Guwan
/
ldap-matter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Puppet module for Mattermost-LDAP

This commit is contained in:
Crivaledaz 2017-08-17 00:34:12 +02:00
parent d0aaf4723e
commit 9b7cbdb413
18 changed files with 705 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Puppet/mattermostldap/Gemfile Executable file
View File

@ -0,0 +1,7 @@
source 'https://rubygems.org'
puppetversion = ENV.key?('PUPPET_VERSION') ? "= #{ENV['PUPPET_VERSION']}" : ['>= 3.3']
gem 'puppet', puppetversion
gem 'puppetlabs_spec_helper', '>= 0.1.0'
gem 'puppet-lint', '>= 0.3.2'
gem 'facter', '>= 1.7.0'

21
Puppet/mattermostldap/LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License
Copyright (c) 2017 Denis CLAVIER
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

281
Puppet/mattermostldap/README.md Executable file
View File

@ -0,0 +1,281 @@
Mattermost-LDAP Puppet Module
=============================
This is a puppet module to manage configuration and installation of Mattermost-LDAP.
## Overview
Mattermost-LDAP is a module which provides an external LDAP authentication in Mattermost for the Team Edition. Actually, Mattermost and LDAP are mainly used by companies which should manage their servers, services and configurations with automated processes. Many companies use Puppet, an open-source software configuration management tool, to automated their configuration deployement.
Mattermost-LDAP project provides a Puppet module to easily manage and configure the Oauth serveur and the LDAP for Mattermost.
## Module Description
This module installs and configures Mattermost-LDAP, to provide LDAP support on Mattermost. For more information about Mattermost-LDAP please refer to : https://github.com/Crivaledaz/Mattermost-LDAP
The use of this Puppet module substitute to the standard installation and configuration steps described on the Mattermost-LDAP project page. See below to install and configure Mattermost-LDAP with Puppet.
The Puppet Mattermost-LDAP module installs the Oauth server and associated files from a release archive provided in this repository, create and configure a database for the Oauth server depending on your database server (PostgreSQL or MySQL), and configures the Oauth server to interact with LDAP according to settings you provide.
## Setup
### Requirements
This module requires the following :
* Puppet (3.8.7 min)
* puppet/archive
* puppetlabs/stdlib
* git
To know the necessary dependencies for Mattermost-LDAP (which will be installed with this puppet module), please refer to : https://github.com/Crivaledaz/Mattermost-LDAP
### Pre-install
* Install Puppet (Centos 7, RHEL 7 and Fedora) :
```
# On Puppet Client
sudo yum -y --nogpgcheck install puppet
echo "server=SERVER_NAME" >> /etc/puppet/puppet.conf
# On Puppet Master :
yum install -y --nogpgcheck puppet puppet-server
systemctl start puppetmaster
# On Puppet Client
puppet agent -t
# On Puppet Master
puppet cert sign CLIENT_NAME
```
Change SERVER_NAME and CLIENT_NAME by your settings.
* Install required Puppet modules :
```
# On Puppet Master
puppet module install puppetlabs-stdlib --version 4.17.0
puppet module install puppet-archive --version 1.3.0
```
Your system is ready to use Puppet module Mattermost-LDAP.
## Beginning with Mattermost-LDAP Puppet
Clone (or download and extract) this repository :
```
git clone https://github.com/crivaledaz/Mattermost-LDAP.git
```
Move mattermostldap directory from the Puppet directory to /etc/puppet/modules on your Puppet Master, in order to add this module in Puppet. Make a tar.gz archive with the Oauth directory and it is recommended to put this archive on a http server. Thus, the archive will be reachable from a url.
If you have already a Mattermost server running, and a suitable database configured for the Oauth server, this is the minimum you need to get Mattermost-LDAP working:
```
class { 'mattermostldap':
project_url => 'http://myserver.com/project.tar.gz',
base_url => 'http://mattermost.company.org',
install_path => '/var/www/html',
ldap_base => 'o=Company',
ldap_uri => 'ldap://company.org',
ldap_port => 389,
ldap_rdn => 'ou=People,o=Company',
db_user => 'oauth',
