Add possibility to resolve relations by RDN, in addition to UUID and DN in LDAP plugin

This is required to support memberUid attribute https://ldapwiki.com/wiki/MemberUid

Signed-off-by: Tomasz Szuba <tszuba@box.com>

.changeset/twelve-candles-jump.md

@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-catalog-backend-module-ldap': patch
+---
+
+Add possibility to resolve relations by RDN, in addition to UUID and DN

plugins/catalog-backend-module-ldap/src/ldap/read.test.ts

@@ -345,206 +345,128 @@ describe('readLdapGroups', () => {
 
 describe('resolveRelations', () => {
   describe('lookup', () => {
-    it('matches by DN', () => {
-      const parent = group({
-        metadata: {
-          name: 'parent',
-          annotations: { [LDAP_DN_ANNOTATION]: 'pa' },
-        },
-      });
-      const child = group({
-        metadata: {
-          name: 'child',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ca' },
-        },
-      });
-      const groupMember = new Map<string, Set<string>>([
-        ['pa', new Set(['ca'])],
-      ]);
-      resolveRelations([parent, child], [], new Map(), new Map(), groupMember);
-      expect(parent.spec.children).toEqual(['group:default/child']);
-      expect(child.spec.parent).toEqual('group:default/parent');
-    });
-
-    it('matches by UUID', () => {
-      const parent = group({
-        metadata: {
-          name: 'parent',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'pa' },
-        },
-      });
-      const child = group({
-        metadata: {
-          name: 'child',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'ca' },
-        },
-      });
-      const groupMember = new Map<string, Set<string>>([
-        ['pa', new Set(['ca'])],
-      ]);
-      resolveRelations([parent, child], [], new Map(), new Map(), groupMember);
-      expect(parent.spec.children).toEqual(['group:default/child']);
-      expect(child.spec.parent).toEqual('group:default/parent');
-    });
+    it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])(
+      'matches by %s',
+      annotation => {
+        const parent = group({
+          metadata: {
+            name: 'parent',
+            annotations: { [annotation]: 'pa' },
+          },
+        });
+        const child = group({
+          metadata: {
+            name: 'child',
+            annotations: { [annotation]: 'ca' },
+          },
+        });
+        const groupMember = new Map<string, Set<string>>([
+          ['pa', new Set(['ca'])],
+        ]);
+        resolveRelations(
+          [parent, child],
+          [],
+          new Map(),
+          new Map(),
+          groupMember,
+        );
+        expect(parent.spec.children).toEqual(['group:default/child']);
+        expect(child.spec.parent).toEqual('group:default/parent');
+      },
+    );
   });
 
   describe('userMemberOf', () => {
-    it('populates relations by dn', () => {
-      const host = group({
-        metadata: { name: 'host', annotations: { [LDAP_DN_ANNOTATION]: 'ha' } },
-      });
-      const member = user({
-        metadata: {
-          name: 'member',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ma' },
-        },
-      });
-      const userMemberOf = new Map<string, Set<string>>([
-        ['ma', new Set(['ha'])],
-      ]);
-      resolveRelations([host], [member], userMemberOf, new Map(), new Map());
-      expect(member.spec.memberOf).toEqual(['group:default/host']);
-    });
-
-    it('populates relations by uuid', () => {
-      const host = group({
-        metadata: {
-          name: 'host',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'ha' },
-        },
-      });
-      const member = user({
-        metadata: {
-          name: 'member',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ma' },
-        },
-      });
-      const userMemberOf = new Map<string, Set<string>>([
-        ['ma', new Set(['ha'])],
-      ]);
-      resolveRelations([host], [member], userMemberOf, new Map(), new Map());
-      expect(member.spec.memberOf).toEqual(['group:default/host']);
-    });
+    it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])(
+      'populates relations by %s',
+      annotation => {
+        const host = group({
+          metadata: { name: 'host', annotations: { [annotation]: 'ha' } },
+        });
+        const member = user({
+          metadata: {
+            name: 'member',
+            annotations: { [annotation]: 'ma' },
+          },
+        });
+        const userMemberOf = new Map<string, Set<string>>([
+          ['ma', new Set(['ha'])],
+        ]);
+        resolveRelations([host], [member], userMemberOf, new Map(), new Map());
+        expect(member.spec.memberOf).toEqual(['group:default/host']);
+      },
+    );
   });
 
