From 461a03e9c240ee27668b76799d2b26b18353084a Mon Sep 17 00:00:00 2001 From: Sebastian Luna-Valero Date: Thu, 22 Aug 2024 11:42:26 +0200 Subject: [PATCH 1/3] generalize building of eduPersonEntitlement --- defaults/main.yml | 9 ++++++++- tasks/main.yml | 26 +++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index da243ec..9335aeb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,2 +1,9 @@ ssh_oidc_my_vo: false -ssh_oidc_other_vos: '' \ No newline at end of file +ssh_oidc_other_vos_namespace: urn:mace:egi.eu +ssh_oidc_other_vos_name: '' +ssh_oidc_other_vos_groups: '' +#example: +#ssh_oidc_other_vos_groups: +#- my.group +ssh_oidc_other_vos_role: member +ssh_oidc_other_vos_gropu_authority: aai.egi.eu diff --git a/tasks/main.yml b/tasks/main.yml index 1dba391..2e8707c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -76,10 +76,31 @@ command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_OTHERS_IN_MY_VO' : 1 }) }}" when: ssh_oidc_my_vo +# Refernce: +# https://docs.egi.eu/users/aai/check-in/vos/expressing-vo-information/ +- name: set eduPersonEntitlement + set_fact: + eduPersonEntitlement: >- + {{ssh_oidc_other_vos_namespace}} + :group + :{{ssh_oidc_other_vos_name}} + {%for group in ssh_oidc_other_vos_groups %} + :{{group}} + {% endfor %} + {% if ssh_oidc_other_vos_role != '' %} + :role={{ssh_oidc_other_vos_role}} + {% endif %} + #{{ssh_oidc_other_vos_gropu_authority}} + +- name: Clean up and show eduPersonEntitlement that will be used + debug: + msg: "{{ eduPersonEntitlement | replace(' ','') }}" + register: eduPersonEntitlement_trimmed + - name: set SSH_AUTHORISE_VOS set_fact: - command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_VOS' : ['urn:mace:egi.eu:group:{{ssh_oidc_other_vos}}:role=member#aai.egi.eu'] }) }}" - when: ssh_oidc_other_vos != '' + command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_VOS' : ['{{ eduPersonEntitlement_trimmed.msg }}'] }) }}" + when: ssh_oidc_other_vos_name != '' - name: Use python3.8 in Ubuntu 18.08 lineinfile: @@ -102,7 +123,6 @@ command: contextualise_ssh_server {{OIDC_ACCESS_TOKEN}} args: chdir: /opt/motley_cue - creates: /opt/motley_cue/motley_cue.conf register: contextualise_ssh_server when: OIDC_ACCESS_TOKEN is defined environment: "{{command_env}}" From 684a05be82f3094142b9dea6ab15dbb56fea29ee Mon Sep 17 00:00:00 2001 From: Sebastian Luna-Valero Date: Fri, 23 Aug 2024 15:12:08 +0200 Subject: [PATCH 2/3] no gropu please --- defaults/main.yml | 2 +- tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 9335aeb..d9ff8bb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,4 +6,4 @@ ssh_oidc_other_vos_groups: '' #ssh_oidc_other_vos_groups: #- my.group ssh_oidc_other_vos_role: member -ssh_oidc_other_vos_gropu_authority: aai.egi.eu +ssh_oidc_other_vos_authority: aai.egi.eu diff --git a/tasks/main.yml b/tasks/main.yml index 2e8707c..1f5e469 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -90,7 +90,7 @@ {% if ssh_oidc_other_vos_role != '' %} :role={{ssh_oidc_other_vos_role}} {% endif %} - #{{ssh_oidc_other_vos_gropu_authority}} + #{{ssh_oidc_other_vos_authority}} - name: Clean up and show eduPersonEntitlement that will be used debug: From c854f92726a478b756989d258be15dff284c028e Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Thu, 5 Sep 2024 10:26:57 +0200 Subject: [PATCH 3/3] Minor changes --- molecule/default/converge.yml | 2 ++ tasks/main.yml | 51 ++++++++++++++++++----------------- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index f40d7d3..b67da33 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -25,6 +25,8 @@ - name: "Include grycap.motley-cue" include_role: name: "ansible-role-motley-cue" + vars: + ssh_oidc_other_vos_name: "vo.test.eu" # - slurp: src=/etc/docker/daemon.json diff --git a/tasks/main.yml b/tasks/main.yml index 1f5e469..c1fb464 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -76,30 +76,33 @@ command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_OTHERS_IN_MY_VO' : 1 }) }}" when: ssh_oidc_my_vo -# Refernce: -# https://docs.egi.eu/users/aai/check-in/vos/expressing-vo-information/ -- name: set eduPersonEntitlement - set_fact: - eduPersonEntitlement: >- - {{ssh_oidc_other_vos_namespace}} - :group - :{{ssh_oidc_other_vos_name}} - {%for group in ssh_oidc_other_vos_groups %} - :{{group}} - {% endfor %} - {% if ssh_oidc_other_vos_role != '' %} - :role={{ssh_oidc_other_vos_role}} - {% endif %} - #{{ssh_oidc_other_vos_authority}} - -- name: Clean up and show eduPersonEntitlement that will be used - debug: - msg: "{{ eduPersonEntitlement | replace(' ','') }}" - register: eduPersonEntitlement_trimmed - -- name: set SSH_AUTHORISE_VOS - set_fact: - command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_VOS' : ['{{ eduPersonEntitlement_trimmed.msg }}'] }) }}" +- block: + + # Refernce: + # https://docs.egi.eu/users/aai/check-in/vos/expressing-vo-information/ + - name: set eduPersonEntitlement + set_fact: + eduPersonEntitlement: >- + {{ssh_oidc_other_vos_namespace}} + :group + :{{ssh_oidc_other_vos_name}} + {%for group in ssh_oidc_other_vos_groups %} + :{{group}} + {% endfor %} + {% if ssh_oidc_other_vos_role != '' %} + :role={{ssh_oidc_other_vos_role}} + {% endif %} + #{{ssh_oidc_other_vos_authority}} + + - name: Clean up and show eduPersonEntitlement that will be used + debug: + msg: "{{ eduPersonEntitlement | replace(' ','') }}" + register: eduPersonEntitlement_trimmed + + - name: set SSH_AUTHORISE_VOS + set_fact: + command_env: "{{ command_env | combine ({ 'SSH_AUTHORISE_VOS' : ['{{ eduPersonEntitlement_trimmed.msg }}'] }) }}" + when: ssh_oidc_other_vos_name != '' - name: Use python3.8 in Ubuntu 18.08