The current `admin auth` CLI for managing authentication source of type LDAP via BindDN and Simple LDAP does not allow enabling the respective source, once disabled via `--not-active`. The same applies to `--synchronize-users` specifially for LDAP via BindDN. These changes add two new flags to LDAP related CLI commands: - `--active` for both LDAP authentication source types - `--disable-synchronize-users` for LDAP via BindDN Signed-off-by: justusbunsi <61625851+justusbunsi@users.noreply.github.com>tags/v1.18.0-rc0
@@ -34,6 +34,10 @@ var ( | |||
Name: "not-active", | |||
Usage: "Deactivate the authentication source.", | |||
}, | |||
cli.BoolFlag{ | |||
Name: "active", | |||
Usage: "Activate the authentication source.", | |||
}, | |||
cli.StringFlag{ | |||
Name: "security-protocol", | |||
Usage: "Security protocol name.", | |||
@@ -117,6 +121,10 @@ var ( | |||
Name: "synchronize-users", | |||
Usage: "Enable user synchronization.", | |||
}, | |||
cli.BoolFlag{ | |||
Name: "disable-synchronize-users", | |||
Usage: "Disable user synchronization.", | |||
}, | |||
cli.UintFlag{ | |||
Name: "page-size", | |||
Usage: "Search page size.", | |||
@@ -183,9 +191,15 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) { | |||
if c.IsSet("not-active") { | |||
authSource.IsActive = !c.Bool("not-active") | |||
} | |||
if c.IsSet("active") { | |||
authSource.IsActive = c.Bool("active") | |||
} | |||
if c.IsSet("synchronize-users") { | |||
authSource.IsSyncEnabled = c.Bool("synchronize-users") | |||
} | |||
if c.IsSet("disable-synchronize-users") { | |||
authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users") | |||
} | |||
} | |||
// parseLdapConfig assigns values on config according to command line flags. |
@@ -858,6 +858,36 @@ func TestUpdateLdapBindDn(t *testing.T) { | |||
}, | |||
errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2", | |||
}, | |||
// case 24 | |||
{ | |||
args: []string{ | |||
"ldap-test", | |||
"--id", "24", | |||
"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes", | |||
"--active", | |||
"--disable-synchronize-users", | |||
}, | |||
id: 24, | |||
existingAuthSource: &auth.Source{ | |||
Type: auth.LDAP, | |||
IsActive: false, | |||
IsSyncEnabled: true, | |||
Cfg: &ldap.Source{ | |||
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", | |||
Enabled: true, | |||
}, | |||
}, | |||
authSource: &auth.Source{ | |||
Type: auth.LDAP, | |||
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", | |||
IsActive: true, | |||
IsSyncEnabled: false, | |||
Cfg: &ldap.Source{ | |||
Name: "ldap (via Bind DN) flip 'active' and 'user sync' attributes", | |||
Enabled: true, | |||
}, | |||
}, | |||
}, | |||
} | |||
for n, c := range cases { | |||
@@ -1221,6 +1251,33 @@ func TestUpdateLdapSimpleAuth(t *testing.T) { | |||
}, | |||
errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM", | |||
}, | |||
// case 20 | |||
{ | |||
args: []string{ | |||
"ldap-test", | |||
"--id", "20", | |||
"--name", "ldap (simple auth) flip 'active' attribute", | |||
"--active", | |||
}, | |||
id: 20, | |||
existingAuthSource: &auth.Source{ | |||
Type: auth.DLDAP, | |||
IsActive: false, | |||
Cfg: &ldap.Source{ | |||
Name: "ldap (simple auth) flip 'active' attribute", | |||
Enabled: true, | |||
}, | |||
}, | |||
authSource: &auth.Source{ | |||
Type: auth.DLDAP, | |||
Name: "ldap (simple auth) flip 'active' attribute", | |||
IsActive: true, | |||
Cfg: &ldap.Source{ | |||
Name: "ldap (simple auth) flip 'active' attribute", | |||
Enabled: true, | |||
}, | |||
}, | |||
}, | |||
} | |||
for n, c := range cases { |