Skip to content

Commit

Permalink
Merge pull request #192 from silinternational/release/9.3.0
Browse files Browse the repository at this point in the history
Release 9.3.0 -- SSP 2.x prep and AppConfig
  • Loading branch information
briskt authored Apr 9, 2024
2 parents 03b9554 + e911725 commit a1f6471
Show file tree
Hide file tree
Showing 10 changed files with 83 additions and 25 deletions.
5 changes: 1 addition & 4 deletions .github/workflows/test-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,6 @@ name: Test and Publish
on:
push:

env:
IMAGE_NAME: ${{ vars.DOCKER_ORG }}/ssp-base

jobs:
tests:
name: Tests
Expand Down Expand Up @@ -38,7 +35,7 @@ jobs:
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.IMAGE_NAME }}
images: ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
Expand Down
13 changes: 6 additions & 7 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ RUN apt-get update -y \
php-gmp \
php-memcached \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
&& rm -rf /var/lib/apt/lists/*

# Create required directories
RUN mkdir -p /data
Expand All @@ -36,12 +36,8 @@ WORKDIR /data
# Install/cleanup composer dependencies
COPY composer.json /data/
COPY composer.lock /data/
# TODO/FIXME: Disabled the self-update due to a breaking change between composer 2.6.6 and 2.7.1 that affects the
# loading of the simplesamlphp/simplesamlphp/modules folder. The Docker build fails on the sildisco/sspoverrides line.
# It is not well understood what changed in composer, but since the overrides will need to be redesigned during
# the SimpleSAMLphp 2.x upgrade, this issue is deferred until then.
#RUN composer self-update --no-interaction
RUN composer install --prefer-dist --no-interaction --no-dev --optimize-autoloader --no-scripts --no-progress
RUN composer self-update --no-interaction
RUN COMPOSER_ALLOW_SUPERUSER=1 composer install --prefer-dist --no-interaction --no-dev --optimize-autoloader --no-scripts --no-progress

# Copy in SSP override files
ENV SSP_PATH /data/vendor/simplesamlphp/simplesamlphp
Expand All @@ -59,6 +55,9 @@ COPY tests /data/tests
RUN cp $SSP_PATH/modules/sildisco/sspoverrides/www_saml2_idp/SSOService.php $SSP_PATH/www/saml2/idp/
RUN chmod a+x /data/run.sh /data/run-tests.sh

ADD https://github.com/silinternational/config-shim/releases/latest/download/config-shim.gz config-shim.gz
RUN gzip -d config-shim.gz && chmod 755 config-shim && mv config-shim /usr/local/bin

EXPOSE 80
ENTRYPOINT ["/usr/local/bin/s3-expand"]
CMD ["/data/run.sh"]
20 changes: 20 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,26 @@ must be installed.

[Vagrant](https://www.vagrantup.com) for Windows users.

## Configuration
By default, configuration is read from environment variables. These are documented
in the `local.env.dist` file. Optionally, you can define configuration in AWS AppConfig.
To do this, set the following environment variables to point to the configuration in
AWS:

* `AWS_REGION` - the AWS region in use
* `APP_ID` - the application ID or name
* `CONFIG_ID` - the configuration profile ID or name
* `ENV_ID` - the environment ID or name

In addition, the AWS API requires authentication. It is best to use an access role
such as an [ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html).
If that is not an option, you can specify an access token using the `AWS_ACCESS_KEY_ID` and
`AWS_SECRET_ACCESS_KEY` variables.

The content of the configuration profile takes the form of a typical .env file, using
`#` for comments and `=` for variable assignment. Any variables read from AppConfig
will overwrite variables set in the execution environment.

## Local testing

1. `cp local.env.dist local.env` within project root and make adjustments as needed.
Expand Down
10 changes: 7 additions & 3 deletions development/idp-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,6 @@
// Options: https://github.com/silinternational/simplesamlphp-module-material/blob/develop/README.md#branding
$THEME_COLOR_SCHEME = Env::get('THEME_COLOR_SCHEME', null);

$IDPDISCO_LAYOUT = Env::get('IDPDISCO_LAYOUT', 'links'); // Options: [links,dropdown]

$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$SESSION_DURATION = (int)(Env::get('SESSION_DURATION', (60 * 60 * 10))); // 10 hours.
$SESSION_STORE_TYPE = Env::get('SESSION_STORE_TYPE', 'phpsession');
Expand Down Expand Up @@ -595,6 +593,12 @@
'module.enable' => [
// Setting to TRUE enables.
'authgoogle' => $GOOGLE_ENABLE,
'expirychecker' => true,
'material' => true,
'mfa' => true,
'profilereview' => true,
'silauth' => true,
'sildisco' => true,
],


Expand Down Expand Up @@ -1066,7 +1070,7 @@
*
* Options: [links,dropdown]
*/
'idpdisco.layout' => $IDPDISCO_LAYOUT,
'idpdisco.layout' => 'links',


