Allow enable LDAP source and disable user sync via CLI (#20206)
The current `admin auth` CLI for managing authentication source of type LDAP via BindDN and Simple LDAP does not allow enabling the respective source, once disabled via `--not-active`. The same applies to `--synchronize-users` specifially for LDAP via BindDN. These changes add two new flags to LDAP related CLI commands: - `--active` for both LDAP authentication source types - `--disable-synchronize-users` for LDAP via BindDN Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>
This commit is contained in:
parent
f9b172db65
commit
33f6f91008
|
@ -34,6 +34,10 @@ var (
|
||||||
Name: "not-active",
|
Name: "not-active",
|
||||||
Usage: "Deactivate the authentication source.",
|
Usage: "Deactivate the authentication source.",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "active",
|
||||||
|
Usage: "Activate the authentication source.",
|
||||||
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "security-protocol",
|
Name: "security-protocol",
|
||||||
Usage: "Security protocol name.",
|
Usage: "Security protocol name.",
|
||||||
|
@ -117,6 +121,10 @@ var (
|
||||||
Name: "synchronize-users",
|
Name: "synchronize-users",
|
||||||
Usage: "Enable user synchronization.",
|
Usage: "Enable user synchronization.",
|
||||||
},
|
},
|
||||||
|
cli.BoolFlag{
|
||||||
|
Name: "disable-synchronize-users",
|
||||||
|
Usage: "Disable user synchronization.",
|
||||||
|
},
|
||||||
cli.UintFlag{
|
cli.UintFlag{
|
||||||
Name: "page-size",
|
Name: "page-size",
|
||||||
Usage: "Search page size.",
|
Usage: "Search page size.",
|
||||||
|
@ -183,9 +191,15 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) {
|
||||||
if c.IsSet("not-active") {
|
if c.IsSet("not-active") {
|
||||||
authSource.IsActive = !c.Bool("not-active")
|
authSource.IsActive = !c.Bool("not-active")
|
||||||
}
|
}
|
||||||
|
if c.IsSet("active") {
|
||||||
|
authSource.IsActive = c.Bool("active")
|
||||||
|
}
|
||||||
if c.IsSet("synchronize-users") {
|
if c.IsSet("synchronize-users") {
|
||||||
authSource.IsSyncEnabled = c.Bool("synchronize-users")
|
authSource.IsSyncEnabled = c.Bool("synchronize-users")
|
||||||
}
|
}
|
||||||
|
if c.IsSet("disable-synchronize-users") {
|
||||||
|
authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// parseLdapConfig assigns values on config according to command line flags.
|
// parseLdapConfig assigns values on config according to command line flags.
|
||||||
|
|
|
@ -858,6 +858,36 @@ func TestUpdateLdapBindDn(t *testing.T) {
|
||||||
},
|
},
|
||||||
errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
|
errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
|
||||||
},
|
},
|
||||||
|
// case 24
|
||||||
|
{
|
||||||
|
args: []string{
|
||||||
|
"ldap-test",
|
||||||
|
"--id", "24",
|
||||||
|
"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
|
||||||
|
"--active",
|
||||||
|
"--disable-synchronize-users",
|
||||||
|
},
|
||||||
|
id: 24,
|
||||||
|
existingAuthSource: &auth.Source{
|
||||||
|
Type: auth.LDAP,
|
||||||
|
IsActive: false,
|
||||||
|
IsSyncEnabled: true,
|
||||||
|
Cfg: &ldap.Source{
|
||||||
|
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
|
||||||
|
Enabled: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
authSource: &auth.Source{
|
||||||
|
Type: auth.LDAP,
|
||||||
|
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
|
||||||
|
IsActive: true,
|
||||||
|
IsSyncEnabled: false,
|
||||||
|
Cfg: &ldap.Source{
|
||||||
|
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
|
||||||
|
Enabled: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for n, c := range cases {
|
for n, c := range cases {
|
||||||
|
@ -1221,6 +1251,33 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
|
||||||
},
|
},
|
||||||
errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
|
errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
|
||||||
},
|
},
|
||||||
|
// case 20
|
||||||
|
{
|
||||||
|
args: []string{
|
||||||
|
"ldap-test",
|
||||||
|
"--id", "20",
|
||||||
|
"--name", "ldap (simple auth) flip 'active' attribute",
|
||||||
|
"--active",
|
||||||
|
},
|
||||||
|
id: 20,
|
||||||
|
existingAuthSource: &auth.Source{
|
||||||
|
Type: auth.DLDAP,
|
||||||
|
IsActive: false,
|
||||||
|
Cfg: &ldap.Source{
|
||||||
|
Name: "ldap (simple auth) flip 'active' attribute",
|
||||||
|
Enabled: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
authSource: &auth.Source{
|
||||||
|
Type: auth.DLDAP,
|
||||||
|
Name: "ldap (simple auth) flip 'active' attribute",
|
||||||
|
IsActive: true,
|
||||||
|
Cfg: &ldap.Source{
|
||||||
|
Name: "ldap (simple auth) flip 'active' attribute",
|
||||||
|
Enabled: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for n, c := range cases {
|
for n, c := range cases {
|
||||||
|
|
Loading…
Reference in New Issue