Skip to content
Snippets Groups Projects
Commit 621ade7a authored by Janis Streib's avatar Janis Streib :owl:
Browse files

Merge branch 'acme' into 'main' 

ACME

See merge request !4
parents 2a631abf 9ea26432
No related branches found
No related tags found
2 merge requests!4ACME,!2Draft: FQDN Token Workflow
Pipeline #283790 passed
Stage: check
Stage: deploy
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 21
3
View file @ 621ade7a
......@@ -41,12 +41,30 @@ deploy_devel:
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh net-suite-devel@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
- ssh www-netvs@netvs-devel.scc.kit.edu "${CI_PIPELINE_ID}"
needs:
- netvs_hub_cli
environment:
name: devel
url: https://netvs-devel.scc.kit.edu/hub
deploy_lab:
stage: deploy
only:
- devel
script:
- 'command -v ssh-agent || ( apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$NETVS_DEVEL_HUB_DEPLOY" | base64 -d | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-netvs@netvs-lab.scc.kit.edu "${CI_PIPELINE_ID}"
needs:
- netvs_hub_cli
environment:
name: lab
url: https://netvs-lab.scc.kit.edu/hub
deploy_prod:
stage: deploy
only:
......@@ -60,7 +78,7 @@ deploy_prod:
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
- ssh www-netvs@netvs.scc.kit.edu "${CI_PIPELINE_ID}"
needs:
- netvs_hub_cli
environment:
......@@ -78,7 +96,7 @@ deploy_test:
- chmod 700 ~/.ssh
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh www-net-suite@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
- ssh www-netvs@netvs-test.scc.kit.edu "${CI_PIPELINE_ID}"
needs:
- netvs_hub_cli
environment:
......
LICENSE
+ 2
2
View file @ 621ade7a
MIT License
Copyright (c) 2022 KIT | Steinbuch Centre for Computing - Abteilung Netze
Copyright (c) 2022 KIT | Scientific Computing Center (SCC) - Abteilung Netze
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
......@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
\ No newline at end of file
SOFTWARE.
json_templates/acme_serviceaccount.json
+ 74
11
View file @ 621ade7a
......@@ -3,12 +3,12 @@
"author": "KIT-CA Team <kit-ca-betrieb@scc.kit.edu>",
"target_api": "4.0",
"name": {
"de": "ACME Service-Account",
"en": "ACME service account"
"de": "Service-Account für ACME",
"en": "Service Account for ACME"
},
"description": {
"de": "Erstelle einen Service-Account für ACME4NETVS",
"en": "Create an service account for ACME4NETVS"
"de": "Erstelle einen Service-Account für ACME4NETVS.",
"en": "Create a service account for ACME4NETVS."
},
"list_display_name": {
"de": "Service-Account für ACME anlegen in der OE {{ ou_short_name }} für den Dienst {{ name }}.",
......@@ -31,9 +31,32 @@
"type": "typeahead",
"type_params": {
"query": [
{"idx":"own_mgr2ou_list","name":"cntl.mgr2ou.list","old":{"is_own":true}},
{"idx":"unit_list","name":"org.unit.list","inner_join_ref":{"own_mgr2ou_list":"default"},"old":{"sorting_params_list":["sub_position"]}},
{"idx":"unit_list_superset","name":"org.unit.list","inner_join_ref":{"unit_list":"api_func_org_unit_is_superset_of_root_node_set"}}
{
"idx": "own_mgr2ou_list",
"name": "cntl.mgr2ou.list",
"old": {
"is_own": true
}
},
{
"idx": "unit_list",
"name": "org.unit.list",
"inner_join_ref": {
"own_mgr2ou_list": "default"
},
"old": {
"sorting_params_list": [
"sub_position"
]
}
},
{
"idx": "unit_list_superset",
"name": "org.unit.list",
"inner_join_ref": {
"unit_list": "api_func_org_unit_is_superset_of_root_node_set"
}
}
],
"query_path": "unit_list_superset",
"display_value": "short_name",
......@@ -67,7 +90,7 @@
"en": "Domains for which certificates should be ordered. Subdomains of these domains are automatically included."
},
"list": true,
"type": "str"
"type": "fqdn"
},
"mgrs": {
"friendly_name": {
......@@ -98,7 +121,7 @@
"idx": "add_svc_to_ou",
"name": "cntl.mgr2ou.create",
"new": {
"ou_short_name": "{{ou_short_name}}"
"ou_short_name": "{{ ou_short_name }}"
},
"new_ref_params": [
{
......@@ -137,6 +160,14 @@
}
]
},
{
"idx": "tmpFqdnList",
"name": "tmp.generic_object.list",
"ref_params_join_on_val_attrs_tuple": ["item"],
"old": {
"_dict_list": "{{ domains }}"
}
},
{
"idx": "getFQDNS",
"name": "dns.fqdn.list",
......@@ -144,6 +175,38 @@
"value_list": "{{ domains }}"
}
},
{
"idx": "tmpExistingFqdnList",
"name": "tmp.generic_object.create",
"ref_params_join_on_val_attrs_tuple": ["item"],
"new_ref_params": [
{"idx": "getFQDNS", "params": {"item": "value"}}
]
},
{
"idx": "missingFqdns",
"name": "tmp.generic_object.create",
"ref_params_join_on_val_attrs_tuple": ["item"],
"new_ref_params": [
{ "idx": "tmpFqdnList" },
{ "idx": "tmpExistingFqdnList", "join_type": "full_anti", "join_on": "val" }
]
},
{
