Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove auth-constraint from web.xml if preauthenticated mode enabled #190

Merged
merged 1 commit into from
Mar 8, 2016
Merged

Remove auth-constraint from web.xml if preauthenticated mode enabled #190

merged 1 commit into from
Mar 8, 2016

Conversation

danifr
Copy link
Member

@danifr danifr commented Mar 2, 2016

When I opened the PR for configuring preauthenticated mode (#175), I forgot this:

From the rundeck docs:
The file WEB-INF/web.xml inside the war contents must be modified to remove the <auth-constraint> element. This disables the behavior which causes the Container to trigger its authentication mechanism when a user browses to a Rundeck page requiring authorizaton.

This patch should take of it.

@danifr danifr force-pushed the preauth_auth-constraint branch from d81fe75 to 4f9842d Compare March 2, 2016 10:07
@jyaworski
Copy link
Member

Can you add something to reinstate it if one chooses to not use preauthenticated mode?

@danifr danifr force-pushed the preauth_auth-constraint branch from 4f9842d to 13607c2 Compare March 4, 2016 15:47
@danifr
Copy link
Member Author

danifr commented Mar 4, 2016

@jyaworski let me know what you think

jyaworski
jyaworski reviewed Mar 4, 2016
View reviewed changes
manifests/config/global/web.pp
lens => 'Xml.lns',
incl => $rundeck::params::web_xml,
changes => [ "set web-app/security-constraint[last()+1]/auth-constraint/role-name/#text '*'" ],
onlyif => 'match web-app/security-constraint/auth-constraint/role-name size == 0'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to do this without an onlyif?

https://projects.puppetlabs.com/projects/1/wiki/puppet_augeas#A-Better-Way

If not, it's not a blocker.

@jyaworski
Copy link
Member

Tests fail.

@danifr danifr force-pushed the preauth_auth-constraint branch from 13607c2 to 880809b Compare March 8, 2016 10:36
@danifr
Copy link
Member Author

danifr commented Mar 8, 2016

Tests are broken. Even master fails.

11:31:22-root~/gits/puppet-rundeck (master)$ bundle exec rake $CHECK
---> syntax:manifests
---> syntax:templates
---> syntax:hiera:yaml
fatal: destination path 'spec/fixtures/modules/inifile' already exists and is not an empty directory.
fatal: destination path 'spec/fixtures/modules/archive' already exists and is not an empty directory.
fatal: destination path 'spec/fixtures/modules/stdlib' already exists and is not an empty directory.
/usr/bin/ruby -I/usr/local/share/gems/gems/rspec-core-3.4.3/lib:/usr/local/share/gems/gems/rspec-support-3.4.1/lib /usr/local/share/gems/gems/rspec-core-3.4.3/exe/rspec --pattern spec/\{classes,defines,unit,functions,hosts,integration,types\}/\*\*/\*_spec.rb --color

rundeck
  supported operating systems
    rundeck::config::global::aclpolicyfile class without any parameters on Debian
      should contain File[/etc/rundeck/admin.aclpolicy] with content  supplied string (FAILED - 1)
    rundeck::config::global::aclpolicyfile class without any parameters on RedHat
      should contain File[/etc/rundeck/admin.aclpolicy] with content  supplied string (FAILED - 2)
...

Same for #192

@jyaworski
Copy link
Member

I'm going to revert it. It's a lot more sinister to fix than I originally thought.

On Mar 8, 2016, at 5:41 AM, Daniel [email protected] wrote:

Tests are broken. Even master fails.

11:31:22-root~/gits/puppet-rundeck (master)$ bundle exec rake $CHECK
---> syntax:manifests
---> syntax:templates
---> syntax:hiera:yaml
fatal: destination path 'spec/fixtures/modules/inifile' already exists and is not an empty directory.
fatal: destination path 'spec/fixtures/modules/archive' already exists and is not an empty directory.
fatal: destination path 'spec/fixtures/modules/stdlib' already exists and is not an empty directory.
/usr/bin/ruby -I/usr/local/share/gems/gems/rspec-core-3.4.3/lib:/usr/local/share/gems/gems/rspec-support-3.4.1/lib /usr/local/share/gems/gems/rspec-core-3.4.3/exe/rspec --pattern spec/{classes,defines,unit,functions,hosts,integration,types}/**/*_spec.rb --color

rundeck
supported operating systems
rundeck::config::global::aclpolicyfile class without any parameters on Debian
should contain File[/etc/rundeck/admin.aclpolicy] with content supplied string (FAILED - 1)
rundeck::config::global::aclpolicyfile class without any parameters on RedHat
should contain File[/etc/rundeck/admin.aclpolicy] with content supplied string (FAILED - 2)
...
Same for #192


Reply to this email directly or view it on GitHub.

@danifr danifr force-pushed the preauth_auth-constraint branch from 880809b to b710ab3 Compare March 8, 2016 16:04
jyaworski added a commit that referenced this pull request Mar 8, 2016
@jyaworski
Merge pull request #190 from danifr/preauth_auth-constraint
922ad35 
Remove auth-constraint from web.xml if preauthenticated mode enabled
@jyaworski jyaworski merged commit 922ad35 into voxpupuli:master Mar 8, 2016
@danifr danifr deleted the preauth_auth-constraint branch March 10, 2016 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danifr @jyaworski