outposts/ldap: fix logic error in cached ldap searcher
closes #1779 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
53905d1a89
commit
e7b4363d21
|
@ -10,7 +10,6 @@ import (
|
||||||
|
|
||||||
"github.com/go-openapi/strfmt"
|
"github.com/go-openapi/strfmt"
|
||||||
"github.com/google/uuid"
|
"github.com/google/uuid"
|
||||||
"github.com/pkg/errors"
|
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/recws-org/recws"
|
"github.com/recws-org/recws"
|
||||||
"goauthentik.io/api"
|
"goauthentik.io/api"
|
||||||
|
@ -119,7 +118,7 @@ func (a *APIController) OnRefresh() error {
|
||||||
}
|
}
|
||||||
a.Outpost = outposts.Results[0]
|
a.Outpost = outposts.Results[0]
|
||||||
|
|
||||||
log.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
|
a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
|
||||||
return a.Server.Refresh()
|
return a.Server.Refresh()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -131,20 +130,8 @@ func (a *APIController) StartBackgorundTasks() error {
|
||||||
"version": constants.VERSION,
|
"version": constants.VERSION,
|
||||||
"build": constants.BUILD(),
|
"build": constants.BUILD(),
|
||||||
}).Set(1)
|
}).Set(1)
|
||||||
err := a.OnRefresh()
|
|
||||||
if err != nil {
|
|
||||||
return errors.Wrap(err, "failed to run initial refresh")
|
|
||||||
} else {
|
|
||||||
LastUpdate.With(prometheus.Labels{
|
|
||||||
"uuid": a.instanceUUID.String(),
|
|
||||||
"outpost_name": a.Outpost.Name,
|
|
||||||
"outpost_type": a.Server.Type(),
|
|
||||||
"version": constants.VERSION,
|
|
||||||
"build": constants.BUILD(),
|
|
||||||
}).SetToCurrentTime()
|
|
||||||
}
|
|
||||||
go func() {
|
go func() {
|
||||||
a.logger.Debug("Starting WS reconnector...")
|
a.logger.Debug("Starting WS re-connector...")
|
||||||
a.startWSReConnector()
|
a.startWSReConnector()
|
||||||
}()
|
}()
|
||||||
go func() {
|
go func() {
|
||||||
|
|
|
@ -32,7 +32,7 @@ func doGlobalSetup(config map[string]interface{}) {
|
||||||
default:
|
default:
|
||||||
log.SetLevel(log.DebugLevel)
|
log.SetLevel(log.DebugLevel)
|
||||||
}
|
}
|
||||||
log.WithField("buildHash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost")
|
log.WithField("logger", "authentik.outpost").WithField("hash", constants.BUILD()).WithField("version", constants.VERSION).Info("Starting authentik outpost")
|
||||||
|
|
||||||
sentryEnv := "customer-outpost"
|
sentryEnv := "customer-outpost"
|
||||||
sentryEnable := true
|
sentryEnable := true
|
||||||
|
|
|
@ -3,6 +3,8 @@ package metrics
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||||
|
@ -26,7 +28,9 @@ func RunServer() {
|
||||||
rw.WriteHeader(204)
|
rw.WriteHeader(204)
|
||||||
})
|
})
|
||||||
m.Path("/metrics").Handler(promhttp.Handler())
|
m.Path("/metrics").Handler(promhttp.Handler())
|
||||||
err := http.ListenAndServe("0.0.0.0:9300", m)
|
listen := "0.0.0.0:9300"
|
||||||
|
log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server")
|
||||||
|
err := http.ListenAndServe(listen, m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,7 @@ func (ms *MemorySearcher) FetchUsers() []api.User {
|
||||||
ms.log.WithError(err).Warning("failed to update users")
|
ms.log.WithError(err).Warning("failed to update users")
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
ms.log.WithField("page", page).Debug("fetched users")
|
ms.log.WithField("page", page).WithField("count", len(users.Results)).Debug("fetched users")
|
||||||
return &users, nil
|
return &users, nil
|
||||||
}
|
}
|
||||||
page := 1
|
page := 1
|
||||||
|
@ -25,12 +25,12 @@ func (ms *MemorySearcher) FetchUsers() []api.User {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return users
|
return users
|
||||||
}
|
}
|
||||||
|
users = append(users, apiUsers.Results...)
|
||||||
if apiUsers.Pagination.Next > 0 {
|
if apiUsers.Pagination.Next > 0 {
|
||||||
page += 1
|
page += 1
|
||||||
} else {
|
} else {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
users = append(users, apiUsers.Results...)
