Token collection checking userID and now setting userID and label for…

… token updates
crobby · Aug 9, 2023 · f8c941b · f8c941b
1 parent e742102
commit f8c941b
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/pkg/agent/clean/active_directory.go b/pkg/agent/clean/active_directory.go
@@ -14,17 +14,17 @@ import (
 	"strings"
 	"time"
 
-	"github.com/rancher/rancher/pkg/auth/providers/activedirectory"
-
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 
 	ldapv3 "github.com/go-ldap/ldap/v3"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	v3 "github.com/rancher/rancher/pkg/apis/management.cattle.io/v3"
+	"github.com/rancher/rancher/pkg/auth/providers/activedirectory"
 	"github.com/rancher/rancher/pkg/auth/providers/common"
 	"github.com/rancher/rancher/pkg/auth/providers/common/ldap"
+	"github.com/rancher/rancher/pkg/auth/tokens"
 	v3client "github.com/rancher/rancher/pkg/client/generated/management/v3"
 	"github.com/rancher/rancher/pkg/types/config"
 	"github.com/sirupsen/logrus"
@@ -677,8 +677,10 @@ func migrateTokens(workunit *migrateUserWorkUnit, sc *config.ScaledContext, dryR
 			if latestToken.Labels == nil {
 				latestToken.Labels = make(map[string]string)
 			}
+			latestToken.Labels[tokens.UserIDLabel] = workunit.originalUser.Name
 			latestToken.Labels[adGUIDMigrationLabel] = migratedLabelValue
 			latestToken.UserPrincipal.Name = dnPrincipalID
+			latestToken.UserID = workunit.originalUser.Name
 			_, err = tokenInterface.Update(latestToken)
 			if err != nil {
 				return fmt.Errorf("[%v] unable to update token: %w", migrateTokensOperation, err)
@@ -705,8 +707,10 @@ func migrateTokens(workunit *migrateUserWorkUnit, sc *config.ScaledContext, dryR
 			if latestToken.Labels == nil {
 				latestToken.Labels = make(map[string]string)
 			}
+			latestToken.Labels[tokens.UserIDLabel] = workunit.originalUser.Name
 			latestToken.Labels[adGUIDMigrationLabel] = migratedLabelValue
 			latestToken.UserPrincipal.Name = localPrincipalID
+			latestToken.UserID = workunit.originalUser.Name
 			_, err = tokenInterface.Update(latestToken)
 			if err != nil {
 				return fmt.Errorf("[%v] unable to update token: %w", migrateTokensOperation, err)
@@ -727,7 +731,7 @@ func collectTokens(workunits *[]migrateUserWorkUnit, sc *config.ScaledContext) e
 	for i, workunit := range *workunits {
 		guidPrincipal := activeDirectoryPrefix + workunit.guid
 		for _, token := range tokenList.Items {
-			if guidPrincipal == token.UserPrincipal.Name {
+			if guidPrincipal == token.UserPrincipal.Name || workunit.originalUser.Name == token.UserID {
 				workunit.guidTokens = append(workunit.guidTokens, token)
 			} else {
 				for _, duplicateLocalUser := range workunit.duplicateUsers {