db_pass => 'oauth_secure-pass',
db_name => 'oauth_db',
db_host => 'localhost',
db_port => 5432,
db_type => 'pgsql',
client_secret => "a7da08dc26fa84bf7254563fbd54d33ca22dc434844fa0c57161366852e82bab",
client_id => "a40e2e4aae54e8eb99b8fc7c0ea42702a6c66ad812d78a82cd9109e40b86c6d9",
$timezone = 'Europe/Paris'
}
```
This will download project.tar.gz from your server, and extract the archive in /var/www/html. After running, this module ensure that PHP, php-pdo, php-ldap, php-pgsql is installed and httpd is installed and running. The oauth database will be configured and an oauth client, for Mattermost, will be created with id and secret provide. Moreover, Oauth server will be configure to interact with the LDAP and the oauth database.
Below, there is an example of Mattermost-LDAP Puppet module using Mattermost and PostgreSQL puppet module to install and configure all running on the same server (requires puppetlabs/postgresql and liger1978/mattermost):
```
########################---Config Mattermost---###########################
class { 'postgresql::server':
ipv4acls => ['host all all 127.0.0.1/32 md5'],
}
postgresql::server::db { 'mattermost_db':
user => 'mattermost',
password => postgresql_password('mattermost', 'mattermost_secure-pass'),
}
postgresql::server::database_grant { 'mattermost_db':
privilege => 'ALL',
db => 'mattermost_db',
role => 'mattermost',
} ->
class { 'mattermost':
version => '4.0.2',
override_options => {
'ServiceSettings' => {
'SiteURL' => "http://mattermost.company.com:8065",
},
'SqlSettings' => {
'DriverName' => 'postgres',
'DataSource' => "postgres://mattermost:mattermost_secure-pass@127.0.0.1:5432/mattermost_db?sslmode=disable&connect_timeout=10",
},
'GitLabSettings' => {
'Enable' => true,
'Secret' => "a7da08dc26fa84bf7254563fbd54d33ca22dc434844fa0c57161366852e82bab",
'Id' => "a40e2e4aae54e8eb99b8fc7c0ea42702a6c66ad812d78a82cd9109e40b86c6d9",
'Scope' => "api",
'AuthEndpoint' => "http://oauth.company.com/oauth/authorize.php",
'TokenEndpoint' => "http://oauth.company.com/oauth/token.php",
'UserApiEndpoint' => "http://oauth.company.com/oauth/resource.php",
},
},
}
########################---Config Oauth---###########################
postgresql::server::db { 'oauth_db':
user => 'oauth',
password => postgresql_password('oauth', 'oauth_secure-pass'),
}
postgresql::server::database_grant { 'oauth_db':
privilege => 'ALL',
db => 'oauth_db',
role => 'oauth',
}
class { 'mattermostldap':
project_url => 'http://myserver.com/project.tar.gz',
base_url => 'http://mattermost.company.com:8065',
install_path => '/var/www/html',
ldap_base => 'o=Company',
ldap_uri => 'ldap://company.com',
ldap_port => 389,
ldap_rdn => 'ou=People,o=Company',
db_user => 'oauth',
db_pass => 'oauth_secure-pass',
db_name => 'oauth_db',
db_host => 'localhost',
db_port => 5432,
db_type => 'pgsql',
client_secret => "a7da08dc26fa84bf7254563fbd54d33ca22dc434844fa0c57161366852e82bab",
client_id => "a40e2e4aae54e8eb99b8fc7c0ea42702a6c66ad812d78a82cd9109e40b86c6d9",
$timezone = 'Europe/Paris'
}
```
With the code above, you should be able to access the Mattermost application at http://mattermost.company.com:8065 (with your company address) and sign in with your LDAP credentials using the Gitlab button.
Please refer to ligger1978/mattermost and puppetlabs/postgresql modules in puppet forge for more information about the use of these modules.
## Usage
If you have succeeded on previous step you only have to go to the login page of your Mattermost server and click on the Gitlab Button. You will be redirected to a form asking for your LDAP credentials. If your credentials are valid, you will be asked to authorize Oauth to give your information to Mattermost. After authorizing you should be redirected on Mattermost connected with your account.
Keep in mind this will create a new account on your Mattermost server with information from LDAP. The process will fail if an existing user already use your LDAP email. To bind a user to the LDAP authentication, sign in mattermost with this user account, go in account settings > security > sign-in method and "switch to using Gitlab SSO".
