Add extra SAML config instructions

Steve Salas · Steve Salas · commit 13e83a462f7f · 2020-08-10T12:21:56.000-04:00
diff --git a/guided-setup.ps1 b/guided-setup.ps1
@@ -90,7 +90,7 @@ $s = @{}
 [IngressKind],[NginxIngressNamespace],[NginxIngressAddress],
 [LetsEncryptNamespace],[LetsEncryptClusterIssuer],[LetsEncryptEmail],[IngressCertificateArn],
 [DnsName],
-[AuthenticationType],[LdapInstructions],[SamlAuthenticationDnsName],[SamlIdpMetadata],[SamlAppName],[SamlKeystorePwd],[SamlPrivateKeyPwd],
+[AuthenticationType],[LdapInstructions],[SamlAuthenticationDnsName],[SamlIdpMetadata],[SamlAppName],[SamlKeystorePwd],[SamlPrivateKeyPwd],[SamlExtraConfig],
 [DefaultCPU],[NginxCPU],[CodeDxCPU],[MasterDatabaseCPU],[SubordinateDatabaseCPU],[ToolServiceCPU],[MinIOCPU],[WorkflowCPU],
 [DefaultMemory],[NginxMemory],[CodeDxMemory],[MasterDatabaseMemory],[SubordinateDatabaseMemory],[ToolServiceMemory],[MinIOMemory],[WorkflowMemory],
 [DefaultEphemeralStorage],[NginxEphemeralStorage],[CodeDxEphemeralStorage],[MasterDatabaseEphemeralStorage],[SubordinateDatabaseEphemeralStorage],[ToolServiceEphemeralStorage],[MinIOEphemeralStorage],[WorkflowEphemeralStorage],
@@ -154,7 +154,7 @@ Add-StepTransitions $graph $s[[LetsEncryptEmail]] $s[[DnsName]],$s[[Authenticati
 Add-StepTransitions $graph $s[[IngressCertificateArn]] $s[[AuthenticationType]]
 
 Add-StepTransitions $graph $s[[AuthenticationType]] $s[[LdapInstructions]],$s[[DefaultCPU]]
-Add-StepTransitions $graph $s[[AuthenticationType]] $s[[SamlAuthenticationDnsName]],$s[[SamlIdpMetadata]],$s[[SamlAppName]],$s[[SamlKeystorePwd]],$s[[SamlPrivateKeyPwd]],$s[[DefaultCPU]]
+Add-StepTransitions $graph $s[[AuthenticationType]] $s[[SamlAuthenticationDnsName]],$s[[SamlIdpMetadata]],$s[[SamlAppName]],$s[[SamlKeystorePwd]],$s[[SamlPrivateKeyPwd]],$s[[SamlExtraConfig]],$s[[DefaultCPU]]
 Add-StepTransitions $graph $s[[AuthenticationType]] $s[[SamlIdpMetadata]]
 Add-StepTransitions $graph $s[[AuthenticationType]] $s[[DefaultCPU]]
 
diff --git a/images/guided-setup.svg b/images/guided-setup.svg
diff --git a/setup/core/docs/auth/use-ldap.md b/setup/core/docs/auth/use-ldap.md
@@ -2,7 +2,7 @@
 
 Here are the deployment steps required to use [Code Dx with LDAP](https://codedx.com/Documentation/InstallGuide.html#ActiveDirectoryLDAPConfiguration):
 
-1) Complete the guided setup to determine the setup command(s) for Deploying Code Dx on your Kubernetes cluster.
+1) Complete the guided setup to determine the setup command(s) for deploying Code Dx on your Kubernetes cluster. End the guided setup by using one of the options to save your setup command to a file.
 
 >Note: If you're planning to use LDAPS and your LDAP server uses either a self-signed certificate or a certificate issued by a CA other than a well-known one, you must select a custom cacerts file and add the certificate for your LDAP server.
 
