Implement IPA IAM backend (#1005)

feat: FreeIPA IAM implementation This implements the GetUserAccount() IAM support for accounts stored within FreeIPA service. This is not implementing any of the account management functions such as create, update, delete, list IAM accounts, so is not intended to allow versitygw to manage the IAM accounts within the FreeIPA service. --------- Co-authored-by: Yuriy Halytskyy <yuriy.halytskyy@gmail.com>
versity · Jan 8, 2025 · ee31527 · ee31527
1 parent 2d75ef2
commit ee31527
Show file tree

Hide file tree

Showing 3 changed files with 476 additions and 0 deletions.
diff --git a/auth/iam.go b/auth/iam.go
@@ -124,6 +124,12 @@ type Opts struct {
 	CacheDisable           bool
 	CacheTTL               int
 	CachePrune             int
+	IpaHost                string
+	IpaVaultName           string
+	IpaUser                string
+	IpaPassword            string
+	IpaInsecure            bool
+	IpaDebug               bool
 }
 
 func New(o *Opts) (IAMService, error) {
@@ -149,6 +155,9 @@ func New(o *Opts) (IAMService, error) {
 			o.VaultMountPath, o.VaultRootToken, o.VaultRoleId, o.VaultRoleSecret,
 			o.VaultServerCert, o.VaultClientCert, o.VaultClientCertKey)
 		fmt.Printf("initializing Vault IAM with %q\n", o.VaultEndpointURL)
+	case o.IpaHost != "":
+		svc, err = NewIpaIAMService(o.RootAccount, o.IpaHost, o.IpaVaultName, o.IpaUser, o.IpaPassword, o.IpaInsecure, o.IpaDebug)
+		fmt.Printf("initializing IPA IAM with %q\n", o.IpaHost)
 	default:
 		// if no iam options selected, default to the single user mode
 		fmt.Println("No IAM service configured, enabling single account mode")