groupe-sii
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 42 additions & 34 deletions b/‎README.md‎
Lines changed: 42 additions & 34 deletions
diff --git a/‎api/config.sample.yaml‎
Lines changed: 24 additions & 0 deletions b/‎api/config.sample.yaml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎api/lumext_api/utils.py‎
Lines changed: 36 additions & 13 deletions b/‎api/lumext_api/utils.py‎
Lines changed: 36 additions & 13 deletions
diff --git a/‎api/setup.py‎
Lines changed: 7 additions & 3 deletions b/‎api/setup.py‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎docs/images/architectrure_overview.png‎ renamed to ‎docs/images/architecture_overview.png‎ b/‎docs/images/architectrure_overview.png‎ renamed to ‎docs/images/architecture_overview.png‎
diff --git a/‎docs/images/ldap_structure_example.png‎
11.8 KB b/‎docs/images/ldap_structure_example.png‎
11.8 KB
diff --git a/‎docs/images/vclouddirector-setup-import-user.png‎
486 Bytes b/‎docs/images/vclouddirector-setup-import-user.png‎
486 Bytes
diff --git a/‎ui/README.md‎
Lines changed: 77 additions & 0 deletions b/‎ui/README.md‎
Lines changed: 77 additions & 0 deletions
@@ -2,3 +2,8 @@
 **/__pycache__/
 # Avoid pushing real configuration
 api/config.json
+
+#ui
+node_modules
+dist
+package-lock.json
@@ -14,6 +14,8 @@ A this time, the extension supports only **users management** with the following
 * Reset password
 * Delete user
 
+LUMExt support both LDAP or LDAPs protocols and, at least, *Active Directory* based LDAP server.
+
 ### Todo
 
 In future releases, we plan to provide a support for LDAP **groups** to simplify the role management:
@@ -52,7 +54,7 @@ LUMExt is based on a the [vCloud Director Extension SDK](https://github.com/vmwa
 
 The following architecture is used for LUMExt deployement
 
-![Architecture overview](./docs/images/architecture.svg)
+![Architecture overview](./docs/images/architecture_overview.png)
 
 ### LDAP structure
 
@@ -78,6 +80,10 @@ Each Organization's OU is named according to the Org-ID (ex: `5eb80c89-06bc-4650
 
 *Base OU* can be configured in the settings of LUMExt API service to point in a specific point of the LDAP directory based on its LDAP path.
 
+Example of a LDAP structure in an *Active Directory* server:
+
+![LDAP Structure example](./docs/images/ldap_structure_example.png)
+
 ## LUMExt-API
 
 *LUMExt-API* is the backend server used to:
@@ -102,7 +108,7 @@ yum install git
 
 # Create env variable
 echo "export LUMEXT_HOME=/opt/sii/lumext" > /etc/profile.d/lumext.sh
-echo "export LUMEXT_CONFIGURATION_FILE_PATH=/opt/sii/lumext/etc/config.json" >> /etc/profile.d/lumext.sh
+echo "export LUMEXT_CONFIGURATION_FILE_PATH=/opt/sii/lumext/etc/config.yaml" >> /etc/profile.d/lumext.sh
 chmod 755 /etc/profile.d/lumext.sh
 
 # Create folder structure
@@ -127,43 +133,45 @@ Before running LUMExt-API, it is necessary to configure it.
 
 ```bash
 # Copy configuration sample
-cp config.sample.json $LUMEXT_CONFIGURATION_FILE_PATH
+cp config.sample.yaml $LUMEXT_CONFIGURATION_FILE_PATH
 # Copy log configuration (so you will be able to edit it for your purpose)
 cp logging.json $LUMEXT_HOME/etc
 ```
 
