Skip to content

Commit ba990d0

Browse files
TheFox0x7TheFox0x7
committed
revert ldap flag rework
1 parent b2d5244 commit ba990d0

File tree

5 files changed

+196
-133
lines changed

5 files changed

+196
-133
lines changed

cmd/admin.go

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -86,12 +86,14 @@ var (
8686
},
8787
},
8888
}
89+
)
8990

90-
idFlag = &cli.Int64Flag{
91+
func idFlag() *cli.Int64Flag {
92+
return &cli.Int64Flag{
9193
Name: "id",
9294
Usage: "ID of authentication source",
9395
}
94-
)
96+
}
9597

9698
func runRepoSyncReleases(ctx context.Context, _ *cli.Command) error {
9799
if err := initDB(ctx); err != nil {

cmd/admin_auth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ var (
2121
microcmdAuthDelete = &cli.Command{
2222
Name: "delete",
2323
Usage: "Delete specific auth source",
24-
Flags: []cli.Flag{idFlag},
24+
Flags: []cli.Flag{idFlag()},
2525
Action: runDeleteAuth,
2626
}
2727
microcmdAuthList = &cli.Command{

cmd/admin_auth_ldap.go

Lines changed: 159 additions & 114 deletions
Original file line numberDiff line numberDiff line change
@@ -24,47 +24,159 @@ type (
2424
}
2525
)
2626

27+
func commonLdapCLIFlags() []cli.Flag {
28+
return []cli.Flag{
29+
&cli.StringFlag{
30+
Name: "name",
31+
Usage: "Authentication name.",
32+
},
33+
&cli.BoolFlag{
34+
Name: "not-active",
35+
Usage: "Deactivate the authentication source.",
36+
},
37+
&cli.BoolFlag{
38+
Name: "active",
39+
Usage: "Activate the authentication source.",
40+
},
41+
&cli.StringFlag{
42+
Name: "security-protocol",
43+
Usage: "Security protocol name.",
44+
},
45+
&cli.BoolFlag{
46+
Name: "skip-tls-verify",
47+
Usage: "Disable TLS verification.",
48+
},
49+
&cli.StringFlag{
50+
Name: "host",
51+
Usage: "The address where the LDAP server can be reached.",
52+
},
53+
&cli.IntFlag{
54+
Name: "port",
55+
Usage: "The port to use when connecting to the LDAP server.",
56+
},
57+
&cli.StringFlag{
58+
Name: "user-search-base",
59+
Usage: "The LDAP base at which user accounts will be searched for.",
60+
},
61+
&cli.StringFlag{
62+
Name: "user-filter",
63+
Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
64+
},
65+
&cli.StringFlag{
66+
Name: "admin-filter",
67+
Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
68+
},
69+
&cli.StringFlag{
70+
Name: "restricted-filter",
71+
Usage: "An LDAP filter specifying if a user should be given restricted status.",
72+
},
73+
&cli.BoolFlag{
74+
Name: "allow-deactivate-all",
75+
Usage: "Allow empty search results to deactivate all users.",
76+
},
77+
&cli.StringFlag{
78+
Name: "username-attribute",
79+
Usage: "The attribute of the user’s LDAP record containing the user name.",
80+
},
81+
&cli.StringFlag{
82+
Name: "firstname-attribute",
83+
Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
84+
},
85+
&cli.StringFlag{
86+
Name: "surname-attribute",
87+
Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
88+
},
89+
&cli.StringFlag{
90+
Name: "email-attribute",
91+
Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
92+
},
93+
&cli.StringFlag{
94+
Name: "public-ssh-key-attribute",
95+
Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
96+
},
97+
&cli.BoolFlag{
98+
Name: "skip-local-2fa",
99+
Usage: "Set to true to skip local 2fa for users authenticated by this source",
100+
},
101+
&cli.StringFlag{
102+
Name: "avatar-attribute",
103+
Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
104+
},
105+
}
106+
}
107+
108+
func ldapBindDnCLIFlags() []cli.Flag {
109+
return append(commonLdapCLIFlags(),
110+
&cli.StringFlag{
111+
Name: "bind-dn",
112+
Usage: "The DN to bind to the LDAP server with when searching for the user.",
113+
},
114+
&cli.StringFlag{
115+
Name: "bind-password",
116+
Usage: "The password for the Bind DN, if any.",
117+
},
118+
&cli.BoolFlag{
119+
Name: "attributes-in-bind",
120+
Usage: "Fetch attributes in bind DN context.",
121+
},
122+
&cli.BoolFlag{
123+
Name: "synchronize-users",
124+
Usage: "Enable user synchronization.",
125+
},
126+
&cli.BoolFlag{
127+
Name: "disable-synchronize-users",
128+
Usage: "Disable user synchronization.",
129+
},
130+
&cli.UintFlag{
131+
Name: "page-size",
132+
Usage: "Search page size.",
133+
},
134+
&cli.BoolFlag{
135+
Name: "enable-groups",
136+
Usage: "Enable LDAP groups",
137+
},
138+
&cli.StringFlag{
139+
Name: "group-search-base-dn",
140+
Usage: "The LDAP base DN at which group accounts will be searched for",
141+
},
142+
&cli.StringFlag{
143+
Name: "group-member-attribute",
144+
Usage: "Group attribute containing list of users",
145+
},
146+
&cli.StringFlag{
147+
Name: "group-user-attribute",
148+
Usage: "User attribute listed in group",
149+
},
150+
&cli.StringFlag{
151+
Name: "group-filter",
152+
Usage: "Verify group membership in LDAP",
153+
},
154+
&cli.StringFlag{
155+
Name: "group-team-map",
156+
Usage: "Map LDAP groups to Organization teams",
157+
},
158+
&cli.BoolFlag{
159+
Name: "group-team-map-removal",
160+
Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group",
161+
})
162+
}
163+
164+
func ldapSimpleAuthCLIFlags() []cli.Flag {
165+
return append(commonLdapCLIFlags(),
166+
&cli.StringFlag{
167+
Name: "user-dn",
168+
Usage: "The user's DN.",
169+
})
170+
}
171+
27172
func microcmdAuthAddLdapBindDn() *cli.Command {
28173
return &cli.Command{
29174
Name: "add-ldap",
30175
Usage: "Add new LDAP (via Bind DN) authentication source",
31176
Action: func(ctx context.Context, cmd *cli.Command) error {
32177
return newAuthService().addLdapBindDn(ctx, cmd)
33178
},
34-
Flags: []cli.Flag{
35-
&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
36-
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
37-
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
38-
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
39-
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
40-
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
41-
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
42-
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for.", Required: true},
43-
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
44-
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
45-
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
46-
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
47-
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
48-
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
49-
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
50-
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
51-
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
52-
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
53-
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
54-
&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
55-
&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
56-
&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
57-
&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
58-
&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
59-
&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
60-
&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
61-
&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
62-
&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
63-
&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
64-
&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
65-
&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
66-
&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
67-
},
179+
Flags: ldapBindDnCLIFlags(),
68180
}
69181
}
70182

