Added OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED to config options
Starting from Openstack Bobcat (2023.2) Multi Factor Authentication was added for Horizon. This change introduced a new variable called OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED, which if set to True will display a new form requesting for the user's TOTP code for MFA enabled users. This change provides the missing OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED config option for the charm, allowing the user to enable from the charm's configuration. If the value is set to True, the new bobcat template will render the following values: OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = True AUTHENTICATION_PLUGINS = [ 'openstack_auth.plugin.totp.TotpPlugin', 'openstack_auth.plugin.password.PasswordPlugin', 'openstack_auth.plugin.token.TokenPlugin' ] Closes-Bug: #2058689 Change-Id: Ifedf587356693b58612b1fc4d7404f0f446158ce
This commit is contained in:
parent
f433c3fb90
commit
ab66a192f4
|
@ -512,6 +512,7 @@ options:
|
|||
this option sets True as the default value, which is consistent with the
|
||||
default value 'WSGISocketRotation On' in Apache. This option should be
|
||||
used with caution. Please read the Apache doc page for more information.
|
||||
|
||||
extra-regions:
|
||||
type: string
|
||||
default: "{}"
|
||||
|
@ -528,3 +529,11 @@ options:
|
|||
"another cluster": "https://another.example.com/identity/v3"
|
||||
}
|
||||
|
||||
mfa-totp-enabled:
|
||||
type: boolean
|
||||
default: False
|
||||
description: |
|
||||
Allow users to enable TOTP Authentication form. If not configured, this option sets False
|
||||
as the default value, which in turns does not display the form for MFA enabled users. If
|
||||
this option is set to True, Horizon will display a second login form requesting the TOTP
|
||||
code for MFA enabled users.
|
||||
|
|
|
@ -304,6 +304,8 @@ class HorizonContext(OSContextGenerator):
|
|||
config('enable-router-panel'),
|
||||
'retrieve_network_data_when_listing_instances':
|
||||
config('retrieve-network-data-when-listing-instances'),
|
||||
'openstack_keystone_mfa_totp_enabled':
|
||||
config('mfa-totp-enabled'),
|
||||
}
|
||||
|
||||
return ctxt
|
||||
|
|
|
@ -1053,3 +1053,13 @@ SITE_BRANDING_LINK = "{{ site_branding_link }}"
|
|||
{%- if help_url %}
|
||||
HORIZON_CONFIG["help_url"] = "{{ help_url }}"
|
||||
{%- endif %}
|
||||
|
||||
{%- if openstack_keystone_mfa_totp_enabled %}
|
||||
OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED = "{{ openstack_keystone_mfa_totp_enabled }}"
|
||||
|
||||
AUTHENTICATION_PLUGINS = [
|
||||
'openstack_auth.plugin.totp.TotpPlugin',
|
||||
'openstack_auth.plugin.password.PasswordPlugin',
|
||||
'openstack_auth.plugin.token.TokenPlugin'
|
||||
]
|
||||
{%- endif %}
|
||||
|
|
|
@ -147,6 +147,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -189,6 +190,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -232,6 +234,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -277,6 +280,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": True,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -321,6 +325,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": False,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -364,6 +369,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -406,6 +412,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -448,6 +455,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -491,6 +499,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -537,6 +546,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -579,6 +589,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -629,6 +640,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": (
|
||||
False),
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -670,6 +682,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_key": None,
|
||||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
}
|
||||
)
|
||||
|
@ -713,6 +726,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -756,6 +770,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -799,6 +814,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -842,6 +858,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -885,6 +902,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -928,6 +946,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -975,6 +994,7 @@ class TestHorizonContexts(CharmTestCase):
|
|||
"create_instance_flavor_sort_reverse": False,
|
||||
"enable_router_panel": True,
|
||||
"retrieve_network_data_when_listing_instances": True,
|
||||
"openstack_keystone_mfa_totp_enabled": False,
|
||||
}
|
||||
)
|
||||
|
||||
|
@ -984,6 +1004,13 @@ class TestHorizonContexts(CharmTestCase):
|
|||
self.assertTrue(horizon_contexts
|
||||
.HorizonContext()()['disable_instance_snapshot'])
|
||||
|
||||
def test_HorizonContext_can_set_openstack_keystone_mfa_totp_enabled(self):
|
||||
self.maxDiff = 900
|
||||
self.test_config.set('mfa-totp-enabled', True)
|
||||
self.assertTrue(horizon_contexts
|
||||
.HorizonContext()()
|
||||
['openstack_keystone_mfa_totp_enabled'])
|
||||
|
||||
def test_IdentityServiceContext_not_related(self):
|
||||
self.relation_ids.return_value = []
|
||||
self.context_complete.return_value = False
|
||||
|
|
Loading…
Reference in New Issue