From f7c9a0fd7100b1b1268440dbd7278b4de8914390 Mon Sep 17 00:00:00 2001 From: Okke Harsta Date: Fri, 8 Mar 2024 09:34:03 +0100 Subject: [PATCH] Added policy schema --- roles/manage-server/defaults/main.yml | 1 + .../metadata_templates/policy.template.json | 18 ++ .../templates/application.yml.j2 | 2 +- .../metadata_configuration/policy.schema.json | 203 ++++++++++++++++++ .../single_tenant_template.schema.json.j2 | 2 +- 5 files changed, 224 insertions(+), 2 deletions(-) create mode 100644 roles/manage-server/files/metadata_templates/policy.template.json create mode 100644 roles/manage-server/templates/metadata_configuration/policy.schema.json diff --git a/roles/manage-server/defaults/main.yml b/roles/manage-server/defaults/main.yml index 9fa5a0e80..1341fc496 100644 --- a/roles/manage-server/defaults/main.yml +++ b/roles/manage-server/defaults/main.yml @@ -25,5 +25,6 @@ manage_tabs_enabled: - saml20_sp - oidc10_rp - oauth20_rs + - policy - single_tenant_template - provisioning diff --git a/roles/manage-server/files/metadata_templates/policy.template.json b/roles/manage-server/files/metadata_templates/policy.template.json new file mode 100644 index 000000000..71f2c505a --- /dev/null +++ b/roles/manage-server/files/metadata_templates/policy.template.json @@ -0,0 +1,18 @@ +{ + "metaDataFields": {}, + "name": "", + "entityid": "", + "description": "", + "serviceProviderIds": [], + "identityProviderIds": [], + "attributes": [], + "loas": [], + "denyAdvice": "", + "denyRule": false, + "allAttributesMustMatch": false, + "userDisplayName": "", + "authenticatingAuthorityName": "", + "denyAdviceNl": "", + "active": true, + "type": "reg" +} diff --git a/roles/manage-server/templates/application.yml.j2 b/roles/manage-server/templates/application.yml.j2 index f4d52873c..689376434 100644 --- a/roles/manage-server/templates/application.yml.j2 +++ b/roles/manage-server/templates/application.yml.j2 @@ -76,7 +76,7 @@ spring: mongodb: uri: mongodb://{{ manage.mongo_user }}:{{ manage.mongo_password }}@{% for host in groups['mongo_servers'] %}{{ hostvars[host]['inventory_hostname'] }}:{{ manage.mongo_port }}{% if not loop.last %},{% endif %}{% endfor %}/{{ manage.mongo_database }}?ssl=true datasource: - url: jdbc:mysql://{{ pdp.db_host }}/{{ pdp.db_name }} + url: jdbc:mysql://{{ pdp.db_host }}/{{ pdp.db_name }}?permitMysqlScheme username: {{ pdp.db_user }} password: {{ pdp.db_password }} driverClassName: org.mariadb.jdbc.Driver diff --git a/roles/manage-server/templates/metadata_configuration/policy.schema.json b/roles/manage-server/templates/metadata_configuration/policy.schema.json new file mode 100644 index 000000000..5d39a219e --- /dev/null +++ b/roles/manage-server/templates/metadata_configuration/policy.schema.json @@ -0,0 +1,203 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "policy", + "order": 6, + "type": "object", + "properties": { + "eid": { + "type": "number" + }, + "entityid": { + "type": "string", + "minLength": 1 + }, + "policyId": { + "type": "string", + "minLength": 1 + }, + "name": { + "type": "string", + "minLength": 1 + }, + "description": { + "type": "string", + "minLength": 1 + }, + "type": { + "type": "string", + "enum": [ + "reg", + "step" + ], + "default": "reg" + }, + "revisionid": { + "type": "number" + }, + "created": { + "type": [ + "string", + "null" + ] + }, + "revisionnote": { + "type": "string" + }, + "notes": { + "type": [ + "string", + "null" + ] + }, + "serviceProviderIds": { + "type": "array", + "minItems": 1, + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "identityProviderIds": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + } + } + }, + "metaDataFields": { + "type": "object", + "properties": {}, + "patternProperties": {}, + "required": [], + "additionalProperties": false + }, + "attributes": { + "type": "array", + "required": ["name", "value"], + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "negated": { + "type": "boolean", + "default": "false" + } + } + } + }, + "loas": { + "type": "array", + "items": { + "type": "object", + "properties": { + "level": { + "type": "string" + }, + "allAttributesMustMatch": { + "type": "boolean" + }, + "negateCidrNotation": { + "type": "boolean" + }, + "attributes": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "value": { + "type": "string" + }, + "negated": { + "type": "boolean" + } + } + } + }, + "cidrNotations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "ipAddress": { + "type": "string" + }, + "prefix": { + "type": "integer" + }, + "ipInfo": { + "type": "object", + "properties": { + "networkAddress": { + "type": "string" + }, + "broadcastAddress": { + "type": "string" + }, + "capacity": { + "type": "number" + }, + "ipv4": { + "type": "boolean" + }, + "prefix": { + "type": "integer" + } + } + } + } + } + } + } + } + }, + "allAttributesMustMatch": { + "type": "boolean" + }, + "active": { + "type": "boolean" + }, + "denyRule": { + "type": "boolean" + }, + "userDisplayName": { + "type": "string" + }, + "authenticatingAuthorityName": { + "type": "string" + }, + "denyAdvice": { + "type": [ + "string", + "null" + ] + }, + "denyAdviceNl": { + "type": [ + "string", + "null" + ] + } + }, + "required": [ + "name", + "serviceProviderIds" + ], + "additionalProperties": false, + "indexes": [] +} diff --git a/roles/manage-server/templates/metadata_configuration/single_tenant_template.schema.json.j2 b/roles/manage-server/templates/metadata_configuration/single_tenant_template.schema.json.j2 index 931ce6d48..c2914b935 100644 --- a/roles/manage-server/templates/metadata_configuration/single_tenant_template.schema.json.j2 +++ b/roles/manage-server/templates/metadata_configuration/single_tenant_template.schema.json.j2 @@ -1,7 +1,7 @@ { "$schema": "http://json-schema.org/draft-04/schema#", "title": "single_tenant_template", - "order": 6, + "order": 7, "definitions": { "AssertionConsumerServiceBinding": { "type": "string",