## References
#### project_url (Required)
The URL or the path of the project archive (which contains the Oauth directory)
#### base_url (Required)
The base URL of your Mattermost server. This is the URL provided in the site URL field in Mattermost admin panel. (ex : http://mattermost.company.com or http://mattermost.company.com:8065)
#### install_path (Optional)
Directory where the Oauth server will be installed, by default /var/www/html/. The directory must be your httpd root directory.
#### ldap_base (Required)
The base directory name of your LDAP server. (ex : ou=People,o=Company)
#### ldap_filter (Optional)
Additional filters for your LDAP, see LDAP.php class for more information (used by resource.php to get user informations)
#### ldap_uri (Required)
Your LDAP hostname or LDAP IP, to connect to the LDAP server.
#### ldap_port (Optional)
Your LDAP port, to connect to the LDAP server. By default : 389.
#### ldap_rdn (Required)
The LDAP Relative Directory Name suffix to identify a user in LDAP, see LDAP.php class for more information (use by authorize.php to check user credentials on LDAP)
#### db_user (Optional)
Oauth user in the database. This user must have rights on the Oauth database to store Oauth tokens. By default : oauth
#### db_pass (Optional)
Oauth user password in the database. By default, oauth_secure-pass
#### db_host (Optional)
Hostname or IP address of the database. By default : localhost
#### db_port
The database port to connect. By default : 5432 (postgres)
#### db_type (Optional)
Database type to adapt scripts and configurations to your database server. Should be mysql or pqsql. By default : pgsql
#### db_name (Optional)
Database name for oauth server. By default : oauth_db
#### client_id (Required)
The application ID shared with mattermost. This ID should be a random token. You can use openssl to generate this token (openssl rand -hex 32). If the ID is not filled, the database will not be initialised and the client will not be created.
#### client_secret (Required)
The application secret shared with mattermost. This secret should be a random token. You can use openssl to generate this token (openssl rand -hex 32). If the secret is not filled, the database will not be initialised and the client will not be created. The secret must be different of the client ID.
#### redirect_uri (Optional)
The callback address where Oauth will send tokens to Mattermost. Normally it should be http://mattermost.company.com/signup/gitlab/complete (and this is the default value).
#### grant_types (Optional)
The type of authentification use by Mattermost. It should be authorization_code (default value).
#### scope (Optional)
The scope of authentification use by Mattermost. It should be api (default value).
#### user_id (Optional)
The username of the user who create the Mattermost client in Oauth. This field has no impact, and could be used as a commentary field. By default this field is empty.
#### timezone (Optional)
The date.timezone parameter for oauth server script. This parameter will set timezone only for this script. This parameter must be set to avoid E.Notice raise by strtotime() (in Pdo.php). Note that if date.timezone is not defined, Mattermost could return a bad token request error. By default Europe/Paris (Because I love my country :D)
## Limitation
This module has been tested on Centos 7 with PostgreSQL.
Others operating systems has not been tested yet but should work fine.
MySQL has not really been tested so it is possible there is some bugs with.
## Thanks
I wish to thank my company and my colleagues for their help and support. Also, I thank ligger1978 for his Mattermost Puppet module which inspires me a lot.
## Known issues
* LDAP authentication failed
Try to restart httpd service. If this persists verify your LDAP configuration or your credentials.
* PHP date timezone error
Edit php.ini to set up date.timezone option and restart httpd service.
* Token request failed
Try to add a new rule in your firewall (or use iptables -F on both Mattermost server and Oauth server)
* .htaccess does not work
Add following lines to your httpd.conf and restart httpd service.
```<Directory "/var/www/html/oauth">
AllowOverride All
</Directory>
```

