Add group_search_filter, user_search_filter, and start_tls to LDAP Auth Config (#1173)

Author: eliyamlevy

rancher2/schema_auth_config_ldap.go

@@ -39,6 +39,10 @@ func authConfigLdapFields() map[string]*schema.Schema {
 			Type:     schema.TypeString,
 			Required: true,
 		},
+		"user_search_filter": {
+			Type:     schema.TypeString,
+			Optional: true,
+		},
 		"certificate": {
 			Type:         schema.TypeString,
 			Optional:     true,
@@ -89,6 +93,10 @@ func authConfigLdapFields() map[string]*schema.Schema {
 			Optional: true,
 			Computed: true,
 		},
+		"group_search_filter": {
+			Type:     schema.TypeString,
+			Optional: true,
+		},
 		"nested_group_membership_enabled": {
 			Type:     schema.TypeBool,
 			Optional: true,
@@ -139,6 +147,11 @@ func authConfigLdapFields() map[string]*schema.Schema {
 			Optional: true,
 			Computed: true,
 		},
+		"start_tls": {
+			Type:     schema.TypeBool,
+			Optional: true,
+			Computed: true,
+		},
 	}
 
 	for k, v := range authConfigFields() {

rancher2/structure_auth_config_ldap.go

@@ -33,7 +33,6 @@ func flattenAuthConfigLdap(d *schema.ResourceData, in *managementClient.LdapConf
 	}
 
 	d.Set("service_account_distinguished_name", in.ServiceAccountDistinguishedName)
-	d.Set("user_search_base", in.UserSearchBase)
 	d.Set("certificate", Base64Encode(in.Certificate))
 	d.Set("connection_timeout", int(in.ConnectionTimeout))
 	d.Set("group_dn_attribute", in.GroupDNAttribute)
@@ -43,16 +42,20 @@ func flattenAuthConfigLdap(d *schema.ResourceData, in *managementClient.LdapConf
 	d.Set("group_object_class", in.GroupObjectClass)
 	d.Set("group_search_attribute", in.GroupSearchAttribute)
 	d.Set("group_search_base", in.GroupSearchBase)
+	d.Set("group_search_filter", in.GroupSearchFilter)
 	d.Set("nested_group_membership_enabled", in.NestedGroupMembershipEnabled)
 	d.Set("port", int(in.Port))
 	d.Set("tls", in.TLS)
+	d.Set("start_tls", in.StartTLS)
 	d.Set("user_disabled_bit_mask", int(in.UserDisabledBitMask))
 	d.Set("user_enabled_attribute", in.UserEnabledAttribute)
 	d.Set("user_login_attribute", in.UserLoginAttribute)
 	d.Set("user_member_attribute", in.UserMemberAttribute)
 	d.Set("user_name_attribute", in.UserNameAttribute)
 	d.Set("user_object_class", in.UserObjectClass)
 	d.Set("user_search_attribute", in.UserSearchAttribute)
+	d.Set("user_search_base", in.UserSearchBase)
+	d.Set("user_search_filter", in.UserSearchFilter)
 
 	return nil
 }
@@ -105,6 +108,10 @@ func expandAuthConfigLdap(in *schema.ResourceData) (*managementClient.LdapConfig
 		obj.UserSearchBase = v
 	}
 
+	if v, ok := in.Get("user_search_filter").(string); ok && len(v) > 0 {
+		obj.UserSearchFilter = v
+	}
+
 	if v, ok := in.Get("certificate").(string); ok && len(v) > 0 {
 		cert, err := Base64Decode(v)
 		if err != nil {
@@ -145,6 +152,10 @@ func expandAuthConfigLdap(in *schema.ResourceData) (*managementClient.LdapConfig
 		obj.GroupSearchBase = v
 	}
 
+	if v, ok := in.Get("group_search_filter").(string); ok && len(v) > 0 {
+		obj.GroupSearchFilter = v
+	}
+
 	if v, ok := in.Get("nested_group_membership_enabled").(bool); ok {
 		obj.NestedGroupMembershipEnabled = v
 	}
@@ -157,6 +168,10 @@ func expandAuthConfigLdap(in *schema.ResourceData) (*managementClient.LdapConfig
 		obj.TLS = v
 	}
 
+	if v, ok := in.Get("start_tls").(bool); ok {
+		obj.StartTLS = v
+	}
+
 	if v, ok := in.Get("user_disabled_bit_mask").(int); ok && v > 0 {
 		obj.UserDisabledBitMask = int64(v)
 	}

rancher2/structure_auth_config_ldap_test.go

@@ -30,15 +30,18 @@ func init() {
 		GroupObjectClass:                "group_object_class",
 		GroupSearchAttribute:            "group_search_attribute",
 		GroupSearchBase:                 "group_search_base",
+		GroupSearchFilter:               "(cn=$SEARCH_STRING)",
 		NestedGroupMembershipEnabled:    true,
 		Port:                            389,
 		TLS:                             true,
+		StartTLS:                        true,
 		UserDisabledBitMask:             0,
 		UserLoginAttribute:              "user_login_attribute",
 		UserMemberAttribute:             "user_member_attribute",
 		UserNameAttribute:               "user_name_attribute",
 		UserObjectClass:                 "user_object_class",
 		UserSearchAttribute:             "user_search_attribute",
+		UserSearchFilter:                "(|(cn=$SEARCH_STRING)(sAMAccountName=$SEARCH_STRING))",
 	}
 	testAuthConfigLdapInterface = map[string]interface{}{
 		"access_mode":                        "access",
@@ -56,15 +59,18 @@ func init() {
 		"group_object_class":                 "group_object_class",
 		"group_search_attribute":             "group_search_attribute",
 		"group_search_base":                  "group_search_base",
+		"group_search_filter":                "(cn=$SEARCH_STRING)",
 		"nested_group_membership_enabled":    true,
 		"port":                               389,
 		"tls":                                true,
+		"start_tls":                          true,
 		"user_disabled_bit_mask":             0,
 		"user_login_attribute":               "user_login_attribute",
 		"user_member_attribute":              "user_member_attribute",
 		"user_name_attribute":                "user_name_attribute",
 		"user_object_class":                  "user_object_class",
 		"user_search_attribute":              "user_search_attribute",
+		"user_search_filter":                 "(|(cn=$SEARCH_STRING)(sAMAccountName=$SEARCH_STRING))",
 	}
 }