dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove deprecated options

Browse Source
This commit is contained in:
Maxime Besson 2021-06-29 15:18:01 +02:00
parent ebc29edcb9
commit ff09c8856f
1 changed files with 59 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
lemonldap-ng-common/scripts/importMetadata
View File

@ -24,12 +24,12 @@ sub toEntityIDkey {
#==============================================================================
my %opts;
my $result = GetOptions(
\%opts, 'metadata|m=s',
'certificate|c=s', 'verbose|v',
'help|h', 'spconfprefix|s=s',
'idpconfprefix|i=s', 'warning|w',
'remove|r', 'nagios|n',
'blocklistsp|bs=s', 'blocklistidp|bi=s', 'dryrun|d'
\%opts, 'metadata|m=s',
'verbose|v', 'help|h',
'spconfprefix|s=s', 'idpconfprefix|i=s',
'remove|r', 'nagios|a',
'ignore-sp=s@', 'ignore-idp=s@',
'dry-run|n'
);
#==============================================================================
@ -40,16 +40,18 @@ if ( $opts{help} or !$opts{metadata} ) {
"\nScript to import SAML metadata bundle file into LL::NG configuration\n\n";
print STDERR "Usage: $0 -m <metadata file URL>\n\n";
print STDERR "Options:\n";
print STDERR "\t-c (--certificate): URL of certificate, to check metadata document signature\n";
print STDERR "\t-i (--idpconfprefix): Prefix used to set IDP configuration key\n";
print STDERR
"\t-i (--idpconfprefix): Prefix used to set IDP configuration key\n";
print STDERR "\t-h (--help): print this message\n";
print STDERR "\t-m (--metadata): URL of metadata document\n";
print STDERR "\t-s (--spconfprefix): Prefix used to set SP configuration key\n";
print STDERR "\t-w (--warning): print debug messages\n";
print STDERR "\t-bs (--blocklistsp): list of SP entityID to avoid to modify/import\n";
print STDERR "\t-bi (--blocklistip): list of IdP entityID to avoid to modify/import\n";
print STDERR "\t-n (--nagios) : output only metrics nagios compatible\n";
print STDERR "\t-d (--dryrun): do nothing\n";
print STDERR
"\t-s (--spconfprefix): Prefix used to set SP configuration key\n";
print STDERR
"\t--ignore-sp: ignore SP maching this entityID (can be specified multiple times)\n";
print STDERR
"\t--ignore-idp: ignore IdP matching this entityID (can be specified multiple times)\n";
print STDERR "\t-a (--nagios) : output statistics in Nagios format\n";
print STDERR "\t-n (--dry-run): do nothing\n";
print STDERR "\t-v (--verbose): display all actions\n";
print STDERR "\t-r (--remove): remove entityID inside LemonLDAP if was remove inside remote metadata\n";
exit 1;
@ -133,33 +135,9 @@ my $spCounter = {
'ignored' => 0,
};
############# Block List manipulation
my $blocklistsp = $opts{blocklistsp} || "";
my $blocklistidp = $opts{blocklistidp} || "";
# BlockList initialisation
my @spBlocklist = ();
my @spBlocklistKey = ();
if ( $blocklistsp ) {
@spBlocklist = split(/,/,$opts{blocklistsp});
}
my @idpBlocklist = ();
my @idpBlocklistKey = ();
if ( $blocklistidp ) {
@idpBlocklist = split(/,/,$opts{blocklistidp})
}
foreach my $s (@spBlocklist) {
push(@spBlocklistKey,toEntityIDkey($spConfKeyPrefix, $s));
}
foreach my $s (@idpBlocklist) {
push(@idpBlocklistKey,toEntityIDkey($idpConfKeyPrefix, $s));
}
my @spIgnorelist = @{ $opts{'ignore-sp'} || [] };
my @idpIgnorelist = @{ $opts{'ignore-idp'} || [] };
#==============================================================================
# Main
@ -223,33 +201,6 @@ else {
my $dom = XML::LibXML->load_xml( string => $response->decoded_content );
# Check file signature
if ( $opts{certificate} ) {
my $certificate_file = $opts{certificate};
if ( $opts{verbose} ) {
print "Try to download certificate file at $certificate_file\n";