18
Puppet/mattermostldap/Rakefile Executable file
View File

@ -0,0 +1,18 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
desc "Validate manifests, templates, and ruby files"
task :validate do
Dir['manifests/**/*.pp'].each do |manifest|
sh "puppet parser validate --noop #{manifest}"
end
Dir['spec/**/*.rb','lib/**/*.rb'].each do |ruby_file|
sh "ruby -c #{ruby_file}" unless ruby_file =~ /spec\/fixtures/
end
Dir['templates/**/*.erb'].each do |template|
sh "erb -P -x -T '-' #{template} | ruby -c"
end
end

17
Puppet/mattermostldap/files/init_mysql.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
#This script need right to become mysql user (so root) and to read/write in httpd directory
source config_init.sh
#Creating tables for ouath database (use oauth role)
info "Creation of tables for database $oauth_db (using $oauth_user)"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_oauth_client"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_oauth_access_tokens"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_oauth_authorization_codes"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_oauth_refresh_tokens"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_users"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_table_oauth_scopes"
#Insert new client in the database
info "Insert new client in the database"
mysql -u $oauth_user --password=$oauth_pass $oauth_db_name --execute "$create_client"

15
Puppet/mattermostldap/files/init_postgres.sh Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
#This script need right to become postgres user (so root) and to read/write in httpd directory
source config_init.sh
#Creating tables for oauth database (use oauth role)
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_oauth_client"
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_oauth_access_tokens"
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_oauth_authorization_codes"
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_oauth_refresh_tokens"
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_users"
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_table_oauth_scopes"
#Insert new client in the database
psql postgres://$oauth_user:$oauth_pass@$ip:$port/$oauth_db_name -c "$create_client"

68
Puppet/mattermostldap/manifests/config.pp Executable file
View File

@ -0,0 +1,68 @@
class mattermostldap::config inherits mattermostldap {
#Path to configuration files
$conf_ldap = "${mattermostldap::install_path}/oauth/LDAP/config_ldap.php"
$conf_db = "${mattermostldap::install_path}/oauth/config_db.php"
$conf_init = "${mattermostldap::install_path}/oauth/config_init.sh"
#Apply template on configuration files
file{ $conf_ldap:
path => $conf_ldap,
ensure => file,
content => template('mattermostldap/config_ldap.php.erb'),
}
file{ $conf_db:
path => $conf_db,
ensure => file,
content => template('mattermostldap/config_db.php.erb'),
}
#If client_id and client_secret are provided, set up the oauth server
if $mattermostldap::client_id and $mattermostldap::client_secret
{
#Get init file depending on database type choose
if $mattermostldap::db_type == 'mysql'
{
file{ "${mattermostldap::install_path}/oauth/init_mysql_puppet.sh":
source => 'puppet:///modules/mattermostldap/init_mysql.sh',
ensure => file,
owner => 'root',
group => 'root',
mode => '740',
}
$init_script="${mattermostldap::install_path}/oauth/init_mysql_puppet.sh"
}
if $mattermostldap::db_type == 'pgsql'
{
file{ "${mattermostldap::install_path}/oauth/init_postgres_puppet.sh":
source => 'puppet:///modules/mattermostldap/init_postgres.sh',
ensure => file,
owner => 'root',
group => 'root',
mode => '740',
}
$init_script="${mattermostldap::install_path}/oauth/init_postgres_puppet.sh"
}
#Apply template on configuration files
file { $conf_init:
path => $conf_init,
ensure => file,
content => template('mattermostldap/config_init.sh.erb'),
} ->
#If init configuration file has been modified, the init script is executed
#/!\ If a client with the same client_id is already in the database, the script will failed
exec {'init oauth_db tables':
command => $init_script,
cwd => "${mattermostldap::install_path}/oauth/",
path => '/usr/bin:/bin',
user => 'root',
subscribe => File[$conf_init],
refreshonly => true,
}
}
}

55
Puppet/mattermostldap/manifests/init.pp Executable file
View File

@ -0,0 +1,55 @@
class mattermostldap (
$project_url = $mattermostldap::params::project_url,
$base_url = $mattermostldap::params::base_url,
$install_path = $mattermostldap::params::install_path,
$ldap_base = $mattermostldap::params::ldap_base,
$ldap_filter = $mattermostldap::params::ldap_filter,
$ldap_uri = $mattermostldap::params::ldap_uri,
$ldap_port = $mattermostldap::params::ldap_port,
$ldap_rdn = $mattermostldap::params::ldap_rdn,
$db_user = $mattermostldap::params::db_user,
$db_pass = $mattermostldap::params::db_pass,
$db_host = $mattermostldap::params::db_host,
$db_port = $mattermostldap::params::db_port,
$db_type = $mattermostldap::params::db_type,
$db_name = $mattermostldap::params::db_name,
$client_id = $mattermostldap::params::client_id,
$client_secret = $mattermostldap::params::client_secret,
$redirect_uri = "\"${base_url}/signup/gitlab/complete\"",
$grant_types = $mattermostldap::params::grant_types,
$scope = $mattermostldap::params::scope,
$user_id = $mattermostldap::params::user_id,
$timezone = $mattermostldap::params::timezone,
) inherits mattermostldap::params {
validate_string($project_url)
validate_string($base_url)
validate_absolute_path($install_path)
validate_string($ldap_base)
validate_string($ldap_filter)
validate_string($ldap_uri)
validate_integer($ldap_port)
validate_string($ldap_rdn)
validate_string($db_user)
validate_string($db_pass)
validate_string($db_host)
validate_integer($db_port)
validate_re($db_type,['^mysql$','^pgsql$'])
validate_string($db_type)
validate_string($db_name)
validate_string($client_id)
validate_string($client_secret)
validate_string($redirect_uri)
validate_string($grant_types)
validate_string($scope)
validate_string($user_id)
validate_string($timezone)
anchor { 'mattermostldap::begin': } ->
class { '::mattermostldap::install': } ->
class { '::mattermostldap::config': } ->
anchor { 'mattermostldap::end': }
}

