From fbfbff6bf7ce0bf169c7a03e2f9b8d8bedcc40b3 Mon Sep 17 00:00:00 2001 From: Tomasz Szuba Date: Wed, 22 Jun 2022 16:25:49 +0200 Subject: [PATCH] Add possibility to resolve relations by RDN, in addition to UUID and DN in LDAP plugin This is required to support memberUid attribute https://ldapwiki.com/wiki/MemberUid Signed-off-by: Tomasz Szuba --- .changeset/twelve-candles-jump.md | 5 + .../src/ldap/read.test.ts | 302 +++++++----------- .../src/ldap/read.ts | 2 + 3 files changed, 119 insertions(+), 190 deletions(-) create mode 100644 .changeset/twelve-candles-jump.md diff --git a/.changeset/twelve-candles-jump.md b/.changeset/twelve-candles-jump.md new file mode 100644 index 0000000000..9d0cccd0ba --- /dev/null +++ b/.changeset/twelve-candles-jump.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-catalog-backend-module-ldap': patch +--- + +Add possibility to resolve relations by RDN, in addition to UUID and DN diff --git a/plugins/catalog-backend-module-ldap/src/ldap/read.test.ts b/plugins/catalog-backend-module-ldap/src/ldap/read.test.ts index 410ac847b3..49803b9c39 100644 --- a/plugins/catalog-backend-module-ldap/src/ldap/read.test.ts +++ b/plugins/catalog-backend-module-ldap/src/ldap/read.test.ts @@ -345,206 +345,128 @@ describe('readLdapGroups', () => { describe('resolveRelations', () => { describe('lookup', () => { - it('matches by DN', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_DN_ANNOTATION]: 'pa' }, - }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_DN_ANNOTATION]: 'ca' }, - }, - }); - const groupMember = new Map>([ - ['pa', new Set(['ca'])], - ]); - resolveRelations([parent, child], [], new Map(), new Map(), groupMember); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); - }); - - it('matches by UUID', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_UUID_ANNOTATION]: 'pa' }, - }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_UUID_ANNOTATION]: 'ca' }, - }, - }); - const groupMember = new Map>([ - ['pa', new Set(['ca'])], - ]); - resolveRelations([parent, child], [], new Map(), new Map(), groupMember); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); - }); + it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])( + 'matches by %s', + annotation => { + const parent = group({ + metadata: { + name: 'parent', + annotations: { [annotation]: 'pa' }, + }, + }); + const child = group({ + metadata: { + name: 'child', + annotations: { [annotation]: 'ca' }, + }, + }); + const groupMember = new Map>([ + ['pa', new Set(['ca'])], + ]); + resolveRelations( + [parent, child], + [], + new Map(), + new Map(), + groupMember, + ); + expect(parent.spec.children).toEqual(['group:default/child']); + expect(child.spec.parent).toEqual('group:default/parent'); + }, + ); }); describe('userMemberOf', () => { - it('populates relations by dn', () => { - const host = group({ - metadata: { name: 'host', annotations: { [LDAP_DN_ANNOTATION]: 'ha' } }, - }); - const member = user({ - metadata: { - name: 'member', - annotations: { [LDAP_DN_ANNOTATION]: 'ma' }, - }, - }); - const userMemberOf = new Map>([ - ['ma', new Set(['ha'])], - ]); - resolveRelations([host], [member], userMemberOf, new Map(), new Map()); - expect(member.spec.memberOf).toEqual(['group:default/host']); - }); - - it('populates relations by uuid', () => { - const host = group({ - metadata: { - name: 'host', - annotations: { [LDAP_UUID_ANNOTATION]: 'ha' }, - }, - }); - const member = user({ - metadata: { - name: 'member', - annotations: { [LDAP_DN_ANNOTATION]: 'ma' }, - }, - }); - const userMemberOf = new Map>([ - ['ma', new Set(['ha'])], - ]); - resolveRelations([host], [member], userMemberOf, new Map(), new Map()); - expect(member.spec.memberOf).toEqual(['group:default/host']); - }); + it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])( + 'populates relations by %s', + annotation => { + const host = group({ + metadata: { name: 'host', annotations: { [annotation]: 'ha' } }, + }); + const member = user({ + metadata: { + name: 'member', + annotations: { [annotation]: 'ma' }, + }, + }); + const userMemberOf = new Map>([ + ['ma', new Set(['ha'])], + ]); + resolveRelations([host], [member], userMemberOf, new Map(), new Map()); + expect(member.spec.memberOf).toEqual(['group:default/host']); + }, + ); }); describe('groupMemberOf', () => { - it('populates relations by dn', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_DN_ANNOTATION]: 'pa' }, - }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_DN_ANNOTATION]: 