Merge pull request #266 from pashtet04/master

Add AuthenticationStrategy, ManagerDn, ManagerPassword, IdentityStrat…
konpyutaika · Jul 10, 2023 · 8b0abc9 · 8b0abc9
2 parents 2873a1b + 24621fd
commit 8b0abc9
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,8 @@
 - [PR #257](https://github.com/konpyutaika/nifikop/pull/257) - **[Operator]** Updated the operator-sdk to 1.28.0.
 - [PR #263](https://github.com/konpyutaika/nifikop/pull/263) - **[NiGoApi]** Upgrade nigoapi to v0.0.8.
 - [PR #263](https://github.com/konpyutaika/nifikop/pull/268) - **[Operator]** Upgrade golang to 1.20.5.
+- [PR #266](https://github.com/konpyutaika/nifikop/pull/266) - **[Operator]** Add AuthenticationStrategy, ManagerDn, ManagerPassword, IdentityStrategy properties for LDAP integration
+
 
 ### Fixed Bugs
 

diff --git a/api/v1/nificluster_types.go b/api/v1/nificluster_types.go
@@ -503,6 +503,18 @@ type LdapConfiguration struct {
 	// Filter for searching for users against the 'User Search Base'.
 	// (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 	SearchFilter string `json:"searchFilter,omitempty"`
+	// How the connection to the LDAP server is authenticated.
+	// Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
+	AuthenticationStrategy string `json:"authenticationStrategy,omitempty"`
+	// The DN of the manager that is used to bind to the LDAP server to search for users.
+	ManagerDn string `json:"managerDn,omitempty"`
+	// The password of the manager that is used to bind to the LDAP server to search for users.
+	ManagerPassword string `json:"managerPassword,omitempty"`
+	// Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
+	// The default functionality if this property is missing is USE_DN in order to retain backward compatibility.
+	// USE_DN will use the full DN of the user entry if possible.
+	// USE_USERNAME will use the username the user logged in with.
+	IdentityStrategy string `json:"identityStrategy,omitempty"`
 }
 
 // NifiClusterTaskSpec specifies the configuration of the nifi cluster Tasks

diff --git a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml
@@ -707,8 +707,16 @@ spec:
                 type: array
               ldapConfiguration:
                 properties:
+                  authenticationStrategy:
+                    type: string
                   enabled:
                     type: boolean
+                  identityStrategy:
+                    type: string
+                  managerDn:
+                    type: string
+                  managerPassword:
+                    type: string
                   searchBase:
                     type: string
                   searchFilter:

diff --git a/...ials/secured_nifi_cluster_on_gcp/kubernetes/nifikop/nifi.orange.com_nificlusters_crd.yaml b/...ials/secured_nifi_cluster_on_gcp/kubernetes/nifikop/nifi.orange.com_nificlusters_crd.yaml
@@ -1108,6 +1108,14 @@ spec:
                   description: Space-separated list of URLs of the LDAP servers (i.e.
                     ldap://<hostname>:<port>).
                   type: string
+                authenticationStrategy:
+                  type: string
+                managerDn:
+                  type: string
+                managerPassword:
+                  type: string
+                identityStrategy:
+                  type: string
               type: object
             listenersConfig:
               description: listenerConfig specifies nifi's listener specifig configs

diff --git a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml
@@ -715,6 +715,14 @@ spec:
                     type: string
                   url:
                     type: string
+                  authenticationStrategy:
+                    type: string
+                  managerDn:
+                    type: string
+                  managerPassword:
+                    type: string
+                  identityStrategy:
+                    type: string
                 type: object
               listenersConfig:
                 properties:

diff --git a/pkg/resources/templates/config/login_identity_providers.go b/pkg/resources/templates/config/login_identity_providers.go
@@ -68,9 +68,10 @@ var LoginIdentityProvidersTemplate = `<?xml version="1.0" encoding="UTF-8" stand
     <provider>
         <identifier>ldap-provider</identifier>
         <class>org.apache.nifi.ldap.LdapProvider</class>
-        <property name="Authentication Strategy">START_TLS</property>
-        <property name="Manager DN"></property>
-        <property name="Manager Password"></property>
+        <property name="Authentication Strategy">{{.LdapConfiguration.AuthenticationStrategy}}</property>
+        <property name="Authentication Strategy">{{or .LdapConfiguration.AuthenticationStrategy "START_TLS"}}</property>
+        <property name="Manager DN">{{.LdapConfiguration.ManagerDn}}</property>
+        <property name="Manager Password">{{.LdapConfiguration.ManagerPassword}}</property>
         <property name="TLS - Keystore"></property>
         <property name="TLS - Keystore Password"></property>
         <property name="TLS - Keystore Type"></property>
@@ -87,7 +88,8 @@ var LoginIdentityProvidersTemplate = `<?xml version="1.0" encoding="UTF-8" stand
         <property name="Url">{{.LdapConfiguration.Url}}</property>
         <property name="User Search Base">{{.LdapConfiguration.SearchBase}}</property>
         <property name="User Search Filter">{{.LdapConfiguration.SearchFilter}}</property>
-        <property name="Identity Strategy">USE_DN</property>
+        <property name="Identity Strategy">{{.LdapConfiguration.IdentityStrategy}}</property>
+        <property name="Identity Strategy">{{or .LdapConfiguration.IdentityStrategy "USE_DN"}}</property>
         <property name="Authentication Expiration">12 hours</property>
     </provider>
     {{end}}