32
Puppet/mattermostldap/manifests/install.pp Executable file
View File

@ -0,0 +1,32 @@
class mattermostldap::install inherits mattermostldap {
if $mattermostldap::db_type == 'mysql'
{
$packets = ['httpd','php','php-pdo','php-mysql','php-ldap']
}
if $mattermostldap::db_type == 'pgsql'
{
$packets = ['httpd','php','php-pdo','php-pgsql','php-ldap']
}
#Extract Mattermost-LDAP project in selected install path
archive { '/tmp/project.tar.gz':
ensure => present,
extract => true,
extract_path => '/var/www/html',
source => $mattermostldap::project_url,
cleanup => true,
}
#Install necessary packets for Mattermost-LDAP
package { $packets: ensure => latest } ->
#Start apache server
service { 'httpd':
ensure => 'running',
}
}

22
Puppet/mattermostldap/manifests/params.pp Executable file
View File

@ -0,0 +1,22 @@
class mattermostldap::params {
$project_url = 'http://localhost'
$base_url = 'http://localhost:8065'
$install_path = '/var/www/html'
$ldap_base = 'o=Company'
$ldap_filter = ''
$ldap_uri = 'ldap://hostname.com'
$ldap_port = 389
$ldap_rdn = 'ou=People,o=Company'
$db_user = 'oauth'
$db_pass = 'oauth_secure-pass'
$db_host = 'localhost'
$db_port = 5432
$db_type = 'pgsql'
$db_name = 'oauth_db'
$client_id = undef
$client_secret = undef
$grant_types = 'authorization_code'
$scope = 'api'
$user_id = ''
$timezone = 'Europe/Paris'
}

69
Puppet/mattermostldap/manifests/site.pp Executable file
View File

@ -0,0 +1,69 @@
node 'bepo'
{
########################---Config de Mattermost---###########################
class { 'postgresql::server':
ipv4acls => ['host all all 127.0.0.1/32 md5'],
}
postgresql::server::db { 'mattermost_db':
user => 'mattermost',
password => postgresql_password('mattermost', 'mattermost_secure-pass'),
}
postgresql::server::database_grant { 'mattermost_db':
privilege => 'ALL',
db => 'mattermost_db',
role => 'mattermost',
} ->
class { 'mattermost':
version => '4.0.2',
override_options => {
'ServiceSettings' => {
'SiteURL' => "http://mattermost.company.com:8065",
'ListenAddress' => ":8065",
},
'SqlSettings' => {
'DriverName' => 'postgres',
'DataSource' => "postgres://mattermost:mattermost_secure-pass@127.0.0.1:5432/mattermost_db?sslmode=disable&connect_timeout=10",
},
'GitLabSettings' => {
'Enable' => true,
'Secret' => "a7da08dc26fa84bf7254563fbd54d33ca22dc434844fa0c57161366852e82bab",
'Id' => "a40e2e4aae54e8eb99b8fc7c0ea42702a6c66ad812d78a82cd9109e40b86c6d9",
'Scope' => "api",
'AuthEndpoint' => "http://oauth.company.com/oauth/authorize.php",
'TokenEndpoint' => "http://oauth.company.com/oauth/token.php",
'UserApiEndpoint' => "http://oauth.company.com/oauth/resource.php",
},
},
}
########################---Config de Oauth---###########################
postgresql::server::db { 'oauth_db':
user => 'oauth',
password => postgresql_password('oauth', 'oauth_secure-pass'),
}
postgresql::server::database_grant { 'oauth_db':
privilege => 'ALL',
db => 'oauth_db',
role => 'oauth',
}
class { 'mattermostldap':
project_url => 'http://repo.company.com/project.tar.gz',
base_url => 'http://mattermost.company.com:8065',
install_path => '/var/www/html',
ldap_base => 'ou=People,o=Company',
ldap_filter => '',
ldap_uri => 'ldap://company.com',
ldap_port => 389,
ldap_rdn => 'ou=People,o=Company',
db_user => 'oauth',
db_pass => 'oauth_secure-pass',
db_name => 'oauth_db',
db_host => 'localhost',
db_port => 5432,
db_type => 'pgsql',
client_secret => "a7da08dc26fa84bf7254563fbd54d33ca22dc434844fa0c57161366852e82bab",
client_id => "a40e2e4aae54e8eb99b8fc7c0ea42702a6c66ad812d78a82cd9109e40b86c6d9",
}
}

