Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth Providers: Add search_using_service_account field #13223

Merged
merged 5 commits into from
Jan 30, 2025
Merged

Auth Providers: Add search_using_service_account field #13223

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d453265
Add LPDAP option for search
cnotv Jan 28, 2025
9383229
Add unit tests for LDAP config
cnotv Jan 28, 2025
141b7bf
Add restriction for searchUsingServiceAccount config to specific types
cnotv Jan 29, 2025
bfe68f1
Use computed over direct check due lack of rendering issues with the …
cnotv Jan 29, 2025
7d098cf
Add tooltip for searchUsingServiceAccount
cnotv Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions shell/assets/translations/en-us.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -517,6 +517,9 @@ authConfig:
starttls:
label: Start TLS
tip: Upgrades non-encrypted connections by wrapping with TLS during the connection process. Can not be used in conjunction with TLS.
searchUsingServiceAccount:
label: Enable Service Account Search
tip: When enabled, Rancher will use the service account instead of the user account to search for users and groups.
tls: TLS
userEnabledAttribute: User Enabled Attribute
userMemberAttribute: User Member Attribute
Expand Down
18 changes: 18 additions & 0 deletions shell/edit/auth/ldap/__tests__/config.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
import { mount } from '@vue/test-utils';
import LDAPConfig from '@shell/edit/auth/ldap/config.vue';

describe('lDAP config', () => {
it.each([
'openldap', 'freeipa'
])('should display searchUsingServiceAccount checkbox if type %p', (type) => {
const wrapper = mount(LDAPConfig, {
propsData: {
value: {},
type,
}
});
const checkbox = wrapper.find('[data-testid="searchUsingServiceAccount"]');

expect(checkbox).toBeDefined();
});
});
24 changes: 24 additions & 0 deletions shell/edit/auth/ldap/config.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ const DEFAULT_TLS_PORT = 636;

export const SHIBBOLETH = 'shibboleth';
export const OKTA = 'okta';
export const OPEN_LDAP = 'openldap';
export const FREE_IPA = 'freeipa';

export default {
emits: ['update:value'],
Expand Down Expand Up @@ -64,6 +66,11 @@ export default {
// Does the auth provider support LDAP for search in addition to SAML?
isSamlProvider() {
return this.type === SHIBBOLETH || this.type === OKTA;
},

// Allow to enable user search just for these providers
isSearchAllowed() {
return this.type === OPEN_LDAP || this.type === FREE_IPA;
}
},

Expand Down Expand Up @@ -226,6 +233,23 @@ export default {
/>
</div>
</div>

<div
v-if="isSearchAllowed"
class="row mb-20"
>
<div class="col">
<Checkbox
v-model:value="model.searchUsingServiceAccount"
:mode="mode"
data-testid="searchUsingServiceAccount"
class="full-height"
:label="t('authConfig.ldap.searchUsingServiceAccount.label')"
:tooltip="t('authConfig.ldap.searchUsingServiceAccount.tip')"
/>
</div>
</div>

<div class="row mb-20">
<div class="col span-6">
<LabeledInput
Expand Down