   describe('groupMemberOf', () => {
-    it('populates relations by dn', () => {
-      const parent = group({
-        metadata: {
-          name: 'parent',
-          annotations: { [LDAP_DN_ANNOTATION]: 'pa' },
-        },
-      });
-      const child = group({
-        metadata: {
-          name: 'child',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ca' },
-        },
-      });
-      const groupMemberOf = new Map<string, Set<string>>([
-        ['ca', new Set(['pa'])],
-      ]);
-      resolveRelations(
-        [parent, child],
-        [],
-        new Map(),
-        groupMemberOf,
-        new Map(),
-      );
-      expect(parent.spec.children).toEqual(['group:default/child']);
-      expect(child.spec.parent).toEqual('group:default/parent');
-    });
-  });
-
-  it('populates relations by uuid', () => {
-    const parent = group({
-      metadata: {
-        name: 'parent',
-        annotations: { [LDAP_UUID_ANNOTATION]: 'pa' },
+    it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])(
+      'populates relations by %s',
+      annotation => {
+        const parent = group({
+          metadata: {
+            name: 'parent',
+            annotations: { [annotation]: 'pa' },
+          },
+        });
+        const child = group({
+          metadata: {
+            name: 'child',
+            annotations: { [annotation]: 'ca' },
+          },
+        });
+        const groupMemberOf = new Map<string, Set<string>>([
+          ['ca', new Set(['pa'])],
+        ]);
+        resolveRelations(
+          [parent, child],
+          [],
+          new Map(),
+          groupMemberOf,
+          new Map(),
+        );
+        expect(parent.spec.children).toEqual(['group:default/child']);
+        expect(child.spec.parent).toEqual('group:default/parent');
       },
-    });
-    const child = group({
-      metadata: {
-        name: 'child',
-        annotations: { [LDAP_UUID_ANNOTATION]: 'ca' },
-      },
-    });
-    const groupMemberOf = new Map<string, Set<string>>([
-      ['ca', new Set(['pa'])],
-    ]);
-    resolveRelations([parent, child], [], new Map(), groupMemberOf, new Map());
-    expect(parent.spec.children).toEqual(['group:default/child']);
-    expect(child.spec.parent).toEqual('group:default/parent');
+    );
   });
 
   describe('groupMember', () => {
-    it('populates relations by dn', () => {
-      const parent = group({
-        metadata: {
-          name: 'parent',
-          annotations: { [LDAP_DN_ANNOTATION]: 'pa' },
-        },
-      });
-      const child = group({
-        metadata: {
-          name: 'child',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ca' },
-        },
-      });
-      const member = user({
-        metadata: {
-          name: 'member',
-          annotations: { [LDAP_DN_ANNOTATION]: 'ma' },
-        },
-      });
-      const groupMember = new Map<string, Set<string>>([
-        ['pa', new Set(['ca', 'ma'])],
-      ]);
-      resolveRelations(
-        [parent, child],
-        [member],
-        new Map(),
-        new Map(),
-        groupMember,
-      );
-      expect(parent.spec.children).toEqual(['group:default/child']);
-      expect(child.spec.parent).toEqual('group:default/parent');
-      expect(member.spec.memberOf).toEqual(['group:default/parent']);
-    });
-
-    it('populates relations by uuid', () => {
-      const parent = group({
-        metadata: {
-          name: 'parent',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'pa' },
-        },
-      });
-      const child = group({
-        metadata: {
-          name: 'child',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'ca' },
-        },
-      });
-      const member = user({
-        metadata: {
-          name: 'member',
-          annotations: { [LDAP_UUID_ANNOTATION]: 'ma' },
-        },
-      });
-      const groupMember = new Map<string, Set<string>>([
-        ['pa', new Set(['ca', 'ma'])],
-      ]);
-      resolveRelations(
-        [parent, child],
-        [member],
-        new Map(),
-        new Map(),
-        groupMember,
-      );
-      expect(parent.spec.children).toEqual(['group:default/child']);
-      expect(child.spec.parent).toEqual('group:default/parent');
-      expect(member.spec.memberOf).toEqual(['group:default/parent']);
-    });
+    it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])(
+      'populates relations by %s',
+      annotation => {
+        const parent = group({
+          metadata: {
+            name: 'parent',
+            annotations: { [annotation]: 'pa' },
+          },
+        });
+        const child = group({
+          metadata: {
+            name: 'child',
+            annotations: { [annotation]: 'ca' },
+          },
+        });
+        const member = user({
+          metadata: {
+            name: 'member',
+            annotations: { [annotation]: 'ma' },
+          },
+        });
+        const groupMember = new Map<string, Set<string>>([
+          ['pa', new Set(['ca', 'ma'])],
+        ]);
+        resolveRelations(
+          [parent, child],
+          [member],
+          new Map(),
+          new Map(),
+          groupMember,
+        );
+        expect(parent.spec.children).toEqual(['group:default/child']);
+        expect(child.spec.parent).toEqual('group:default/parent');
+        expect(member.spec.memberOf).toEqual(['group:default/parent']);
+      },
+    );
   });
 });
 

plugins/catalog-backend-module-ldap/src/ldap/read.ts

@@ -365,11 +365,13 @@ export function resolveRelations(
   for (const user of users) {
     userMap.set(stringifyEntityRef(user), user);
     userMap.set(user.metadata.annotations![LDAP_DN_ANNOTATION], user);
+    userMap.set(user.metadata.annotations![LDAP_RDN_ANNOTATION], user);
     userMap.set(user.metadata.annotations![LDAP_UUID_ANNOTATION], user);
   }
   for (const group of groups) {
     groupMap.set(stringifyEntityRef(group), group);
     groupMap.set(group.metadata.annotations![LDAP_DN_ANNOTATION], group);
+    groupMap.set(group.metadata.annotations![LDAP_RDN_ANNOTATION], group);
     groupMap.set(group.metadata.annotations![LDAP_UUID_ANNOTATION], group);
   }