15
Puppet/mattermostldap/metadata.json Executable file
View File

@ -0,0 +1,15 @@
{
"name": "Crivaledaz-mattermostldap",
"version": "0.1.0",
"author": "Crivaledaz",
"summary": "Puppet module for the plugin Mattermost-LDAP",
"license": "MIT",
"source": "",
"project_page": "https://github.com/Crivaledaz/Mattermost-LDAP",
"issues_url": null,
"dependencies": [
{"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0",
"name":"puppet-archive","version_requirement":">= 0.4.4"}
]
}

7
Puppet/mattermostldap/spec/classes/init_spec.rb Executable file
View File

@ -0,0 +1,7 @@
require 'spec_helper'
describe 'mattermostldap' do
context 'with defaults for all parameters' do
it { should contain_class('mattermostldap') }
end
end

1
Puppet/mattermostldap/spec/spec_helper.rb Executable file
View File

@ -0,0 +1 @@
require 'puppetlabs_spec_helper/module_spec_helper'

14
Puppet/mattermostldap/templates/config_db.php.erb Executable file
View File

@ -0,0 +1,14 @@
<?php
//Database Server
$port = "<%= @db_port %>";
$host = "<%= @db_host %>";
$name = "<%= @db_name %>";
$type = "<%= @db_type %>";
$username = "<%= @db_user %>";
$password = "<%= @db_pass %>";
$dsn = $type . ":dbname=" . $name . ";host=" . $host . ";port=" . $port;
//Set date.timezone to avoid E.Notice raise by strtotime() (in Pdo.php)
//If date.timezone is not defined, Mattermost will return a bad token request error
date_default_timezone_set ('<%= @timezone %>');

29
Puppet/mattermostldap/templates/config_init.sh.erb Executable file
View File

@ -0,0 +1,29 @@
#Client configuration
client_id="<%= @client_id %>"
client_secret="<%= @client_secret %>"
redirect_uri="<%= @redirect_uri %>"
grant_types="<%= @grant_types %>"
scope="<%= @scope %>"
user_id="<%= @user_id %>"
#Database configuration
oauth_user="<%= @db_user %>"
oauth_db_name="<%= @db_name %>"
oauth_pass="<%= @db_pass %>"
ip="<%= @db_host %>"
port=<%= @db_port %>
#######################################--SQL STATEMENT--###########################################
#Tables creation
create_table_oauth_client="CREATE TABLE oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));"
create_table_oauth_access_tokens="CREATE TABLE oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));"
create_table_oauth_authorization_codes="CREATE TABLE oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));"
create_table_oauth_refresh_tokens="CREATE TABLE oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));"
create_table_users="CREATE TABLE users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));"
create_table_oauth_scopes="CREATE TABLE oauth_scopes (scope TEXT, is_default BOOLEAN);"
#Client creation
create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id');"
###################################################################################################

22
Puppet/mattermostldap/templates/config_ldap.php.erb Executable file
View File

@ -0,0 +1,22 @@
<?php
// LDAP server
$hostname = "<%= @ldap_uri %>";
$port = <%= @ldap_port %>;
// variable use in connexion.php
$rdn_suffix = "<%= @ldap_rdn %>";
// variable use in resource.php
$base = "<%= @ldap_base %>";
$filter = "<%= @ldap_filter %>";
//add virgule to concat in php script
if ($filter != "")
{
$filter = "," . $filter;
}
if ($rdn_suffix != "")
{
$rdn_suffix = "," . $rdn_suffix;
}

12
Puppet/mattermostldap/tests/init.pp Executable file
View File

@ -0,0 +1,12 @@
# The baseline for module testing used by Puppet Labs is that each manifest
# should have a corresponding test manifest that declares that class or defined
# type.
#
# Tests are then run by using puppet apply --noop (to check for compilation
# errors and view a log of events) or by fully applying the test in a virtual
# environment (to compare the resulting system state to the desired state).
#
# Learn more about module testing here:
# http://docs.puppetlabs.com/guides/tests_smoke.html
#
include mattermostldap