-
Notifications
You must be signed in to change notification settings - Fork 1
/
keystone-spassword.spec
127 lines (113 loc) · 4.07 KB
/
keystone-spassword.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
%define timestamp %(date +"%Y%m%d%H%M%S")
Name: keystone-spassword
Version: %{_version}
Release: %{_release}
Summary: Keystone SPASSWORD extension
License: Copyright 2015 Telefonica Investigación y Desarrollo, S.A.U
Distribution: noarch
Vendor: Telefonica I+D
Group: Applications/System
Packager: Telefonica I+D
Requires: openstack-keystone keystone-scim cracklib
autoprov: no
autoreq: no
Prefix: /opt
BuildArch: noarch
%define _target_os Linux
%define python_lib /usr/lib/python2.6/site-packages
%if 0%{?with_python27}
%define python_lib /usr/lib/python2.7/site-packages
%endif # if with_python27
%if 0%{?with_python36}
%define python_lib /usr/lib/python3.6/site-packages
%endif # if with_python36
%if 0%{?with_python39}
%define python_lib /usr/lib/python3.9/site-packages
%endif # if with_python39
%define check_paste %(test -e /etc/keystone/keystone-paste.ini && echo 1 || echo 0)
%if %{check_paste}
%define keystone_paste /etc/keystone/keystone-paste.ini
%else
%define keystone_paste /usr/share/keystone/keystone-dist-paste.ini
%endif
%define keystone_conf /etc/keystone/keystone.conf
%description
SPASSWORD (System for ensure Strong passwords) extension for Keystone
%install
mkdir -p $RPM_BUILD_ROOT/%{python_lib}
mkdir -p $RPM_BUILD_ROOT/opt/keystone-patch
cp -a %{_root}/keystone_spassword $RPM_BUILD_ROOT/%{python_lib}
cp -a %{_root}/docker/*.patch $RPM_BUILD_ROOT/opt/keystone-patch
chmod 755 $RPM_BUILD_ROOT/opt/keystone-patch
chmod 644 $RPM_BUILD_ROOT/opt/keystone-patch/*.patch
find $RPM_BUILD_ROOT/%{python_lib}/keystone_spassword -name "*.pyc" -delete
%files
%defattr(644,root,root,755)
%{python_lib}/keystone_spassword/*
/opt/keystone-patch
%post
if ! grep -q -F "[filter:spassword_checker]" "%{keystone_paste}"; then
echo "Adding SPASSWORD extension to Keystone configuration."
sed -i \
-e '/^\[pipeline:api_v3\]$/,/^\[/ s/^pipeline\(.*\) scim_extension service_v3$/pipeline\1 spassword_checker scim_extension service_v3/' \
-e 's/\[pipeline:api_v3\]/[filter:spassword_checker]\npaste.filter_factory = keystone_spassword.contrib.spassword.routers:SPasswordExtension.factory\n\n&/' \
%{keystone_paste}
else
echo "SPASSWORD extension already configured. Skipping."
fi
openstack-config --set /etc/keystone/keystone.conf \
auth password keystone_spassword.contrib.spassword.SPassword
openstack-config --set /etc/keystone/keystone.conf \
identity driver keystone_spassword.contrib.spassword.backends.sql.Identity
if ! grep -q -F "[spassword]" "%{keystone_conf}"; then
echo "Adding spassword config "
echo "
[spassword]
enabled=true
pwd_max_tries=5
pwd_block_minutes=30
pwd_exp_days=365
pwd_user_blacklist=
smtp_server='0.0.0.0'
smtp_port=587
smtp_tls=true
smtp_user='[email protected]'
smtp_password='yourpassword'
smtp_from='smtpuser'
sndfa=false
sndfa_endpoint='localhost:5001'
sndfa_time_window=24
">> %{keystone_conf}
fi
ln -fs %{python_lib}/keystone_spassword/contrib/spassword %{python_lib}/keystone/contrib
echo "SPASSWORD extension installed successfully. Restart Keystone daemon to take effect."
%preun
if [ $1 -gt 0 ] ; then
# upgrading: remove extension spassword_time
if grep -q -F "[filter:spassword_time]" "%{keystone_paste}"; then
echo "Removing old SPASSWORD extension from Keystone configuration."
sed -i \
-e "/\[filter:spassword_time\]/,+2 d" \
-e 's/spassword_time //g' \
%{keystone_paste}
fi
exit 0
fi
if grep -q -F "[filter:spassword_checker]" "%{keystone_paste}"; then
echo "Removing SPASSWORD extension from Keystone configuration."
sed -i \
-e "/\[filter:spassword_checker\]/,+2 d" \
-e 's/spassword_checker //g' \
%{keystone_paste}
else
echo "SPASSWORD extension not configured. Skipping."
fi
if grep -q -F "[filter:spassword_checker]" "%{keystone_conf}"; then
echo "Removing SPASSWORD password and identity plugin extensions from Keystone configuration."
sed -i \
-e 's/password=keystone_spassword.contrib.spassword.SPassword//g' \
-e 's/driver=keystone_spassword.contrib.spassword.backends.sql.Identity//g' \
%{keystone_conf}
else
echo "SPASSWORD extension not configured. Skipping."
fi