Check for required env variables on OIDC

pull/4/head
Christos Arvanitis 2023-12-11 12:19:49 +01:00
parent 526c47a6e8
commit 2039141369
4 changed files with 26 additions and 12 deletions

View File

@ -1,20 +1,12 @@
#!/bin/bash #!/bin/bash
source /rest_client.sh source /rest_client.sh
source /utilities.sh
[ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test" [ -z "$ADMIN_EMAIL" ] && ADMIN_EMAIL="admin@admin.test"
[ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase" [ -z "$GPG_PASSPHRASE" ] && GPG_PASSPHRASE="passphrase"
[ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis" [ -z "$REDIS_FQDN" ] && REDIS_FQDN="redis"
[ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules" [ -z "$MISP_MODULES_FQDN" ] && MISP_MODULES_FQDN="http://misp-modules"
[ -z "$OIDC_PROVIDER_URL" ] && OIDC_PROVIDER_URL="test_provider"
[ -z "$OIDC_CLIENT_ID" ] && OIDC_CLIENT_ID="test_client_id"
[ -z "$OIDC_CLIENT_SECRET" ] && OIDC_CLIENT_SECRET="test_client_secret"
[ -z "$OIDC_ROLES_PROPERTY" ] && OIDC_ROLES_PROPERTY="roles"
[ -z "$OIDC_ROLES_MAPPING" ] && OIDC_ROLES_MAPPING="{
\"admin\": \"1\",
\"sync-user\": \"5\"
}"
[ -z "$OIDC_DEFAULT_ORG" ] && OIDC_DEFAULT_ORG="$ADMIN_ORG"
# Switches to selectively disable configuration logic # Switches to selectively disable configuration logic
[ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true" [ -z "$AUTOCONF_GPG" ] && AUTOCONF_GPG="true"
@ -109,6 +101,9 @@ set_up_oidc() {
return return
fi fi
# Check required variables
check_env_vars OIDC_PROVIDER_URL OIDC_CLIENT_ID OIDC_CLIENT_SECRET OIDC_ROLES_PROPERTY OIDC_ROLES_MAPPING OIDC_DEFAULT_ORG
sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{ sudo -u www-data php /var/www/MISP/tests/modify_config.php modify "{
\"Security\": { \"Security\": {
\"auth\": [\"OidcAuth.Oidc\"] \"auth\": [\"OidcAuth.Oidc\"]

18
core/files/utilities.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# Check whether passed env variables are defined
check_env_vars() {
local required_vars=("$@")
missing_vars=()
for i in "${required_vars[@]}"
do
test -n "${!i:+y}" || missing_vars+=("$i")
done
if [ ${#missing_vars[@]} -ne 0 ]
then
echo "The following env variables are not set:"
printf ' %q\n' "${missing_vars[@]}"
exit 1
fi
}

View File

@ -75,6 +75,7 @@ services:
- "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}" - "OIDC_CLIENT_ID=${OIDC_CLIENT_ID}"
- "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}" - "OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}"
- "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}" - "OIDC_ROLES_PROPERTY=${OIDC_ROLES_PROPERTY}"
- "OIDC_ROLES_MAPPING=${OIDC_ROLES_MAPPING}"
- "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}" - "OIDC_DEFAULT_ORG=${OIDC_DEFAULT_ORG}"
# sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options) # sync server settings (see https://www.misp-project.org/openapi/#tag/Servers for more options)
- "SYNCSERVERS=${SYNCSERVERS}" - "SYNCSERVERS=${SYNCSERVERS}"

View File

@ -93,6 +93,6 @@ SYNCSERVERS_1_KEY=
# OIDC_PROVIDER_URL= # OIDC_PROVIDER_URL=
# OIDC_CLIENT_ID= # OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET= # OIDC_CLIENT_SECRET=
# OIDC_ROLES_PROPERTY= # OIDC_ROLES_PROPERTY="roles"
# OIDC_ROLES_MAPPING= # OIDC_ROLES_MAPPING={"admin": "1","sync-user": "5"}
# OIDC_DEFAULT_ORG="" # OIDC_DEFAULT_ORG=