cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [cloudstack] DaanHoogland commented on a change in pull request #3694: Ldap fixes
Date Fri, 20 Dec 2019 14:44:17 GMT
DaanHoogland commented on a change in pull request #3694: Ldap fixes
URL: https://github.com/apache/cloudstack/pull/3694#discussion_r360401916
 
 

 ##########
 File path: plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LdapListUsersCmd.java
 ##########
 @@ -104,20 +241,251 @@ public long getEntityOwnerId() {
         return Account.ACCOUNT_ID_SYSTEM;
     }
 
-    private String getListType() {
+    String getListTypeString() {
         return listType == null ? "all" : listType;
     }
 
-    private boolean isACloudstackUser(final LdapUser ldapUser) {
-        final ListResponse<UserResponse> response = _queryService.searchForUsers(new
ListUsersCmd());
-        final List<UserResponse> cloudstackUsers = response.getResponses();
+    String getUserFilterString() {
+        return userFilter == null ? getListTypeString() == null ? "NoFilter" : getListTypeString().equals("all")
? "NoFilter" : "AnyDomain" : userFilter;
+    }
+
+    UserFilter getUserFilter() {
+        return UserFilter.fromString(getUserFilterString());
+    }
+
+    boolean isACloudstackUser(final LdapUser ldapUser) {
+        boolean rc = false;
+        final List<UserResponse> cloudstackUsers = getCloudstackUsers();
+        if (cloudstackUsers != null) {
+            for (final UserResponse cloudstackUser : cloudstackUsers) {
+                if (ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+                    if(s_logger.isTraceEnabled()) {
+                        s_logger.trace(String.format("found user %s in cloudstack", ldapUser.getUsername()));
+                    }
+
+                    rc = true;
+                } else {
+                    if(s_logger.isTraceEnabled()) {
+                        s_logger.trace(String.format("ldap user %s does not match cloudstack
user", ldapUser.getUsername(), cloudstackUser.getUsername()));
+                    }
+                }
+            }
+        }
+        return rc;
+    }
+
+    boolean isACloudstackUser(final LdapUserResponse ldapUser) {
+        if(s_logger.isTraceEnabled()) {
+            s_logger.trace("checking response : " + ldapUser.toString());
+        }
+        final List<UserResponse> cloudstackUsers = getCloudstackUsers();
         if (cloudstackUsers != null && cloudstackUsers.size() != 0) {
-            for (final UserResponse cloudstackUser : response.getResponses()) {
+            for (final UserResponse cloudstackUser : cloudstackUsers) {
                 if (ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+                    if(s_logger.isTraceEnabled()) {
+                        s_logger.trace(String.format("found user %s in cloudstack", ldapUser.getUsername()));
+                    }
                     return true;
+                } else {
+                    if(s_logger.isTraceEnabled()) {
+                        s_logger.trace(String.format("ldap user %s does not match cloudstack
user", ldapUser.getUsername(), cloudstackUser.getUsername()));
+                    }
                 }
             }
         }
         return false;
     }
+    /**
+     * typecheck for userfilter values
+     */
+    enum UserFilter {
+        NO_FILTER("NoFilter"),
+        LOCAL_DOMAIN("LocalDomain"),
+        ANY_DOMAIN("AnyDomain"),
+        POTENTIAL_IMPORT("PotentialImport");
+
+        private final String value;
+
+        UserFilter(String val) {
+            this.value = val;
+        }
+
+        static UserFilter fromString(String val) {
+            if(NO_FILTER.toString().equalsIgnoreCase(val)) {
+                return NO_FILTER;
+            } else if (LOCAL_DOMAIN.toString().equalsIgnoreCase(val)) {
+                return LOCAL_DOMAIN;
+            } else if(ANY_DOMAIN.toString().equalsIgnoreCase(val)) {
+                return ANY_DOMAIN;
+            } else if(POTENTIAL_IMPORT.toString().equalsIgnoreCase(val)) {
+                return POTENTIAL_IMPORT;
+            } else {
+                throw new IllegalArgumentException(String.format("%s is not a legal 'UserFilter'
value", val));
+            }
+        }
+
+        @Override public String toString() {
+            return value;
+        }
+    }
+
+    /**
+     * no filtering but improve with annotation of source for existing ACS users
+     * @param input ldap response list of users
+     * @return unfiltered list of the input list of ldap users
+     */
+    public List<LdapUserResponse> filterNoFilter(List<LdapUserResponse> input)
{
+        if(s_logger.isTraceEnabled()) {
+            s_logger.trace("returning unfiltered list of ldap users");
+        }
+        annotateUserListWithSources(input);
+        return input;
+    }
+
+    /**
+     * filter the list of ldap users. no users visible to the caller should be in the returned
list
+     * @param input ldap response list of users
+     * @return a list of ldap users not already in ACS
+     */
+    public List<LdapUserResponse> filterAnyDomain(List<LdapUserResponse> input)
{
+        if(s_logger.isTraceEnabled()) {
+            s_logger.trace("filtering existing users");
+        }
+        final List<LdapUserResponse> ldapResponses = new ArrayList<LdapUserResponse>();
+        for (final LdapUserResponse user : input) {
+
+            if (isNotAlreadyImportedInTheCurrentDomain(user)) {
+                ldapResponses.add(user);
+            }
+        }
+        annotateUserListWithSources(ldapResponses);
+
+        return ldapResponses;
+    }
+
+    private boolean isNotAlreadyImportedInTheCurrentDomain(LdapUserResponse user) {
 
 Review comment:
   :) true unless, adding a short javadoc

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message