feat(ldap): add option to load ldap from file (#1778)

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>
2026-06-16 04:17:55 +08:00 · 2023-11-15 02:21:36 +02:00
parent b2a9239c03
commit 272eb7cc43
10 changed files with 668 additions and 41 deletions
@@ -738,6 +738,10 @@ func LoadConfiguration(config *config.Config, configPath string) error {
 		return zerr.ErrBadConfig
 	}

+	if err := updateLDAPConfig(config); err != nil {
+		return err
+	}
+
 	// defaults
 	applyDefaultValues(config, viperInstance, log)

@@ -752,6 +756,50 @@ func LoadConfiguration(config *config.Config, configPath string) error {
 	return nil
 }

+func updateLDAPConfig(conf *config.Config) error {
+	if conf.HTTP.Auth == nil || conf.HTTP.Auth.LDAP == nil {
+		return nil
+	}
+
+	if conf.HTTP.Auth.LDAP.CredentialsFile == "" {
+		conf.HTTP.Auth.LDAP.SetBindDN("anonym-user")
+
+		return nil
+	}
+
+	newLDAPCredentials, err := readLDAPCredentials(conf.HTTP.Auth.LDAP.CredentialsFile)
+	if err != nil {
+		return err
+	}
+
+	conf.HTTP.Auth.LDAP.SetBindDN(newLDAPCredentials.BindDN)
+	conf.HTTP.Auth.LDAP.SetBindPassword(newLDAPCredentials.BindPassword)
+
+	return nil
+}
+
+func readLDAPCredentials(ldapConfigPath string) (config.LDAPCredentials, error) {
+	viperInstance := viper.NewWithOptions(viper.KeyDelimiter("::"))
+
+	viperInstance.SetConfigFile(ldapConfigPath)
+
+	if err := viperInstance.ReadInConfig(); err != nil {
+		log.Error().Err(err).Msg("error while reading configuration")
+
+		return config.LDAPCredentials{}, err
+	}
+
+	var ldapCredentials config.LDAPCredentials
+
+	if err := viperInstance.Unmarshal(&ldapCredentials); err != nil {
+		log.Error().Err(err).Msg("error while unmarshaling new config")
+
+		return config.LDAPCredentials{}, err
+	}
+
+	return ldapCredentials, nil
+}
+
 func authzContainsOnlyAnonymousPolicy(cfg *config.Config) bool {
 	adminPolicy := cfg.HTTP.AccessControl.AdminPolicy
 	anonymousPolicyPresent := false
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"path/filepath"
 	"testing"
 	"time"

@@ -1447,6 +1448,88 @@ func TestScrub(t *testing.T) {
 	})
 }

+func TestUpdateLDAPConfig(t *testing.T) {
+	Convey("updateLDAPConfig errors while unmarshaling ldap config", t, func() {
+		tempDir := t.TempDir()
+		ldapConfigContent := "bad-json"
+		ldapConfigPath := filepath.Join(tempDir, "ldap.json")
+
+		err := os.WriteFile(ldapConfigPath, []byte(ldapConfigContent), 0o000)
+		So(err, ShouldBeNil)
+
+		configStr := fmt.Sprintf(`
+		{
+			"Storage": {
+				"RootDirectory": "%s"
+			},
+			"HTTP": {
+				"Address": "%s",
+				"Port": "%s",
+				"Auth": {
+					"LDAP": {
+						"CredentialsFile":    "%s",
+						"BaseDN":             "%v",
+						"UserAttribute":      "uid",
+						"UserGroupAttribute": "memberOf",
+						"Insecure":           true,
+						"Address":            "%v",
+						"Port":               %v
+					}
+				}
+			}
+		}`, tempDir, "127.0.0.1", "8000", ldapConfigPath, "LDAPBaseDN", "LDAPAddress", 1000)
+
+		configPath := filepath.Join(tempDir, "config.json")
+
+		err = os.WriteFile(configPath, []byte(configStr), 0o0600)
+		So(err, ShouldBeNil)
+
+		server := cli.NewServerRootCmd()
+		server.SetArgs([]string{"serve", configPath})
+		So(func() { err = server.Execute() }, ShouldPanic)
+
+		err = os.Chmod(ldapConfigPath, 0o600)
+		So(err, ShouldBeNil)
+
+		server = cli.NewServerRootCmd()
+		server.SetArgs([]string{"serve", configPath})
+		So(func() { err = server.Execute() }, ShouldPanic)
+	})
+
+	Convey("unauthenticated LDAP config", t, func() {
+		tempDir := t.TempDir()
+
+		configStr := fmt.Sprintf(`
+		{
+			"Storage": {
+				"RootDirectory": "%s"
+			},
+			"HTTP": {
+				"Address": "%s",
+				"Port": "%s",
+				"Auth": {
+					"LDAP": {
+						"BaseDN":             "%v",
+						"UserAttribute":      "uid",
+						"UserGroupAttribute": "memberOf",
+						"Insecure":           true,
+						"Address":            "%v",
+						"Port":               %v
+					}
+				}
+			}
+		}`, tempDir, "127.0.0.1", "8000", "LDAPBaseDN", "LDAPAddress", 1000)
+
+		configPath := filepath.Join(tempDir, "config.json")
+
+		err := os.WriteFile(configPath, []byte(configStr), 0o0600)
+		So(err, ShouldBeNil)
+
+		err = cli.LoadConfiguration(config.New(), configPath)
+		So(err, ShouldBeNil)
+	})
+}
+
 // run cli and return output.
 func runCLIWithConfig(tempDir string, config string) (string, error) {
 	port := GetFreePort()