From d453265ec55fc2c6013ba504becb93be4daa5ade Mon Sep 17 00:00:00 2001 From: cnotv Date: Tue, 28 Jan 2025 19:49:34 +0100 Subject: [PATCH 1/5] Add LPDAP option for search --- shell/assets/translations/en-us.yaml | 2 ++ shell/edit/auth/ldap/config.vue | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/shell/assets/translations/en-us.yaml b/shell/assets/translations/en-us.yaml index 271767ed9a4..d331fb373b3 100644 --- a/shell/assets/translations/en-us.yaml +++ b/shell/assets/translations/en-us.yaml @@ -517,6 +517,8 @@ authConfig: starttls: label: Start TLS tip: Upgrades non-encrypted connections by wrapping with TLS during the connection process. Can not be used in conjunction with TLS. + searchUsingServiceAccount: + label: Enable Service Account Search tls: TLS userEnabledAttribute: User Enabled Attribute userMemberAttribute: User Member Attribute diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue index 7bdf026dc2a..b64aded3a7a 100644 --- a/shell/edit/auth/ldap/config.vue +++ b/shell/edit/auth/ldap/config.vue @@ -226,6 +226,18 @@ export default { /> + +
+
+ +
+
+
Date: Tue, 28 Jan 2025 20:03:57 +0100 Subject: [PATCH 2/5] Add unit tests for LDAP config --- shell/edit/auth/ldap/__tests__/config.test.ts | 11 +++++++++++ shell/edit/auth/ldap/config.vue | 1 + 2 files changed, 12 insertions(+) create mode 100644 shell/edit/auth/ldap/__tests__/config.test.ts diff --git a/shell/edit/auth/ldap/__tests__/config.test.ts b/shell/edit/auth/ldap/__tests__/config.test.ts new file mode 100644 index 00000000000..e0167c5ff2d --- /dev/null +++ b/shell/edit/auth/ldap/__tests__/config.test.ts @@ -0,0 +1,11 @@ +import { mount } from '@vue/test-utils'; +import LDAPConfig from '@shell/edit/auth/ldap/config.vue'; + +describe('lDAP config', () => { + it('should display searchUsingServiceAccount checkbox', () => { + const wrapper = mount(LDAPConfig); + const checkbox = wrapper.find('[data-testid="searchUsingServiceAccount"]'); + + expect(checkbox).toBeDefined(); + }); +}); diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue index b64aded3a7a..f7490f36d42 100644 --- a/shell/edit/auth/ldap/config.vue +++ b/shell/edit/auth/ldap/config.vue @@ -232,6 +232,7 @@ export default { From 141b7bf953ffe524ae07d4891a0bd088e05cc17f Mon Sep 17 00:00:00 2001 From: cnotv Date: Wed, 29 Jan 2025 15:56:25 +0100 Subject: [PATCH 3/5] Add restriction for searchUsingServiceAccount config to specific types --- shell/edit/auth/ldap/__tests__/config.test.ts | 11 +++++++++-- shell/edit/auth/ldap/config.vue | 7 ++++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/shell/edit/auth/ldap/__tests__/config.test.ts b/shell/edit/auth/ldap/__tests__/config.test.ts index e0167c5ff2d..945a05c82b4 100644 --- a/shell/edit/auth/ldap/__tests__/config.test.ts +++ b/shell/edit/auth/ldap/__tests__/config.test.ts @@ -2,8 +2,15 @@ import { mount } from '@vue/test-utils'; import LDAPConfig from '@shell/edit/auth/ldap/config.vue'; describe('lDAP config', () => { - it('should display searchUsingServiceAccount checkbox', () => { - const wrapper = mount(LDAPConfig); + it.each([ + 'openldap', 'freeipa' + ])('should display searchUsingServiceAccount checkbox if type %p', (type) => { + const wrapper = mount(LDAPConfig, { + propsData: { + value: {}, + type, + } + }); const checkbox = wrapper.find('[data-testid="searchUsingServiceAccount"]'); expect(checkbox).toBeDefined(); diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue index f7490f36d42..8cb05dca601 100644 --- a/shell/edit/auth/ldap/config.vue +++ b/shell/edit/auth/ldap/config.vue @@ -11,6 +11,8 @@ const DEFAULT_TLS_PORT = 636; export const SHIBBOLETH = 'shibboleth'; export const OKTA = 'okta'; +export const OPEN_LDAP = 'openldap'; +export const FREE_IPA = 'freeipa'; export default { emits: ['update:value'], @@ -227,7 +229,10 @@ export default {
-
+
Date: Wed, 29 Jan 2025 16:07:22 +0100 Subject: [PATCH 4/5] Use computed over direct check due lack of rendering issues with the prop --- shell/edit/auth/ldap/config.vue | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue index 8cb05dca601..5d09e4febd5 100644 --- a/shell/edit/auth/ldap/config.vue +++ b/shell/edit/auth/ldap/config.vue @@ -66,6 +66,11 @@ export default { // Does the auth provider support LDAP for search in addition to SAML? isSamlProvider() { return this.type === SHIBBOLETH || this.type === OKTA; + }, + + // Allow to enable user search just for these providers + isSearchAllowed() { + return this.type === OPEN_LDAP || this.type === FREE_IPA; } }, @@ -230,7 +235,7 @@ export default {
From 7d098cf4f0ec47f486a46576295417be65c5a611 Mon Sep 17 00:00:00 2001 From: cnotv Date: Thu, 30 Jan 2025 16:23:13 +0100 Subject: [PATCH 5/5] Add tooltip for searchUsingServiceAccount --- shell/assets/translations/en-us.yaml | 1 + shell/edit/auth/ldap/config.vue | 1 + 2 files changed, 2 insertions(+) diff --git a/shell/assets/translations/en-us.yaml b/shell/assets/translations/en-us.yaml index d331fb373b3..0bd6b915638 100644 --- a/shell/assets/translations/en-us.yaml +++ b/shell/assets/translations/en-us.yaml @@ -519,6 +519,7 @@ authConfig: tip: Upgrades non-encrypted connections by wrapping with TLS during the connection process. Can not be used in conjunction with TLS. searchUsingServiceAccount: label: Enable Service Account Search + tip: When enabled, Rancher will use the service account instead of the user account to search for users and groups. tls: TLS userEnabledAttribute: User Enabled Attribute userMemberAttribute: User Member Attribute diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue index 5d09e4febd5..54b49a6664f 100644 --- a/shell/edit/auth/ldap/config.vue +++ b/shell/edit/auth/ldap/config.vue @@ -245,6 +245,7 @@ export default { data-testid="searchUsingServiceAccount" class="full-height" :label="t('authConfig.ldap.searchUsingServiceAccount.label')" + :tooltip="t('authConfig.ldap.searchUsingServiceAccount.tip')" />