DaanHoogland commented on a change in pull request #3694: Ldap fixes
URL: https://github.com/apache/cloudstack/pull/3694#discussion_r360401916
##########
File path:
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LdapListUsersCmd.java
##########
@@ -104,20 +241,251 @@ public long getEntityOwnerId() {
return Account.ACCOUNT_ID_SYSTEM;
}
- private String getListType() {
+ String getListTypeString() {
return listType == null ? "all" : listType;
}
- private boolean isACloudstackUser(final LdapUser ldapUser) {
- final ListResponse<UserResponse> response =
_queryService.searchForUsers(new ListUsersCmd());
- final List<UserResponse> cloudstackUsers = response.getResponses();
+ String getUserFilterString() {
+ return userFilter == null ? getListTypeString() == null ? "NoFilter" :
getListTypeString().equals("all") ? "NoFilter" : "AnyDomain" : userFilter;
+ }
+
+ UserFilter getUserFilter() {
+ return UserFilter.fromString(getUserFilterString());
+ }
+
+ boolean isACloudstackUser(final LdapUser ldapUser) {
+ boolean rc = false;
+ final List<UserResponse> cloudstackUsers = getCloudstackUsers();
+ if (cloudstackUsers != null) {
+ for (final UserResponse cloudstackUser : cloudstackUsers) {
+ if
(ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace(String.format("found user %s in
cloudstack", ldapUser.getUsername()));
+ }
+
+ rc = true;
+ } else {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace(String.format("ldap user %s does not
match cloudstack user", ldapUser.getUsername(), cloudstackUser.getUsername()));
+ }
+ }
+ }
+ }
+ return rc;
+ }
+
+ boolean isACloudstackUser(final LdapUserResponse ldapUser) {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace("checking response : " + ldapUser.toString());
+ }
+ final List<UserResponse> cloudstackUsers = getCloudstackUsers();
if (cloudstackUsers != null && cloudstackUsers.size() != 0) {
- for (final UserResponse cloudstackUser : response.getResponses()) {
+ for (final UserResponse cloudstackUser : cloudstackUsers) {
if
(ldapUser.getUsername().equals(cloudstackUser.getUsername())) {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace(String.format("found user %s in
cloudstack", ldapUser.getUsername()));
+ }
return true;
+ } else {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace(String.format("ldap user %s does not
match cloudstack user", ldapUser.getUsername(), cloudstackUser.getUsername()));
+ }
}
}
}
return false;
}
+ /**
+ * typecheck for userfilter values
+ */
+ enum UserFilter {
+ NO_FILTER("NoFilter"),
+ LOCAL_DOMAIN("LocalDomain"),
+ ANY_DOMAIN("AnyDomain"),
+ POTENTIAL_IMPORT("PotentialImport");
+
+ private final String value;
+
+ UserFilter(String val) {
+ this.value = val;
+ }
+
+ static UserFilter fromString(String val) {
+ if(NO_FILTER.toString().equalsIgnoreCase(val)) {
+ return NO_FILTER;
+ } else if (LOCAL_DOMAIN.toString().equalsIgnoreCase(val)) {
+ return LOCAL_DOMAIN;
+ } else if(ANY_DOMAIN.toString().equalsIgnoreCase(val)) {
+ return ANY_DOMAIN;
+ } else if(POTENTIAL_IMPORT.toString().equalsIgnoreCase(val)) {
+ return POTENTIAL_IMPORT;
+ } else {
+ throw new IllegalArgumentException(String.format("%s is not a
legal 'UserFilter' value", val));
+ }
+ }
+
+ @Override public String toString() {
+ return value;
+ }
+ }
+
+ /**
+ * no filtering but improve with annotation of source for existing ACS
users
+ * @param input ldap response list of users
+ * @return unfiltered list of the input list of ldap users
+ */
+ public List<LdapUserResponse> filterNoFilter(List<LdapUserResponse> input)
{
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace("returning unfiltered list of ldap users");
+ }
+ annotateUserListWithSources(input);
+ return input;
+ }
+
+ /**
+ * filter the list of ldap users. no users visible to the caller should be
in the returned list
+ * @param input ldap response list of users
+ * @return a list of ldap users not already in ACS
+ */
+ public List<LdapUserResponse> filterAnyDomain(List<LdapUserResponse>
input) {
+ if(s_logger.isTraceEnabled()) {
+ s_logger.trace("filtering existing users");
+ }
+ final List<LdapUserResponse> ldapResponses = new
ArrayList<LdapUserResponse>();
+ for (final LdapUserResponse user : input) {
+
+ if (isNotAlreadyImportedInTheCurrentDomain(user)) {
+ ldapResponses.add(user);
+ }
+ }
+ annotateUserListWithSources(ldapResponses);
+
+ return ldapResponses;
+ }
+
+ private boolean isNotAlreadyImportedInTheCurrentDomain(LdapUserResponse
user) {
Review comment:
:) true unless, adding a short javadoc
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