-Then you will need to edit the following line of the `/opt/sii/lumext/etc/config.json` file:
-
-```json
-{
-    "rabbitmq": {
-        "server": "<address of rmq server>",
-        "port": "<tcp port of rmq server>",
-        "user": "<amqp username>",
-        "password": "<amqp password>",
-        "exchange": "<configured exchange on vCD>",
-        "queue": "sii-lumext",
-        "routing_key": "sii-lumext",
-        "use_ssl": true // true/false depending on your rmq server
-    },
-    "ldap": {
-        "address": "ldaps://---------:636", // ldap address starting with ldap:// or ldaps://
-        "user": "user@domain", // username for LDAP administration
-        "secret": "<ldap user password>",
-        "base": "dc=domain,dc=tld", // LDAP base path to use as a root for OU creation(s)
-        "domain": "domain.tld", // name of the LDAP domain
-        "search_timeout": 5, // seconds
-        "operation_timeout": 5, // seconds
-        "cacert_file": "/etc/ssl/certs/ca-certificates.crt", // If LDAPs is used
-        "userAccountControl": 66048 // Default mode for user creation (66048: no password expiration + user activated)
-    },
-    "log": {
-        "config_path": "/opt/sii/lumext/etc/logging.json" // path to the log configuration file
-    }
-}
+Then you will need to edit the following line of the `/opt/sii/lumext/etc/config.yaml` file:
+
+```yaml
+rabbitmq:
+  server: rmq.domain # address of rabbitmq server
+  port: 5672 # tcp port of rabbitmq server
+  user: svc-user # amqp username
+  password: "**********" # amqp password
+  exchange: systemExchange # configured exchange for vCD
+  queue: sii-lumext
+  routing_key: sii-lumext
+  use_ssl: true # true/false depending on your rmq server
+
+ldap:
+  address: ldaps://---------:636 # ldap address starting with ldap:// or ldaps://
+  user: user@domain # username for LDAP administration
+  secret: "***********" # password for LDAP administration
+  base: dc=domain,dc=tld # LDAP base path to use as a root for OU creation(s)
+  domain: domain.tld # name of the LDAP domain
+  search_timeout: 5 # seconds
+  operation_timeout: 5 # seconds
+  cacert_file: /etc/ssl/certs/ca-certificates.crt # If LDAPs is used
+  userAccountControl: 66048 # Default mode for user creation:
+                            # - (66048: no password expiration + user activated)
+
+log:
+  config_path: /opt/sii/lumext/etc/logging.json
 ```
 
-> Remove all ``//.*`` comments as it it not supported in JSON syntax.
+> **Note about LDAPs certificates:**
+>
+> To use LDAPs, a *cacert* file is mandatory to validate the certificate submitted by the server. You can use a custom CA cert chain (*PEM format*) or, if you use a certificate signed by an OS-trusted CA, use the OS declaration of the trusted certificates.
+>
+> Please refer to [`Python-LDAP` library documentation](https://www.python-ldap.org/en/latest/index.html) for more details.
 
 #### Test
 
@@ -198,7 +206,7 @@ After="network-online.target"
 
 [Service]
 Environment="LUMEXT_HOME=/opt/sii/lumext"
-Environment="LUMEXT_CONFIGURATION_FILE_PATH=/opt/sii/lumext/etc/config.json"
+Environment="LUMEXT_CONFIGURATION_FILE_PATH=/opt/sii/lumext/etc/config.yaml"
 WorkingDirectory=/opt/sii/lumext
 ExecStart=/opt/sii/lumext/lumext-venv/bin/python -m lumext_api
 Restart=on-failure
 
@@ -0,0 +1,24 @@
+rabbitmq:
+  server: rmq.domain # address of rabbitmq server
+  port: 5672 # tcp port of rabbitmq server
+  user: svc-user # amqp username
+  password: "**********" # amqp password
+  exchange: systemExchange # configured exchange for vCD
+  queue: sii-lumext
+  routing_key: sii-lumext
+  use_ssl: true # true/false depending on your rmq server
+
+ldap:
+  address: ldaps://---------:636 # ldap address starting with ldap:// or ldaps://
+  user: user@domain # username for LDAP administration
+  secret: "***********" # password for LDAP administration
+  base: dc=domain,dc=tld # LDAP base path to use as a root for OU creation(s)
+  domain: domain.tld # name of the LDAP domain
+  search_timeout: 5 # seconds
+  operation_timeout: 5 # seconds
+  cacert_file: /etc/ssl/certs/ca-certificates.crt # If LDAPs is used
+  userAccountControl: 66048 # Default mode for user creation:
+                            # - (66048: no password expiration + user activated)
+
+log:
+  config_path: /opt/sii/lumext/etc/logging.json
@@ -7,8 +7,7 @@
 import os
 
 # PIP imports
-import simplejson as json
-from python_json_config import ConfigBuilder
+import yaml
 
