luma_third_party: default development launch
The cli interface to CrowdSTF has a set of defaults
and configureable values, and this change adds the
token-authentication service to the CrowdSTF dev cli.
A fix is included to stop printing config values to
the log.
Change-Id: I5fd9c85538d4d94ac6f19f1bcbc47267ea281488
diff --git a/crowdstf/config.js b/crowdstf/config.js
index 6c51480..335536c 100644
--- a/crowdstf/config.js
+++ b/crowdstf/config.js
@@ -5,7 +5,8 @@
var config;
try {
config = JSON.parse(fs.readFileSync(__dirname + '/config.json', 'utf8'));
- log.info('Found config.json:\n %s', JSON.stringify(config, null, 2));
+ // Don't log sensitive config values.
+ log.info('Found config.json.');
} catch (ignored) {
config = {};
log.warn('No config file found, using defaults.');
diff --git a/crowdstf/lib/cli.js b/crowdstf/lib/cli.js
index 4b5938b..caa2d3b 100644
--- a/crowdstf/lib/cli.js
+++ b/crowdstf/lib/cli.js
@@ -593,6 +593,51 @@
})
})
+// Start the service for token-based authentication.
+// Hard coded values follow OpenSTF pattern above.
+program
+ .command('auth-token')
+ .description('start token auth client')
+ .option('-p, --port <port>',
+ 'port (or $PORT)',
+ Number,
+ process.env.PORT || 7120)
+ .option('-s, --secret <secret>', 'secret (or $SECRET)',
+ String, process.env.SECRET)
+ .option('-i, --ssid <ssid>', 'session SSID (or $SSID)', String,
+ process.env.SSID || 'ssid')
+ .option('-a, --app-url <url>', 'URL to app', String)
+ .option('--use-basic-auth',
+ 'Whether to use basic authentication for login or not')
+ .option('--basic-auth-username <username>',
+ 'Basic Auth Username (or $BASIC_AUTH_USERNAME)', String,
+ process.env.BASIC_AUTH_USERNAME || 'username')
+ .option('--basic-auth-password <password>',
+ 'Basic Auth Password (or $BASIC_AUTH_PASSWORD)', String,
+ process.env.BASIC_AUTH_PASSWORD || 'password')
+ .action(function(options) {
+ if (!options.secret) {
+ this.missingArgument('--secret');
+ }
+ if (!options.appUrl) {
+ this.missingArgument('--app-url');
+ }
+
+ require('./units/auth/token')({
+ port: options.port,
+ secret: options.secret,
+ ssid: options.ssid,
+ appUrl: options.appUrl,
+ mock: {
+ useBasicAuth: options.useBasicAuth,
+ basicAuth: {
+ username: options.basicAuthUsername,
+ password: options.basicAuthPassword
+ }
+ }
+ });
+ });
+
program
.command('auth-openid')
.description('start openid auth client')
@@ -1073,10 +1118,10 @@
, 'device pull endpoint'
, String
, 'tcp://127.0.0.1:7116')
- .option('--auth-type <mock|ldap|oauth2|saml2|openid>'
+ .option('--auth-type <mock|ldap|oauth2|saml2|openid|token>'
, 'auth type'
, String
- , 'mock')
+ , 'token')
.option('-a, --auth-url <url>'
, 'URL to auth client'
, String)
