Merge pull request #125 from apigee-internal/saml-integration

SAML integration start.
apigee-internal · May 26, 2017 · 0a8fabc · 0a8fabc
2 parents 830d1fb + cbfc457
commit 0a8fabc
Show file tree

Hide file tree

Showing 4 changed files with 119 additions and 108 deletions.
diff --git a/cli/cmd.js b/cli/cmd.js
@@ -26,21 +26,37 @@ const setup = function setup() {
  .option('-v, --virtualHosts <virtualHosts>', 'override virtualHosts (default: "default,secure")')
  .option('-u, --username <user>', 'username of the organization admin')
  .option('-p, --password <password>', 'password of the organization admin')
+ .option('-t, --token <token>', 'OAuth token to use with management API')
  .option('-r, --url <url>', 'organization\'s custom API URL (https://api.example.com)')
  .option('-d, --debug', 'execute with debug output')
  .option('-c, --configDir <configDir>', 'Set the directory where configs are written.')
  .option('-x, --proxyName <proxyName>', 'Set the custom proxy name for edgemicro-auth')
  .action((options) => {
  options.error = optionError;
- if (!options.username) { return options.error('username is required'); }
- if (!options.org) { return options.error('org is required'); }
- if (!options.env) { return options.error('env is required'); }
- options.configDir = options.configDir || process.env.EDGEMICRO_CONFIG_DIR;
- promptForPassword(options,(options)=>{
- if (!options.password) { return options.error('password is required'); }
+ options.token = options.token || process.env.EDGEMICRO_SAML_TOKEN;
+
+ if(options.token) {
+ //If there is a token lets configure with standard opts.
+ if (!options.org) { return options.error('org is required'); }
+ if (!options.env) { return options.error('env is required'); }
+ options.configDir = options.configDir || process.env.EDGEMICRO_CONFIG_DIR;
  configure.configure(options, () => {
  });
- })
+
+ } else {
+ //If there is no token then we can go through the password process
+ if (!options.username) { return options.error('username is required'); }
+ if (!options.org) { return options.error('org is required'); }
+ if (!options.env) { return options.error('env is required'); }
+ options.configDir = options.configDir || process.env.EDGEMICRO_CONFIG_DIR;
+ promptForPassword(options,(options)=>{
+ if (!options.password) { return options.error('password is required'); }
+ configure.configure(options, () => {
+ });
+ })
+ }
+
+
  });
 
  commander

diff --git a/cli/lib/cert-lib.js b/cli/lib/cert-lib.js
@@ -55,10 +55,7 @@ CertLogic.prototype.checkCertWithPassword = function(options, callback) {
  this.managementUri, options.org, options.env, this.vaultName);
  request({
  uri: uri,
- auth: {
- username: options.username,
- password: options.password
- }
+ auth: generateCredentialsObject(options)
  }, function(err, res, body) {
  err = translateError(err, res);
  if (err) {
@@ -77,10 +74,7 @@ CertLogic.prototype.checkPrivateCert = function(options, callback) {
 
  request({
  uri: uri,
- auth: {
- username: options.username,
- password: options.password
- }
+ auth: generateCredentialsObject(options)
  }, function(err, res) {
  err = translateError(err, res);
  if (err) {
@@ -108,45 +102,38 @@ CertLogic.prototype.installPrivateCert = function(options, callback) {
  const privateKey = keys.serviceKey;
  const publicKey = keys.certificate;
  const async = require('async');
-
- pem.getPublicKey (publicKey, function(err, key){
- async.series(
- [
- function(cb) {
- if (!options.force) { return cb(); }
- deleteVault(options.username, options.password, managementUri, options.org, options.env, vaultName, cb);
- },
- function(cb) {
- console.log('creating vault');
- console.log('adding private_key');
- console.log('adding public_key');
- var entries = [
- {
- 'name':'private_key',
- 'value': privateKey
- },
- {
- 'name': 'public_key',
- 'value': publicKey
- },
- {
- 'name': 'public_key1',
- 'value': key.publicKey
- }
- ]
- createVault(options.username, options.password, managementUri, options.org, options.env, vaultName, entries, cb);
- }
- ],
- function(err) {
- if (err) {
- callback(err);
- } else {
- callback(null, publicKey);
- }
+ async.series(
+ [
+ function(cb) {
+ if (!options.force) { return cb(); }
+ deleteVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, cb);
+ },
+ function(cb) {
+ console.log('creating vault');
+ console.log('adding private_key');
+ console.log('adding public_key');
+ var entries = [
+ {
+ 'name':'private_key',
+ 'value': privateKey
+ },
+ {
+ 'name': 'public_key',
+ 'value': publicKey
+ }
+ ]
+ createVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, entries, cb);
  }
+ ],
+ function(err) {
+ if (err) {
+ callback(err);
+ } else {
+ callback(null, publicKey);
+ }
+ }
  );
  });
- });
 }
 
