-
Notifications
You must be signed in to change notification settings - Fork 1
/
ldap_actions.go
133 lines (111 loc) · 3.95 KB
/
ldap_actions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
package ldap
import (
"fmt"
"strings"
"github.com/mitchellh/mapstructure"
"github.com/rancher/norman/api/handler"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/types"
"github.com/rancher/rancher/pkg/api/store/auth"
"github.com/rancher/rancher/pkg/auth/providers/common"
v3 "github.com/rancher/types/apis/management.cattle.io/v3"
managementschema "github.com/rancher/types/apis/management.cattle.io/v3/schema"
"github.com/rancher/types/apis/management.cattle.io/v3public"
client "github.com/rancher/types/client/management/v3"
"github.com/sirupsen/logrus"
)
func (p *ldapProvider) formatter(apiContext *types.APIContext, resource *types.RawResource) {
common.AddCommonActions(apiContext, resource)
resource.AddAction(apiContext, "testAndApply")
}
func (p *ldapProvider) actionHandler(actionName string, action *types.Action, request *types.APIContext) error {
handled, err := common.HandleCommonAction(actionName, action, request, p.providerName, p.authConfigs)
if err != nil {
return err
}
if handled {
return nil
}
if actionName == "testAndApply" {
return p.testAndApply(actionName, action, request)
}
return httperror.NewAPIError(httperror.ActionNotAvailable, "")
}
func (p *ldapProvider) testAndApply(actionName string, action *types.Action, request *types.APIContext) error {
var input map[string]interface{}
var err error
input, err = handler.ParseAndValidateActionBody(request, request.Schemas.Schema(&managementschema.Version,
p.testAndApplyInputType))
if err != nil {
return err
}
configApplyInput := &v3.LdapTestAndApplyInput{}
if err := mapstructure.Decode(input, configApplyInput); err != nil {
return httperror.NewAPIError(httperror.InvalidBodyContent,
fmt.Sprintf("Failed to parse body: %v", err))
}
config := &configApplyInput.LdapConfig
login := &v3public.BasicLogin{
Username: configApplyInput.Username,
Password: configApplyInput.Password,
}
if config.ServiceAccountPassword != "" {
value, err := common.ReadFromSecret(p.secrets, config.ServiceAccountPassword,
strings.ToLower(auth.TypeToField[client.FreeIpaConfigType]))
if err != nil {
return err
}
config.ServiceAccountPassword = value
}
caPool, err := newCAPool(config.Certificate)
if err != nil {
return err
}
if len(config.Servers) < 1 {
return httperror.NewAPIError(httperror.InvalidBodyContent, "must supply a server")
}
if len(config.Servers) > 1 {
return httperror.NewAPIError(httperror.InvalidBodyContent, "multiple servers not yet supported")
}
userPrincipal, groupPrincipals, err := p.loginUser(login, config, caPool)
if err != nil {
return err
}
//if this works, save LDAPConfig CR adding enabled flag
config.Enabled = configApplyInput.Enabled
err = p.saveLDAPConfig(config)
if err != nil {
return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("Failed to save %s config: %v", p.providerName, err))
}
user, err := p.userMGR.SetPrincipalOnCurrentUser(request, userPrincipal)
if err != nil {
return err
}
return p.tokenMGR.CreateTokenAndSetCookie(user.Name, userPrincipal, groupPrincipals, "", 0, "Token via LDAP Configuration", request)
}
func (p *ldapProvider) saveLDAPConfig(config *v3.LdapConfig) error {
storedConfig, _, err := p.getLDAPConfig()
if err != nil {
return err
}
config.APIVersion = "management.cattle.io/v3"
config.Kind = v3.AuthConfigGroupVersionKind.Kind
if p.providerName == "openldap" {
config.Type = client.OpenLdapConfigType
} else {
config.Type = client.FreeIpaConfigType
}
config.ObjectMeta = storedConfig.ObjectMeta
field := strings.ToLower(auth.TypeToField[config.Type])
if err := common.CreateOrUpdateSecrets(p.secrets, config.ServiceAccountPassword,
field, strings.ToLower(config.Type)); err != nil {
return err
}
config.ServiceAccountPassword = common.GetName(config.Type, field)
logrus.Debugf("updating %s config", p.providerName)
_, err = p.authConfigs.ObjectClient().Update(config.ObjectMeta.Name, config)
if err != nil {
return err
}
return nil
}