Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP for testing: SAML Config Refactor #2953

Merged
merged 9 commits into from
Aug 9, 2018
Merged

WIP for testing: SAML Config Refactor #2953

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
44f421b
Default to db storage based on environment variable.
lcatlett Jul 12, 2018
e02d857
Update saml config to resolve acquia function errors.
lcatlett Jul 13, 2018
59015fd
Removes extra bracket.
lcatlett Jul 20, 2018
38d2055
Fix syntax error.
lcatlett Jul 20, 2018
48304af
Merge branch '9.x' into saml-refactor
lcatlett Jul 21, 2018
d11dd01
Add ACE compatibility, update helptext and Acquia docs.
lcatlett Jul 21, 2018
e3a50e5
Merge branch '9.x' into saml-refactor
lcatlett Jul 21, 2018
95831d3
Merge branch '9.x' into saml-refactor
lcatlett Jul 22, 2018
2702046
Merge branch '9.x' into saml-refactor
ba66e77 Aug 8, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
188 changes: 41 additions & 147 deletions scripts/simplesamlphp/acquia_config.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,6 @@
* - 'session_store': Define the session storage service to use in each
* Acquia environment ("memcache" or "database").
*/
$ah_options = [
'database_name' => 'mydatabasename',
'session_store' => [
'prod' => 'database',
'test' => 'database',
'dev' => 'database',
],
];

// Set some security and other configs that are set above, however we
// overwrite them here to keep all changes in one area.
Expand All @@ -37,13 +29,19 @@
$config['secretsalt'] = 'y0h9d13pki9qdhfm3l5nws4jjn55j6hj';
$config['auth.adminpassword'] = 'mysupersecret';

$_SERVER['SERVER_PORT'] = 443;
$_SERVER['HTTPS'] = 'true';
$protocol = 'https://';
$port = ':' . $_SERVER['SERVER_PORT'];


/**
* Multi-site installs.
*
* Support multi-site installations at different base URLs.
*/
# $config['baseurlpath'] = "https://{$_SERVER['SERVER_NAME']}/simplesaml/";

// $config['baseurlpath'] = "https://{$_SERVER['SERVER_NAME']}/simplesaml/";
$config['baseurlpath'] = $protocol . $_SERVER['HTTP_HOST'] . $port . '/simplesaml/';
/**
* Cookies No Cache.
*
Expand All @@ -54,156 +52,52 @@
*
* @link https://docs.acquia.com/articles/using-simplesamlphp-acquia-cloud-site
*/
# setcookie('NO_CACHE', '1');

// setcookie('NO_CACHE', '1');.
if (!getenv('AH_SITE_ENVIRONMENT')) {
// Add your local configuration here.
// Local Development.
$config['store.type'] = 'sql';
$config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', '127.0.0.1', '', 'drupal');
$config['store.sql.username'] = 'drupal';
$config['store.sql.password'] = 'drupal';
$config['store.sql.prefix'] = 'simplesaml';
$config['certdir'] = "/var/www/simplesamlphp/cert/";
$config['metadatadir'] = "/var/www/simplesamlphp/metadata";
$config['baseurlpath'] = 'simplesaml/';
$config['loggingdir'] = '/var/www/simplesamlphp/log/';
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are 2 } here at lines 68/69 and only 1 is needed (fatal)

else {
$ah_options['env'] = getenv('AH_SITE_ENVIRONMENT');
$config = acquia_logging_config($config);
$config = acquia_session_store_config($config, $ah_options);
}

/**
* Get session storage configuration defined by Acquia.
*
* @param array $config
* Current configuration.
* @param array $ah_options
* Acquia account specific options.
*
* @return array
* Updated configuration.
*/
function acquia_session_store_config(array $config, array $ah_options) {
if ($ah_options['session_store'][$ah_options['env']] == 'memcache') {
$config = mc_session_store($config);
}
elseif ($ah_options['session_store'][$ah_options['env']] == 'database') {
$config = sql_session_store($config, $ah_options['database_name']);
}

return $config;
}

/**
* Get logging configuration defined by Acquia.
*
* @param array $config
* Current configuration.
*
* @return array
* Updated configuration.
*/
function acquia_logging_config(array $config) {
elseif (file_exists("/mnt/files/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/files-private/sites.json")) {
// On ACSF.
$config['certdir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/cert/";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/ is pointing to the simplesamlphp symlink in the docroot from symlinkDocrootToLibDir() right? Using a relative path works and would make non-environment specific, i.e. $config['certdir'] = 'cert/';. Same for $config['metadatadir'] on the next line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rjgwiz I believe the simplesamlphp_auth module has a note that it requires absolute paths for those files - have you found that not to be the case?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lcatlett yea - in our project we have been using relative path for over a year. Currently on simplesamlphp v1.15.4