 logger = logging.getLogger(__name__)
 
@@ -80,15 +79,15 @@ def validate_configuration_path(env):
         print(f"""Missing environment variable `{env}`.
 
 Please:
-1. copy the `config.sample.json` file to a new location.
+1. copy the `config.sample.yaml` file to a new location.
 2. Configure the copy with your settings.
 3. Export the environment variable `{env}`
 
 Ex:
 ```
 mkdir -p /opt/lumext/etc
-cp config.sample.json /opt/sii/lumext/etc/config.json
-export {env}=/opt/sii/lumext/etc/config.json
+cp config.sample.yaml /opt/sii/lumext/etc/config.yaml
+export {env}=/opt/sii/lumext/etc/config.yaml
 ```
         """)
         sys.exit(-1)
@@ -100,14 +99,14 @@ def validate_configuration_path(env):
 correctly setted.
         """)
         sys.exit(-1)
-    with open(config_path) as json_config:
+    with open(config_path) as yaml_config:
         try:
-            json.load(json_config)
-        except json.errors.JSONDecodeError:
+            yaml.load(yaml_config, Loader=yaml.SafeLoader)
+        except yaml.scanner.ScannerError:
             print(f"""Invalid syntax in configuration file: {config_path}
 
 Please check that the content of the configuration file is a
-valid JSON document.
+valid YAML document.
         """)
             sys.exit(-1)
     return
@@ -121,10 +120,11 @@ def configuration_manager():
     """
     # Read config path from rnv settings.
     config_path = os.environ.get("LUMEXT_CONFIGURATION_FILE_PATH")
-    # create config parser
-    builder = ConfigBuilder()
+    # load config file
+    with open(config_path) as yaml_config:
+        c = yaml.load(yaml_config, Loader=yaml.SafeLoader)
     # parse config
-    return builder.parse_config(config_path)
+    return dict2obj(c)
 
 
 def list_get(arr: list, index: int, default: any = None):
@@ -144,4 +144,27 @@ def list_get(arr: list, index: int, default: any = None):
     try:
         return arr[index]
     except IndexError:
-        return default
+        return default
+
+
+def dict2obj(d):
+    """Convert a dict to an object.
+
+    Args:
+        d (dict): Dict to convert.
+
+    Returns:
+        object: Converted object.
+    """
+    if isinstance(d, list):
+        d = [dict2obj(x) for x in d]
+    if not isinstance(d, dict):
+        return d
+
+    class C(object):
+        pass
+
+    o = C()
+    for k in d:
+        o.__dict__[k] = dict2obj(d[k])
+    return o
@@ -1,8 +1,12 @@
 from distutils.core import setup
 import setuptools
 
-with open("README.md", "r") as fh:
-    long_description = fh.read()
+long_description = """LDAP user management extension for vCloud Director >=9.1
+
+LUMext is a vCD UI & API extension to manage LDAP-based organisation's users and groups through *VMware vCloud Director*.
+
+This extension aims to provide a way to share a single LDAP server for multiple organisations to simplify the user management.
+"""
 
 setup(
     name='lumext_api',
@@ -16,7 +20,7 @@
     install_requires=[
         "VcdExtMessageWorker",
         "coloredlogs",
-        "python-json-config",
+        "pyyaml",
         "python-ldap",
         "simplejson",
     ],
 
@@ -0,0 +1,77 @@
+# LUMext UI
+
+## Installation
+
+See [README.md](../) of the main project.
+
+## Build `plugin.zip`
+
+To get `plugin.zip` you need to construct `/dist` folder
+
+### What contains `/dist` folder ?
+
+In `/dist` you will find all UI :
+
+* folder `assets` with translations (empty in our case).
+* `bundle.js`: all the project UI translates in JavaScript.
+* `i18n.json`: translation of menu.
+* `manifest.json`: description of UI extension.
+* `plugin.zip`: ZIP of all previous files.
+
+### Pre-requisites
+
+* NodeJS
+* Yarn
+* A clone of the project
+
+### Get dependencies
+
+To Install all dependencies:
+
+```bash
+yarn install
+```
+
+### Build `/dist` with `plugin.zip`
+
+Use yarn's build command
+
+```bash
+yarn run build
+```
+
+The `/dist` will be created automatically in the current folder with `plugin.zip` in.
+
+### Full example of build process on Ubuntu
+
+Clone the project:
+
+```bash
+git clone https://github.com/groupe-sii/lumext.git lumext-app
+cd lumext-app/ui
+```
+
+Install node and npm:
+
+```bash
+sudo apt install nodejs npm curl
+```
+
+Install Yarn:
+
+```bash
+sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+sudo apt-get update && sudo apt-get install yarn
+```
+
+Build dependencies (in the folder project):
+
+```bash
+yarn install
+```
+
+Build `/dist` with `plugin.zip`:
+
+```bash
+yarn run build
+```