Skip to content
This repository was archived by the owner on Aug 29, 2018. It is now read-only.

Commit a4adf17

Browse files
author
OpenShift Bot
authored
Merge pull request #6402 from abhgupta/abhgupta-dev
Merged by openshift-bot
2 parents 9960c8c + 07007e3 commit a4adf17

File tree

5 files changed

+13
-0
lines changed

5 files changed

+13
-0
lines changed

broker/conf/broker.conf

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -139,6 +139,12 @@ CART_DOWNLOAD_CONN_TIMEOUT="2"
139139
# Set to "true" to make application default to use https in advertised URL
140140
APP_ADVERTISE_HTTPS="false"
141141

142+
# Set to true to block new user creation within OpenShift broker
143+
# If set to true, only allows existing users to access OpenShift
144+
# New users, even if authenticated, will not be provisioned in OpenShift broker
145+
# and will get an AccessDeniedException
146+
AUTH_USER_LOOKUP_ONLY="false"
147+
142148
# Team collaboration settings
143149
MAX_MEMBERS_PER_RESOURCE="100"
144150
MAX_TEAMS_PER_RESOURCE="5"

broker/config/environments/development.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,7 @@
121121
:use_predictable_gear_uuids => conf.get_bool("USE_PREDICTABLE_GEAR_UUIDS", false),
122122
:limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
123123
:app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
124+
:auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
124125
}
125126

126127
config.auth = {

broker/config/environments/production.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,7 @@
110110
:use_predictable_gear_uuids => conf.get_bool("USE_PREDICTABLE_GEAR_UUIDS", false),
111111
:limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
112112
:app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
113+
:auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
113114
}
114115

115116
config.auth = {

broker/config/environments/test.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,7 @@
119119
:use_predictable_gear_uuids => conf.get_bool("USE_PREDICTABLE_GEAR_UUIDS", false),
120120
:limit_app_name_chars => conf.get("LIMIT_APP_NAME_CHARS", -1).to_i,
121121
:app_advertise_https => conf.get_bool("APP_ADVERTISE_HTTPS", false),
122+
:auth_user_lookup_only => conf.get_bool("AUTH_USER_LOOKUP_ONLY", false),
122123
}
123124

124125
config.auth = {

controller/app/models/cloud_user.rb

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,10 @@ def self.find_or_create_by_identity(provider, login, create_attributes={}, &bloc
163163
yield user, login if block_given?
164164
[user, false]
165165
rescue Mongoid::Errors::DocumentNotFound
166+
# if new user creation is blocked, then return an exception
167+
if Rails.application.config.openshift[:auth_user_lookup_only]
168+
raise OpenShift::UserException.new("New user signups are not allowed on this cluster")
169+
end
166170
user = new(create_attributes)
167171
#user.current_identity = user.identities.build(provider: provider, uid: login)
168172
#user.login = user.current_identity.id

0 commit comments

Comments
 (0)