From 9f0b6f39ae19f0f6d91cae34fa1bc441fccce8f0 Mon Sep 17 00:00:00 2001 From: Maksud Saydkhodzhaev Date: Wed, 17 Apr 2024 12:32:01 +0300 Subject: [PATCH 1/4] chore: added GroupsDisplayNameSuffixPostFilter field for LdapConfig as well --- config.go | 13 +++++++------ ldap.go | 5 +++++ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/config.go b/config.go index 5c0b9fa..158f263 100644 --- a/config.go +++ b/config.go @@ -92,12 +92,13 @@ type LdapGroupsConfig struct { } type LdapConfig struct { - Address string `yaml:"address"` - BindDN string `yaml:"bind_dn"` - BindPasswordEnvVar string `yaml:"bind_password_env_var"` - Users LdapUsersConfig `yaml:"users"` - Groups LdapGroupsConfig `yaml:"groups"` - BaseDN string `yaml:"base_dn"` + Address string `yaml:"address"` + BindDN string `yaml:"bind_dn"` + BindPasswordEnvVar string `yaml:"bind_password_env_var"` + Users LdapUsersConfig `yaml:"users"` + Groups LdapGroupsConfig `yaml:"groups"` + BaseDN string `yaml:"base_dn"` + GroupsDisplayNameSuffixPostFilter string `yaml:"groups_display_name_suffix_post_filter"` } type YtsaurusConfig struct { diff --git a/ldap.go b/ldap.go index 9baec4c..ff6927d 100644 --- a/ldap.go +++ b/ldap.go @@ -1,6 +1,8 @@ package main import ( + "strings" + "github.com/go-ldap/ldap/v3" "k8s.io/utils/env" ) @@ -83,6 +85,9 @@ func (l *Ldap) GetGroupsWithMembers() ([]SourceGroupWithMembers, error) { for _, entry := range res.Entries { groupname := entry.GetAttributeValue(l.config.Groups.GroupnameAttributeType) members := entry.GetAttributeValues(l.config.Groups.MemberUIDAttributeType) + if l.config.GroupsDisplayNameSuffixPostFilter != "" && !strings.HasSuffix(groupname, l.config.GroupsDisplayNameSuffixPostFilter) { + continue + } groups = append(groups, SourceGroupWithMembers{ SourceGroup: LdapGroup{ Groupname: groupname, From 8ad8e7b82c09866edec8238f575d46f2a1c23b12 Mon Sep 17 00:00:00 2001 From: Maksud Saydkhodzhaev Date: Thu, 2 May 2024 19:25:40 +0300 Subject: [PATCH 2/4] refactor: renamed variable for SuffixPostFilter, fixed some tests and added logs --- app_ldap_test.go | 13 +++++++------ config.go | 16 ++++++++-------- ldap.go | 39 ++++++++++++++++++++++++++++++++++++++- testcontainer_openldap.go | 7 ++++--- 4 files changed, 57 insertions(+), 18 deletions(-) diff --git a/app_ldap_test.go b/app_ldap_test.go index 48cccdd..f9ee92d 100644 --- a/app_ldap_test.go +++ b/app_ldap_test.go @@ -54,8 +54,13 @@ func bannedYtsaurusUser(ytUser YtsaurusUser, bannedSince time.Time) YtsaurusUser func createLdapGroup(name string) LdapGroup { name = "acme." + name + originalName := fmt.Sprintf("%v|all", name) + ytName := originalName + for _, replacement := range defaultGroupnameReplacements { + ytName = strings.Replace(ytName, replacement.From, replacement.To, -1) + } return LdapGroup{ - Groupname: fmt.Sprintf("%v|all", name), + Groupname: ytName, } } @@ -67,7 +72,7 @@ func createYtsaurusGroup(name string) YtsaurusGroup { ytName = strings.Replace(ytName, replacement.From, replacement.To, -1) } return YtsaurusGroup{Name: name, SourceRaw: map[string]any{ - "groupname": originalName, + "groupname": ytName, }} } @@ -229,10 +234,6 @@ var ( YtsaurusGroup: createYtsaurusGroup("devs"), Members: NewStringSetFromItems(aliceName), }, - { - YtsaurusGroup: createYtsaurusGroup("hq"), - Members: NewStringSetFromItems(carolName), - }, }, }, { diff --git a/config.go b/config.go index 158f263..f61480c 100644 --- a/config.go +++ b/config.go @@ -88,17 +88,17 @@ type LdapGroupsConfig struct { MemberUIDAttributeType string `yaml:"member_uid_attribute_type"` // A list of groupnames for which app will print more debug info in logs. - DebugGroupnames []string `yaml:"debug_groupnames"` + DebugGroupnames []string `yaml:"debug_groupnames"` + GroupsNameSuffixPostFilter string `yaml:"groups_display_name_suffix_post_filter"` } type LdapConfig struct { - Address string `yaml:"address"` - BindDN string `yaml:"bind_dn"` - BindPasswordEnvVar string `yaml:"bind_password_env_var"` - Users LdapUsersConfig `yaml:"users"` - Groups LdapGroupsConfig `yaml:"groups"` - BaseDN string `yaml:"base_dn"` - GroupsDisplayNameSuffixPostFilter string `yaml:"groups_display_name_suffix_post_filter"` + Address string `yaml:"address"` + BindDN string `yaml:"bind_dn"` + BindPasswordEnvVar string `yaml:"bind_password_env_var"` + Users LdapUsersConfig `yaml:"users"` + Groups LdapGroupsConfig `yaml:"groups"` + BaseDN string `yaml:"base_dn"` } type YtsaurusConfig struct { diff --git a/ldap.go b/ldap.go index ff6927d..e78dfa6 100644 --- a/ldap.go +++ b/ldap.go @@ -54,6 +54,7 @@ func (l *Ldap) GetUsers() ([]SourceUser, error) { return nil, err } + l.logger.Infow("fetching %d users", len(res.Entries)) var users []SourceUser for _, entry := range res.Entries { username := entry.GetAttributeValue(l.config.Users.UsernameAttributeType) @@ -66,6 +67,7 @@ func (l *Ldap) GetUsers() ([]SourceUser, error) { Username: username, UID: uid, FirstName: firstName}) + l.maybePrintDebugLogsUsers(username, "fetched_ldap_user", entry) } return users, nil } @@ -81,13 +83,28 @@ func (l *Ldap) GetGroupsWithMembers() ([]SourceGroupWithMembers, error) { return nil, err } + groupsSkipped := 0 var groups []SourceGroupWithMembers for _, entry := range res.Entries { groupname := entry.GetAttributeValue(l.config.Groups.GroupnameAttributeType) members := entry.GetAttributeValues(l.config.Groups.MemberUIDAttributeType) - if l.config.GroupsDisplayNameSuffixPostFilter != "" && !strings.HasSuffix(groupname, l.config.GroupsDisplayNameSuffixPostFilter) { + + l.maybePrintDebugLogsGroups(groupname, "groupname", groupname) + + if groupname == "" { + l.logger.Debugw("Skipping group with empty groupname", "group", entry) + groupsSkipped++ + continue + } + + if l.config.Groups.GroupsNameSuffixPostFilter != "" && !strings.HasSuffix(groupname, l.config.Groups.GroupsNameSuffixPostFilter) { + l.logger.Debugw("Skipping group because suffix doesn't match", "group", entry) + groupsSkipped++ continue } + + l.maybePrintDebugLogsGroups(groupname, "group_members_count", len(members)) + groups = append(groups, SourceGroupWithMembers{ SourceGroup: LdapGroup{ Groupname: groupname, @@ -95,5 +112,25 @@ func (l *Ldap) GetGroupsWithMembers() ([]SourceGroupWithMembers, error) { Members: NewStringSetFromItems(members...), }) } + + l.logger.Infow("Fetched