From 1b772cd642c2163b1370612b4905a2698b22404f Mon Sep 17 00:00:00 2001
From: Eloy Coto <eloy.coto@acalustra.com>
Date: Fri, 28 Jul 2023 10:04:39 +0200
Subject: [PATCH] feat: multiple authn changes

These changes are not definitive, and it's just a quick fix for a user
POC. The idea is still moving to openid.

- Using LDAP env variables in the config makes it easy for users to move
  things around.
- Disable example app-config to be able to log in as multiple users.

Signed-off-by: Eloy Coto <eloy.coto@acalustra.com>
---
 hack/manifests/backstage/app-config.yaml             |  6 ++++--
 .../src/main/resources/application-dev.yml           | 12 ++++++------
 .../src/main/resources/application-local.yml         | 12 ++++++------
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/hack/manifests/backstage/app-config.yaml b/hack/manifests/backstage/app-config.yaml
index e3a19bfc1..0ec97d29e 100644
--- a/hack/manifests/backstage/app-config.yaml
+++ b/hack/manifests/backstage/app-config.yaml
@@ -63,20 +63,22 @@ proxy:
     changeOrigin: true
     redirect: follow
     cache: 'no-cache'
+    allowedHeaders:
+      - Authorization
     headers:
       Content-Type: 'application/json'
       accept: 'application/json'
-      Authorization: 'Basic dGVzdDp0ZXN0'
 
   '/parodos-notifications':
     target: 'http://notification-service:8080/api/v1'
     changeOrigin: true
     redirect: follow
     cache: 'no-cache'
+    allowedHeaders:
+      - Authorization
     headers:
       Content-Type: 'application/json'
       accept: 'application/json'
-      Authorization: 'Basic dGVzdDp0ZXN0'
 
 # Reference documentation http://backstage.io/docs/features/techdocs/configuration
 # Note: After experimenting with basic setup, use CI/CD to generate docs
diff --git a/workflow-service/src/main/resources/application-dev.yml b/workflow-service/src/main/resources/application-dev.yml
index d056e28dc..575255d95 100644
--- a/workflow-service/src/main/resources/application-dev.yml
+++ b/workflow-service/src/main/resources/application-dev.yml
@@ -9,12 +9,12 @@ spring:
       base-dn: dc=springframework,dc=org
       port: 8389
     connection:
-      userDNPatterns: "uid={0},ou=people"
-      groupSearchBase: "ou=groups"
-      url: "ldap://ldap:389/dc=parodos,dc=dev"
-      passwordAttribute: "userPassword"
-      managerDN: "cn=admin,dc=parodos,dc=dev"
-      managerPassword: "admin"
+      userDNPatterns: "${LDAP_USERDNPATTERNS:uid={0},ou=people}"
+      groupSearchBase: "${LDAP_GROUP_SEARCH_BASE:ou=groups}"
+      url: "${LDAP_URL:ldap://ldap:389/dc=parodos,dc=dev}"
+      passwordAttribute: "${LDAP_PASSWORD_ATTRIBUTE:userPassword}"
+      managerDN: "${LDAP_MANAGER_DN:cn=admin,dc=parodos,dc=dev}"
+      managerPassword: "${LDAP_MANAGER_PASSWORD:admin}"
   lifecycle:
     timeout-per-shutdown-phase: "25s"
 
diff --git a/workflow-service/src/main/resources/application-local.yml b/workflow-service/src/main/resources/application-local.yml
index 89f1cdbc5..49bc93d88 100644
--- a/workflow-service/src/main/resources/application-local.yml
+++ b/workflow-service/src/main/resources/application-local.yml
@@ -9,12 +9,12 @@ spring:
       base-dn: dc=springframework,dc=org
       port: 8389
     connection:
-      userDNPatterns: "uid={0},ou=people"
-      groupSearchBase: "ou=groups"
-      url: "ldap://localhost:8389/dc=springframework,dc=org"
-      passwordAttribute: "userPassword"
-      managerDN: null
-      managerPassword: null
+      userDNPatterns: "${LDAP_USERDNPATTERNS:uid={0},ou=people}"
+      groupSearchBase: "${LDAP_GROUP_SEARCH_BASE:ou=groups}"
+      url: "${LDAP_URL:ldap://localhost:8389/dc=springframework,dc=org}"
+      passwordAttribute: "${LDAP_PASSWORD_ATTRIBUTE:userPassword}"
+      managerDN: "${LDAP_MANAGER_DN:}"
+      managerPassword: "${LDAP_MANAGER_PASSWORD:}"
   lifecycle:
     timeout-per-shutdown-phase: "25s"
   cloud: