Skip to content

Commit 87318eb

Browse files
FryguyFryguy
authored
Merge pull request #1155 from kbrock/delimiters
CP4AIOPS-3113 pass delimiter for groups
2 parents 94780c8 + 5104e9e commit 87318eb

File tree

1 file changed

+25
-22
lines changed
  • manageiq-operator/api/v1alpha1/helpers/miq-components

1 file changed

+25
-22
lines changed

manageiq-operator/api/v1alpha1/helpers/miq-components/httpd_conf.go

Lines changed: 25 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,7 @@ func httpdExternalAuthConf(enableLocalLogin bool) string {
130130
httpdAuthLoginFormConf(),
131131
httpdAuthApplicationAPIConf("Basic", "\"External Authentication (httpd) for API\"", apiExtraConfig, enableLocalLogin),
132132
httpdAuthLookupUserDetailsConf(),
133-
httpdAuthRemoteUserConf(),
133+
httpdAuthRemoteUserConf(":"),
134134
)
135135
}
136136

@@ -172,7 +172,7 @@ func httpdADAuthConf(enableLocalLogin bool) string {
172172
httpdAuthLoginFormConf(),
173173
httpdAuthApplicationAPIConf("Basic", "\"External Authentication (httpd) for API\"", apiExtraConfig, enableLocalLogin),
174174
httpdAuthLookupUserDetailsConf(),
175-
httpdAuthRemoteUserConf(),
175+
httpdAuthRemoteUserConf(":"),
176176
)
177177
}
178178

@@ -198,7 +198,7 @@ LoadModule auth_mellon_module modules/mod_auth_mellon.so
198198
MellonEndpointPath "/saml2"
199199
200200
MellonUser username
201-
MellonMergeEnvVars On
201+
MellonMergeEnvVars On ";"
202202
203203
MellonSetEnvNoPrefix "REMOTE_USER" username
204204
MellonSetEnvNoPrefix "REMOTE_USER_EMAIL" email
@@ -216,7 +216,7 @@ LoadModule auth_mellon_module modules/mod_auth_mellon.so
216216
217217
%s
218218
`
219-
return fmt.Sprintf(s, httpdAuthRemoteUserConf())
219+
return fmt.Sprintf(s, httpdAuthRemoteUserConf(";"))
220220
}
221221

222222
func httpdOIDCAuthConf(spec *miqv1alpha1.ManageIQSpec) string {
@@ -281,14 +281,15 @@ RequestHeader unset X-REMOTE_USER
281281
RequestHeader unset X_REMOTE-USER
282282
RequestHeader unset X_REMOTE_USER
283283
284-
RequestHeader set X_REMOTE_USER %%{OIDC_CLAIM_PREFERRED_USERNAME}e env=OIDC_CLAIM_PREFERRED_USERNAME
285-
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
286-
RequestHeader set X_REMOTE_USER_EMAIL %%{OIDC_CLAIM_EMAIL}e env=OIDC_CLAIM_EMAIL
287-
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{OIDC_CLAIM_GIVEN_NAME}e env=OIDC_CLAIM_GIVEN_NAME
288-
RequestHeader set X_REMOTE_USER_LASTNAME %%{OIDC_CLAIM_FAMILY_NAME}e env=OIDC_CLAIM_FAMILY_NAME
289-
RequestHeader set X_REMOTE_USER_FULLNAME %%{OIDC_CLAIM_NAME}e env=OIDC_CLAIM_NAME
290-
RequestHeader set X_REMOTE_USER_GROUPS %%{OIDC_CLAIM_GROUPS}e env=OIDC_CLAIM_GROUPS
291-
RequestHeader set X_REMOTE_USER_DOMAIN %%{OIDC_CLAIM_DOMAIN}e env=OIDC_CLAIM_DOMAIN
284+
RequestHeader set X_REMOTE_USER %%{OIDC_CLAIM_PREFERRED_USERNAME}e env=OIDC_CLAIM_PREFERRED_USERNAME
285+
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
286+
RequestHeader set X_REMOTE_USER_EMAIL %%{OIDC_CLAIM_EMAIL}e env=OIDC_CLAIM_EMAIL
287+
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{OIDC_CLAIM_GIVEN_NAME}e env=OIDC_CLAIM_GIVEN_NAME
288+
RequestHeader set X_REMOTE_USER_LASTNAME %%{OIDC_CLAIM_FAMILY_NAME}e env=OIDC_CLAIM_FAMILY_NAME
289+
RequestHeader set X_REMOTE_USER_FULLNAME %%{OIDC_CLAIM_NAME}e env=OIDC_CLAIM_NAME
290+
RequestHeader set X_REMOTE_USER_GROUPS %%{OIDC_CLAIM_GROUPS}e env=OIDC_CLAIM_GROUPS
291+
RequestHeader set X_REMOTE_USER_GROUP_DELIMITER ","
292+
RequestHeader set X_REMOTE_USER_DOMAIN %%{OIDC_CLAIM_DOMAIN}e env=OIDC_CLAIM_DOMAIN
292293
`
293294
return fmt.Sprintf(
294295
s,
@@ -366,22 +367,24 @@ func httpdAuthLookupUserDetailsConf() string {
366367
`
367368
}
368369

