Example #1
0
func (s *MongoSuite) SetUpTest(c *C) {
	s.reset()
	s.Session = juju_testing.MgoServer.MustDial()
	{
		store, err := mongo.NewMongoStore(s.Session, "affinity_store_suite", "", "")
		c.Assert(err, IsNil)
		s.StoreSuite = testing.NewStoreSuite(store)
		s.StoreTests.SetUp(c)
	}
	{
		store, err := mongo.NewMongoStore(s.Session, "affinity_rbac_suite", "", "")
		c.Assert(err, IsNil)
		s.RbacSuite = testing.NewRbacSuite(store)
		s.RbacTests.SetUp(c)
	}
}
Example #2
0
func (s *MongoAuthSuite) SetUpTest(c *C) {
	s.reset()
	s.Session = juju_testing.MgoServer.MustDial()
	c.Assert(s.setPassword(), IsNil)
	{
		store, err := mongo.NewMongoStore(s.Session, "affinity_store_suite_auth", "admin", "password")
		c.Assert(err, IsNil)
		s.StoreSuite = testing.NewStoreSuite(store)
		s.StoreTests.SetUp(c)
	}
	{
		store, err := mongo.NewMongoStore(s.Session, "affinity_rbac_suite_auth", "admin", "password")
		c.Assert(err, IsNil)
		s.RbacSuite = testing.NewRbacSuite(store)
		s.RbacTests.SetUp(c)
	}
}
Example #3
0
func main() {
	flag.Parse()

	// affinity only redirects to https:// URLs for OpenID.
	// We'll create some self-signed certs for the demo if needed.
	err := examples.BuildCerts(*keyFile, *certFile, "localhost:8443")
	if err != nil {
		die(err)
	}

	session, err := mgo.Dial(*mgoAddr)
	if err != nil {
		die(fmt.Errorf("Failed to connect to store:%v", err))
	}

	rbacStore, err := rbac_mongo.NewMongoStore(session, *mgoDbName, "", "")
	if err != nil {
		die(fmt.Errorf("Failed to find store:%v", err))
	}

	sessionStore := sessions.NewCookieStore(
		securecookie.GenerateRandomKey(32),
		securecookie.GenerateRandomKey(32),
	)

	demoContext := DemoHandler{
		Store:  rbacStore,
		Scheme: usso.NewOpenIdWeb("openid-demo", "", sessionStore),
	}

	r := mux.NewRouter()
	r.Handle("/", HomeHandler{&demoContext})
	r.Handle("/login", LoginHandler{&demoContext})
	r.Handle("/openidcallback", CallbackHandler{&demoContext})

	// Send all incoming requests to mux.DefaultRouter.
	go http.ListenAndServe(":8080", RedirectToTls{})
	err = http.ListenAndServeTLS(":8443", *certFile, *keyFile, r)
	if err != nil {
		die(err)
	}
}
Example #4
0
func (c *serveCmd) Main() {
	if c.extName == "" {
		Usage(c, "--name is required")
	}

	c.serviceAdmins = strings.Split(c.serviceAdminCsv, ",")
	for i := range c.serviceAdmins {
		c.serviceAdmins[i] = strings.TrimSpace(c.serviceAdmins[i])
	}

	session, err := mgo.Dial(c.mongo)
	if err != nil {
		die(err)
	}
	store, err := mongo.NewMongoStore(session, c.dbname, "", "")
	if err != nil {
		die(err)
	}

	s := NewGroupServer(store)

	// Grant service role to configured admins
	for _, serviceAdmin := range c.serviceAdmins {
		admin := rbac.NewAdmin(store, group.GroupRoles)
		u, err := affinity.ParseUser(serviceAdmin)
		if err != nil {
			die(err)
		}
		err = admin.Grant(u, group.ServiceRole, group.ServiceResource)
		if err != nil {
			log.Println("Warning:", err)
		}
	}

	s.Schemes.Register(usso.NewOauthCli(c.extName, &affinity.PasswordUnavailable{}))
	err = http.ListenAndServe(c.addr, s)
	die(err)
}