feat(LDAP): added tls configuration
Signed-off-by: Antonio Musolino <antoniomusolino007@gmail.com>
This commit is contained in:
Antonio Musolino
@@ -0,0 +1,5 @@
|
||||
---
|
||||
'@backstage/plugin-catalog-backend-module-ldap': minor
|
||||
---
|
||||
|
||||
Added the possibility to pass TLS configuration to ldap connection
|
||||
@@ -82,6 +82,7 @@ export class LdapClient {
|
||||
logger: Logger,
|
||||
target: string,
|
||||
bind?: BindConfig,
|
||||
tls?: TLSConfig,
|
||||
): Promise<LdapClient>;
|
||||
getRootDSE(): Promise<SearchEntry | undefined>;
|
||||
getVendor(): Promise<LdapVendor>;
|
||||
@@ -154,6 +155,7 @@ export class LdapOrgReaderProcessor implements CatalogProcessor {
|
||||
// @public
|
||||
export type LdapProviderConfig = {
|
||||
target: string;
|
||||
tls?: TLSConfig;
|
||||
bind?: BindConfig;
|
||||
users: UserConfig;
|
||||
groups: GroupConfig;
|
||||
@@ -192,6 +194,11 @@ export function readLdapOrg(
|
||||
groups: GroupEntity[];
|
||||
}>;
|
||||
|
||||
// @public
|
||||
export type TLSConfig = {
|
||||
rejectUnauthorized?: boolean;
|
||||
};
|
||||
|
||||
// @public
|
||||
export type UserConfig = {
|
||||
dn: string;
|
||||
|
||||
+16
@@ -50,6 +50,14 @@ export interface Config {
|
||||
secret: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* TLS settings
|
||||
*/
|
||||
tls?: {
|
||||
// Node TLS rejectUnauthorized
|
||||
rejectUnauthorized?: boolean;
|
||||
};
|
||||
|
||||
/**
|
||||
* The settings that govern the reading and interpretation of users.
|
||||
*/
|
||||
@@ -273,6 +281,14 @@ export interface Config {
|
||||
secret: string;
|
||||
};
|
||||
|
||||
/**
|
||||
* TLS settings
|
||||
*/
|
||||
tls?: {
|
||||
// Node TLS rejectUnauthorized
|
||||
rejectUnauthorized?: boolean;
|
||||
};
|
||||
|
||||
/**
|
||||
* The settings that govern the reading and interpretation of users.
|
||||
*/
|
||||
|
||||
@@ -18,7 +18,7 @@ import { ForwardedError } from '@backstage/errors';
|
||||
import ldap, { Client, SearchEntry, SearchOptions } from 'ldapjs';
|
||||
import { cloneDeep } from 'lodash';
|
||||
import { Logger } from 'winston';
|
||||
import { BindConfig } from './config';
|
||||
import { BindConfig, TLSConfig } from './config';
|
||||
import { errorString } from './util';
|
||||
import {
|
||||
ActiveDirectoryVendor,
|
||||
@@ -40,8 +40,12 @@ export class LdapClient {
|
||||
logger: Logger,
|
||||
target: string,
|
||||
bind?: BindConfig,
|
||||
tls?: TLSConfig,
|
||||
): Promise<LdapClient> {
|
||||
const client = ldap.createClient({ url: target });
|
||||
const client = ldap.createClient({
|
||||
url: target,
|
||||
tlsOptions: tls,
|
||||
});
|
||||
|
||||
// We want to have a catch-all error handler at the top, since the default
|
||||
// behavior of the client is to blow up the entire process when it fails,
|
||||
|
||||
@@ -80,6 +80,7 @@ describe('readLdapConfig', () => {
|
||||
{
|
||||
target: 'target',
|
||||
bind: { dn: 'bdn', secret: 's' },
|
||||
tls: { rejectUnauthorized: false },
|
||||
users: {
|
||||
dn: 'udn',
|
||||
options: {
|
||||
@@ -139,6 +140,7 @@ describe('readLdapConfig', () => {
|
||||
{
|
||||
target: 'target',
|
||||
bind: { dn: 'bdn', secret: 's' },
|
||||
tls: { rejectUnauthorized: false },
|
||||
users: {
|
||||
dn: 'udn',
|
||||
options: {
|
||||
|
||||
@@ -30,6 +30,8 @@ export type LdapProviderConfig = {
|
||||
// The prefix of the target that this matches on, e.g.
|
||||
// "ldaps://ds.example.net", with no trailing slash.
|
||||
target: string;
|
||||
// TLS settings
|
||||
tls?: TLSConfig;
|
||||
// The settings to use for the bind command. If none are specified, the bind
|
||||
// command is not issued.
|
||||
bind?: BindConfig;
|
||||
@@ -39,6 +41,16 @@ export type LdapProviderConfig = {
|
||||
groups: GroupConfig;
|
||||
};
|
||||
|
||||
/**
|
||||
* TLS settings
|
||||
*
|
||||
* @public
|
||||
*/
|
||||
export type TLSConfig = {
|
||||
// Node TLS rejectUnauthorized
|
||||
rejectUnauthorized?: boolean;
|
||||
};
|
||||
|
||||
/**
|
||||
* The settings to use for the a command.
|
||||
*
|
||||
@@ -185,6 +197,17 @@ export function readLdapConfig(config: Config): LdapProviderConfig[] {
|
||||
});
|
||||
}
|
||||
|
||||
function readTlsConfig(
|
||||
c: Config | undefined,
|
||||
): LdapProviderConfig['tls'] | undefined {
|
||||
if (!c) {
|
||||
return undefined;
|
||||
}
|
||||
return {
|
||||
rejectUnauthorized: c.getOptionalBoolean('rejectUnauthorized'),
|
||||
};
|
||||
}
|
||||
|
||||
function readBindConfig(
|
||||
c: Config | undefined,
|
||||
): LdapProviderConfig['bind'] | undefined {
|
||||
@@ -312,6 +335,7 @@ export function readLdapConfig(config: Config): LdapProviderConfig[] {
|
||||
return providerConfigs.map(c => {
|
||||
const newConfig = {
|
||||
target: trimEnd(c.getString('target'), '/'),
|
||||
tls: readTlsConfig(c.getOptionalConfig('tls')),
|
||||
bind: readBindConfig(c.getOptionalConfig('bind')),
|
||||
users: readUserConfig(c.getConfig('users')),
|
||||
groups: readGroupConfig(c.getConfig('groups')),
|
||||
|
||||
@@ -22,6 +22,7 @@ export type {
|
||||
GroupConfig,
|
||||
UserConfig,
|
||||
BindConfig,
|
||||
TLSConfig,
|
||||
} from './config';
|
||||
export type { LdapVendor } from './vendors';
|
||||
export {
|
||||
|
||||
@@ -179,6 +179,7 @@ export class LdapOrgEntityProvider implements EntityProvider {
|
||||
this.options.logger,
|
||||
this.options.provider.target,
|
||||
this.options.provider.bind,
|
||||
this.options.provider.tls,
|
||||
);
|
||||
|
||||
const { users, groups } = await readLdapOrg(
|
||||
|
||||
@@ -103,6 +103,7 @@ export class LdapOrgReaderProcessor implements CatalogProcessor {
|
||||
this.logger,
|
||||
provider.target,
|
||||
provider.bind,
|
||||
provider.tls,
|
||||
);
|
||||
const { users, groups } = await readLdapOrg(
|
||||
client,
|
||||
|
||||
Reference in New Issue
Block a user