trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

outposts/ldap: fix logic error in cached ldap searcher 

closes #1779

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-11 23:18:32 +01:00
parent 53905d1a89
commit e7b4363d21
6 changed files with 23 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
internal/outpost/ak/api.go
View File

@ -10,7 +10,6 @@ import (
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/google/uuid" "github.com/google/uuid"
"github.com/pkg/errors"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/recws-org/recws" "github.com/recws-org/recws"
"goauthentik.io/api" "goauthentik.io/api"
@ -119,7 +118,7 @@ func (a *APIController) OnRefresh() error {
} }
a.Outpost = outposts.Results[0] a.Outpost = outposts.Results[0]
log.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration") a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
return a.Server.Refresh() return a.Server.Refresh()
} }
@ -131,20 +130,8 @@ func (a *APIController) StartBackgorundTasks() error {
"version": constants.VERSION, "version": constants.VERSION,
"build": constants.BUILD(), "build": constants.BUILD(),
}).Set(1) }).Set(1)
err := a.OnRefresh()
if err != nil {
return errors.Wrap(err, "failed to run initial refresh")
} else {
LastUpdate.With(prometheus.Labels{
"uuid": a.instanceUUID.String(),
"outpost_name": a.Outpost.Name,
"outpost_type": a.Server.Type(),
"version": constants.VERSION,
"build": constants.BUILD(),
}).SetToCurrentTime()
}
go func() { go func() {
a.logger.Debug("Starting WS reconnector...") a.logger.Debug("Starting WS re-connector...")
a.startWSReConnector() a.startWSReConnector()
}() }()
go func() { go func() {

2
internal/outpost/ak/global.go
View File

@ -32,7 +32,7 @@ func doGlobalSetup(config map[string]interface{}) {
default: default:
log.SetLevel(log.DebugLevel) log.SetLevel(log.DebugLevel)
} }
log.WithField("buildHash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost") log.WithField("logger", "authentik.outpost").WithField("hash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost")
sentryEnv := "customer-outpost" sentryEnv := "customer-outpost"
sentryEnable := true sentryEnable := true

6
internal/outpost/ldap/metrics/metrics.go
View File

@ -3,6 +3,8 @@ package metrics
import ( import (
"net/http" "net/http"
log "github.com/sirupsen/logrus"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto" "github.com/prometheus/client_golang/prometheus/promauto"
@ -26,7 +28,9 @@ func RunServer() {
rw.WriteHeader(204) rw.WriteHeader(204)
}) })
m.Path("/metrics").Handler(promhttp.Handler()) m.Path("/metrics").Handler(promhttp.Handler())
err := http.ListenAndServe("0.0.0.0:9300", m) listen := "0.0.0.0:9300"
log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server")
err := http.ListenAndServe(listen, m)
if err != nil { if err != nil {
panic(err) panic(err)
} }

8
internal/outpost/ldap/search/memory/fetch.go
View File

@ -15,7 +15,7 @@ func (ms *MemorySearcher) FetchUsers() []api.User {
ms.log.WithError(err).Warning("failed to update users") ms.log.WithError(err).Warning("failed to update users")
return nil, err return nil, err
} }
ms.log.WithField("page", page).Debug("fetched users") ms.log.WithField("page", page).WithField("count", len(users.Results)).Debug("fetched users")
return &users, nil return &users, nil
} }
page := 1 page := 1
@ -25,12 +25,12 @@ func (ms *MemorySearcher) FetchUsers() []api.User {
if err != nil { if err != nil {
return users return users
} }
users = append(users, apiUsers.Results...)
if apiUsers.Pagination.Next > 0 { if apiUsers.Pagination.Next > 0 {
page += 1 page += 1
} else { } else {
break break
} }
users = append(users, apiUsers.Results...)
} }
return users return users
} }
@ -42,7 +42,7 @@ func (ms *MemorySearcher) FetchGroups() []api.Group {
ms.log.WithError(err).Warning("failed to update groups") ms.log.WithError(err).Warning("failed to update groups")
return nil, err return nil, err
} }
ms.log.WithField("page", page).Debug("fetched groups") ms.log.WithField("page", page).WithField("count", len(groups.Results)).Debug("fetched groups")
return &groups, nil return &groups, nil
} }
page := 1 page := 1
@ -52,12 +52,12 @@ func (ms *MemorySearcher) FetchGroups() []api.Group {
if err != nil { if err != nil {
return groups return groups
} }
groups = append(groups, apiGroups.Results...)
if apiGroups.Pagination.Next > 0 { if apiGroups.Pagination.Next > 0 {
page += 1 page += 1
} else { } else {
break break
} }
groups = append(groups, apiGroups.Results...)
} }
return groups return groups
} }

40
internal/outpost/ldap/search/memory/memory.go
View File

@ -4,7 +4,6 @@ import (
"errors" "errors"
"fmt" "fmt"
"strings" "strings"
"sync"
"github.com/getsentry/sentry-go" "github.com/getsentry/sentry-go"
"github.com/nmcclain/ldap" "github.com/nmcclain/ldap"
@ -115,18 +114,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
} }
accsp.Finish() accsp.Finish()
// parsedFilter, err := ldap.CompileFilter(req.Filter)
// if err != nil {
// metrics.RequestsRejected.With(prometheus.Labels{
// "outpost_name": ms.si.GetOutpostName(),
// "type": "search",
// "reason": "filter_parse_fail",
// "dn": req.BindDN,
// "client": req.RemoteAddr(),
// }).Inc()
// return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter)
// }
switch filterEntity { switch filterEntity {
default: default:
metrics.RequestsRejected.With(prometheus.Labels{ metrics.RequestsRejected.With(prometheus.Labels{
@ -144,27 +131,12 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
case constants.OCAKVirtualGroup: case constants.OCAKVirtualGroup:
fallthrough fallthrough
case constants.OCGroup: case constants.OCGroup:
wg := sync.WaitGroup{} for _, g := range ms.groups {
wg.Add(2) entries = append(entries, group.FromAPIGroup(g, ms.si).Entry())
}
gEntries := make([]*ldap.Entry, 0) for _, u := range ms.users {
uEntries := make([]*ldap.Entry, 0) entries = append(entries, group.FromAPIUser(u, ms.si).Entry())
}
go func() {
defer wg.Done()
for _, g := range ms.groups {
gEntries = append(gEntries, group.FromAPIGroup(g, ms.si).Entry())
}
}()
go func() {
defer wg.Done()
for _, u := range ms.users {
uEntries = append(uEntries, group.FromAPIUser(u, ms.si).Entry())
}
}()
wg.Wait()
entries = append(gEntries, uEntries...)
case "": case "":
fallthrough fallthrough
case constants.OCOrgPerson: case constants.OCOrgPerson:

6
internal/outpost/proxyv2/metrics/metrics.go
View File

@ -3,6 +3,8 @@ package metrics
import ( import (
"net/http" "net/http"
log "github.com/sirupsen/logrus"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto" "github.com/prometheus/client_golang/prometheus/promauto"
@ -26,7 +28,9 @@ func RunServer() {
rw.WriteHeader(204) rw.WriteHeader(204)
}) })
m.Path("/metrics").Handler(promhttp.Handler()) m.Path("/metrics").Handler(promhttp.Handler())
err := http.ListenAndServe("0.0.0.0:9300", m) listen := "0.0.0.0:9300"
log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server")
err := http.ListenAndServe(listen, m)
if err != nil { if err != nil {
panic(err) panic(err)
} }