@@ -75,41 +187,7 @@ func microcmdAuthUpdateLdapBindDn() *cli.Command {
75187
Action: func(ctx context.Context, cmd *cli.Command) error {
76188
return newAuthService().updateLdapBindDn(ctx, cmd)
77189
},
78-
Flags: []cli.Flag{
79-
&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
80-
&cli.StringFlag{Name: "name", Usage: "Authentication name."},
81-
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
82-
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
83-
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
84-
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
85-
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
86-
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
87-
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
88-
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
89-
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
90-
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
91-
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
92-
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
93-
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
94-
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
95-
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
96-
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
97-
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
98-
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
99-
&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
100-
&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
101-
&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
102-
&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
103-
&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
104-
&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
105-
&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
106-
&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
107-
&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
108-
&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
109-
&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
110-
&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
111-
&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
112-
},
190+
Flags: append([]cli.Flag{idFlag()}, ldapBindDnCLIFlags()...),
113191
}
114192
}
115193

@@ -120,28 +198,7 @@ func microcmdAuthAddLdapSimpleAuth() *cli.Command {
120198
Action: func(ctx context.Context, cmd *cli.Command) error {
121199
return newAuthService().addLdapSimpleAuth(ctx, cmd)
122200
},
123-
Flags: []cli.Flag{
124-
&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
125-
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
126-
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
127-
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
128-
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
129-
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
130-
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
131-
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
132-
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
133-
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
134-
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
135-
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
136-
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
137-
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
138-
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
139-
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
140-
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
141-
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
142-
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
143-
&cli.StringFlag{Name: "user-dn", Usage: "The user's DN.", Required: true},
144-
},
201+
Flags: ldapSimpleAuthCLIFlags(),
145202
}
146203
}
147204

@@ -152,29 +209,7 @@ func microcmdAuthUpdateLdapSimpleAuth() *cli.Command {
152209
Action: func(ctx context.Context, cmd *cli.Command) error {
153210
return newAuthService().updateLdapSimpleAuth(ctx, cmd)
154211
},
155-
Flags: []cli.Flag{
156-
&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
157-
&cli.StringFlag{Name: "name", Usage: "Authentication name."},
158-
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
159-
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
160-
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
161-
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
162-
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
163-
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
164-
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
165-
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
166-
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
167-
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
168-
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
169-
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
170-
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
171-
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
172-
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
173-
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
174-
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
175-
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
176-
&cli.StringFlag{Name: "user-dn", Usage: "The user's DN."},
177-
},
212+
Flags: append([]cli.Flag{idFlag()}, ldapSimpleAuthCLIFlags()...),
178213
}
179214
}
180215

@@ -315,6 +350,9 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
315350
// getAuthSource gets the login source by its id defined in the command line flags.
316351
// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
317352
func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authType auth.Type) (*auth.Source, error) {
353+
if err := argsSet(c, "id"); err != nil {
354+
return nil, err
355+
}
318356
authSource, err := a.getAuthSourceByID(ctx, c.Int64("id"))
319357
if err != nil {
320358
return nil, err
@@ -329,6 +367,9 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authTyp
329367

330368
// addLdapBindDn adds a new LDAP via Bind DN authentication source.
331369
func (a *authService) addLdapBindDn(ctx context.Context, c *cli.Command) error {
370+
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
371+
return err
372+
}
332373
if err := a.initDB(ctx); err != nil {
333374
return err
334375
}
@@ -370,6 +411,10 @@ func (a *authService) updateLdapBindDn(ctx context.Context, c *cli.Command) erro
370411

371412
// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
372413
func (a *authService) addLdapSimpleAuth(ctx context.Context, c *cli.Command) error {
414+
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
415+
return err
416+
}
417+
373418
if err := a.initDB(ctx); err != nil {
374419
return err
375420
}

0 commit comments

Comments
 (0)