369-
func httpdAuthRemoteUserConf() string {
370-
return `
370+
func httpdAuthRemoteUserConf(delimiter string) string {
371+
s := `
371372
RequestHeader unset X-REMOTE-USER
372373
RequestHeader unset X-REMOTE_USER
373374
RequestHeader unset X_REMOTE-USER
374375
RequestHeader unset X_REMOTE_USER
375376
376-
RequestHeader set X_REMOTE_USER %{REMOTE_USER}e env=REMOTE_USER
377-
RequestHeader set X_EXTERNAL_AUTH_ERROR %{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
378-
RequestHeader set X_REMOTE_USER_EMAIL %{REMOTE_USER_EMAIL}e env=REMOTE_USER_EMAIL
379-
RequestHeader set X_REMOTE_USER_FIRSTNAME %{REMOTE_USER_FIRSTNAME}e env=REMOTE_USER_FIRSTNAME
380-
RequestHeader set X_REMOTE_USER_LASTNAME %{REMOTE_USER_LASTNAME}e env=REMOTE_USER_LASTNAME
381-
RequestHeader set X_REMOTE_USER_FULLNAME %{REMOTE_USER_FULLNAME}e env=REMOTE_USER_FULLNAME
382-
RequestHeader set X_REMOTE_USER_GROUPS %{REMOTE_USER_GROUPS}e env=REMOTE_USER_GROUPS
383-
RequestHeader set X_REMOTE_USER_DOMAIN %{REMOTE_USER_DOMAIN}e env=REMOTE_USER_DOMAIN
377+
RequestHeader set X_REMOTE_USER %%{REMOTE_USER}e env=REMOTE_USER
378+
RequestHeader set X_EXTERNAL_AUTH_ERROR %%{EXTERNAL_AUTH_ERROR}e env=EXTERNAL_AUTH_ERROR
379+
RequestHeader set X_REMOTE_USER_EMAIL %%{REMOTE_USER_EMAIL}e env=REMOTE_USER_EMAIL
380+
RequestHeader set X_REMOTE_USER_FIRSTNAME %%{REMOTE_USER_FIRSTNAME}e env=REMOTE_USER_FIRSTNAME
381+
RequestHeader set X_REMOTE_USER_LASTNAME %%{REMOTE_USER_LASTNAME}e env=REMOTE_USER_LASTNAME
382+
RequestHeader set X_REMOTE_USER_FULLNAME %%{REMOTE_USER_FULLNAME}e env=REMOTE_USER_FULLNAME
383+
RequestHeader set X_REMOTE_USER_GROUPS %%{REMOTE_USER_GROUPS}e env=REMOTE_USER_GROUPS
384+
RequestHeader set X_REMOTE_USER_GROUP_DELIMITER "%s"
385+
RequestHeader set X_REMOTE_USER_DOMAIN %%{REMOTE_USER_DOMAIN}e env=REMOTE_USER_DOMAIN
384386
`
387+
return fmt.Sprintf(s, delimiter)
385388
}
386389

387390
func uiHttpdConfig(protocol string) string {

0 commit comments

Comments
 (0)