rename ldap' cli flag 'host' to 'host-list' and fix tests (#6898)

Signed-off-by: abhishek818 <abhishekguptaatweb17@gmail.com>
2024-09-01 14:56:30 +00:00 · 2024-07-18 13:17:36 +05:30 · 2024-07-18 13:17:36 +05:30 · b95b9a8597
commit b95b9a8597
parent f954681e69
4 changed files with 35 additions and 31 deletions
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@ -46,8 +46,8 @@ var (
 			Usage: "Disable TLS verification.",
 		},
 		&cli.StringFlag{
-			Name:  "host",
+			Name:  "host-list",
-			Usage: "The address where the LDAP server can be reached.",
+			Usage: "List of addresses where the LDAP server(s) can be reached.",
 		},
 		&cli.IntFlag{
 			Name:  "port",
@ -206,8 +206,8 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("name") {
 		config.Name = c.String("name")
 	}
-	if c.IsSet("host") {
+	if c.IsSet("host-list") {
-		config.HostList = c.String("hostlist")
+		config.HostList = c.String("host-list")
 	}
 	if c.IsSet("port") {
 		config.Port = c.Int("port")
@ -308,7 +308,7 @@ func (a *authService) getAuthSource(ctx context.Context, c *cli.Context, authTyp
 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
 func (a *authService) addLdapBindDn(c *cli.Context) error {
-	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
+	if err := argsSet(c, "name", "security-protocol", "host-list", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
@ -359,7 +359,7 @@ func (a *authService) updateLdapBindDn(c *cli.Context) error {
 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
 func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
-	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
+	if err := argsSet(c, "name", "security-protocol", "host-list", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@ -34,7 +34,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--not-active",
 				"--security-protocol", "ldaps",
 				"--skip-tls-verify",
-				"--host", "ldap-bind-server full",
+				"--host-list", "ldap-bind-server full",
 				"--port", "9876",
 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",
@ -87,7 +87,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source min",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-bind-server min",
+				"--host-list", "ldap-bind-server min",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=min-domain-bind,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=min-domain-bind,dc=org)",
@ -115,7 +115,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source",
 				"--security-protocol", "zzzzz",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@ -128,7 +128,7 @@ func TestAddLdapBindDn(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@ -141,7 +141,7 @@ func TestAddLdapBindDn(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@ -160,7 +160,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
 			},
-			errMsg: "host is not set",
+			errMsg: "host-list is not set",
 		},
 		// case 6
 		{
@ -168,7 +168,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
 				"--email-attribute", "mail",
@ -181,7 +181,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--email-attribute", "mail",
@ -194,7 +194,7 @@ func TestAddLdapBindDn(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (via Bind DN) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "1234",
 				"--user-search-base", "ou=Users,dc=domain,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=domain,dc=org)",
@ -260,7 +260,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--not-active",
 				"--security-protocol", "starttls",
 				"--skip-tls-verify",
-				"--host", "ldap-simple-server full",
+				"--host-list", "ldap-simple-server full",
 				"--port", "987",
 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",
 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",
@ -305,7 +305,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source min",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-simple-server min",
+				"--host-list", "ldap-simple-server min",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(min-simple-cn=%s))",
 				"--email-attribute", "mail-simple min",
@ -333,7 +333,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
 				"--security-protocol", "zzzzz",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
@ -346,7 +346,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
@ -359,7 +359,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
@ -378,7 +378,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
 			},
-			errMsg: "host is not set",
+			errMsg: "host-list is not set",
 		},
 		// case 6
 		{
@ -386,7 +386,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@ -399,7 +399,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--email-attribute", "mail",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@ -412,7 +412,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--user-dn", "cn=%s,ou=Users,dc=domain,dc=org",
@ -425,7 +425,7 @@ func TestAddLdapSimpleAuth(t *testing.T) {
 				"ldap-test",
 				"--name", "ldap (simple auth) source",
 				"--security-protocol", "unencrypted",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 				"--port", "123",
 				"--user-filter", "(&(objectClass=posixAccount)(cn=%s))",
 				"--email-attribute", "mail",
@ -494,7 +494,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
 				"--not-active",
 				"--security-protocol", "LDAPS",
 				"--skip-tls-verify",
-				"--host", "ldap-bind-server full",
+				"--host-list", "ldap-bind-server full",
 				"--port", "9876",
 				"--user-search-base", "ou=Users,dc=full-domain-bind,dc=org",
 				"--user-filter", "(memberOf=cn=user-group,ou=example,dc=full-domain-bind,dc=org)",
@ -625,7 +625,7 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--id", "1",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 			},
 			authSource: &auth.Source{
 				Type: auth.LDAP,
@ -957,7 +957,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 				"--not-active",
 				"--security-protocol", "starttls",
 				"--skip-tls-verify",
-				"--host", "ldap-simple-server full",
+				"--host-list", "ldap-simple-server full",
 				"--port", "987",
 				"--user-search-base", "ou=Users,dc=full-domain-simple,dc=org",
 				"--user-filter", "(&(objectClass=posixAccount)(full-simple-cn=%s))",
@ -1073,7 +1073,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			args: []string{
 				"ldap-test",
 				"--id", "1",
-				"--host", "ldap-server",
+				"--host-list", "ldap-server",
 			},
 			authSource: &auth.Source{
 				Type: auth.DLDAP,
--- a/services/auth/source/ldap/README.md
+++ b/services/auth/source/ldap/README.md
@ -32,8 +32,9 @@ share the following fields:
  * A name to assign to the new method of authorization.
 * Host **(required)**
-  * The address where the LDAP server can be reached.
+  * The list of addresses where the LDAP server(s) can be reached.
  * Example: mydomain.com
  * Example (with multiple server hosts): mydomain.com, myotherdomain.com, mytempdomain.com
 * Port **(required)**
  * The port to use when connecting to the server.
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@ -113,8 +113,11 @@ func dial(source *Source) (*ldap.Conn, error) {
 	log.Trace("Dialing LDAP with security protocol (%v) without verifying: %v", source.SecurityProtocol, source.SkipVerify)
 	ldap.DefaultTimeout = time.Second * 15
 	// Remove any extra spaces in HostList string
 	tempHostList := strings.ReplaceAll(source.HostList, " ", "")
 	// HostList is a list of hosts separated by commas
-	hostList := strings.Split(source.HostList, ",")
+	hostList := strings.Split(tempHostList, ",")
 	// hostList := strings.Split(source.HostList, ",")
 	for _, host := range hostList {
 		tlsConfig := &tls.Config{