Skip to content

Commit df9c7f2

Browse files
TheFox0x7TheFox0x7
committed
inline flags for ldap commands
ensure flags don't carry state through tests
1 parent d281b11 commit df9c7f2

File tree

3 files changed

+148
-185
lines changed

3 files changed

+148
-185
lines changed

cmd/admin.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,10 +53,10 @@ var (
5353
Commands: []*cli.Command{
5454
microcmdAuthAddOauth,
5555
microcmdAuthUpdateOauth,
56-
microcmdAuthAddLdapBindDn,
57-
microcmdAuthUpdateLdapBindDn,
58-
microcmdAuthAddLdapSimpleAuth,
59-
microcmdAuthUpdateLdapSimpleAuth,
56+
newMicrocmdAuthAddLdapBindDn(),
57+
newMicrocmdAuthUpdateLdapBindDn(),
58+
newMicrocmdAuthAddLdapSimpleAuth(),
59+
newMicrocmdAuthUpdateLdapSimpleAuth(),
6060
microcmdAuthAddSMTP,
6161
microcmdAuthUpdateSMTP,
6262
microcmdAuthList,

cmd/admin_auth_ldap.go

Lines changed: 125 additions & 162 deletions
Original file line numberDiff line numberDiff line change
@@ -24,182 +24,157 @@ type (
2424
}
2525
)
2626

27-
var (
28-
commonLdapCLIFlags = []cli.Flag{
29-
&cli.StringFlag{
30-
Name: "name",
31-
Usage: "Authentication name.",
32-
},
33-
&cli.BoolFlag{
34-
Name: "not-active",
35-
Usage: "Deactivate the authentication source.",
36-
},
37-
&cli.BoolFlag{
38-
Name: "active",
39-
Usage: "Activate the authentication source.",
40-
},
41-
&cli.StringFlag{
42-
Name: "security-protocol",
43-
Usage: "Security protocol name.",
44-
},
45-
&cli.BoolFlag{
46-
Name: "skip-tls-verify",
47-
Usage: "Disable TLS verification.",
48-
},
49-
&cli.StringFlag{
50-
Name: "host",
51-
Usage: "The address where the LDAP server can be reached.",
52-
},
53-
&cli.IntFlag{
54-
Name: "port",
55-
Usage: "The port to use when connecting to the LDAP server.",
56-
},
57-
&cli.StringFlag{
58-
Name: "user-search-base",
59-
Usage: "The LDAP base at which user accounts will be searched for.",
60-
},
61-
&cli.StringFlag{
62-
Name: "user-filter",
63-
Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
64-
},
65-
&cli.StringFlag{
66-
Name: "admin-filter",
67-
Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
68-
},
69-
&cli.StringFlag{
70-
Name: "restricted-filter",
71-
Usage: "An LDAP filter specifying if a user should be given restricted status.",
72-
},
73-
&cli.BoolFlag{
74-
Name: "allow-deactivate-all",
75-
Usage: "Allow empty search results to deactivate all users.",
76-
},
77-
&cli.StringFlag{
78-
Name: "username-attribute",
79-
Usage: "The attribute of the user’s LDAP record containing the user name.",
80-
},
81-
&cli.StringFlag{
82-
Name: "firstname-attribute",
83-
Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
84-
},
85-
&cli.StringFlag{
86-
Name: "surname-attribute",
87-
Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
88-
},
89-
&cli.StringFlag{
90-
Name: "email-attribute",
91-
Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
92-
},
93-
&cli.StringFlag{
94-
Name: "public-ssh-key-attribute",
95-
Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
96-
},
97-
&cli.BoolFlag{
98-
Name: "skip-local-2fa",
99-
Usage: "Set to true to skip local 2fa for users authenticated by this source",
100-
},
101-
&cli.StringFlag{
102-
Name: "avatar-attribute",
103-
Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
104-
},
105-
}
106-
107-
ldapBindDnCLIFlags = append(commonLdapCLIFlags,
108-
&cli.StringFlag{
109-
Name: "bind-dn",
110-
Usage: "The DN to bind to the LDAP server with when searching for the user.",
111-
},
112-
&cli.StringFlag{
113-
Name: "bind-password",
114-
Usage: "The password for the Bind DN, if any.",
115-
},
116-
&cli.BoolFlag{
117-
Name: "attributes-in-bind",
118-
Usage: "Fetch attributes in bind DN context.",
119-
},
120-
&cli.BoolFlag{
121-
Name: "synchronize-users",
122-
Usage: "Enable user synchronization.",
123-
},
124-
&cli.BoolFlag{
125-
Name: "disable-synchronize-users",
126-
Usage: "Disable user synchronization.",
127-
},
128-
&cli.UintFlag{
129-
Name: "page-size",
130-
Usage: "Search page size.",
131-
},
132-
&cli.BoolFlag{
133-
Name: "enable-groups",
134-
Usage: "Enable LDAP groups",
135-
},
136-
&cli.StringFlag{
137-
Name: "group-search-base-dn",
138-
Usage: "The LDAP base DN at which group accounts will be searched for",
139-
},
140-
&cli.StringFlag{
141-
Name: "group-member-attribute",
142-
Usage: "Group attribute containing list of users",
143-
},
144-
&cli.StringFlag{
145-
Name: "group-user-attribute",
146-
Usage: "User attribute listed in group",
147-
},
148-
&cli.StringFlag{
149-
Name: "group-filter",
150-
Usage: "Verify group membership in LDAP",
151-
},
152-
&cli.StringFlag{
153-
Name: "group-team-map",
154-
Usage: "Map LDAP groups to Organization teams",
155-
},
156-
&cli.BoolFlag{
157-
Name: "group-team-map-removal",
158-
Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group",
159-
})
160-
161-
ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
162-
&cli.StringFlag{
163-
Name: "user-dn",
164-
Usage: "The user's DN.",
165-
})
166-
167-
microcmdAuthAddLdapBindDn = &cli.Command{
27+
func newMicrocmdAuthAddLdapBindDn() *cli.Command {
28+
return &cli.Command{
16829
Name: "add-ldap",
16930
Usage: "Add new LDAP (via Bind DN) authentication source",
17031
Action: func(ctx context.Context, cmd *cli.Command) error {
17132
return newAuthService().addLdapBindDn(ctx, cmd)
17233
},
173-
Flags: ldapBindDnCLIFlags,
34+
Flags: []cli.Flag{
35+
&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
36+
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
37+
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
38+
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
39+
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
40+
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
41+
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
42+
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for.", Required: true},
43+
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
44+
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
45+
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
46+
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
47+
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
48+
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
49+
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
50+
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
51+
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
52+
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
53+
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
54+
&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
55+
&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
56+
&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
57+
&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
58+
&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
59+
&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
60+
&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
61+
&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
62+
&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
63+
&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
64+
&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
65+
&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
66+
&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
67+
},
17468
}
69+
}
17570

176-
microcmdAuthUpdateLdapBindDn = &cli.Command{
71+
func newMicrocmdAuthUpdateLdapBindDn() *cli.Command {
72+
return &cli.Command{
17773
Name: "update-ldap",
17874
Usage: "Update existing LDAP (via Bind DN) authentication source",
17975
Action: func(ctx context.Context, cmd *cli.Command) error {
18076
return newAuthService().updateLdapBindDn(ctx, cmd)
18177
},
182-
Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
78+
Flags: []cli.Flag{
79+
&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
80+
&cli.StringFlag{Name: "name", Usage: "Authentication name."},
81+
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
82+
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
83+
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
84+
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
85+
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
86+
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
87+
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
88+
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
89+
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
90+
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
91+
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
92+
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
93+
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
94+
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
95+
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
96+
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
97+
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
98+
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
99+
&cli.StringFlag{Name: "bind-dn", Usage: "The DN to bind to the LDAP server with when searching for the user."},
100+
&cli.StringFlag{Name: "bind-password", Usage: "The password for the Bind DN, if any."},
101+
&cli.BoolFlag{Name: "attributes-in-bind", Usage: "Fetch attributes in bind DN context."},
102+
&cli.BoolFlag{Name: "synchronize-users", Usage: "Enable user synchronization."},
103+
&cli.BoolFlag{Name: "disable-synchronize-users", Usage: "Disable user synchronization."},
104+
&cli.UintFlag{Name: "page-size", Usage: "Search page size."},
105+
&cli.BoolFlag{Name: "enable-groups", Usage: "Enable LDAP groups"},
106+
&cli.StringFlag{Name: "group-search-base-dn", Usage: "The LDAP base DN at which group accounts will be searched for"},
107+
&cli.StringFlag{Name: "group-member-attribute", Usage: "Group attribute containing list of users"},
108+
&cli.StringFlag{Name: "group-user-attribute", Usage: "User attribute listed in group"},
109+
&cli.StringFlag{Name: "group-filter", Usage: "Verify group membership in LDAP"},
110+
&cli.StringFlag{Name: "group-team-map", Usage: "Map LDAP groups to Organization teams"},
111+
&cli.BoolFlag{Name: "group-team-map-removal", Usage: "Remove users from synchronized teams if user does not belong to corresponding LDAP group"},
112+
},
183113
}
114+
}
184115

