Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 31cd8ced032b
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fe2e4d6fb952
Choose a head ref
  • 2 commits
  • 2 files changed
  • 1 contributor

Commits on Mar 20, 2018

  1. hologram: 2017-01-30 -> 2018-03-19

    @joelthompson @Mic92
    joelthompson authored and Mic92 committed Mar 20, 2018
    Copy the full SHA
    d6d140f View commit details

  2. hologram: Enable configuring LDAP authorization 

    In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.

Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.

fixes #37393
    @joelthompson @Mic92
    joelthompson authored and Mic92 committed Mar 20, 2018
    Copy the full SHA
    fe2e4d6 View commit details
Showing with 31 additions and 10 deletions.
  1. +24 −3 nixos/modules/services/security/hologram-server.nix
  2. +7 −7 pkgs/tools/security/hologram/default.nix
27 changes: 24 additions & 3 deletions nixos/modules/services/security/hologram-server.nix
View file
Original file line number Diff line number Diff line change
@@ -12,9 +12,12 @@ let
dn = cfg.ldapBindDN;
password = cfg.ldapBindPassword;
};
insecureldap = cfg.ldapInsecure;
userattr = cfg.ldapUserAttr;
baseDN = cfg.ldapBaseDN;
insecureldap = cfg.ldapInsecure;
userattr = cfg.ldapUserAttr;
baseDN = cfg.ldapBaseDN;
enableldapRoles = cfg.enableLdapRoles;
roleAttr = cfg.roleAttr;
groupClassAttr = cfg.groupClassAttr;
};
aws = {
account = cfg.awsAccount;
@@ -70,6 +73,24 @@ in {
description = "Password of account to use to query the LDAP server";
};

enableLdapRoles = mkOption {
type = types.bool;
default = false;
description = "Whether to assign user roles based on the user's LDAP group memberships";
};

groupClassAttr = mkOption {
type = types.str;
default = "groupOfNames";
description = "The objectclass attribute to search for groups when enableLdapRoles is true";
};

roleAttr = mkOption {
type = types.str;
default = "businessCategory";
description = "Which LDAP group attribute to search for authorized role ARNs";
};

awsAccount = mkOption {
type = types.str;
description = "AWS account number";
14 changes: 7 additions & 7 deletions pkgs/tools/security/hologram/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{ stdenv, lib, buildGoPackage, fetchgit, fetchhg, fetchbzr, fetchsvn }:
{ stdenv, lib, buildGoPackage, fetchFromGitHub }:

buildGoPackage rec {
name = "hologram-${version}";
version = "20170130-${stdenv.lib.strings.substring 0 7 rev}";
rev = "d20d1c30379e7010e8f9c428a5b9e82f54d390e1";
name = "hologram-2018-03-19";
rev = "a7bab58642b530edb75b9cf6c1d834c85822ceac";

src = fetchgit {
src = fetchFromGitHub {
owner = "AdRoll";
repo = "hologram";
inherit rev;
url = "https://github.com/AdRoll/hologram";
sha256 = "0dg5kfs16kf2gzhpmzsg83qzi2pxgnc9g81lw5zpa6fmzpa9kgsn";
sha256 = "00scryz8js6gbw8lp2y23qikbazz2dd992r97rqh0l1q4baa0ckn";
};

goPackagePath = "github.com/AdRoll/hologram";