Add changes PR konpyutaika#266

Signed-off-by: Pavel Klyuev <[email protected]>
pashtet04 · Jul 10, 2023 · 15c5df8 · 15c5df8
1 parent cdb44e7
commit 15c5df8
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 71 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -31,7 +31,7 @@ orbs:
     executors:
       operator-build:
         docker:
-          - image: ghcr.io/konpyutaika/docker-images/nifikop-build:1.20
+          - image: ghcr.io/konpyutaika/docker-images/nifikop-build:1.20.5
     # Define jobs list
     jobs:
       # Build job, which build operator docker image (with operator-sdk build)

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,8 @@
 
 - [PR #257](https://github.com/konpyutaika/nifikop/pull/257) - **[Operator]** Updated the operator-sdk to 1.28.0.
 - [PR #263](https://github.com/konpyutaika/nifikop/pull/263) - **[NiGoApi]** Upgrade nigoapi to v0.0.8.
+- [PR #263](https://github.com/konpyutaika/nifikop/pull/268) - **[Operator]** Upgrade golang to 1.20.5.
+- [PR #266](https://github.com/konpyutaika/nifikop/pull/266) - **[Operator]** Add AuthenticationStrategy, ManagerDn, ManagerPassword, IdentityStrategy properties for LDAP integration
 
 ### Fixed Bugs
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.20 as builder
+FROM golang:1.20.5 as builder
 
 WORKDIR /workspace
 

diff --git a/Makefile b/Makefile
@@ -4,7 +4,7 @@ DOCKER_REGISTRY_BASE 	?= ghcr.io/konpyutaika/docker-images
 IMAGE_TAG				?= $(shell git describe --tags --abbrev=0 --match '[0-9].*[0-9].*[0-9]' 2>/dev/null)
 IMAGE_NAME 				?= $(SERVICE_NAME)
 BUILD_IMAGE				?= ghcr.io/konpyutaika/docker-images/nifikop-build
-GOLANG_VERSION          ?= 1.20
+GOLANG_VERSION          ?= 1.20.5
 IMAGE_TAG_BASE ?= <registry>/<operator name>
 OS = $(shell go env GOOS)
 ARCH = $(shell go env GOARCH)

diff --git a/api/v1alpha1/nificluster_conversion.go b/api/v1alpha1/nificluster_conversion.go
@@ -317,14 +317,10 @@ func convertNifiClusterDisruptionBudget(src DisruptionBudget, dst *v1.NifiCluste
 
 func convertNifiClusterLdapConfiguration(src LdapConfiguration, dst *v1.NifiCluster) {
 	dst.Spec.LdapConfiguration = v1.LdapConfiguration{
-		Enabled:                src.Enabled,
-		Url:                    src.Url,
-		SearchBase:             src.SearchBase,
-		SearchFilter:           src.SearchFilter,
-		AuthenticationStrategy: src.AuthenticationStrategy,
-		ManagerDn:              src.ManagerDn,
-		ManagerPassword:        src.ManagerPassword,
-		IdentityStrategy:       src.IdentityStrategy,
+		Enabled:      src.Enabled,
+		Url:          src.Url,
+		SearchBase:   src.SearchBase,
+		SearchFilter: src.SearchFilter,
 	}
 }
 
@@ -759,14 +755,10 @@ func convertNifiClusterFromDisruptionBudget(src v1.DisruptionBudget, dst *NifiCl
 
 func convertNifiClusterFromLdapConfiguration(src v1.LdapConfiguration, dst *NifiCluster) {
 	dst.Spec.LdapConfiguration = LdapConfiguration{
-		Enabled:                src.Enabled,
-		Url:                    src.Url,
-		SearchBase:             src.SearchBase,
-		SearchFilter:           src.SearchFilter,
-		AuthenticationStrategy: src.AuthenticationStrategy,
-		ManagerDn:              src.ManagerDn,
-		ManagerPassword:        src.ManagerPassword,
-		IdentityStrategy:       src.IdentityStrategy,
+		Enabled:      src.Enabled,
+		Url:          src.Url,
+		SearchBase:   src.SearchBase,
+		SearchFilter: src.SearchFilter,
 	}
 }
 

