Skip to content

IdP Modules

Jump to bottom
anazmy edited this page May 6, 2017 · 3 revisions

IdP Modules

  • Aker has modular design to support multiple identity providers, each identity provider (IdP) is represented by a python module under idp directory, currently Json and IPA are the pre-shipped modules, the idp directory content looks like this: 
     idp
 ├── __init__.py
 ├── IPA.py
 ├── Json.py

The role of an IdP Module

  • The role of IdP modules is to return a list -python data structure- of hosts/servers the user is allowed access to. An IdP module handles communication with your infrastructure be it MySQL DB, LDAP or AWS IAM or anything else.

Setting up Identity Provider (IdP) in Aker, json example

  • Setting up IdP in Aker is easy, all is needed is to edit aker.ini config file , for example I'm setting json as my IdP here : 
    # Identity Provider to determine the list of available hosts
# options shipped are IPA, Json
idp = Json
hosts_file = /etc/aker/hosts.json
  • Its important to note that the idp variable has to match the exact filename - case sensitive - under idp directory. Json.py module will read /etc/aker/hosts.json and show hosts allowed to the logged-in user, a sample hosts.json is provided .

Writing your custom IdP module

  • All what your module needs is instantiating a class with IdP object and exposing a method called list_allowed() to return the list of hosts allowed, here is an example Yaml.py module that loads hosts from a yaml file : 
     from IdPFactory import IdP

 import logging
 import yaml


 class Yaml(IdP):
 	
 	def __init__(self,config,username,gateway_hostgroup):
 		super(Yaml,self).__init__(username,gateway_hostgroup)
 		logging.debug("Yaml: loaded")
 		self.config = config
 		self._allowed_ssh_hosts  = []
 		self.username = username
 		self.hosts_file = self.config.get("General","hosts_file","hosts.yaml")
 		self.datamap = yaml.load(open(self.hosts_file,'r'))
 		self.usergroups = []
 		self.find_hosts()

 		
 	def find_hosts(self):
 		
 		for user in self.datamap['users']:
 			 if user['username'] == self.username :
 				for group in user['groups']:
 					self.usergroups.append(group)
 		
 		for host in self.datamap['hosts']:
 			if host['groups'] is not None:
 				for group in host['groups']:
 					if group in self.usergroups:
 						self._allowed_ssh_hosts.append(host['hostname'])
 	
 			
 	def list_allowed(self):
 		return self._allowed_ssh_hosts
Clone this wiki locally