-
Notifications
You must be signed in to change notification settings - Fork 5
/
keystone-scim.spec
135 lines (117 loc) · 4.37 KB
/
keystone-scim.spec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
%define timestamp %(date +"%Y%m%d%H%M%S")
Name: keystone-scim
Version: %{_version}
Release: %{_release}
Summary: Keystone SCIM extension
License: Copyright 2014 Telefonica Investigación y Desarrollo, S.A.U
Distribution: noarch
Vendor: Telefonica I+D
Group: Applications/System
Packager: Telefonica I+D
Requires: openstack-keystone
autoprov: no
autoreq: no
Prefix: /opt
BuildArch: noarch
%define _target_os Linux
%define python_lib /usr/lib/python2.6/site-packages
%if 0%{?with_python27}
%define python_lib /usr/lib/python2.7/site-packages
%endif # if with_python27
%if 0%{?with_python36}
%define python_lib /usr/lib/python3.6/site-packages
%endif # if with_python36
%if 0%{?with_python39}
%define python_lib /usr/lib/python3.9/site-packages
%endif # if with_python39
%define check_paste %(test -e /etc/keystone/keystone-paste.ini && echo 1 || echo 0)
%if %check_paste
%define keystone_paste /etc/keystone/keystone-paste.ini
%else
%define keystone_paste /usr/share/keystone/keystone-dist-paste.ini
%endif
%define keystone_policy /etc/keystone/policy.json
%description
SCIM (System for Cross-domain Identity Management) extension for Keystone
%install
mkdir -p $RPM_BUILD_ROOT/%{python_lib}
cp -a %{_root}/keystone_scim $RPM_BUILD_ROOT/%{python_lib}
find $RPM_BUILD_ROOT/%{python_lib}/keystone_scim -name "*.pyc" -delete
%files
%defattr(644,root,root,755)
%{python_lib}/keystone_scim/*
%post
if ! grep -q -F "[filter:scim_extension]" "%{keystone_paste}"; then
echo "Adding SCIM extension to Keystone configuration."
sed -i \
-e '/^\[pipeline:api_v3\]$/,/^\[/ s/^pipeline\(.*\) service_v3$/pipeline\1 scim_extension service_v3/' \
-e 's/\[pipeline:api_v3\]/[filter:scim_extension]\npaste.filter_factory = keystone_scim.contrib.scim.routers:ScimRouter.factory\n\n&/' \
%{keystone_paste}
else
echo "SCIM extension already configured. Skipping."
fi
if ! grep -q -F "identity:scim_get_role" "%{keystone_policy}"; then
echo "Adding scim_get_role default policy."
sed -i "s/\"$/\",\n \"identity:scim_get_role\"\: \"rule:admin_required\"\n/" \
%{keystone_policy}
else
echo "Already defined scim_get_role policy. Skipping."
fi
if ! grep -q -F "identity:scim_list_roles" "%{keystone_policy}"; then
echo "Adding scim_list_roles default policy."
sed -i "s/\"$/\",\n \"identity:scim_list_roles\"\: \"rule:admin_required\"/" \
%{keystone_policy}
else
echo "Already defined scim_list_roles policy. Skipping."
fi
if ! grep -q -F "identity:scim_create_role" "%{keystone_policy}"; then
echo "Adding scim_create_role default policy."
sed -i "s/\"$/\",\n \"identity:scim_create_role\"\: \"rule:admin_required\"/" \
%{keystone_policy}
else
echo "Already defined scim_create_role policy. Skipping."
fi
if ! grep -q -F "identity:scim_update_role" "%{keystone_policy}"; then
echo "Adding scim_update_role default policy."
sed -i "s/\"$/\",\n \"identity:scim_update_role\"\: \"rule:admin_required\"/" \
%{keystone_policy}
else
echo "Already defined scim_update_role policy. Skipping."
fi
if ! grep -q -F "identity:scim_delete_role" "%{keystone_policy}"; then
echo "Adding scim_delete_role default policy."
sed -i "s/\"$/\",\n \"identity:scim_delete_role\"\: \"rule:admin_required\"/" \
%{keystone_policy}
else
echo "Already defined scim_delete_role policy. Skipping."
fi
if ! grep -q -F "identity:scim_get_service_provider_configs" "%{keystone_policy}"; then
echo "Adding scim_get_service_provider_configs default policy."
sed -i "s/\"$/\",\n \"identity:scim_get_service_provider_configs\"\: \"\"/" \
%{keystone_policy}
else
echo "Already defined scim_get_service_provider_configs. Skipping."
fi
if ! grep -q -F "identity:scim_get_schemas" "%{keystone_policy}"; then
echo "Adding scim_get_schemas default policy."
sed -i "s/\"$/\",\n \"identity:scim_get_schemas\"\: \"\"/" \
%{keystone_policy}
else
echo "Already defined scim_get_schemas. Skipping."
fi
ln -fs %{python_lib}/keystone_scim/contrib/scim %{python_lib}/keystone/contrib
echo "SCIM extension installed successfully. Restart Keystone daemon to take effect."
%preun
if [ $1 -gt 0 ] ; then
# upgrading: no remove extension
exit 0
fi
if grep -q -F "[filter:scim_extension]" "%{keystone_paste}"; then
echo "Removing SCIM extension from Keystone configuration."
sed -i \
-e "/\[filter:scim_extension\]/,+2 d" \
-e 's/scim_extension //g' \
%{keystone_paste}
else
echo "SCIM extension not configured. Skipping."
fi