Added logs and analogy of azure GroupsDisplayNameSuffixPostFilter

app_ldap_test.go

@@ -53,20 +53,18 @@ func bannedYtsaurusUser(ytUser YtsaurusUser, bannedSince time.Time) YtsaurusUser
 }
 
 func createLdapGroup(name string) LdapGroup {
-	name = "acme." + name
 	return LdapGroup{
-		Groupname: fmt.Sprintf("%v|all", name),
+		Groupname: fmt.Sprintf("acme|all.%v", name),
 	}
 }
 
 func createYtsaurusGroup(name string) YtsaurusGroup {
-	name = "acme." + name
-	originalName := fmt.Sprintf("%v|all", name)
+	originalName := fmt.Sprintf("acme|all.%v", name)
 	ytName := originalName
 	for _, replacement := range defaultGroupnameReplacements {
 		ytName = strings.Replace(ytName, replacement.From, replacement.To, -1)
 	}
-	return YtsaurusGroup{Name: name, SourceRaw: map[string]any{
+	return YtsaurusGroup{Name: ytName, SourceRaw: map[string]any{
 		"groupname": originalName,
 	}}
 }
@@ -229,10 +227,6 @@ var (
 					YtsaurusGroup: createYtsaurusGroup("devs"),
 					Members:       NewStringSetFromItems(aliceName),
 				},
-				{
-					YtsaurusGroup: createYtsaurusGroup("hq"),
-					Members:       NewStringSetFromItems(carolName),
-				},
 			},
 		},
 		{

config.go

@@ -90,7 +90,8 @@ type LdapGroupsConfig struct {
 	MemberUIDAttributeType string `yaml:"member_uid_attribute_type"`
 
 	// A list of groupnames for which app will print more debug info in logs.
-	DebugGroupnames []string `yaml:"debug_groupnames"`
+	DebugGroupnames            []string `yaml:"debug_groupnames"`
+	GroupsNameSuffixPostFilter string   `yaml:"groups_display_name_suffix_post_filter"`
 }
 
 type LdapConfig struct {

ldap.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"strings"
+
 	"github.com/go-ldap/ldap/v3"
 	"k8s.io/utils/env"
 )
@@ -52,6 +54,7 @@ func (l *Ldap) GetUsers() ([]SourceUser, error) {
 		return nil, err
 	}
 
+	l.logger.Infow("fetching %d users", len(res.Entries))
 	var users []SourceUser
 	for _, entry := range res.Entries {
 		username := entry.GetAttributeValue(l.config.Users.UsernameAttributeType)
@@ -64,6 +67,7 @@ func (l *Ldap) GetUsers() ([]SourceUser, error) {
 			Username:  username,
 			UID:       uid,
 			FirstName: firstName})
+		l.maybePrintDebugLogsUsers(username, "fetched_ldap_user", entry)
 	}
 	return users, nil
 }
@@ -79,16 +83,54 @@ func (l *Ldap) GetGroupsWithMembers() ([]SourceGroupWithMembers, error) {
 		return nil, err
 	}
 
+	groupsSkipped := 0
 	var groups []SourceGroupWithMembers
 	for _, entry := range res.Entries {
 		groupname := entry.GetAttributeValue(l.config.Groups.GroupnameAttributeType)
 		members := entry.GetAttributeValues(l.config.Groups.MemberUIDAttributeType)
+
+		l.maybePrintDebugLogsGroups(groupname, "groupname", groupname)
+
+		if groupname == "" {
+			l.logger.Debugw("Skipping group with empty groupname", "group", entry)
+			groupsSkipped++
+			continue
+		}
+
+		if l.config.Groups.GroupsNameSuffixPostFilter != "" && !strings.HasSuffix(groupname, l.config.Groups.GroupsNameSuffixPostFilter) {
+			l.logger.Debugw("Skipping group because suffix doesn't match", "group", entry)
+			groupsSkipped++
+			continue
+		}
+
+		l.maybePrintDebugLogsGroups(groupname, "group_members_count", len(members))
+
 		groups = append(groups, SourceGroupWithMembers{
 			SourceGroup: LdapGroup{
 				Groupname: groupname,
 			},
 			Members: NewStringSetFromItems(members...),
 		})
 	}
+
+	l.logger.Infow("Fetched groups from LDAP", "got", len(groups), "skipped", groupsSkipped)
 	return groups, nil
 }
+
+func (l *Ldap) maybePrintDebugLogsUsers(name string, args ...any) {
+	args = append([]any{"id", name}, args...)
+	for _, debugID := range l.config.Users.DebugUsernames {
+		if name == debugID {
+			l.logger.Debugw("Debug info", args...)
+		}
+	}
+}
+
+func (l *Ldap) maybePrintDebugLogsGroups(name string, args ...any) {
+	args = append([]any{"id", name}, args...)
+	for _, debugID := range l.config.Groups.DebugGroupnames {
+		if name == debugID {
+			l.logger.Debugw("Debug info", args...)
+		}
+	}
+}

testcontainer_openldap.go

@@ -45,9 +45,10 @@ func (y *OpenLdapLocal) GetConfig() (*LdapConfig, error) {
 			FirstNameAttributeType: ptr.String("givenName"),
 		},
 		Groups: LdapGroupsConfig{
-			Filter:                 "(objectClass=posixGroup)",
-			GroupnameAttributeType: "cn",
-			MemberUIDAttributeType: "memberUid",
+			Filter:                     "(objectClass=posixGroup)",
+			GroupnameAttributeType:     "cn",
+			MemberUIDAttributeType:     "memberUid",
+			GroupsNameSuffixPostFilter: ".devs",
 		},
 	}, nil
 }