'ca' }, - }, - }); - const groupMemberOf = new Map>([ - ['ca', new Set(['pa'])], - ]); - resolveRelations( - [parent, child], - [], - new Map(), - groupMemberOf, - new Map(), - ); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); - }); - }); - - it('populates relations by uuid', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_UUID_ANNOTATION]: 'pa' }, + it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])( + 'populates relations by %s', + annotation => { + const parent = group({ + metadata: { + name: 'parent', + annotations: { [annotation]: 'pa' }, + }, + }); + const child = group({ + metadata: { + name: 'child', + annotations: { [annotation]: 'ca' }, + }, + }); + const groupMemberOf = new Map>([ + ['ca', new Set(['pa'])], + ]); + resolveRelations( + [parent, child], + [], + new Map(), + groupMemberOf, + new Map(), + ); + expect(parent.spec.children).toEqual(['group:default/child']); + expect(child.spec.parent).toEqual('group:default/parent'); }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_UUID_ANNOTATION]: 'ca' }, - }, - }); - const groupMemberOf = new Map>([ - ['ca', new Set(['pa'])], - ]); - resolveRelations([parent, child], [], new Map(), groupMemberOf, new Map()); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); + ); }); describe('groupMember', () => { - it('populates relations by dn', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_DN_ANNOTATION]: 'pa' }, - }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_DN_ANNOTATION]: 'ca' }, - }, - }); - const member = user({ - metadata: { - name: 'member', - annotations: { [LDAP_DN_ANNOTATION]: 'ma' }, - }, - }); - const groupMember = new Map>([ - ['pa', new Set(['ca', 'ma'])], - ]); - resolveRelations( - [parent, child], - [member], - new Map(), - new Map(), - groupMember, - ); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); - expect(member.spec.memberOf).toEqual(['group:default/parent']); - }); - - it('populates relations by uuid', () => { - const parent = group({ - metadata: { - name: 'parent', - annotations: { [LDAP_UUID_ANNOTATION]: 'pa' }, - }, - }); - const child = group({ - metadata: { - name: 'child', - annotations: { [LDAP_UUID_ANNOTATION]: 'ca' }, - }, - }); - const member = user({ - metadata: { - name: 'member', - annotations: { [LDAP_UUID_ANNOTATION]: 'ma' }, - }, - }); - const groupMember = new Map>([ - ['pa', new Set(['ca', 'ma'])], - ]); - resolveRelations( - [parent, child], - [member], - new Map(), - new Map(), - groupMember, - ); - expect(parent.spec.children).toEqual(['group:default/child']); - expect(child.spec.parent).toEqual('group:default/parent'); - expect(member.spec.memberOf).toEqual(['group:default/parent']); - }); + it.each([LDAP_DN_ANNOTATION, LDAP_RDN_ANNOTATION, LDAP_UUID_ANNOTATION])( + 'populates relations by %s', + annotation => { + const parent = group({ + metadata: { + name: 'parent', + annotations: { [annotation]: 'pa' }, + }, + }); + const child = group({ + metadata: { + name: 'child', + annotations: { [annotation]: 'ca' }, + }, + }); + const member = user({ + metadata: { + name: 'member', + annotations: { [annotation]: 'ma' }, + }, + }); + const groupMember = new Map>([ + ['pa', new Set(['ca', 'ma'])], + ]); + resolveRelations( + [parent, child], + [member], + new Map(), + new Map(), + groupMember, + ); + expect(parent.spec.children).toEqual(['group:default/child']); + expect(child.spec.parent).toEqual('group:default/parent'); + expect(member.spec.memberOf).toEqual(['group:default/parent']); + }, + ); }); }); diff --git a/plugins/catalog-backend-module-ldap/src/ldap/read.ts b/plugins/catalog-backend-module-ldap/src/ldap/read.ts index d0fe30e0e6..420ba141fc 100644 --- a/plugins/catalog-backend-module-ldap/src/ldap/read.ts +++ b/plugins/catalog-backend-module-ldap/src/ldap/read.ts @@ -365,11 +365,13 @@ export function resolveRelations( for (const user of users) { userMap.set(stringifyEntityRef(user), user); userMap.set(user.metadata.annotations![LDAP_DN_ANNOTATION], user); + userMap.set(user.metadata.annotations![LDAP_RDN_ANNOTATION], user); userMap.set(user.metadata.annotations![LDAP_UUID_ANNOTATION], user); } for (const group of groups) { groupMap.set(stringifyEntityRef(group), group); groupMap.set(group.metadata.annotations![LDAP_DN_ANNOTATION], group); + groupMap.set(group.metadata.annotations![LDAP_RDN_ANNOTATION], group); groupMap.set(group.metadata.annotations![LDAP_UUID_ANNOTATION], group); }