From 1a971aaeabef20813016855f7bbb6b9a0a811be4 Mon Sep 17 00:00:00 2001
From: Matty Courtney <matty@mattycourtney.com>
Date: Thu, 4 Feb 2021 11:52:29 +0800
Subject: [PATCH] Added remote authentication environment variables

---
 readme-vars.yml                |  7 +++++++
 root/defaults/configuration.py | 12 ++++++------
 root/etc/cont-init.d/50-config |  6 ++++++
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/readme-vars.yml b/readme-vars.yml
index 46d04c5..9386a10 100644
--- a/readme-vars.yml
+++ b/readme-vars.yml
@@ -32,6 +32,12 @@ param_env_vars:
   - { env_var: "REDIS_HOST", env_value: "<REDIS_HOST>", desc: "Redis host (optional, default: redis" }
   - { env_var: "REDIS_PORT", env_value: "<REDIS_PORT>", desc: "Redis port number (optional, default: 6379)" }
   - { env_var: "REDIS_PASSWORD", env_value: "<REDIS_PASSWORD>", desc: "Redis password (optional, default: none)" }
+  - { env_var: "REMOTE_AUTH_ENABLED", env_value: "<REMOTE_AUTH_ENABLED>", desc: "Enable remote authentication (optional, default: False" }
+  - { env_var: "REMOTE_AUTH_BACKEND", env_value: "<REMOTE_AUTH_BACKEND>", desc: "Python path to the custom Django authentication backend to use for external user authentication (optional, default: netbox.authentication.RemoteUserBackend" }
+  - { env_var: "REMOTE_AUTH_HEADER", env_value: "<REMOTE_AUTH_HEADER>", desc: "Name of the HTTP header which informs NetBox of the currently authenticated user. (optional, default: HTTP_REMOTE_USER" }
+  - { env_var: "REMOTE_AUTH_AUTO_CREATE_USER", env_value: "<REMOTE_AUTH_AUTO_CREATE_USER>", desc: "If true, NetBox will automatically create local accounts for users authenticated via a remote service (optional, default: False" }
+  - { env_var: "REMOTE_AUTH_DEFAULT_GROUPS", env_value: "<REMOTE_AUTH_DEFAULT_GROUPS>", desc: "The list of groups to assign a new user account when created using remote authentication (optional, default: []" }
+  - { env_var: "REMOTE_AUTH_DEFAULT_PERMISSIONS", env_value: "<REMOTE_AUTH_DEFAULT_PERMISSIONS>", desc: "A mapping of permissions to assign a new user account when created using remote authentication (optional, default: {}" }
   - { env_var: "TZ", env_value: "<TZ>", desc: "Timezone (i.e., America/New_York)" }
 
 param_usage_include_ports: true
@@ -45,4 +51,5 @@ app_setup_block: |
 
 # changelog
 changelogs:
+  - { date: "03.02.21:", desc: "Added remote authentication environment variables." }
   - { date: "23.08.20:", desc: "Initial Release." }
diff --git a/root/defaults/configuration.py b/root/defaults/configuration.py
index 19a830a..5101260 100644
--- a/root/defaults/configuration.py
+++ b/root/defaults/configuration.py
@@ -213,12 +213,12 @@
 RACK_ELEVATION_DEFAULT_UNIT_WIDTH = 220
 
 # Remote authentication support
-REMOTE_AUTH_ENABLED = False
-REMOTE_AUTH_BACKEND = 'netbox.authentication.RemoteUserBackend'
-REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
-REMOTE_AUTH_AUTO_CREATE_USER = True
-REMOTE_AUTH_DEFAULT_GROUPS = []
-REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
+REMOTE_AUTH_ENABLED = {{REMOTE_AUTH_ENABLED}}
+REMOTE_AUTH_BACKEND = '{{REMOTE_AUTH_BACKEND}}'
+REMOTE_AUTH_HEADER = '{{REMOTE_AUTH_HEADER}}'
+REMOTE_AUTH_AUTO_CREATE_USER = {{REMOTE_AUTH_AUTO_CREATE_USER}}
+REMOTE_AUTH_DEFAULT_GROUPS = {{REMOTE_AUTH_DEFAULT_GROUPS}}
+REMOTE_AUTH_DEFAULT_PERMISSIONS = {{REMOTE_AUTH_DEFAULT_PERMISSIONS}}
 
 # This determines how often the GitHub API is called to check the latest release of NetBox. Must be at least 1 hour.
 RELEASE_CHECK_TIMEOUT = 24 * 3600
diff --git a/root/etc/cont-init.d/50-config b/root/etc/cont-init.d/50-config
index 7bace44..cbc5279 100644
--- a/root/etc/cont-init.d/50-config
+++ b/root/etc/cont-init.d/50-config
@@ -12,6 +12,12 @@ NETBOX_CONF[DB_PORT]=${DB_PORT:-}
 NETBOX_CONF[REDIS_HOST]=${REDIS_HOST:-redis}
 NETBOX_CONF[REDIS_PORT]=${REDIS_PORT:-6379}
 NETBOX_CONF[REDIS_PASSWORD]=${REDIS_PASSWORD:-}
+NETBOX_CONF[REMOTE_AUTH_ENABLED]=${REMOTE_AUTH_ENABLED:-False}
+NETBOX_CONF[REMOTE_AUTH_BACKEND]=${REMOTE_AUTH_BACKEND:-netbox.authentication.RemoteUserBackend}
+NETBOX_CONF[REMOTE_AUTH_HEADER]=${REMOTE_AUTH_HEADER:-HTTP_REMOTE_USER}
+NETBOX_CONF[REMOTE_AUTH_AUTO_CREATE_USER]=${REMOTE_AUTH_AUTO_CREATE_USER:-False}
+NETBOX_CONF[REMOTE_AUTH_DEFAULT_GROUPS]=${REMOTE_AUTH_DEFAULT_GROUPS:-[]}
+NETBOX_CONF[REMOTE_AUTH_DEFAULT_PERMISSIONS]=${REMOTE_AUTH_DEFAULT_PERMISSIONS:-{}}
 
 cd /app/netbox/netbox/netbox
 NETBOX_CONF[SECRET_KEY]=${SECRET_KEY:-$(python3 ../generate_secret_key.py)}