|
|
||||||
}
|
}
|
||||||
return users
|
return users
|
||||||
}
|
}
|
||||||
|
@ -42,7 +42,7 @@ func (ms *MemorySearcher) FetchGroups() []api.Group {
|
||||||
ms.log.WithError(err).Warning("failed to update groups")
|
ms.log.WithError(err).Warning("failed to update groups")
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
ms.log.WithField("page", page).Debug("fetched groups")
|
ms.log.WithField("page", page).WithField("count", len(groups.Results)).Debug("fetched groups")
|
||||||
return &groups, nil
|
return &groups, nil
|
||||||
}
|
}
|
||||||
page := 1
|
page := 1
|
||||||
|
@ -52,12 +52,12 @@ func (ms *MemorySearcher) FetchGroups() []api.Group {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return groups
|
return groups
|
||||||
}
|
}
|
||||||
|
groups = append(groups, apiGroups.Results...)
|
||||||
if apiGroups.Pagination.Next > 0 {
|
if apiGroups.Pagination.Next > 0 {
|
||||||
page += 1
|
page += 1
|
||||||
} else {
|
} else {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
groups = append(groups, apiGroups.Results...)
|
|
||||||
}
|
}
|
||||||
return groups
|
return groups
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
|
||||||
|
|
||||||
"github.com/getsentry/sentry-go"
|
"github.com/getsentry/sentry-go"
|
||||||
"github.com/nmcclain/ldap"
|
"github.com/nmcclain/ldap"
|
||||||
|
@ -115,18 +114,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
}
|
}
|
||||||
accsp.Finish()
|
accsp.Finish()
|
||||||
|
|
||||||
// parsedFilter, err := ldap.CompileFilter(req.Filter)
|
|
||||||
// if err != nil {
|
|
||||||
// metrics.RequestsRejected.With(prometheus.Labels{
|
|
||||||
// "outpost_name": ms.si.GetOutpostName(),
|
|
||||||
// "type": "search",
|
|
||||||
// "reason": "filter_parse_fail",
|
|
||||||
// "dn": req.BindDN,
|
|
||||||
// "client": req.RemoteAddr(),
|
|
||||||
// }).Inc()
|
|
||||||
// return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter)
|
|
||||||
// }
|
|
||||||
|
|
||||||
switch filterEntity {
|
switch filterEntity {
|
||||||
default:
|
default:
|
||||||
metrics.RequestsRejected.With(prometheus.Labels{
|
metrics.RequestsRejected.With(prometheus.Labels{
|
||||||
|
@ -144,27 +131,12 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
case constants.OCAKVirtualGroup:
|
case constants.OCAKVirtualGroup:
|
||||||
fallthrough
|
fallthrough
|
||||||
case constants.OCGroup:
|
case constants.OCGroup:
|
||||||
wg := sync.WaitGroup{}
|
for _, g := range ms.groups {
|
||||||
wg.Add(2)
|
entries = append(entries, group.FromAPIGroup(g, ms.si).Entry())
|
||||||
|
}
|
||||||
gEntries := make([]*ldap.Entry, 0)
|
for _, u := range ms.users {
|
||||||
uEntries := make([]*ldap.Entry, 0)
|
entries = append(entries, group.FromAPIUser(u, ms.si).Entry())
|
||||||
|
}
|
||||||
go func() {
|
|
||||||
defer wg.Done()
|
|
||||||
for _, g := range ms.groups {
|
|
||||||
gEntries = append(gEntries, group.FromAPIGroup(g, ms.si).Entry())
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
go func() {
|
|
||||||
defer wg.Done()
|
|
||||||
for _, u := range ms.users {
|
|
||||||
uEntries = append(uEntries, group.FromAPIUser(u, ms.si).Entry())
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
wg.Wait()
|
|
||||||
entries = append(gEntries, uEntries...)
|
|
||||||
case "":
|
case "":
|
||||||
fallthrough
|
fallthrough
|
||||||
case constants.OCOrgPerson:
|
case constants.OCOrgPerson:
|
||||||
|
|
|
@ -3,6 +3,8 @@ package metrics
|
||||||
import (
|
import (
|
||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
|
log "github.com/sirupsen/logrus"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/prometheus/client_golang/prometheus/promauto"
|
"github.com/prometheus/client_golang/prometheus/promauto"
|
||||||
|
@ -26,7 +28,9 @@ func RunServer() {
|
||||||
rw.WriteHeader(204)
|
rw.WriteHeader(204)
|
||||||
})
|
})
|
||||||
m.Path("/metrics").Handler(promhttp.Handler())
|
m.Path("/metrics").Handler(promhttp.Handler())
|
||||||
err := http.ListenAndServe("0.0.0.0:9300", m)
|
listen := "0.0.0.0:9300"
|
||||||
|
log.WithField("logger", "authentik.outpost.metrics").WithField("listen", listen).Info("Starting Metrics server")
|
||||||
|
err := http.ListenAndServe(listen, m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
Reference in a new issue