/*************************************
Expand Down
9 changes: 7 additions & 2 deletions development/idp2-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$IDPDISCO_LAYOUT = Env::get('IDPDISCO_LAYOUT', 'dropdown'); // Options: [links,dropdown]
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down Expand Up @@ -327,6 +326,12 @@
'module.enable' => [
// Setting to TRUE enables.
'authgoogle' => $GOOGLE_ENABLE,
'expirychecker' => true,
'material' => true,
'mfa' => true,
'profilereview' => true,
'silauth' => true,
'sildisco' => true,
],

/*
Expand Down Expand Up @@ -541,7 +546,7 @@
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => $IDPDISCO_LAYOUT,
'idpdisco.layout' => 'links',

/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
Expand Down
9 changes: 7 additions & 2 deletions development/sp-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$IDPDISCO_LAYOUT = Env::get('IDPDISCO_LAYOUT', 'dropdown'); // Options: [links,dropdown]
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down Expand Up @@ -297,6 +296,12 @@
'module.enable' => [
// Setting to TRUE enables.
'authgoogle' => $GOOGLE_ENABLE,
'expirychecker' => true,
'material' => true,
'mfa' => true,
'profilereview' => true,
'silauth' => true,
'sildisco' => true,
],

/*
Expand Down Expand Up @@ -511,7 +516,7 @@
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => $IDPDISCO_LAYOUT,
'idpdisco.layout' => 'links',

/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
Expand Down
9 changes: 7 additions & 2 deletions development/sp2-local/config/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
$SESSION_REMEMBERME_LIFETIME = (int)(Env::get('SESSION_REMEMBERME_LIFETIME', (14 * 86400))); // 14 days
$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$THEME_USE = Env::get('THEME_USE', 'default');
$IDPDISCO_LAYOUT = Env::get('IDPDISCO_LAYOUT', 'dropdown'); // Options: [links,dropdown]
$SAML20_IDP_ENABLE = Env::get('SAML20_IDP_ENABLE', true);
$GOOGLE_ENABLE = Env::get('GOOGLE_ENABLE', false);

Expand Down Expand Up @@ -297,6 +296,12 @@
'module.enable' => [
// Setting to TRUE enables.
'authgoogle' => $GOOGLE_ENABLE,
'expirychecker' => true,
'material' => true,
'mfa' => true,
'profilereview' => true,
'silauth' => true,
'sildisco' => true,
],

/*
Expand Down Expand Up @@ -511,7 +516,7 @@
* Options: [links,dropdown]
*
*/
'idpdisco.layout' => $IDPDISCO_LAYOUT,
'idpdisco.layout' => 'links',

/*
* Whether simpleSAMLphp should sign the response or the assertion in SAML 1.1 authentication
Expand Down
6 changes: 5 additions & 1 deletion dockerbuild/run.sh
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ cd /data
cat /etc/*release | grep PRETTY
php -v | head -n 1

apache2ctl -k start -D FOREGROUND
if [[ -z "${APP_ID}" ]]; then
apache2ctl -k start -D FOREGROUND
else
config-shim --app $APP_ID --config $CONFIG_ID --env $ENV_ID apache2ctl -k start -D FOREGROUND
fi

# endless loop with a wait is needed for the trap to work
while true
Expand Down
10 changes: 7 additions & 3 deletions dockerbuild/ssp-overrides/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,6 @@
// Options: https://github.com/silinternational/simplesamlphp-module-material/blob/develop/README.md#branding
$THEME_COLOR_SCHEME = Env::get('THEME_COLOR_SCHEME', null);

$IDPDISCO_LAYOUT = Env::get('IDPDISCO_LAYOUT', 'links'); // Options: [links,dropdown]

$SECURE_COOKIE = Env::get('SECURE_COOKIE', true);
$SESSION_DURATION = (int)(Env::get('SESSION_DURATION', (60 * 60 * 10))); // 10 hours.
$SESSION_STORE_TYPE = Env::get('SESSION_STORE_TYPE', 'phpsession');
Expand Down Expand Up @@ -595,6 +593,12 @@
'module.enable' => [
// Setting to TRUE enables.
'authgoogle' => $GOOGLE_ENABLE,
'expirychecker' => true,
'material' => true,
'mfa' => true,
'profilereview' => true,
'silauth' => true,
'sildisco' => true,
],


Expand Down Expand Up @@ -1066,7 +1070,7 @@
*
* Options: [links,dropdown]
*/
'idpdisco.layout' => $IDPDISCO_LAYOUT,
'idpdisco.layout' => 'links',


/*************************************
Expand Down
17 changes: 16 additions & 1 deletion local.env.dist
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,24 @@ COMPOSER_AUTH={"github-oauth":{"github.com":"token-here"}}
COMPOSER_CACHE_DIR=/composer
GOOGLE_ENABLE=
HUB_MODE=false
IDPDISCO_LAYOUT=
ENABLE_DEBUG=


# === AWS AppConfig (optional) ===

# The AWS region in use
#AWS_REGION=

# The AppConfig Application ID (or name)
#APP_ID=

# The AppConfig Configuration Profile ID (or name)
#CONFIG_ID=

# The AppConfig Environment ID (or name)
#ENV_ID=


# LOGGING_LEVEL default is NOTICE, or may be one of: ERR, WARNING, NOTICE, INFO, DEBUG
LOGGING_LEVEL=

Expand Down

0 comments on commit a1f6471

Please sign in to comment.