Skip to content

Commit

Permalink
Backport of auth/ldap: Add username to alias.metadata.name into relea…
Browse files Browse the repository at this point in the history
…se/1.9.x (#13726)

* backport of commit 5dc6e43

* backport of commit 002ed5f

* backport of commit 77e4dfe

* backport of commit 6514151

* backport of commit eb7cee2

* backport of commit 7dc5acc

* backport of commit 9ae01d7

Co-authored-by: Jason O'Donnell <[email protected]>
  • Loading branch information
1 parent 4e1213e commit ffa1f54
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 22 deletions.
50 changes: 33 additions & 17 deletions builtin/credential/ldap/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -597,6 +597,26 @@ func TestBackend_basic_authbind_userfilter(t *testing.T) {

}

func TestBackend_basic_authbind_metadata_name(t *testing.T) {

b := factory(t)
cleanup, cfg := ldap.PrepareTestContainer(t, "latest")
defer cleanup()

cfg.UserAttr = "cn"
cfg.UPNDomain = "planetexpress.com"

addUPNAttributeToLDAPSchemaAndUser(t, cfg, "cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com", "[email protected]")

logicaltest.Test(t, logicaltest.TestCase{
CredentialBackend: b,
Steps: []logicaltest.TestStep{
testAccStepConfigUrlWithAuthBind(t, cfg),
testAccStepLoginAliasMetadataName(t, "professor", "professor"),
},
})
}

func addUPNAttributeToLDAPSchemaAndUser(t *testing.T, cfg *ldaputil.ConfigEntry, testUserDN string, testUserUPN string) {
// Setup connection
client := &ldaputil.Client{
Expand Down Expand Up @@ -644,23 +664,6 @@ func addUPNAttributeToLDAPSchemaAndUser(t *testing.T, cfg *ldaputil.ConfigEntry,

}

func TestBackend_basic_authbind_upndomain(t *testing.T) {
b := factory(t)
cleanup, cfg := ldap.PrepareTestContainer(t, "latest")
defer cleanup()
cfg.UPNDomain = "planetexpress.com"

addUPNAttributeToLDAPSchemaAndUser(t, cfg, "cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com", "[email protected]")

logicaltest.Test(t, logicaltest.TestCase{
CredentialBackend: b,
Steps: []logicaltest.TestStep{
testAccStepConfigUrlWithAuthBind(t, cfg),
testAccStepLoginNoAttachedPolicies(t, "professor", "professor"),
},
})
}

func TestBackend_basic_discover(t *testing.T) {
b := factory(t)
cleanup, cfg := ldap.PrepareTestContainer(t, "latest")
Expand Down Expand Up @@ -990,6 +993,19 @@ func testAccStepLoginNoAttachedPolicies(t *testing.T, user string, pass string)
}
}

func testAccStepLoginAliasMetadataName(t *testing.T, user string, pass string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.UpdateOperation,
Path: "login/" + user,
Data: map[string]interface{}{
"password": pass,
},
Unauthenticated: true,

Check: logicaltest.TestCheckAuthEntityAliasMetadataName("name", user),
}
}

func testAccStepLoginFailure(t *testing.T, user string, pass string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.UpdateOperation,
Expand Down
3 changes: 3 additions & 0 deletions builtin/credential/ldap/path_login.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,9 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
DisplayName: username,
Alias: &logical.Alias{
Name: effectiveUsername,
Metadata: map[string]string{
"name": username,
},
},
}

Expand Down
3 changes: 3 additions & 0 deletions changelog/13669.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
auth/ldap: Add username to alias metadata
```
34 changes: 29 additions & 5 deletions helper/testhelpers/logical/testing.go
Original file line number Diff line number Diff line change
Expand Up @@ -457,13 +457,37 @@ func TestCheckAuthEntityId(entity_id *string) TestCheckFunc {
return fmt.Errorf("no auth in response")
}

if *entity_id == "" {
// If we don't know what the entity_id should be, just save it
*entity_id = resp.Auth.EntityID
} else if resp.Auth.EntityID != *entity_id {
if *entity_id == "" {
// If we don't know what the entity_id should be, just save it
*entity_id = resp.Auth.EntityID
} else if resp.Auth.EntityID != *entity_id {
return fmt.Errorf("entity_id %s does not match the expected value of %s", resp.Auth.EntityID, *entity_id)
}
}

return nil
}
}

// TestCheckAuthEntityAliasMetadataName is a helper to check that a request generated an
// auth token with the expected alias metadata.
func TestCheckAuthEntityAliasMetadataName(key string, value string) TestCheckFunc {
return func(resp *logical.Response) error {
if resp == nil || resp.Auth == nil {
return fmt.Errorf("no auth in response")
}

if key == "" || value == "" {
return fmt.Errorf("alias metadata key and value required")
}

name, ok := resp.Auth.Alias.Metadata[key]
if !ok {
return fmt.Errorf("metadata key %s does not exist, it should", key)
}

if name != value {
return fmt.Errorf("expected map value %s, got %s", value, name)
}
return nil
}
}
Expand Down

0 comments on commit ffa1f54

Please sign in to comment.