Class: Entitlements::Backend::LDAP::Controller

Inherits:
BaseController show all
Includes:
Contracts::Core
Defined in:
lib/entitlements/backend/ldap/controller.rb

Constant Summary collapse

C =
::Contracts

Constants inherited from BaseController

BaseController::COMMON_GROUP_CONFIG

Instance Attribute Summary

Attributes inherited from BaseController

#actions

Instance Method Summary collapse

Methods included from Contracts::Core

common, extended, included

Methods inherited from BaseController

identifier, #print_differences, priority, #priority, register

Constructor Details

#initialize(group_name, config = nil) ⇒ Controller

Returns a new instance of Controller.



17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/entitlements/backend/ldap/controller.rb', line 17

def initialize(group_name, config = nil)
  super

  @ldap = Entitlements::Service::LDAP.new_with_cache(
    addr: @config.fetch("ldap_uri"),
    binddn: @config.fetch("ldap_binddn"),
    bindpw: @config.fetch("ldap_bindpw"),
    ca_file: @config.fetch("ldap_ca_file", ENV["LDAP_CACERT"]),
    disable_ssl_verification: @config.fetch("ldap_disable_ssl_verification", false),
    person_dn_format: @config.fetch("person_dn_format")
  )
  @provider = Entitlements::Backend::LDAP::Provider.new(ldap: @ldap)
end

Instance Method Details

#apply(action) ⇒ Object



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# File 'lib/entitlements/backend/ldap/controller.rb', line 116

def apply(action)
  if action.updated.nil?
    logger.debug "APPLY: Deleting #{action.dn}"
    ldap.delete(action.dn)
  else
    override = Entitlements::Util::Override.override_hash_from_plugin(action.config["plugin"], action.updated, ldap) || {}
    if provider.upsert(action.updated, override)
      logger.debug "APPLY: Upserting #{action.dn}"
    else
      logger.warn "DID NOT APPLY: Changes not needed to #{action.dn}"
      logger.debug "Old: #{action.existing.inspect}"
      logger.debug "New: #{action.updated.inspect}"
    end
  end
end

#calculateObject



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/entitlements/backend/ldap/controller.rb', line 69

def calculate
  if ou_needs_to_be_created?
    logger.info "ADD #{config['base']}"
  end

  existing = provider.read_all(config["base"])
  proposed = Entitlements::Data::Groups::Calculated.read_all(group_name, config)

  # Calculate differences.
  added = (proposed - existing)
    .map { |i| Entitlements::Models::Action.new(i, nil, Entitlements::Data::Groups::Calculated.read(i), group_name) }
  removed = (existing - proposed)
    .map { |i| Entitlements::Models::Action.new(i, provider.read(i), nil, group_name) }
  changed = (existing & proposed)
    .reject { |i| provider.read(i).equals?(Entitlements::Data::Groups::Calculated.read(i)) }
    .map { |i| Entitlements::Models::Action.new(i, provider.read(i), Entitlements::Data::Groups::Calculated.read(i), group_name) }

  # Print the differences.
  print_differences(key: group_name, added: added, removed: removed, changed: changed)

  # Populate the actions
  @actions = [added, removed, changed].flatten.compact
end

#change_countObject



59
60
61
# File 'lib/entitlements/backend/ldap/controller.rb', line 59

def change_count
  actions.size + (ou_needs_to_be_created? ? 1 : 0)
end

#ou_needs_to_be_created?Boolean

Returns:

  • (Boolean)


166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/entitlements/backend/ldap/controller.rb', line 166

def ou_needs_to_be_created?
  return false unless config["create_if_missing"]

  @ou_needs_to_be_created ||= begin
    if ldap.exists?(config["base"])
      logger.debug "OU create_if_missing: #{config['base']} already exists"
      :false
    else
      logger.debug "OU create_if_missing: #{config['base']} needs to be created"
      :true
    end
  end

  @ou_needs_to_be_created == :true
end

#preapplyObject



100
101
102
103
104
105
106
107
108
# File 'lib/entitlements/backend/ldap/controller.rb', line 100

def preapply
  return unless ou_needs_to_be_created?

  if ldap.upsert(dn: config["base"], attributes: {"objectClass" => "organizationalUnit"})
    logger.debug "APPLY: Creating #{config['base']}"
  else
    logger.warn "DID NOT APPLY: Changes not needed to #{config['base']}"
  end
end

#prefetchObject



37
38
39
40
# File 'lib/entitlements/backend/ldap/controller.rb', line 37

def prefetch
  logger.debug "Pre-fetching group membership in #{group_name} (#{config['base']}) from LDAP"
  provider.read_all(config["base"])
end

#validateObject



48
49
50
51
# File 'lib/entitlements/backend/ldap/controller.rb', line 48

def validate
  return unless config["mirror"]
  Entitlements::Util::Mirror.validate_mirror!(group_name)
end

#validate_config!(key, data) ⇒ Object



139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# File 'lib/entitlements/backend/ldap/controller.rb', line 139

def validate_config!(key, data)
  spec = COMMON_GROUP_CONFIG.merge({
    "base"               => { required: true, type: String },
    "create_if_missing"  => { required: false, type: [FalseClass, TrueClass]},
    "ldap_binddn"        => { required: true, type: String },
    "ldap_bindpw"        => { required: true, type: String },
    "ldap_ca_file"       => { required: false, type: String },
    "disable_ssl_verification" => { required: false, type: [FalseClass, TrueClass] },
    "ldap_uri"           => { required: true, type: String },
    "plugin"             => { required: false, type: Hash },
    "mirror"             => { required: false, type: String },
    "person_dn_format"   => { required: true, type: String }
  })
  text = "Group #{key.inspect}"
  Entitlements::Util::Util.validate_attr!(spec, data, text)
end