From aaa72f374c4dabaf19a1725ec8ba27e266ad53c2 Mon Sep 17 00:00:00 2001 From: Pavel Klyuev Date: Fri, 16 Jun 2023 14:40:38 +0300 Subject: [PATCH] Add changes PR #266 Signed-off-by: Pavel Klyuev --- .circleci/config.yml | 2 +- CHANGELOG.md | 2 ++ Dockerfile | 2 +- Makefile | 2 +- api/v1alpha1/nificluster_conversion.go | 24 +++++++------------ api/v1alpha1/nificluster_conversion_test.go | 18 ++++---------- api/v1alpha1/nificluster_types.go | 12 ---------- .../nifi.konpyutaika.com_nificlusters.yaml | 8 ------- docker/build-image/Dockerfile | 2 +- go.sum | 2 -- .../nifi.konpyutaika.com_nificlusters.yaml | 24 +++++++------------ .../config/login_identity_providers.go | 2 ++ 12 files changed, 29 insertions(+), 71 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 56aca3cbcd..acf892b527 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,7 +31,7 @@ orbs: executors: operator-build: docker: - - image: ghcr.io/konpyutaika/docker-images/nifikop-build:1.20 + - image: ghcr.io/konpyutaika/docker-images/nifikop-build:1.20.5 # Define jobs list jobs: # Build job, which build operator docker image (with operator-sdk build) diff --git a/CHANGELOG.md b/CHANGELOG.md index 85d1a3fec4..1163a02ecd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ - [PR #257](https://github.com/konpyutaika/nifikop/pull/257) - **[Operator]** Updated the operator-sdk to 1.28.0. - [PR #263](https://github.com/konpyutaika/nifikop/pull/263) - **[NiGoApi]** Upgrade nigoapi to v0.0.8. +- [PR #263](https://github.com/konpyutaika/nifikop/pull/268) - **[Operator]** Upgrade golang to 1.20.5. +- [PR #266](https://github.com/konpyutaika/nifikop/pull/266) - **[Operator]** Add AuthenticationStrategy, ManagerDn, ManagerPassword, IdentityStrategy properties for LDAP integration ### Fixed Bugs diff --git a/Dockerfile b/Dockerfile index 0cebd52010..487d0ed2be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build the manager binary -FROM golang:1.20 as builder +FROM golang:1.20.5 as builder WORKDIR /workspace diff --git a/Makefile b/Makefile index 286501c227..3bc14cf115 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ DOCKER_REGISTRY_BASE ?= ghcr.io/konpyutaika/docker-images IMAGE_TAG ?= $(shell git describe --tags --abbrev=0 --match '[0-9].*[0-9].*[0-9]' 2>/dev/null) IMAGE_NAME ?= $(SERVICE_NAME) BUILD_IMAGE ?= ghcr.io/konpyutaika/docker-images/nifikop-build -GOLANG_VERSION ?= 1.20 +GOLANG_VERSION ?= 1.20.5 IMAGE_TAG_BASE ?= / OS = $(shell go env GOOS) ARCH = $(shell go env GOARCH) diff --git a/api/v1alpha1/nificluster_conversion.go b/api/v1alpha1/nificluster_conversion.go index 550452c66c..c5a881c1b5 100644 --- a/api/v1alpha1/nificluster_conversion.go +++ b/api/v1alpha1/nificluster_conversion.go @@ -317,14 +317,10 @@ func convertNifiClusterDisruptionBudget(src DisruptionBudget, dst *v1.NifiCluste func convertNifiClusterLdapConfiguration(src LdapConfiguration, dst *v1.NifiCluster) { dst.Spec.LdapConfiguration = v1.LdapConfiguration{ - Enabled: src.Enabled, - Url: src.Url, - SearchBase: src.SearchBase, - SearchFilter: src.SearchFilter, - AuthenticationStrategy: src.AuthenticationStrategy, - ManagerDn: src.ManagerDn, - ManagerPassword: src.ManagerPassword, - IdentityStrategy: src.IdentityStrategy, + Enabled: src.Enabled, + Url: src.Url, + SearchBase: src.SearchBase, + SearchFilter: src.SearchFilter, } } @@ -759,14 +755,10 @@ func convertNifiClusterFromDisruptionBudget(src v1.DisruptionBudget, dst *NifiCl func convertNifiClusterFromLdapConfiguration(src v1.LdapConfiguration, dst *NifiCluster) { dst.Spec.LdapConfiguration = LdapConfiguration{ - Enabled: src.Enabled, - Url: src.Url, - SearchBase: src.SearchBase, - SearchFilter: src.SearchFilter, - AuthenticationStrategy: src.AuthenticationStrategy, - ManagerDn: src.ManagerDn, - ManagerPassword: src.ManagerPassword, - IdentityStrategy: src.IdentityStrategy, + Enabled: src.Enabled, + Url: src.Url, + SearchBase: src.SearchBase, + SearchFilter: src.SearchFilter, } } diff --git a/api/v1alpha1/nificluster_conversion_test.go b/api/v1alpha1/nificluster_conversion_test.go index 17707540b5..fb96e90e76 100644 --- a/api/v1alpha1/nificluster_conversion_test.go +++ b/api/v1alpha1/nificluster_conversion_test.go @@ -107,11 +107,7 @@ func assertNifiClustersEqual(anc *NifiCluster, nc *v1.NifiCluster, t *testing.T) if anc.Spec.LdapConfiguration.Enabled != nc.Spec.LdapConfiguration.Enabled || anc.Spec.LdapConfiguration.SearchBase != nc.Spec.LdapConfiguration.SearchBase || anc.Spec.LdapConfiguration.SearchFilter != nc.Spec.LdapConfiguration.SearchFilter || - anc.Spec.LdapConfiguration.Url != nc.Spec.LdapConfiguration.Url || - anc.Spec.LdapConfiguration.AuthenticationStrategy != nc.Spec.LdapConfiguration.AuthenticationStrategy || - anc.Spec.LdapConfiguration.ManagerDn != nc.Spec.LdapConfiguration.ManagerDn || - anc.Spec.LdapConfiguration.ManagerPassword != nc.Spec.LdapConfiguration.ManagerPassword || - anc.Spec.LdapConfiguration.IdentityStrategy != nc.Spec.LdapConfiguration.IdentityStrategy { + anc.Spec.LdapConfiguration.Url != nc.Spec.LdapConfiguration.Url { t.Error("LDAP configurations are not equal") } if anc.Spec.NifiClusterTaskSpec.RetryDurationMinutes != nc.Spec.NifiClusterTaskSpec.RetryDurationMinutes { @@ -436,14 +432,10 @@ func createNifiCluster() *NifiCluster { Budget: "50", }, LdapConfiguration: LdapConfiguration{ - Enabled: true, - Url: "url", - SearchBase: "searchBase", - SearchFilter: "searchFilter", - AuthenticationStrategy: "authenticationStrategy", - ManagerDn: "managerDn", - ManagerPassword: "managerPassword", - IdentityStrategy: "identityStrategy", + Enabled: true, + Url: "url", + SearchBase: "searchBase", + SearchFilter: "searchFilter", }, NifiClusterTaskSpec: NifiClusterTaskSpec{ RetryDurationMinutes: 5, diff --git a/api/v1alpha1/nificluster_types.go b/api/v1alpha1/nificluster_types.go index b31bc30f3e..de2f121afe 100644 --- a/api/v1alpha1/nificluster_types.go +++ b/api/v1alpha1/nificluster_types.go @@ -495,18 +495,6 @@ type LdapConfiguration struct { // Filter for searching for users against the 'User Search Base'. // (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'. SearchFilter string `json:"searchFilter,omitempty"` - // How the connection to the LDAP server is authenticated. - // Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS. - AuthenticationStrategy string `json:"authenticationStrategy,omitempty"` - // The DN of the manager that is used to bind to the LDAP server to search for users. - ManagerDn string `json:"managerDn,omitempty"` - // The password of the manager that is used to bind to the LDAP server to search for users. - ManagerPassword string `json:"managerPassword,omitempty"` - // Strategy to identify users. Possible values are USE_DN and USE_USERNAME. - // The default functionality if this property is missing is USE_DN in order to retain backward compatibility. - // USE_DN will use the full DN of the user entry if possible. - // USE_USERNAME will use the username the user logged in with. - IdentityStrategy string `json:"identityStrategy,omitempty"` } // NifiClusterTaskSpec specifies the configuration of the nifi cluster Tasks diff --git a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml index 494a6ff46a..3c7188583c 100644 --- a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml +++ b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml @@ -5039,16 +5039,8 @@ spec: type: array ldapConfiguration: properties: - authenticationStrategy: - type: string enabled: type: boolean - identityStrategy: - type: string - managerDn: - type: string - managerPassword: - type: string searchBase: type: string searchFilter: diff --git a/docker/build-image/Dockerfile b/docker/build-image/Dockerfile index baae035f1f..dc7ced0b3f 100644 --- a/docker/build-image/Dockerfile +++ b/docker/build-image/Dockerfile @@ -32,7 +32,7 @@ RUN apt-get update \ && apt-get install -y \ git apt \ locales sudo openssh-client ca-certificates tar gzip \ - net-tools netcat unzip zip bzip2 gnupg curl wget + net-tools netcat-traditional unzip zip bzip2 gnupg curl wget # Set timezone to UTC by default RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime diff --git a/go.sum b/go.sum index 2318924014..26da9a91cb 100644 --- a/go.sum +++ b/go.sum @@ -140,8 +140,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/konpyutaika/nigoapi v0.0.6 h1:tyzs05rJ1DVbwb3zhdtV/T4k8tfRkAPaydZOGfQFSL0= -github.com/konpyutaika/nigoapi v0.0.6/go.mod h1:ylinFOIwDzQvM+BbiDFWmr6l2Lexs2pg/jb9znIVAv4= github.com/konpyutaika/nigoapi v0.0.8 h1:eOp5Bj7v3PStEqmQrqETncyi5ZRg9k0ooEIZAp71GbU= github.com/konpyutaika/nigoapi v0.0.8/go.mod h1:ylinFOIwDzQvM+BbiDFWmr6l2Lexs2pg/jb9znIVAv4= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= diff --git a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml index 494a6ff46a..52bb4c00e4 100644 --- a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml +++ b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml @@ -707,22 +707,22 @@ spec: type: array ldapConfiguration: properties: - authenticationStrategy: - type: string enabled: type: boolean - identityStrategy: - type: string - managerDn: - type: string - managerPassword: - type: string searchBase: type: string searchFilter: type: string url: type: string + authenticationStrategy: + type: string + managerDn: + type: string + managerPassword: + type: string + identityStrategy: + type: string type: object listenersConfig: properties: @@ -5039,16 +5039,8 @@ spec: type: array ldapConfiguration: properties: - authenticationStrategy: - type: string enabled: type: boolean - identityStrategy: - type: string - managerDn: - type: string - managerPassword: - type: string searchBase: type: string searchFilter: diff --git a/pkg/resources/templates/config/login_identity_providers.go b/pkg/resources/templates/config/login_identity_providers.go index 0d7ea7698f..7956846335 100644 --- a/pkg/resources/templates/config/login_identity_providers.go +++ b/pkg/resources/templates/config/login_identity_providers.go @@ -69,6 +69,7 @@ var LoginIdentityProvidersTemplate = `ldap-provider org.apache.nifi.ldap.LdapProvider {{.LdapConfiguration.AuthenticationStrategy}} + {{or .LdapConfiguration.AuthenticationStrategy "START_TLS"}} {{.LdapConfiguration.ManagerDn}} {{.LdapConfiguration.ManagerPassword}} @@ -88,6 +89,7 @@ var LoginIdentityProvidersTemplate = `{{.LdapConfiguration.SearchBase}} {{.LdapConfiguration.SearchFilter}} {{.LdapConfiguration.IdentityStrategy}} + {{or .LdapConfiguration.IdentityStrategy "USE_DN"}} 12 hours {{end}}