groups from LDAP", "got") return groups, nil } + +func (l *Ldap) maybePrintDebugLogsUsers(name string, args ...any) { + args = append([]any{"id", name}, args...) + for _, debugID := range l.config.Users.DebugUsernames { + if name == debugID { + l.logger.Debugw("Debug info", args...) + } + } +} + +func (l *Ldap) maybePrintDebugLogsGroups(name string, args ...any) { + args = append([]any{"id", name}, args...) + for _, debugID := range l.config.Groups.DebugGroupnames { + if name == debugID { + l.logger.Debugw("Debug info", args...) + } + } +} diff --git a/testcontainer_openldap.go b/testcontainer_openldap.go index ab74f93..7c5f2a3 100644 --- a/testcontainer_openldap.go +++ b/testcontainer_openldap.go @@ -45,9 +45,10 @@ func (y *OpenLdapLocal) GetConfig() (*LdapConfig, error) { FirstNameAttributeType: ptr.String("givenName"), }, Groups: LdapGroupsConfig{ - Filter: "(objectClass=posixGroup)", - GroupnameAttributeType: "cn", - MemberUIDAttributeType: "memberUid", + Filter: "(objectClass=posixGroup)", + GroupnameAttributeType: "cn", + MemberUIDAttributeType: "memberUid", + GroupsNameSuffixPostFilter: ".devs", }, }, nil } From 76394e5cceb4f01b381eb2b1af9133bf666853e8 Mon Sep 17 00:00:00 2001 From: Maksud Saydkhodzhaev Date: Mon, 20 May 2024 16:21:07 +0300 Subject: [PATCH 3/4] fix: added logging info --- ldap.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ldap.go b/ldap.go index e78dfa6..7a5ff63 100644 --- a/ldap.go +++ b/ldap.go @@ -113,7 +113,7 @@ func (l *Ldap) GetGroupsWithMembers() ([]SourceGroupWithMembers, error) { }) } - l.logger.Infow("Fetched groups from LDAP", "got") + l.logger.Infow("Fetched groups from LDAP", "got", len(groups), "skipped", groupsSkipped) return groups, nil } From 7320fa293d2fa5cd845b2f0ac0eb8328628ac218 Mon Sep 17 00:00:00 2001 From: Maksud Saydkhodzhaev Date: Mon, 3 Jun 2024 18:07:11 +0300 Subject: [PATCH 4/4] fix: changed way of generating group names of ldap and yt saurus --- app_ldap_test.go | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/app_ldap_test.go b/app_ldap_test.go index f9ee92d..3ed899c 100644 --- a/app_ldap_test.go +++ b/app_ldap_test.go @@ -53,26 +53,19 @@ func bannedYtsaurusUser(ytUser YtsaurusUser, bannedSince time.Time) YtsaurusUser } func createLdapGroup(name string) LdapGroup { - name = "acme." + name - originalName := fmt.Sprintf("%v|all", name) - ytName := originalName - for _, replacement := range defaultGroupnameReplacements { - ytName = strings.Replace(ytName, replacement.From, replacement.To, -1) - } return LdapGroup{ - Groupname: ytName, + Groupname: fmt.Sprintf("acme|all.%v", name), } } func createYtsaurusGroup(name string) YtsaurusGroup { - name = "acme." + name - originalName := fmt.Sprintf("%v|all", name) + originalName := fmt.Sprintf("acme|all.%v", name) ytName := originalName for _, replacement := range defaultGroupnameReplacements { ytName = strings.Replace(ytName, replacement.From, replacement.To, -1) } - return YtsaurusGroup{Name: name, SourceRaw: map[string]any{ - "groupname": ytName, + return YtsaurusGroup{Name: ytName, SourceRaw: map[string]any{ + "groupname": originalName, }} }