}
my $cert_response = $ua->get($certificate_file);
if ( $cert_response->is_success ) {
if ( $opts{verbose} ) {
print "Certificate file found:\n"
. $cert_response->decoded_content . "\n";
}
}
else {
die $cert_response->status_line;
}
if ( $opts{verbose} ) {
print "Check metadata signature with certificate";
}
# TODO
print STDERR "[WARN] Signature verification not yet implemented\n"
if $opts{warning};
}
# Remove extensions
foreach ( $dom->findnodes('//md:Extensions') ) { $_->unbindNode; }
@ -284,10 +235,10 @@ foreach
# test if IDP entityID is inside the block list
if ( $entityID ~~ @idpBlocklist){
if ( $opts{verbose} ) {
print "IDP $entityID won't be update/added \n";
}
if ( $entityID ~~ @idpIgnorelist ) {
if ( $opts{verbose} ) {
print "IDP $entityID won't be update/added \n";
}
$idpCounter->{ignored}++;
}else{
# Check if entityID already in configuration
@ -337,7 +288,7 @@ foreach
else {
print STDERR
"[WARN] IDP $entityID is not compatible with SAML 2.0, it will not be imported.\n"
if $opts{warning};
if $opts{verbose};
$idpCounter->{rejected}++;
}
}
@ -404,7 +355,7 @@ foreach
# test if IDP entityID is inside the block list
if ( $entityID ~~ @spBlocklist){
if ( $entityID ~~ @spIgnorelist ) {
if ( $opts{verbose} ) {
print "SP $entityID won't be update/added \n";
}
@ -468,7 +419,7 @@ foreach
else {
print STDERR
"[WARN] SP $entityID is not compatible with SAML 2.0, it will not be imported.\n"
if $opts{warning};
if $opts{verbose};
$spCounter->{rejected}++;
}
@ -480,12 +431,14 @@ foreach
if ( $opts{remove} ) {
foreach ( keys %$idpList ) {
my $idpConfKey = $idpList->{$_};
if ( $idpConfKey ~~ @idpBlocklistKey){
if ( $opts{verbose} ) {
print "IDP $idpConfKey won't be deleted \n";
unless ( defined $mdIdpList->{$_} ) {
if ( $_ ~~ @idpIgnorelist ) {
$idpCounter->{ignored}++;
if ( $opts{verbose} ) {
print "IDP $idpConfKey won't be deleted \n";
}
}
}else{
unless ( defined $mdIdpList->{$_} ) {
else {
delete $lastConf->{samlIDPMetaDataXML}->{$idpConfKey};
delete $lastConf->{samlIDPMetaDataExportedAttributes}
->{$idpConfKey};
@ -500,12 +453,14 @@ if ( $opts{remove} ) {
foreach ( keys %$spList ) {
my $spConfKey = $spList->{$_};
if ( $spConfKey ~~ @spBlocklistKey){
if ( $opts{verbose} ) {
print "SP $spConfKey won't be deleted \n";
unless ( defined $mdSpList->{$_} ) {
if ( $_ ~~ @spIgnorelist ) {
$spCounter->{ignored}++;
if ( $opts{verbose} ) {
print "SP $spConfKey won't be deleted \n";
}
}
}else{
unless ( defined $mdSpList->{$_} ) {
else {
delete $lastConf->{samlSPMetaDataXML}->{$spConfKey};
delete $lastConf->{samlSPMetaDataExportedAttributes}->{$spConfKey};
delete $lastConf->{samlSPMetaDataOptions}->{$spConfKey};
@ -521,24 +476,26 @@ if ( $opts{remove} ) {
my $numConf = "DRY-RUN";
my $exitCode = 0;
if ( ! $opts{dryrun} ) {
# Register configuration
if ( $opts{verbose} ) {
print "[INFO] run mod EntityID will be inserted\n";
}
$numConf = $conf->saveConf( $lastConf, ( cfgNumFixed => 1 ) );
if ( $opts{verbose} ) {
print "[OK] Configuration $numConf saved\n";
$exitCode = 0;
}
unless ($numConf) {
print "[ERROR] Unable to save configuration\n";
$exitCode = 1;
}
}else{
if ( $opts{verbose} ) {
print "[INFO] Dry-run mod no EntityID inserted\n";
}
if ( !$opts{'dry-run'} ) {
# Register configuration
if ( $opts{verbose} ) {
print "[INFO] run mod EntityID will be inserted\n";
}
$numConf = $conf->saveConf( $lastConf, ( cfgNumFixed => 1 ) );
if ( $opts{verbose} ) {
print "[OK] Configuration $numConf saved\n";
$exitCode = 0;
}
unless ($numConf) {
print "[ERROR] Unable to save configuration\n";
$exitCode = 1;
}
}
else {
if ( $opts{verbose} ) {
print "[INFO] Dry-run mod no EntityID inserted\n";
}
}