related to #3020: remove built-in vanguard auth plugin code as it's b…

…een moved to https://github.com/magda-io/magda-auth-vanguard as an auth plugin
magda-io · Apr 27, 2022 · 4cf83b8 · 4cf83b8
1 parent d5b61f7
commit 4cf83b8
Show file tree

Hide file tree

Showing 12 changed files with 7 additions and 320 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -729,7 +729,7 @@ inttest:registryAuth:
 
     # Create kube secrets
     - kubectl create secret docker-registry regcred --namespace $CI_COMMIT_REF_SLUG --docker-server=registry.gitlab.com --docker-username=magdabot --docker-password=$GITLAB_DOCKER_PASSWORD [email protected] --dry-run=client -o json | kubectl apply --namespace $CI_COMMIT_REF_SLUG -f -
-    - kubectl create secret generic oauth-secrets --from-literal=facebook-client-secret=$FACEBOOK_CLIENT_SECRET --from-literal=google-client-secret=$GOOGLE_CLIENT_SECRET --from-literal arcgis-client-secret=$ARCGIS_CLIENT_SECRET --from-literal vanguard-certificate="$VANGUARD_CERT" --namespace $CI_COMMIT_REF_SLUG --dry-run=client -o json | kubectl apply --namespace $CI_COMMIT_REF_SLUG -f -
+    - kubectl create secret generic oauth-secrets --from-literal=facebook-client-secret=$FACEBOOK_CLIENT_SECRET --from-literal=google-client-secret=$GOOGLE_CLIENT_SECRET --from-literal arcgis-client-secret=$ARCGIS_CLIENT_SECRET --namespace $CI_COMMIT_REF_SLUG --dry-run=client -o json | kubectl apply --namespace $CI_COMMIT_REF_SLUG -f -
     - kubectl create secret generic smtp-secret --from-literal=username=$SMTP_USERNAME --from-literal=password=$SMTP_PASSWORD --namespace $CI_COMMIT_REF_SLUG --dry-run=client -o json | kubectl apply --namespace $CI_COMMIT_REF_SLUG -f -
     - echo "$DB_SERVICE_ACCOUNT_PRIVATE_KEY" > backup-storage-account.json
     - kubectl create secret generic backup-storage-account --from-file backup-storage-account.json --from-literal=GOOGLE_APPLICATION_CREDENTIALS=/etc/wal-g.d/env/backup-storage-account.json --namespace $CI_COMMIT_REF_SLUG --dry-run=client -o json | kubectl apply --namespace $CI_COMMIT_REF_SLUG -f -

diff --git a/deploy/helm/internal-charts/gateway/templates/deployment.yaml b/deploy/helm/internal-charts/gateway/templates/deployment.yaml
@@ -62,12 +62,6 @@ spec:
 {{- if .Values.auth.esriOrgGroup}}
             "--esriOrgGroup", {{ .Values.auth.esriOrgGroup| quote }},
 {{- end }}
-{{- if .Values.auth.vanguardWsFedIdpUrl }}
-            "--vanguardWsFedIdpUrl", {{ .Values.auth.vanguardWsFedIdpUrl | quote }},
-{{- end }}
-{{- if .Values.auth.vanguardWsFedRealm }}
-            "--vanguardWsFedRealm", {{ .Values.auth.vanguardWsFedRealm | quote }},
-{{- end }}
 {{- if .Values.enableAuthEndpoint }}
             "--enableAuthEndpoint", {{ .Values.enableAuthEndpoint | quote }},
 {{- end }}
@@ -170,14 +164,6 @@ spec:
               key: facebook-client-secret
               optional: true
 {{- end }}
-{{- if .Values.auth.vanguardWsFedRealm }}
-        - name: VANGUARD_CERTIFICATE
-          valueFrom:
-            secretKeyRef:
-              name: oauth-secrets
-              key: vanguard-certificate
-              optional: true
-{{- end }}
 {{- if .Values.auth.arcgisClientId }}
         - name: ARCGIS_CLIENT_SECRET
           valueFrom:

diff --git a/deploy/helm/internal-charts/gateway/values.yaml b/deploy/helm/internal-charts/gateway/values.yaml
@@ -78,14 +78,6 @@ auth:
   # and config via [create-secrets](https://www.npmjs.com/package/@magda/create-secrets) tool. 
   aafClientUri: ""
 
-  # -- Vanguard integration entry point.
-  # `vanguardWsFedCertificate` is avaible as `oauth-secrets` [secret](https://kubernetes.io/docs/concepts/configuration/secret/) key `vanguard-certificate` 
-  # and config via [create-secrets](https://www.npmjs.com/package/@magda/create-secrets) tool. 
-  vanguardWsFedIdpUrl: ""
-
-  # -- Vanguard realm id for entry point.
-  vanguardWsFedRealm: ""
-
 helmet:
   frameguard: false
 

diff --git a/deploy/helm/magda-dev.yml b/deploy/helm/magda-dev.yml
@@ -47,8 +47,6 @@ magda:
       enableHttpsRedirection: true
       auth:
         facebookClientId: "173073926555600"
-        vanguardWsFedIdpUrl: https://thirdparty.authentication.business.gov.au/fas/v2/wsfed12/authenticate
-        vanguardWsFedRealm: https://environment.magda.io/integration-test-2
       authPlugins:
       - key: google
         baseUrl: http://magda-auth-google

diff --git a/deploy/helm/preview.yml b/deploy/helm/preview.yml
@@ -31,8 +31,6 @@ magda:
       enableHttpsRedirection: true
       auth:
         facebookClientId: "173073926555600"
-        vanguardWsFedIdpUrl: https://thirdparty.authentication.business.gov.au/fas/v2/wsfed12/authenticate
-        vanguardWsFedRealm: https://environment.magda.io/integration-test-2
       authPlugins:
       - key: google
         baseUrl: http://magda-auth-google