diff --git a/setup/core/docs/auth/use-saml.md b/setup/core/docs/auth/use-saml.md
@@ -0,0 +1,41 @@
+# Specify Extra SAML Configuration
+
+Here are the steps required to specify extra SAML properties:
+
+>Note: The guided setup will set these Code Dx SAML parameters:
+- auth.saml2.identityProviderMetadataPath
+- auth.saml2.entityId
+- auth.saml2.keystorePassword
+- auth.saml2.privateKeyPassword
+- auth.hostBasePath
+
+1) Complete the guided setup to determine the setup command(s) for deploying Code Dx on your Kubernetes cluster. End the guided setup by using one of the options to save your setup command to a file.
+
+2) Create a file named `codedx-extra-props.yaml` and add your SAML properties and values:
+
+```
+codedxProps:
+  extra:
+  - type: values
+    key: codedx-extra-saml-props
+    values:
+    - "ui.auth.samlLabel = Keycloak"
+    - "auth.autoExternalRedirect = false"
+```
+
+>Note: Use spaces for the indents shown above. Indenting with tab characters will cause a failure at install-time.
+
+3) Locate the run-setup.ps1 file generated by guided-setup.ps1 and make a copy named run-setup-custom.ps1. Edit run-setup-custom.ps1 by appending the following parameter to the setup.ps1 command line, specifying the path to your codedx-extra-props.yaml file:
+
+```
+ -extraCodeDxValuesPaths '/path/to/codedx-extra-props.yaml'
+```
+
+4) Follow the instructions provided at the end of guided-setup.ps1, but replace the run-setup.ps1 reference with run-setup-custom.ps1:
+
+```
+pwsh "/path/to/run-prereqs.ps1"
+pwsh "/path/to/run-setup-custom.ps1"
+```
+
+>Note: You will have a run-prereqs.ps1 file if you selected the Save command with Kubernetes secret(s) option when saving your setup command.
diff --git a/setup/steps/authentication.ps1 b/setup/steps/authentication.ps1
@@ -247,3 +247,43 @@ will use to connect to your SAML identify provider.
 		$this.config.samlPrivateKeyPwd = ''
 	}
 }
+
+class SamlExtraConfig : Step {
+	static [string] hidden $description = @'
+The setup script will configure the following Code Dx SAML properties based on 
+the information you have provided thus far:
+
+- auth.saml2.identityProviderMetadataPath
+- auth.saml2.entityId
+- auth.saml2.keystorePassword
+- auth.saml2.privateKeyPassword
+- auth.hostBasePath
+
+You can find the entire list of Code Dx SAML properties at 
+https://codedx.com/Documentation/InstallGuide.html#SAMLConfiguration
+
+To configure additional SAML properties, follow these instructions:
+https://github.com/codedx/codedx-kubernetes/blob/master/setup/core/docs/auth/use-saml.md
+'@
+
+	SamlExtraConfig([ConfigInput] $config) : base(
+		[SamlExtraConfig].Name, 
+		$config,
+		'SAML Extra Config',
+		[SamlExtraConfig]::description,
+		'Do you want to continue?') {}
+
+	[IQuestion]MakeQuestion([string] $prompt) {
+		return new-object MultipleChoiceQuestion($prompt, 
+			[tuple]::create('&Yes', 'Yes, continue to the next step'),
+			-1)
+	}
+
+	[bool]HandleResponse([IQuestion] $question) {
+		return $true
+	}
+
+	[bool]CanRun() {
+		return $this.config.useSaml
+	}
+}
diff --git a/test/guided-setup.tests.ps1 b/test/guided-setup.tests.ps1
@@ -1,4 +1,11 @@
 
+
+Import-Module 'pester' -ErrorAction SilentlyContinue
+if (-not $?) {
+	Write-Host 'Pester is not installed, so this test cannot run. Run pwsh, install the Pester module (Install-Module Pester), and re-run this script.'
+	exit 1
+}
+
 $location = join-path $PSScriptRoot '..'
 push-location ($location)
 
diff --git a/test/mock.ps1 b/test/mock.ps1
@@ -1,4 +1,3 @@
-Import-Module 'pester'
 
 function New-Mocks() {
 
diff --git a/test/pass.ps1 b/test/pass.ps1
@@ -558,6 +558,7 @@ function Set-UseSamlPass([int] $saveOption) {
 	$global:inputs.enqueue((New-Password 'my-keystore-password')) # specify keystore pwd confirm
 	$global:inputs.enqueue((New-Password 'my-private-key-password')) # specify private key pwd
 	$global:inputs.enqueue((New-Password 'my-private-key-password')) # specify private key pwd confirm
+	$global:inputs.enqueue(0) # continue past instructions
 	$global:inputs.enqueue(1) # skip cpu reservation
 	$global:inputs.enqueue(1) # skip memory reservation
 	$global:inputs.enqueue(1) # skip storage reservation

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-Import-Module 'pester'`
`2`	`1`
`3`	`2`	`function New-Mocks() {`
`4`	`3`