diff --git a/api/v1alpha1/nificluster_conversion_test.go b/api/v1alpha1/nificluster_conversion_test.go
@@ -107,11 +107,7 @@ func assertNifiClustersEqual(anc *NifiCluster, nc *v1.NifiCluster, t *testing.T)
 	if anc.Spec.LdapConfiguration.Enabled != nc.Spec.LdapConfiguration.Enabled ||
 		anc.Spec.LdapConfiguration.SearchBase != nc.Spec.LdapConfiguration.SearchBase ||
 		anc.Spec.LdapConfiguration.SearchFilter != nc.Spec.LdapConfiguration.SearchFilter ||
-		anc.Spec.LdapConfiguration.Url != nc.Spec.LdapConfiguration.Url ||
-		anc.Spec.LdapConfiguration.AuthenticationStrategy != nc.Spec.LdapConfiguration.AuthenticationStrategy ||
-		anc.Spec.LdapConfiguration.ManagerDn != nc.Spec.LdapConfiguration.ManagerDn ||
-		anc.Spec.LdapConfiguration.ManagerPassword != nc.Spec.LdapConfiguration.ManagerPassword ||
-		anc.Spec.LdapConfiguration.IdentityStrategy != nc.Spec.LdapConfiguration.IdentityStrategy {
+		anc.Spec.LdapConfiguration.Url != nc.Spec.LdapConfiguration.Url {
 		t.Error("LDAP configurations are not equal")
 	}
 	if anc.Spec.NifiClusterTaskSpec.RetryDurationMinutes != nc.Spec.NifiClusterTaskSpec.RetryDurationMinutes {
@@ -436,14 +432,10 @@ func createNifiCluster() *NifiCluster {
 				Budget: "50",
 			},
 			LdapConfiguration: LdapConfiguration{
-				Enabled:                true,
-				Url:                    "url",
-				SearchBase:             "searchBase",
-				SearchFilter:           "searchFilter",
-				AuthenticationStrategy: "authenticationStrategy",
-				ManagerDn:              "managerDn",
-				ManagerPassword:        "managerPassword",
-				IdentityStrategy:       "identityStrategy",
+				Enabled:      true,
+				Url:          "url",
+				SearchBase:   "searchBase",
+				SearchFilter: "searchFilter",
 			},
 			NifiClusterTaskSpec: NifiClusterTaskSpec{
 				RetryDurationMinutes: 5,

diff --git a/api/v1alpha1/nificluster_types.go b/api/v1alpha1/nificluster_types.go
@@ -495,18 +495,6 @@ type LdapConfiguration struct {
 	// Filter for searching for users against the 'User Search Base'.
 	// (i.e. sAMAccountName={0}). The user specified name is inserted into '{0}'.
 	SearchFilter string `json:"searchFilter,omitempty"`
-	// How the connection to the LDAP server is authenticated.
-	// Possible values are ANONYMOUS, SIMPLE, LDAPS, or START_TLS.
-	AuthenticationStrategy string `json:"authenticationStrategy,omitempty"`
-	// The DN of the manager that is used to bind to the LDAP server to search for users.
-	ManagerDn string `json:"managerDn,omitempty"`
-	// The password of the manager that is used to bind to the LDAP server to search for users.
-	ManagerPassword string `json:"managerPassword,omitempty"`
-	// Strategy to identify users. Possible values are USE_DN and USE_USERNAME.
-	// The default functionality if this property is missing is USE_DN in order to retain backward compatibility.
-	// USE_DN will use the full DN of the user entry if possible.
-	// USE_USERNAME will use the username the user logged in with.
-	IdentityStrategy string `json:"identityStrategy,omitempty"`
 }
 
