From 33f6f91008f2219e94e8d909539b38a590554122 Mon Sep 17 00:00:00 2001 From: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com> Date: Mon, 4 Jul 2022 11:21:14 +0200 Subject: [PATCH] Allow enable LDAP source and disable user sync via CLI (#20206) The current `admin auth` CLI for managing authentication source of type LDAP via BindDN and Simple LDAP does not allow enabling the respective source, once disabled via `--not-active`. The same applies to `--synchronize-users` specifially for LDAP via BindDN. These changes add two new flags to LDAP related CLI commands: - `--active` for both LDAP authentication source types - `--disable-synchronize-users` for LDAP via BindDN Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com> --- cmd/admin_auth_ldap.go | 14 +++++++++ cmd/admin_auth_ldap_test.go | 57 +++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go index ec86b2c67..9040def82 100644 --- a/cmd/admin_auth_ldap.go +++ b/cmd/admin_auth_ldap.go @@ -34,6 +34,10 @@ var ( Name: "not-active", Usage: "Deactivate the authentication source.", }, + cli.BoolFlag{ + Name: "active", + Usage: "Activate the authentication source.", + }, cli.StringFlag{ Name: "security-protocol", Usage: "Security protocol name.", @@ -117,6 +121,10 @@ var ( Name: "synchronize-users", Usage: "Enable user synchronization.", }, + cli.BoolFlag{ + Name: "disable-synchronize-users", + Usage: "Disable user synchronization.", + }, cli.UintFlag{ Name: "page-size", Usage: "Search page size.", @@ -183,9 +191,15 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) { if c.IsSet("not-active") { authSource.IsActive = !c.Bool("not-active") } + if c.IsSet("active") { + authSource.IsActive = c.Bool("active") + } if c.IsSet("synchronize-users") { authSource.IsSyncEnabled = c.Bool("synchronize-users") } + if c.IsSet("disable-synchronize-users") { + authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users") + } } // parseLdapConfig assigns values on config according to command line flags. diff --git a/cmd/admin_auth_ldap_test.go b/cmd/admin_auth_ldap_test.go index f050b536f..2180b24be 100644 --- a/cmd/admin_auth_ldap_test.go +++ b/cmd/admin_auth_ldap_test.go @@ -858,6 +858,36 @@ func TestUpdateLdapBindDn(t *testing.T) { }, errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2", }, + // case 24 + { + args: []string{ + "ldap-test", + "--id", "24", + "--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes", + "--active", + "--disable-synchronize-users", + }, + id: 24, + existingAuthSource: &auth.Source{ + Type: auth.LDAP, + IsActive: false, + IsSyncEnabled: true, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", + Enabled: true, + }, + }, + authSource: &auth.Source{ + Type: auth.LDAP, + Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", + IsActive: true, + IsSyncEnabled: false, + Cfg: &ldap.Source{ + Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", + Enabled: true, + }, + }, + }, } for n, c := range cases { @@ -1221,6 +1251,33 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { }, errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM", }, + // case 20 + { + args: []string{ + "ldap-test", + "--id", "20", + "--name", "ldap (simple auth) flip 'active' attribute", + "--active", + }, + id: 20, + existingAuthSource: &auth.Source{ + Type: auth.DLDAP, + IsActive: false, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) flip 'active' attribute", + Enabled: true, + }, + }, + authSource: &auth.Source{ + Type: auth.DLDAP, + Name: "ldap (simple auth) flip 'active' attribute", + IsActive: true, + Cfg: &ldap.Source{ + Name: "ldap (simple auth) flip 'active' attribute", + Enabled: true, + }, + }, + }, } for n, c := range cases {