[ARVADOS] updated: 1.3.0-2547-g8f435f4ba
Git user
git at public.arvados.org
Fri May 8 19:29:19 UTC 2020
Summary of changes:
go.mod | 2 ++
go.sum | 4 ++++
lib/controller/localdb/login_ldap.go | 9 ++++++---
lib/controller/localdb/login_ldap_docker_test.go | 13 -------------
sdk/python/tests/run_test_server.py | 6 ++++--
5 files changed, 16 insertions(+), 18 deletions(-)
via 8f435f4bac86e7ba7dbd9770d2db9bb4db6cf569 (commit)
via 3cf3136d736ed18fffd43714eff01693a464c790 (commit)
from f01f7eebfe771300be72d1bec5b4fab664138feb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit 8f435f4bac86e7ba7dbd9770d2db9bb4db6cf569
Author: Tom Clegg <tom at tomclegg.ca>
Date: Fri May 8 15:28:56 2020 -0400
15881: Test ldap login with fake ldap server.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/go.mod b/go.mod
index 482c6971d..cc5457975 100644
--- a/go.mod
+++ b/go.mod
@@ -12,6 +12,7 @@ require (
github.com/arvados/cgofuse v1.2.0-arvados1
github.com/aws/aws-sdk-go v1.25.30
github.com/bgentry/speakeasy v0.1.0 // indirect
+ github.com/bradleypeabody/godap v0.0.0-20170216002349-c249933bc092
github.com/coreos/go-oidc v2.1.0+incompatible
github.com/coreos/go-systemd v0.0.0-20180108085132-cc4f39464dc7
github.com/dgrijalva/jwt-go v3.1.0+incompatible // indirect
@@ -25,6 +26,7 @@ require (
github.com/fsnotify/fsnotify v1.4.9
github.com/ghodss/yaml v1.0.0
github.com/gliderlabs/ssh v0.2.2 // indirect
+ github.com/go-asn1-ber/asn1-ber v1.4.1 // indirect
github.com/go-ldap/ldap v3.0.3+incompatible
github.com/gogo/protobuf v1.1.1
github.com/gorilla/context v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index a92b3c11a..38153ce3e 100644
--- a/go.sum
+++ b/go.sum
@@ -29,6 +29,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bradleypeabody/godap v0.0.0-20170216002349-c249933bc092 h1:0Di2onNnlN5PAyWPbqlPyN45eOQ+QW/J9eqLynt4IV4=
+github.com/bradleypeabody/godap v0.0.0-20170216002349-c249933bc092/go.mod h1:8IzBjZCRSnsvM6MJMG8HNNtnzMl48H22rbJL2kRUJ0Y=
github.com/cespare/xxhash/v2 v2.1.0 h1:yTUvW7Vhb89inJ+8irsUqiWjh8iT6sQPZiQzI6ReGkA=
github.com/cespare/xxhash/v2 v2.1.0/go.mod h1:dgIUBU3pDso/gPgZ1osOZ0iQf77oPR28Tjxl5dIMyVM=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -62,6 +64,8 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/go-asn1-ber/asn1-ber v1.4.1 h1:qP/QDxOtmMoJVgXHCXNzDpA0+wkgYB2x5QoLMVOciyw=
+github.com/go-asn1-ber/asn1-ber v1.4.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
diff --git a/lib/controller/localdb/login_ldap.go b/lib/controller/localdb/login_ldap.go
index 44e42ac40..373b11324 100644
--- a/lib/controller/localdb/login_ldap.go
+++ b/lib/controller/localdb/login_ldap.go
@@ -93,7 +93,10 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
return arvados.APIClientAuthorization{}, errors.New("config error: must provide SearchAttribute")
}
- search := fmt.Sprintf("(&%s(%s=%s))", conf.SearchFilters, ldap.EscapeFilter(conf.SearchAttribute), ldap.EscapeFilter(username))
+ search := fmt.Sprintf("(%s=%s)", ldap.EscapeFilter(conf.SearchAttribute), ldap.EscapeFilter(username))
+ if conf.SearchFilters != "" {
+ search = fmt.Sprintf("(&%s%s)", conf.SearchFilters, search)
+ }
log = log.WithField("search", search)
req := ldap.NewSearchRequest(
conf.SearchBase,
@@ -105,7 +108,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
if ldap.IsErrorWithCode(err, ldap.LDAPResultNoResultsReturned) ||
ldap.IsErrorWithCode(err, ldap.LDAPResultNoSuchObject) ||
(err == nil && len(resp.Entries) == 0) {
- log.WithError(err).Debug("ldap lookup returned no results")
+ log.WithError(err).Info("ldap lookup returned no results")
return arvados.APIClientAuthorization{}, errFailed
} else if err != nil {
log.WithError(err).Error("ldap lookup failed")
@@ -130,7 +133,7 @@ func (ctrl *ldapLoginController) UserAuthenticate(ctx context.Context, opts arva
// Now that we have the DN, try authenticating.