diff --git a/magda-gateway/package.json b/magda-gateway/package.json
@@ -39,7 +39,6 @@
     "passport-arcgis": "^0.1.8",
     "passport-custom": "^1.0.5",
     "passport-facebook": "^2.0.0",
-    "passport-wsfed-saml2": "https://github.com/magda-io/passport-wsfed-saml2",
     "pg": "^6.4.0",
     "read-pkg-up": "^3.0.0",
     "request": "^2.88.0",

diff --git a/magda-gateway/src/buildApp.ts b/magda-gateway/src/buildApp.ts
@@ -76,9 +76,6 @@ export type Config = {
     fetchTenantsMinIntervalInMs?: number;
     tenantUrl?: string;
     enableMultiTenants?: boolean;
-    vanguardWsFedIdpUrl?: string;
-    vanguardWsFedRealm?: string;
-    vanguardWsFedCertificate?: string;
     openfaasGatewayUrl?: string;
     openfaasAllowAdminOnly?: boolean;
     defaultCacheControl?: string;
@@ -200,9 +197,6 @@ export default function buildApp(app: express.Application, config: Config) {
                 authorizationApi: config.authorizationApi,
                 externalUrl: config.externalUrl,
                 userId: config.userId,
-                vanguardWsFedIdpUrl: config.vanguardWsFedIdpUrl,
-                vanguardWsFedRealm: config.vanguardWsFedRealm,
-                vanguardWsFedCertificate: config.vanguardWsFedCertificate,
                 plugins: config.authPluginConfigJson
             })
         );

diff --git a/magda-gateway/src/createAuthRouter.ts b/magda-gateway/src/createAuthRouter.ts
@@ -23,9 +23,6 @@ export interface AuthRouterOptions {
     authorizationApi: string;
     externalUrl: string;
     userId: string;
-    vanguardWsFedIdpUrl: string;
-    vanguardWsFedRealm: string;
-    vanguardWsFedCertificate: string;
     plugins: AuthPluginBasicConfig[];
 }
 
@@ -80,20 +77,6 @@ export default function createAuthRouter(options: AuthRouterOptions): Router {
                       externalUrl: options.externalUrl
                   })
                 : null
-        },
-        {
-            id: "vanguard",
-            enabled: options.vanguardWsFedIdpUrl ? true : false,
-            authRouter: options.vanguardWsFedIdpUrl
-                ? require("./oauth2/vanguard").default({
-                      authorizationApi: authApi,
-                      passport: passport,
-                      wsFedIdpUrl: options.vanguardWsFedIdpUrl,
-                      wsFedRealm: options.vanguardWsFedRealm,
-                      wsFedCertificate: options.vanguardWsFedCertificate,
-                      externalUrl: options.externalUrl
-                  })
-                : null
         }
     ];
 
@@ -172,7 +155,7 @@ export default function createAuthRouter(options: AuthRouterOptions): Router {
      *  Please note: We are gradually replacing non-plugable authenticaiton providers with [authentication plugins](https://github.com/magda-io/magda/tree/master/deploy/helm/internal-charts/gateway#authentication-plugin-config)
      *
      * @apiSuccessExample {string} 200
-     *    ["internal","facebook","google","arcgis","ckan","vanguard"]
+     *    ["facebook","google","arcgis"]
      *
      */
     authRouter.get("/providers", (req, res) => {

diff --git a/magda-gateway/src/index.ts b/magda-gateway/src/index.ts
@@ -156,30 +156,6 @@ const argv = addJwtSecretFromEnvVar(
                 process.env.ESRI_ORG_GROUP ||
                 process.env.npm_package_config_esriOrgGroup
         })
-        .option("vanguardWsFedCertificate", {
-            describe:
-                "The certificate to use for Vanguard WS-FED Login. This can also be specified with the VANGUARD_CERTIFICATE environment variable.",
-            type: "string",
-            default:
-                process.env.VANGUARD_CERTIFICATE ||
-                process.env.npm_package_config_vanguardCertificate
-        })
-        .option("vanguardWsFedIdpUrl", {
-            describe:
-                "Vanguard integration entry point. Can also be specified in VANGUARD_URL environment variable.",
-            type: "string",
-            default:
-                process.env.VANGUARD_URL ||
-                process.env.npm_package_config_vanguardUrl
-        })
-        .option("vanguardWsFedRealm", {
-            describe:
-                "Vanguard realm id for entry point. Can also be specified in VANGUARD_REALM environment variable.",
-            type: "string",
-            default:
-                process.env.VANGUARD_REALM ||
-                process.env.npm_package_config_vanguardRealm
-        })
         .option("aafClientUri", {
             describe: "The aaf client Uri to use for AAF Auth.",
             type: "string",

diff --git a/magda-gateway/src/oauth2/vanguard.ts b/magda-gateway/src/oauth2/vanguard.ts
diff --git a/magda-gateway/src/test/createAuthRouter.spec.ts b/magda-gateway/src/test/createAuthRouter.spec.ts
@@ -44,9 +44,6 @@ describe("Test createAuthRouter", function (this: Mocha.ISuiteCallbackContext) {
             esriOrgGroup: "xxxxx",
             ckanUrl: "xxxx",
             authorizationApi: "xxxx",
-            vanguardWsFedIdpUrl: "",
-            vanguardWsFedRealm: "",
-            vanguardWsFedCertificate: "",
             plugins: [
                 {
                     key: "test-plugin",