Skip to content

Allow AD integration to filter LDAP groups #693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nightkr merged 5 commits into from
Feb 26, 2025
Merged

Allow AD integration to filter LDAP groups #693

nightkr merged 5 commits into from
Feb 26, 2025

Conversation

@nightkr
Copy link
Contributor

@nightkr nightkr commented Feb 25, 2025
edited
Loading

Description

Fixes #691

This PR adds a new field additionalGroupAttributeFilters to OpaCluster.spec.clusterConfig.userInfo.backend.experimentalActiveDirectory:

apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
spec:
  clusterConfig:
    userInfo:
      backend:
        experimentalActiveDirectory:
          additionalGroupAttributeFilters:
            foo: bar

Any group must match all attributes specified here in order to be included in the UIF report.

Release Note

The OPA user-info-fetcher can now filter Active Directory group membership by LDAP attributes.

Definition of Done Checklist

  • Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
  • Please make sure all these things are done and tick the boxes
# Author
- [x] CRD changes approved
- [x] CRD documentation for all fields, following the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [X] Helm chart can be installed and deployed operator works
- [x] Integration tests passed (for non trivial changes) - (we don't currently have test coverage for AD, but I have tested manually that it works)

# Reviewer
- [ ] Code contains useful comments
- [ ] Code contains useful logging statements
- [ ] (Integration-)Test cases added
- [ ] Documentation added or updated. Follows the [style guide](https://docs.stackable.tech/home/nightly/contributor/docs/style-guide).
- [ ] Changelog updated
- [ ] Cargo.toml only contains references to git tags (not specific commits or branches)

# Acceptance
- [ ] Feature Tracker has been updated
- [ ] Proper release label has been added
- [ ] [Roadmap](https://github.com/orgs/stackabletech/projects/25/views/1) has been updated

@nightkr nightkr self-assigned this Feb 25, 2025
@nightkr
Copy link
Contributor Author

nightkr commented Feb 25, 2025

Putting the CRD change decision into RFC.

sbernauer
sbernauer previously approved these changes Feb 25, 2025
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRD and code LGTM. Let's wait for the decision

@sbernauer
Copy link
Member

sbernauer commented Feb 26, 2025

WDYT of calling it additionalGroupAttributeFilters instead of customGroupAttributeFilters?

@nightkr
Copy link
Contributor Author

nightkr commented Feb 26, 2025

Accepted during the meeting, with @sbernauer's suggestion.

@nightkr nightkr requested a review from sbernauer February 26, 2025 15:04
sbernauer
sbernauer approved these changes Feb 26, 2025
View reviewed changes
Copy link
Member

@sbernauer sbernauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Was waiting for you to resolve the conflicts ^^

@nightkr nightkr enabled auto-merge February 26, 2025 15:07
@nightkr nightkr added this pull request to the merge queue Feb 26, 2025
Merged via the queue into main with commit f70a89a Feb 26, 2025
17 checks passed
@nightkr nightkr deleted the feature/group-filter branch February 26, 2025 15:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbernauer sbernauer sbernauer approved these changes

Assignees

@nightkr nightkr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Active Directory UIF: Support filtering queried groups

3 participants

@nightkr @sbernauer