Exec["get_${name}_attribute_map"],
+	}
+
+}
diff --git a/manifests/mod/shib/metadata.pp b/manifests/mod/shib/metadata.pp
@@ -18,7 +18,7 @@
 	$cert_file		= "${cert_dir}/${cert_file_name}"
 
 	# Get the Metadata signing certificate
-	exec{'get_${name}_metadata_cert':
+	exec{"get_${name}_metadata_cert":
 		path	=> ['/usr/bin'],
 		command => "wget ${cert_uri} -O ${cert_file}",
 		creates => $cert_file,
@@ -35,7 +35,7 @@
 		],
 		onlyif	=> 'match MetadataProvider/#attribute/uri size == 0',
 		notify	=> Service['httpd'],
-		require => Exec['get_${name}_metadata_cert'],
+		require => Exec["get_${name}_metadata_cert"],
 	}
 
 	# This will update the attributes and child nodes if they change
@@ -54,7 +54,7 @@
 			"set MetadataProvider/MetadataFilter[2]/#attribute/certificate ${cert_file}",
 		],
 		notify	=> Service['httpd'],
-		require => [Exec['get_${name}_metadata_cert'],Augeas["shib_${name}_create_metadata_provider"]],
+		require => [Exec["get_${name}_metadata_cert"],Augeas["shib_${name}_create_metadata_provider"]],
 	}
 
 }
diff --git a/manifests/mod/shib/sso.pp b/manifests/mod/shib/sso.pp
@@ -1,7 +1,8 @@
 define apache::mod::shib::sso(
 	$discoveryURL				= undef,
 	$idpURL							= undef,
-	$discoveryProtocol	= "SAMLDS"
+	$discoveryProtocol	= "SAMLDS",
+	$ECP_support				= false
 ){
 
 	require apache::mod::shib
@@ -18,33 +19,22 @@
 			$entityID_aug = "rm SSO/#attribute/entityID"
 		}
 
-		augeas{"shib_sso_${name}_entityID":
-			lens		=> 'Xml.lns',
-			incl		=> $apache::mod::shib::shib_conf,
-			context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions",
-			changes => [$entityID_aug,],
-			notify	=> Service['httpd'],
-		}
-
 		if $discoveryURL {
 			$discoveryURL_aug = "set SSO/#attribute/discoveryURL ${discoveryURL}"
 		} else {
 			$discoveryURL_aug = "rm SSO/#attribute/discoveryURL"
 		}
 
-		augeas{"shib_sso_${name}_discoveryURL":
-			lens		=> 'Xml.lns',
-			incl		=> $apache::mod::shib::shib_conf,
-			context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions",
-			changes => [$discoveryURL_aug,],
-			notify	=> Service['httpd'],
-		}
-
-		augeas{"shib_sso_${name}_discoveryProtocol":
+		augeas{"shib_sso_${name}_attributes":
 			lens		=> 'Xml.lns',
 			incl		=> $apache::mod::shib::shib_conf,
 			context => "/files${apache::mod::shib::shib_conf}/SPConfig/ApplicationDefaults/Sessions",
-			changes => ["set SSO/#attribute/discoveryProtocol ${discoveryProtocol}",],
+			changes => [
+				$entityID_aug,
+				$discoveryURL_aug,
+				"set SSO/#attribute/discoveryProtocol ${discoveryProtocol}",
+				"set SSO/#attribute/ECP ${ECP_support}",
+			],
 			notify	=> Service['httpd'],
 		}
 	}