"idx": "createfqdn",
"name": "dns.fqdn.create",
"new": {
"type": "domain"
},
"new_ref_params": [
{
"idx": "missingFqdns",
"params": {
"value": "item"
}
}
]
},
{
"idx": "fqdn2group",
"name": "dns.fqdn2group.create",
......@@ -155,9 +218,9 @@
}
},
{
"idx": "getFQDNS",
"idx": "tmpFqdnList",
"params": {
"fqdn_value": "value"
"fqdn_value": "item"
},
"join_type": "cross"
}
......
json_templates/fqdn_token.json 0 → 100644
+ 198
0
View file @ 621ade7a
{
"schema_version": 1,
"author": "NETVS Team <netvs@scc.kit.edu>",
"target_api": "4.0",
"name": {
"de": "API-Token für FQDNs anlegen",
"en": "Create API Token for FQDNs"
},
"description": {
"de": "Ein API-Token anlegen, das auf eine Menge von Domains beschränkt ist. Hierzu wird automatisch ein Subaccount und eine Subgruppe erstellt, die die gewünschten Domains beinhalten. Anschließend wird ein API-Token für diesen Subaccount erstellt.",
"en": "Create an API token that is restricted to a set of domains. For this purpose, a subaccount and a subgroup containing the desired domains are automatically created. Subsequently, an API token is created for this subaccount."
},
"list_display_name": {
"de": "Ein API-Token anlegen, das auf die Domain(s) {{domains}} beschränkt ist.",
"en": "Create an API token with access restricted to the domain(s) {{domains}}."
},
"display_variant": "create",
"variables": {
"description": {
"friendly_name": {
"de": "Beschreibung",
"en": "Description"
},
"optional": false,
"default": "",
"nullable": false,
"description": {
"de": "Aussagekräftige Beschreibung, wofür der Token genutzt wird, bspw. der Hostname des Systems, auf dem der Token benutzt werden soll.",
"en": "Meaningful description of what the token is used for, e.g. the hostname of the system on which the token should be used."
},
"type": "str"
},
"group_name": {
"friendly_name": {
"de": "Gruppe",
"en": "Group"
},
"optional": false,
"default": "",
"nullable": false,
"description": {
"de": "Bereits existierende Gruppe, die Zugriff auf die gewünschten (Sub-)Domains hat. Subdomains dieser Domains sind dabei mit eingeschlossen.",
"en": "Existing group that has access to the desired (sub) domains. Subdomains of these domains are included."
},
"type": "typeahead",
"type_params": {
"query": [
{
"idx": "group_list",
"name": "cntl.group.list",
"old": {
"is_own": true,
"is_sub": false
}
}
],
"query_path": "group_list",
"display_value": "name",
"return_value": "name"
}
},
"domains": {
"friendly_name": {
"de": "Domains",
"en": "Domains"
},
"optional": false,
"default": "",
"nullable": false,
"description": {
"de": "Domains, für die der Token Berechtigungen erhält. Subdomains dieser Domains sind automatisch mit eingeschlossen.",
"en": "Domains for which the token receives permissions. Subdomains of these domains are automatically included."
},
"list": true,
"type": "fqdn"
}
},
"transaction": [
{
"idx": "createSubMgr",
"name": "cntl.mgr.create",
"new": {
"allow_data_manipulation": true,
"description": "{{ description }}",
"do_copy_roles": true,
"is_svc": false
}
},
{
"idx": "createSubGroup",
"name": "cntl.group.create",
"new": {
"description": "{{ description }}",
"do_copy_assignments": false,
"do_idm_sync": false,
"do_refresh_idm_sync": false,
"idm_sync_max_mgr_count": 20,
"parent_name": "{{ group_name }}"
}
},
{
"idx": "addMgrToSubGroup",
"name": "cntl.mgr2group.create",
"new_ref_params": [
{
"idx": "createSubGroup",
"params": {
"group_name": "name"
}
},
{
"idx": "createSubMgr",
"params": {
"mgr_login_name": "login_name"
},
"join_type": "inner"
}
]
},
{
"idx": "getExistingFQDNs",
"name": "dns.fqdn.list",
"old": {
"value_list": "{{ domains }}"
}
},
{
"idx": "defineWantedFQDNs",
"name": "tmp.generic_object.list",
"ref_params_join_on_val_attrs_tuple": [
"item"
],
"old": {
"_dict_list": "{{ domains }}"
}
},
{
"idx": "createMissingFQDN",
"name": "dns.fqdn.create",
"new": {
"type": "domain"
},
"new_ref_params": [
{
"idx": "getExistingFQDNs",
"params": {
"value": "value"
}
},
{
"idx": "defineWantedFQDNs",
"join_type": "full_anti",
"join_on": "val",
"params": {
"value": "item"
}
}
]
},
{
"idx": "fqdn2group",
"name": "dns.fqdn2group.create",
"new_ref_params": [
{
"idx": "createSubGroup",
"params": {
"group_name": "name"
}
},
{
"idx": "defineWantedFQDNs",
"params": {
"fqdn_value": "item"
},
"join_type": "cross"
}
]
},
{
"idx": "createToken",
"name": "cntl.wapi_auth.create",
"new": {
"description": "{{ description }}"
},
"new_ref_params": [
{
"idx": "createSubMgr",
"params": {
"login_name": "login_name"
}
}
]
}
],
"returning": [
"createToken"
]
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Help | Imprint | Privacy policy | Accessibility | Contact