func (b *RFC2307Builder) getRFC2307LDAPInterface() (*rfc2307.LDAPInterface, error) { if b.rfc2307LDAPInterface != nil { return b.rfc2307LDAPInterface, nil } groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(b.Config.AllGroupsQuery, b.Config.GroupUIDAttribute) if err != nil { return nil, err } userQuery, err := ldaputil.NewLDAPQueryOnAttribute(b.Config.AllUsersQuery, b.Config.UserUIDAttribute) if err != nil { return nil, err } return rfc2307.NewLDAPInterface(b.ClientConfig, groupQuery, b.Config.GroupNameAttributes, b.Config.GroupMembershipAttributes, userQuery, b.Config.UserNameAttributes), nil }
// Run creates the GroupSyncer specified and runs it to sync groups // the arguments are only here because its the only way to get the printer we need func (o *SyncGroupsOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error { // In order to create the GroupSyncer, we need to build its' parts: // interpret user-provided configuration clientConfig, err := ldaputil.NewLDAPClientConfig( o.Config.URL, o.Config.BindDN, o.Config.BindPassword, o.Config.CA, o.Config.Insecure) if err != nil { return fmt.Errorf("could not determine LDAP client configuration: %v", err) } // populate schema-independent syncer fields syncer := LDAPGroupSyncer{ Host: clientConfig.Host, GroupClient: o.GroupInterface, SyncExisting: o.SyncExisting, } if len(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping) > 0 { syncer.GroupNameMapper = NewUserDefinedGroupNameMapper(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping) } switch { case o.Config.RFC2307Config != nil: syncer.UserNameMapper = NewUserNameMapper(o.Config.RFC2307Config.UserNameAttributes) // config values are internalized groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.AllGroupsQuery, o.Config.RFC2307Config.GroupUIDAttribute) if err != nil { return err } userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.AllUsersQuery, o.Config.RFC2307Config.UserUIDAttribute) if err != nil { return err } // the schema-specific ldapInterface is built from the config ldapInterface := rfc2307.NewLDAPInterface(clientConfig, groupQuery, o.Config.RFC2307Config.GroupNameAttributes, o.Config.RFC2307Config.GroupMembershipAttributes, userQuery, o.Config.RFC2307Config.UserNameAttributes) // The LDAPInterface knows how to extract group members syncer.GroupMemberExtractor = &ldapInterface // In order to build the GroupNameMapper, we need to know if the user defined a hard mapping // or one based on LDAP group entry attributes if syncer.GroupNameMapper == nil { if o.Config.RFC2307Config.GroupNameAttributes == nil { return errors.New("not enough information to build a group name mapper") } syncer.GroupNameMapper = NewEntryAttributeGroupNameMapper(o.Config.RFC2307Config.GroupNameAttributes, &ldapInterface) } // In order to build the groupLister, we need to know about the group sync scope and source: syncer.GroupLister = getGroupLister(o.Scope, o.Source, o.WhitelistContents, o.GroupInterface, clientConfig.Host, &ldapInterface) case o.Config.ActiveDirectoryConfig != nil: syncer.UserNameMapper = NewUserNameMapper(o.Config.ActiveDirectoryConfig.UserNameAttributes) // config values are internalized userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.ActiveDirectoryConfig.AllUsersQuery, "dn") if err != nil { return err } // the schema-specific ldapInterface is built from the config ldapInterface := ad.NewLDAPInterface(clientConfig, userQuery, o.Config.ActiveDirectoryConfig.GroupMembershipAttributes, o.Config.ActiveDirectoryConfig.UserNameAttributes) // The LDAPInterface knows how to extract group members syncer.GroupMemberExtractor = &ldapInterface // In order to build the GroupNameMapper, we need to know if the user defined a hard mapping // or one based on LDAP group entry attributes if syncer.GroupNameMapper == nil { syncer.GroupNameMapper = &DNLDAPGroupNameMapper{} } // In order to build the groupLister, we need to know about the group sync scope and source: syncer.GroupLister = getGroupLister(o.Scope, o.Source, o.WhitelistContents, o.GroupInterface, clientConfig.Host, &ldapInterface) case o.Config.AugmentedActiveDirectoryConfig != nil: fallthrough default: return fmt.Errorf("invalid schema-specific query template type: %v", o.Config.RFC2307Config) } // Now we run the Syncer and report any errors if o.Confirm { syncErrors := syncer.Sync() return kerrs.NewAggregate(syncErrors) } openshiftGroups, errors := syncer.GetResultingGroups() list := &kapi.List{} for _, item := range openshiftGroups { list.Items = append(list.Items, item) } if err := f.Factory.PrintObject(cmd, list, o.Out); err != nil { return err } return kerrs.NewAggregate(errors) }
// Run creates the GroupSyncer specified and runs it to sync groups func (o *SyncGroupsOptions) Run() error { // In order to create the GroupSyncer, we need to build its' parts: // interpret user-provided configuration clientConfig, err := ldaputil.NewLDAPClientConfig( o.Config.Host, o.Config.BindDN, o.Config.BindPassword, o.Config.CA, o.Config.Insecure) if err != nil { return fmt.Errorf("could not determine LDAP client configuration: %v", err) } // populate schema-independent syncer fields syncer := LDAPGroupSyncer{ Host: clientConfig.Host, GroupClient: o.GroupInterface, SyncExisting: o.SyncExisting, } switch { case o.Config.RFC2307Config != nil: syncer.UserNameMapper = NewUserNameMapper(o.Config.RFC2307Config.UserNameAttributes) // config values are internalized groupQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.GroupQuery) if err != nil { return err } userQuery, err := ldaputil.NewLDAPQueryOnAttribute(o.Config.RFC2307Config.UserQuery) if err != nil { return err } // the schema-specific ldapInterface is built from the config ldapInterface := rfc2307.NewLDAPInterface(clientConfig, groupQuery, o.Config.RFC2307Config.GroupNameAttributes, o.Config.RFC2307Config.GroupMembershipAttributes, userQuery, o.Config.RFC2307Config.UserNameAttributes) // The LDAPInterface knows how to extract group members syncer.GroupMemberExtractor = &ldapInterface // In order to build the GroupNameMapper, we need to know if the user defined a hard mapping // or one based on LDAP group entry attributes syncer.GroupNameMapper = getGroupNameMapper(o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping, o.Config.RFC2307Config.GroupNameAttributes, &ldapInterface) // In order to build the groupLister, we need to know about the group sync scope and source: syncer.GroupLister = getGroupLister(o.Scope, o.Source, o.WhitelistContents, o.GroupInterface, clientConfig.Host, &ldapInterface) case o.Config.ActiveDirectoryConfig != nil: fallthrough case o.Config.AugmentedActiveDirectoryConfig != nil: fallthrough default: return fmt.Errorf("invalid schema-specific query template type: %v", o.Config.RFC2307Config) } // Now we run the Syncer and report any errors syncErrors := syncer.Sync() return kerrs.NewAggregate(syncErrors) }