err = l.Bind(userdn, opts.Password)
if err != nil {
- log.WithError(err).Warn("ldap user authentication failed")
+ log.WithError(err).Info("ldap user authentication failed")
return arvados.APIClientAuthorization{}, errFailed
}
log.Debug("ldap authentication succeeded")
diff --git a/lib/controller/localdb/login_ldap_docker_test.go b/lib/controller/localdb/login_ldap_docker_test.go
index 54454a190..2f0d22075 100644
--- a/lib/controller/localdb/login_ldap_docker_test.go
+++ b/lib/controller/localdb/login_ldap_docker_test.go
@@ -11,22 +11,9 @@ import (
"os"
"os/exec"
- "git.arvados.org/arvados.git/sdk/go/arvados"
- "git.arvados.org/arvados.git/sdk/go/arvadostest"
check "gopkg.in/check.v1"
)
-var _ = check.Suite(&LDAPSuite{})
-
-type LDAPSuite struct{}
-
-func (s *LDAPSuite) TearDownSuite(c *check.C) {
- // Undo any changes/additions to the user database so they
- // don't affect subsequent tests.
- arvadostest.ResetEnv()
- c.Check(arvados.NewClientFromEnv().RequestAndDecode(nil, "POST", "database/reset", nil, nil), check.IsNil)
-}
-
func (s *LDAPSuite) TestLoginLDAPViaPAM(c *check.C) {
cmd := exec.Command("bash", "login_ldap_docker_test.sh")
cmd.Stdout = os.Stderr
commit 3cf3136d736ed18fffd43714eff01693a464c790
Author: Tom Clegg <tom at tomclegg.ca>
Date: Fri May 8 15:28:44 2020 -0400
15881: Update test config.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>
diff --git a/sdk/python/tests/run_test_server.py b/sdk/python/tests/run_test_server.py
index 779ac4bfc..fe32547fc 100644
--- a/sdk/python/tests/run_test_server.py
+++ b/sdk/python/tests/run_test_server.py
@@ -757,8 +757,10 @@ def setup_config():
"RailsSessionSecretToken": "e24205c490ac07e028fd5f8a692dcb398bcd654eff1aef5f9fe6891994b18483",
},
"Login": {
- "ProviderAppID": "arvados-server",
- "ProviderAppSecret": "608dbf356a327e2d0d4932b60161e212c2d8d8f5e25690d7b622f850a990cd33",
+ "SSO": {
+ "ProviderAppID": "arvados-server",
+ "ProviderAppSecret": "608dbf356a327e2d0d4932b60161e212c2d8d8f5e25690d7b622f850a990cd33",
+ },
},
"SystemLogs": {
"LogLevel": ('info' if os.environ.get('ARVADOS_DEBUG', '') in ['','0'] else 'debug'),
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list