185-
microcmdAuthAddLdapSimpleAuth = &cli.Command{
116+
func newMicrocmdAuthAddLdapSimpleAuth() *cli.Command {
117+
return &cli.Command{
186118
Name: "add-ldap-simple",
187119
Usage: "Add new LDAP (simple auth) authentication source",
188120
Action: func(ctx context.Context, cmd *cli.Command) error {
189121
return newAuthService().addLdapSimpleAuth(ctx, cmd)
190122
},
191-
Flags: ldapSimpleAuthCLIFlags,
123+
Flags: []cli.Flag{
124+
&cli.StringFlag{Name: "name", Usage: "Authentication name.", Required: true},
125+
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
126+
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
127+
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name.", Required: true},
128+
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
129+
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached.", Required: true},
130+
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server.", Required: true},
131+
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
132+
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.", Required: true},
133+
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
134+
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
135+
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
136+
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
137+
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
138+
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
139+
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address.", Required: true},
140+
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
141+
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
142+
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
143+
&cli.StringFlag{Name: "user-dn", Usage: "The user's DN.", Required: true}},
192144
}
145+
}
193146

194-
microcmdAuthUpdateLdapSimpleAuth = &cli.Command{
147+
func newMicrocmdAuthUpdateLdapSimpleAuth() *cli.Command {
148+
return &cli.Command{
195149
Name: "update-ldap-simple",
196150
Usage: "Update existing LDAP (simple auth) authentication source",
197151
Action: func(ctx context.Context, cmd *cli.Command) error {
198152
return newAuthService().updateLdapSimpleAuth(ctx, cmd)
199153
},
200-
Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
201-
}
202-
)
154+
Flags: []cli.Flag{
155+
&cli.Int64Flag{Name: "id", Usage: "ID of authentication source", Required: true},
156+
&cli.StringFlag{Name: "name", Usage: "Authentication name."},
157+
&cli.BoolFlag{Name: "not-active", Usage: "Deactivate the authentication source."},
158+
&cli.BoolFlag{Name: "active", Usage: "Activate the authentication source."},
159+
&cli.StringFlag{Name: "security-protocol", Usage: "Security protocol name."},
160+
&cli.BoolFlag{Name: "skip-tls-verify", Usage: "Disable TLS verification."},
161+
&cli.StringFlag{Name: "host", Usage: "The address where the LDAP server can be reached."},
162+
&cli.IntFlag{Name: "port", Usage: "The port to use when connecting to the LDAP server."},
163+
&cli.StringFlag{Name: "user-search-base", Usage: "The LDAP base at which user accounts will be searched for."},
164+
&cli.StringFlag{Name: "user-filter", Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate."},
165+
&cli.StringFlag{Name: "admin-filter", Usage: "An LDAP filter specifying if a user should be given administrator privileges."},
166+
&cli.StringFlag{Name: "restricted-filter", Usage: "An LDAP filter specifying if a user should be given restricted status."},
167+
&cli.BoolFlag{Name: "allow-deactivate-all", Usage: "Allow empty search results to deactivate all users."},
168+
&cli.StringFlag{Name: "username-attribute", Usage: "The attribute of the user’s LDAP record containing the user name."},
169+
&cli.StringFlag{Name: "firstname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s first name."},
170+
&cli.StringFlag{Name: "surname-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s surname."},
171+
&cli.StringFlag{Name: "email-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s email address."},
172+
&cli.StringFlag{Name: "public-ssh-key-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key."},
173+
&cli.BoolFlag{Name: "skip-local-2fa", Usage: "Set to true to skip local 2fa for users authenticated by this source"},
174+
&cli.StringFlag{Name: "avatar-attribute", Usage: "The attribute of the user’s LDAP record containing the user’s avatar."},
175+
&cli.StringFlag{Name: "user-dn", Usage: "The user's DN."},
176+
}}
177+
}
203178

204179
// newAuthService creates a service with default functions.
205180
func newAuthService() *authService {
@@ -338,10 +313,6 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
338313
// getAuthSource gets the login source by its id defined in the command line flags.
339314
// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
340315
func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authType auth.Type) (*auth.Source, error) {
341-
if err := argsSet(c, "id"); err != nil {
342-
return nil, err
343-
}
344-
345316
authSource, err := a.getAuthSourceByID(ctx, c.Int64("id"))
346317
if err != nil {
347318
return nil, err
@@ -356,10 +327,6 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Command, authTyp
356327

357328
// addLdapBindDn adds a new LDAP via Bind DN authentication source.
358329
func (a *authService) addLdapBindDn(_ context.Context, c *cli.Command) error {
359-
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
360-
return err
361-
}
362-
363330
ctx, cancel := installSignals()
364331
defer cancel()
365332

@@ -407,10 +374,6 @@ func (a *authService) updateLdapBindDn(_ context.Context, c *cli.Command) error
407374

408375
// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
409376
func (a *authService) addLdapSimpleAuth(_ context.Context, c *cli.Command) error {
410-
if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
411-
return err
412-
}
413-
414377
ctx, cancel := installSignals()
415378
defer cancel()
416379

0 commit comments

Comments
 (0)