syncgroups

package
v0.0.24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 8, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// LDAPHostLabel is the Label value that stores the host of the LDAP server
	// TODO: we don't store port here because labels don't allow for colons. We might want to add this back
	// with a different separator
	LDAPHostLabel string = "openshift.io/ldap.host"

	// LDAPURLAnnotation is the Annotation value that stores the host:port of the LDAP server
	LDAPURLAnnotation string = "openshift.io/ldap.url"
	// LDAPUIDAnnotation is the Annotation value that stores the corresponding LDAP group UID for the Group
	LDAPUIDAnnotation string = "openshift.io/ldap.uid"
	// LDAPSyncTime is the Annotation value that stores the last time this Group was synced with LDAP
	LDAPSyncTimeAnnotation string = "openshift.io/ldap.sync-time"
)

These constants contain values for annotations and labels affixed to Groups by the LDAP sync job

Variables

This section is empty.

Functions

func ISO8601

func ISO8601(t time.Time) string

ISO8601 returns an ISO 6801 formatted string from a time.

func NewAllOpenShiftGroupLister

func NewAllOpenShiftGroupLister(blacklist []string, ldapURL string, client client.Client) interfaces.LDAPGroupListerNameMapper

NewAllOpenShiftGroupLister returns a new allOpenShiftGroupLister

func NewEntryAttributeGroupNameMapper

func NewEntryAttributeGroupNameMapper(nameAttribute []string, groupGetter interfaces.LDAPGroupGetter) interfaces.LDAPGroupNameMapper

NewEntryAttributeGroupNameMapper returns a new EntryAttributeLDAPGroupNameMapper

func NewLDAPBlacklistGroupLister

func NewLDAPBlacklistGroupLister(blacklist []string, baseLister interfaces.LDAPGroupLister) interfaces.LDAPGroupLister

NewLDAPBlacklistGroupLister filters out the blacklisted names from the base lister

func NewLDAPWhitelistGroupLister

func NewLDAPWhitelistGroupLister(whitelist []string) interfaces.LDAPGroupLister

NewLDAPWhitelistGroupLister returns a new whitelistLDAPGroupLister that divulges the given whitelist of LDAP group unique identifiers

func NewOpenShiftGroupLister

func NewOpenShiftGroupLister(whitelist, blacklist []string, ldapURL string, client client.Client) interfaces.LDAPGroupListerNameMapper

NewOpenShiftGroupLister returns a new openshiftGroupLister that divulges the LDAP group unique identifier for each entry in the given whitelist of OpenShift Group names

func NewUserDefinedGroupNameMapper

func NewUserDefinedGroupNameMapper(mapping map[string]string) interfaces.LDAPGroupNameMapper

NewUserDefinedGroupNameMapper returns a new UserDefinedLDAPGroupNameMapper which maps a ldapGroupUID representing an LDAP group to the OpenShift Group name for the resource

func NewUserNameMapper

func NewUserNameMapper(nameAttributes []string) interfaces.LDAPUserNameMapper

NewUserNameMapper returns a new DefaultLDAPGroupUserNameMapper

Types

type DNLDAPGroupNameMapper

type DNLDAPGroupNameMapper struct{}

DNLDAPGroupNameMapper passes through the ldapGroupUID as the OpenShift group name

func (*DNLDAPGroupNameMapper) GroupNameFor

func (m *DNLDAPGroupNameMapper) GroupNameFor(ldapGroupUID string) (string, error)

type DefaultLDAPUserNameMapper

type DefaultLDAPUserNameMapper struct {
	// contains filtered or unexported fields
}

DefaultLDAPUserNameMapper extracts the OpenShift User name of an LDAP entry representing a user in a deterministic manner

func (*DefaultLDAPUserNameMapper) UserNameFor

func (m *DefaultLDAPUserNameMapper) UserNameFor(ldapUser *ldap.Entry) (string, error)

type EntryAttributeLDAPGroupNameMapper

type EntryAttributeLDAPGroupNameMapper struct {
	// contains filtered or unexported fields
}

EntryAttributeLDAPGroupNameMapper references the name attribute mapping to determine which attribute of a first-class LDAP group entry should be used as the OpenShift Group name for the resource

func (*EntryAttributeLDAPGroupNameMapper) GroupNameFor

func (m *EntryAttributeLDAPGroupNameMapper) GroupNameFor(ldapGroupUID string) (string, error)

type GroupSyncer

type GroupSyncer interface {
	// Sync syncs groups in OpenShift with records from an external source
	Sync() (groupsAffected []*userv1.Group, errors []error)
}

GroupSyncer runs a Sync job on Groups

type LDAPGroupSyncer

type LDAPGroupSyncer struct {
	// Lists all groups to be synced
	GroupLister interfaces.LDAPGroupLister
	// Fetches a group and extracts object metainformation and membership list from a group
	GroupMemberExtractor interfaces.LDAPMemberExtractor
	// Maps an LDAP user entry to an OpenShift User's Name
	UserNameMapper interfaces.LDAPUserNameMapper
	// Maps an LDAP group enrty to an OpenShift Group's Name
	GroupNameMapper interfaces.LDAPGroupNameMapper
	// Allows the Syncer to search for OpenShift Groups
	Client client.Client
	// Host stores the address:port of the LDAP server
	Host string
	// DryRun indicates that no changes should be made.
	DryRun bool

	Log logr.Logger
}

LDAPGroupSyncer sync Groups with records on an external LDAP server

func (*LDAPGroupSyncer) Sync

func (s *LDAPGroupSyncer) Sync() ([]*userv1.Group, []error)

Sync allows the LDAPGroupSyncer to be a GroupSyncer

type UnionGroupNameMapper

type UnionGroupNameMapper struct {
	GroupNameMappers []interfaces.LDAPGroupNameMapper
}

func (*UnionGroupNameMapper) GroupNameFor

func (m *UnionGroupNameMapper) GroupNameFor(ldapGroupUID string) (string, error)

type UserDefinedLDAPGroupNameMapper

type UserDefinedLDAPGroupNameMapper struct {
	// contains filtered or unexported fields
}

UserDefinedLDAPGroupNameMapper maps a ldapGroupUID representing an LDAP group to the OpenShift Group name for the resource by using a pre-defined mapping of ldapGroupUID to name (e.g. from a file)

func (*UserDefinedLDAPGroupNameMapper) GroupNameFor

func (m *UserDefinedLDAPGroupNameMapper) GroupNameFor(ldapGroupUID string) (string, error)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL