Skip to content

[Merged by Bors] - Fix reporting task using ldap cn with spaces #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
maltesander wants to merge 5 commits into from
Closed

[Merged by Bors] - Fix reporting task using ldap cn with spaces #466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b0f9882
use ou with spaces
maltesander May 2, 2023
e0f2804
quote reporting task user and password
maltesander May 2, 2023
c6d7f6e
remove listener class
maltesander May 2, 2023
fd81000
adapted changelog
maltesander May 2, 2023
06792d3
md linter
maltesander May 2, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,15 @@ All notable changes to this project will be documented in this file.
- Use 0.0.0-dev product images for testing ([#463])
- Use testing-tools 0.2.0 ([#463])

### Fixed

- Use ou with spaces in LDAP tests ([#466]).
- Reporting task now escapes user and password input in case of whitespaces ([#466]).

[#461]: https://github.com/stackabletech/nifi-operator/pull/461
[#463]: https://github.com/stackabletech/nifi-operator/pull/463
[#464]: https://github.com/stackabletech/nifi-operator/pull/464
[#466]: https://github.com/stackabletech/nifi-operator/pull/466

## [23.4.0] - 2023-04-17

Expand Down
4 changes: 2 additions & 2 deletions rust/operator-binary/src/controller.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1159,9 +1159,9 @@ fn build_reporting_task_job(
// In case of the username being simple (e.g. admin) just use it as is
// If the username is a bind dn (e.g. cn=integrationtest,ou=users,dc=example,dc=org) we have to extract the cn/dn/uid (in this case integrationtest)
format!(
"-u $(cat {admin_username_file} | grep -oP '((cn|dn|uid)=\\K[^,]+|.*)' | head -n 1)"
"-u \"$(cat {admin_username_file} | grep -oP '((cn|dn|uid)=\\K[^,]+|.*)' | head -n 1)\""
),
format!("-p $(cat {admin_password_file})"),
format!("-p \"$(cat {admin_password_file})\""),
format!("-v {product_version}"),
format!("-m {METRICS_PORT}"),
format!("-c {KEYSTORE_REPORTING_TASK_MOUNT}/ca.crt"),
Expand Down
4 changes: 2 additions & 2 deletions tests/templates/kuttl/ldap/02-assert.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
apiVersion: kuttl.dev/v1beta1
kind: TestAssert
commands:
- script: kubectl exec -n $NAMESPACE openldap-0 -- ldapsearch -H ldap://localhost:1389 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org > /dev/null
- script: kubectl exec -n $NAMESPACE openldap-0 -- bash -c LDAPTLS_CACERT=/tls/ca.crt ldapsearch -Z -H ldaps://localhost:1636 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org > /dev/null
- script: kubectl exec -n $NAMESPACE openldap-0 -- ldapsearch -H ldap://localhost:1389 -D "cn=integrationtest,ou=my users,dc=example,dc=org" -w integrationtest -b "ou=my users,dc=example,dc=org" > /dev/null
- script: kubectl exec -n $NAMESPACE openldap-0 -- bash -c LDAPTLS_CACERT=/tls/ca.crt ldapsearch -Z -H ldaps://localhost:1636 -D "cn=integrationtest,ou=my users,dc=example,dc=org" -w integrationtest -b "ou=my users,dc=example,dc=org" > /dev/null
2 changes: 1 addition & 1 deletion tests/templates/kuttl/ldap/12-install-nifi.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ metadata:
labels:
secrets.stackable.tech/class: nifi-with-ldap-bind
stringData:
user: cn=integrationtest,ou=users,dc=example,dc=org
user: cn=integrationtest,ou=my users,dc=example,dc=org
password: integrationtest
---
apiVersion: nifi.stackable.tech/v1alpha1
Expand Down
2 changes: 1 addition & 1 deletion tests/templates/kuttl/ldap/create-authentication-classes.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
provider:
ldap:
hostname: openldap.$NAMESPACE.svc.cluster.local
searchBase: ou=users,dc=example,dc=org
searchBase: ou=my users,dc=example,dc=org
bindCredentials:
secretClass: nifi-with-ldap-bind
{% if test_scenario['values']['ldap-use-tls'] == 'false' %}
Expand Down
11 changes: 9 additions & 2 deletions tests/templates/kuttl/ldap/create_ldap_user.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,14 @@
# ldapsearch -H ldap://localhost:1389 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org

cat << 'EOF' | ldapadd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin
dn: cn=integrationtest,ou=users,dc=example,dc=org
dn: ou=my users,dc=example,dc=org
ou: my users
objectclass: top
objectclass: organizationalUnit
EOF

cat << 'EOF' | ldapadd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin
dn: cn=integrationtest,ou=my users,dc=example,dc=org
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
Expand All @@ -26,4 +33,4 @@ shadowMax: 0
shadowWarning: 0
EOF

ldappasswd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin -s integrationtest "cn=integrationtest,ou=users,dc=example,dc=org"
ldappasswd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin -s integrationtest "cn=integrationtest,ou=my users,dc=example,dc=org"