$config['metadatadir'] = "/mnt/www/html/{$_ENV['AH_SITE_GROUP']}.{$_ENV['AH_SITE_ENVIRONMENT']}/simplesamlphp/metadata";
$config['baseurlpath'] = 'simplesaml/';
$config['logging.handler'] = 'file';
$config['loggingdir'] = dirname(getenv('ACQUIA_HOSTING_DRUPAL_LOG'));
// Setup basic.
$config['logging.logfile'] = 'simplesamlphp-' . date('Ymd') . '.log';

return $config;
}

/**
* Get memcache session storage config.
*
* @param array $config
* Current configuration.
*
* @return array
* Updated configuration.
*/
function mc_session_store(array $config, array $ah_options) {
$config['store.type'] = 'memcache';
$config['memcache_store.servers'] = mc_info();
$config['memcache_store.prefix'] = $ah_options['database_name'];

return $config;
}

/**
* Get memcache information.
*
* @return array
* Memcache server pool information.
*/
function mc_info() {
$creds_json = file_get_contents('/var/www/site-php/' . getenv('AH_SITE_NAME') . '/creds.json');
$creds = json_decode($creds_json, TRUE);
$mc_server = [];
$mc_pool = [];
foreach ($creds['memcached_servers'] as $fqdn) {
$mc_server['hostname'] = preg_replace('/:.*?$/', '', $fqdn);
array_push($mc_pool, $mc_server);
$creds_json = file_get_contents('/var/www/site-php/' . $_ENV['AH_SITE_GROUP'] . '.' . $_ENV['AH_SITE_ENVIRONMENT'] . '/creds.json');
$databases = json_decode($creds_json, TRUE);
$creds = $databases['databases'][$_ENV['AH_SITE_GROUP']];
require_once "/usr/share/php/Net/DNS2_wrapper.php";
try {
$resolver = new Net_DNS2_Resolver(array(
'nameservers' => array(
'127.0.0.1',
'dns-master',
),
));
$response = $resolver->query("cluster-{$creds['db_cluster_id']}.mysql", 'CNAME');
$creds['host'] = $response->answer[0]->cname;
}
catch (Net_DNS2_Exception $e) {
$creds['host'] = "";
}

return [$mc_pool];
}

/**
* Set SQL database session storage.
*
* @param array $config
* Current configuration.
* @param string $database_name
* The name of a MySQL database.
*
* @return array
* Updated configuration.
*/
function sql_session_store(array $config, $database_name) {
$creds = db_info($database_name);
$config['store.type'] = 'sql';
$config['store.sql.dsn'] = sprintf('mysql:host=%s;port=%s;dbname=%s', $creds['host'], $creds['port'], $creds['name']);
$config['store.sql.username'] = $creds['user'];
$config['store.sql.password'] = $creds['pass'];
$config['store.sql.prefix'] = 'simplesaml';

return $config;
}

/**
* Get SQL database information.
*
* @param string $db_name
* The name of a MySQL database.
*
* @return array
* Database information.
*/
function db_info($db_name) {
$creds_json = file_get_contents('/var/www/site-php/' . getenv('AH_SITE_NAME') . '/creds.json');
$databases = json_decode($creds_json, TRUE);
$db = $databases['databases'][$db_name];
$db['host'] = ($host = ah_db_current_host($db['db_cluster_id'])) ? $host : key($db['db_url_ha']);

return $db;
}

/**
* Get the SQL database current host.
*
* @param string $db_cluster_id
* The MySQL database cluster id.
*
* @return string
* The database host to use if found else empty.
*/
function ah_db_current_host($db_cluster_id) {
require_once '/usr/share/php/Net/DNS2_wrapper.php';
try {
$resolver = new \Net_DNS2_Resolver([
'nameservers' => [
'127.0.0.1',
'dns-master',
],
]);
$response = $resolver->query("cluster-{$db_cluster_id}.mysql", 'CNAME');
$cached_id = $response->answer[0]->cname;
}
catch (\Net_DNS2_Exception $e) {
$cached_id = '';
}

return $cached_id;
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are 3 } here and only 1 is needed (fatal)