 // NifiClusterTaskSpec specifies the configuration of the nifi cluster Tasks

diff --git a/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml b/config/crd/bases/nifi.konpyutaika.com_nificlusters.yaml
@@ -5039,16 +5039,8 @@ spec:
                 type: array
               ldapConfiguration:
                 properties:
-                  authenticationStrategy:
-                    type: string
                   enabled:
                     type: boolean
-                  identityStrategy:
-                    type: string
-                  managerDn:
-                    type: string
-                  managerPassword:
-                    type: string
                   searchBase:
                     type: string
                   searchFilter:

diff --git a/docker/build-image/Dockerfile b/docker/build-image/Dockerfile
@@ -32,7 +32,7 @@ RUN apt-get update \
   && apt-get install -y \
     git apt \
     locales sudo openssh-client ca-certificates tar gzip \
-    net-tools netcat unzip zip bzip2 gnupg curl wget
+    net-tools netcat-traditional unzip zip bzip2 gnupg curl wget
 
 # Set timezone to UTC by default
 RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime

diff --git a/go.sum b/go.sum
@@ -140,8 +140,6 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/konpyutaika/nigoapi v0.0.6 h1:tyzs05rJ1DVbwb3zhdtV/T4k8tfRkAPaydZOGfQFSL0=
-github.com/konpyutaika/nigoapi v0.0.6/go.mod h1:ylinFOIwDzQvM+BbiDFWmr6l2Lexs2pg/jb9znIVAv4=
 github.com/konpyutaika/nigoapi v0.0.8 h1:eOp5Bj7v3PStEqmQrqETncyi5ZRg9k0ooEIZAp71GbU=
 github.com/konpyutaika/nigoapi v0.0.8/go.mod h1:ylinFOIwDzQvM+BbiDFWmr6l2Lexs2pg/jb9znIVAv4=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=

diff --git a/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml b/helm/nifikop/crds/nifi.konpyutaika.com_nificlusters.yaml
@@ -707,22 +707,22 @@ spec:
                 type: array
               ldapConfiguration:
                 properties:
-                  authenticationStrategy:
-                    type: string
                   enabled:
                     type: boolean
-                  identityStrategy:
-                    type: string
-                  managerDn:
-                    type: string
-                  managerPassword:
-                    type: string
                   searchBase:
                     type: string
                   searchFilter:
                     type: string
                   url:
                     type: string
+                  authenticationStrategy:
+                    type: string
+                  managerDn:
+                    type: string
+                  managerPassword:
+                    type: string
+                  identityStrategy:
+                    type: string
                 type: object
               listenersConfig:
                 properties:
@@ -5039,16 +5039,8 @@ spec:
                 type: array
               ldapConfiguration:
                 properties:
-                  authenticationStrategy:
-                    type: string
                   enabled:
                     type: boolean
-                  identityStrategy:
-                    type: string
-                  managerDn:
-                    type: string
-                  managerPassword:
-                    type: string
                   searchBase:
                     type: string
                   searchFilter:

diff --git a/pkg/resources/templates/config/login_identity_providers.go b/pkg/resources/templates/config/login_identity_providers.go
@@ -69,6 +69,7 @@ var LoginIdentityProvidersTemplate = `<?xml version="1.0" encoding="UTF-8" stand
         <identifier>ldap-provider</identifier>
         <class>org.apache.nifi.ldap.LdapProvider</class>
         <property name="Authentication Strategy">{{.LdapConfiguration.AuthenticationStrategy}}</property>
+        <property name="Authentication Strategy">{{or .LdapConfiguration.AuthenticationStrategy "START_TLS"}}</property>
         <property name="Manager DN">{{.LdapConfiguration.ManagerDn}}</property>
         <property name="Manager Password">{{.LdapConfiguration.ManagerPassword}}</property>
         <property name="TLS - Keystore"></property>
@@ -88,6 +89,7 @@ var LoginIdentityProvidersTemplate = `<?xml version="1.0" encoding="UTF-8" stand
         <property name="User Search Base">{{.LdapConfiguration.SearchBase}}</property>
         <property name="User Search Filter">{{.LdapConfiguration.SearchFilter}}</property>
         <property name="Identity Strategy">{{.LdapConfiguration.IdentityStrategy}}</property>
+        <property name="Identity Strategy">{{or .LdapConfiguration.IdentityStrategy "USE_DN"}}</property>
         <property name="Authentication Expiration">12 hours</property>
     </provider>
     {{end}}