 CertLogic.prototype.installCertWithPassword = function(options, callback) {
@@ -162,45 +149,38 @@ CertLogic.prototype.installCertWithPassword = function(options, callback) {
  const publicKey = keys.certificate;
 
  const async = require('async');
-
- pem.getPublicKey (publicKey, function(err, key){
- async.series(
- [
- function(cb) {
- if (!options.force) { return cb(); }
- deleteVault(options.username, options.password, managementUri, options.org, options.env, vaultName, cb);
- },
- function(cb) {
- console.log('creating vault');
- console.log('adding private_key');
- console.log('adding public_key');
- var entries = [
- {
- 'name':'private_key',
- 'value': privateKey
- },
- {
- 'name': 'public_key',
- 'value': publicKey
- },
- {
- 'name': 'public_key1',
- 'value': key.publicKey
- }
- ]
- createVault(options.username, options.password, managementUri, options.org, options.env, vaultName, entries, cb);
- }
- ],
- function(err) {
- if (err) {
- callback(err);
- } else {
- callback(null, publicKey);
- }
+ async.series(
+ [
+ function(cb) {
+ if (!options.force) { return cb(); }
+ deleteVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, cb);
+ },
+ function(cb) {
+ console.log('creating vault');
+ console.log('adding private_key');
+ console.log('adding public_key');
+ var entries = [
+ {
+ 'name':'private_key',
+ 'value': privateKey
+ },
+ {
+ 'name': 'public_key',
+ 'value': publicKey
+ }
+ ]
+ createVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, entries, cb);
+ }
+ ],
+ function(err) {
+ if (err) {
+ callback(err);
+ } else {
+ callback(null, publicKey);
  }
+ }
  ); 
  });
- });
 }
 
 
@@ -239,10 +219,7 @@ CertLogic.prototype.generateKeysWithPassword = function generateKeysWithPassword
  request({
  uri: credentialUrl,
  method: 'POST',
- auth: {
- username: options.username,
- password: options.password
- },
+ auth: generateCredentialsObject(options),
  json: keys
  }, function(err, res) {
  err = translateError(err, res);
@@ -308,7 +285,7 @@ CertLogic.prototype.deleteCertWithPassword = function deleteCertWithPassword(opt
  const managementUri = this.managementUri ;
  const vaultName = this.vaultName;
 
- deleteVault(options.username, options.password, managementUri, options.org, options.env, vaultName, function(err) {
+ deleteVault(generateCredentialsObject(options), managementUri, options.org, options.env, vaultName, function(err) {
  if (err) {
  cb(err);
  } else {
@@ -336,18 +313,15 @@ function createCert(cb) {
  pem.createCertificate(options, cb);
 }
 
-function deleteVault(username, password, managementUri, organization, environment, vaultName, cb) {
+function deleteVault(credentials, managementUri, organization, environment, vaultName, cb) {
  console.log('deleting vault');
 
  var uri = util.format('%s/v1/organizations/%s/environments/%s/keyvaluemaps/%s', managementUri, organization, environment, vaultName);
 
  request({
  uri: uri,
  method: 'DELETE',
- auth: {
- username: username,
- password: password
- }
+ auth: credentials 
  }, function(err, res) {
  err = translateError(err, res);
  if (isApigeeError(err, ERR_STORE_MISSING)) {
@@ -361,7 +335,7 @@ function deleteVault(username, password, managementUri, organization, environmen
 
 }
 
-function createVault(username, password, managementUri, organization, environment, vaultName, entries, cb) {
+function createVault(credentials, managementUri, organization, environment, vaultName, entries, cb) {
 
  var storageOpts = { 
  name: vaultName,
@@ -373,10 +347,7 @@ function createVault(username, password, managementUri, organization, environmen
  request({
  uri: uri,
  method: 'POST',
- auth: {
- username: username,
- password: password
- },
+ auth: credentials,
  json: storageOpts
  }, function(err, res) {
  err = translateError(err, res);
@@ -436,3 +407,15 @@ function getPublicKeyPrivate(authUri, cb) {
  });
 }
 
+function generateCredentialsObject(options) {
+ if(options.token) {
+ return {
+ 'bearer': options.token
+ };
+ } else {
+ return {
+ user: options.username,
+ pass: options.password
+ };
+ }
+}
diff --git a/cli/lib/configure.js b/cli/lib/configure.js
@@ -38,8 +38,10 @@ Configure.prototype.configure = function configure(options, cb) {
  managementUri = defaultConfig.edge_config.managementUri;
  keySecretMessage = defaultConfig.edge_config.keySecretMessage;
 
- assert(options.username, 'username is required');
- assert(options.password, 'password is required');
+ if(!options.token) {
+ assert(options.username, 'username is required');
+ assert(options.password, 'password is required');
+ }
  assert(options.org, 'org is required');
  assert(options.env, 'env is required');
 

diff --git a/cli/lib/deploy-auth.js b/cli/lib/deploy-auth.js
@@ -119,10 +119,15 @@ Deployment.prototype.checkDeployedProxies = function checkDeployedProxies(option
  organization: options.org,
  environment: options.env,
  baseuri: this.managementUri,
- username: options.username,
- password: options.password,
  debug: options.debug
  };
+
+ if(options.token) {
+ opts.token = options.token; 
+ } else {
+ opts.username = options.username;
+ opts.password = options.password;
+ }
  const that = this;
  apigeetool.listDeployments(opts, function(err, proxies) {
  if (err) {
@@ -141,15 +146,20 @@ function deployProxyWithPassword(managementUri,authUri, options, dir, callback)
  organization: options.org,
  environments: options.env,
  baseuri: managementUri,
- username: options.username,
- password: options.password,
  debug: options.debug,
  verbose: options.debug,
  api: options.proxyName,
  directory: dir,
  virtualhosts: options.virtualHosts || DEFAULT_HOSTS
  };
 
+ if(options.token) {
+ opts.token = options.token;
+ } else {
+ opts.username = options.username;
+ opts.password = options.password;
+ }
+
  console.log('Give me a minute or two... this can take a while...');
  apigeetool.deployProxy(opts, function(err) {
  if (err) {