From 58266c9e2ca35aac5dbb5d56fe0c6f0ae7b1df87 Mon Sep 17 00:00:00 2001 From: Aditya Manthramurthy Date: Thu, 16 Mar 2023 11:58:59 -0700 Subject: [PATCH] Add enable flag for LDAP IDP config (#16805) --- cmd/admin-handlers-idp-config.go | 2 +- cmd/api-errors.go | 6 + cmd/apierrorcode_string.go | 249 ++++++++++++------------ internal/config/identity/ldap/config.go | 14 ++ 4 files changed, 146 insertions(+), 125 deletions(-) diff --git a/cmd/admin-handlers-idp-config.go b/cmd/admin-handlers-idp-config.go index 21067fc75..98973b182 100644 --- a/cmd/admin-handlers-idp-config.go +++ b/cmd/admin-handlers-idp-config.go @@ -86,7 +86,7 @@ func (a adminAPIHandlers) addOrUpdateIDPHandler(ctx context.Context, w http.Resp if idpCfgType == madmin.LDAPIDPCfg && cfgName != madmin.Default { // LDAP does not support multiple configurations. So cfgName must be // empty or `madmin.Default`. - writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL) + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigLDAPNonDefaultConfigName), r.URL) return } } diff --git a/cmd/api-errors.go b/cmd/api-errors.go index 31d970190..c77c9ca2b 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -281,6 +281,7 @@ const ( ErrAdminConfigEnvOverridden ErrAdminConfigDuplicateKeys ErrAdminConfigInvalidIDPType + ErrAdminConfigLDAPNonDefaultConfigName ErrAdminConfigLDAPValidation ErrAdminConfigIDPCfgNameAlreadyExists ErrAdminConfigIDPCfgNameDoesNotExist @@ -1333,6 +1334,11 @@ var errorCodes = errorCodeMap{ Description: fmt.Sprintf("Invalid IDP configuration type - must be one of %v", madmin.ValidIDPConfigTypes), HTTPStatusCode: http.StatusBadRequest, }, + ErrAdminConfigLDAPNonDefaultConfigName: { + Code: "XMinioAdminConfigLDAPNonDefaultConfigName", + Description: "Only a single LDAP configuration is supported - config name must be empty or `_`", + HTTPStatusCode: http.StatusBadRequest, + }, ErrAdminConfigLDAPValidation: { Code: "XMinioAdminConfigLDAPValidation", Description: "LDAP Configuration validation failed", diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go index 5805d4668..870fabb5f 100644 --- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -194,133 +194,134 @@ func _() { _ = x[ErrAdminConfigEnvOverridden-183] _ = x[ErrAdminConfigDuplicateKeys-184] _ = x[ErrAdminConfigInvalidIDPType-185] - _ = x[ErrAdminConfigLDAPValidation-186] - _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-187] - _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-188] - _ = x[ErrAdminCredentialsMismatch-189] - _ = x[ErrInsecureClientRequest-190] - _ = x[ErrObjectTampered-191] - _ = x[ErrSiteReplicationInvalidRequest-192] - _ = x[ErrSiteReplicationPeerResp-193] - _ = x[ErrSiteReplicationBackendIssue-194] - _ = x[ErrSiteReplicationServiceAccountError-195] - _ = x[ErrSiteReplicationBucketConfigError-196] - _ = x[ErrSiteReplicationBucketMetaError-197] - _ = x[ErrSiteReplicationIAMError-198] - _ = x[ErrSiteReplicationConfigMissing-199] - _ = x[ErrAdminRebalanceAlreadyStarted-200] - _ = x[ErrAdminRebalanceNotStarted-201] - _ = x[ErrAdminBucketQuotaExceeded-202] - _ = x[ErrAdminNoSuchQuotaConfiguration-203] - _ = x[ErrHealNotImplemented-204] - _ = x[ErrHealNoSuchProcess-205] - _ = x[ErrHealInvalidClientToken-206] - _ = x[ErrHealMissingBucket-207] - _ = x[ErrHealAlreadyRunning-208] - _ = x[ErrHealOverlappingPaths-209] - _ = x[ErrIncorrectContinuationToken-210] - _ = x[ErrEmptyRequestBody-211] - _ = x[ErrUnsupportedFunction-212] - _ = x[ErrInvalidExpressionType-213] - _ = x[ErrBusy-214] - _ = x[ErrUnauthorizedAccess-215] - _ = x[ErrExpressionTooLong-216] - _ = x[ErrIllegalSQLFunctionArgument-217] - _ = x[ErrInvalidKeyPath-218] - _ = x[ErrInvalidCompressionFormat-219] - _ = x[ErrInvalidFileHeaderInfo-220] - _ = x[ErrInvalidJSONType-221] - _ = x[ErrInvalidQuoteFields-222] - _ = x[ErrInvalidRequestParameter-223] - _ = x[ErrInvalidDataType-224] - _ = x[ErrInvalidTextEncoding-225] - _ = x[ErrInvalidDataSource-226] - _ = x[ErrInvalidTableAlias-227] - _ = x[ErrMissingRequiredParameter-228] - _ = x[ErrObjectSerializationConflict-229] - _ = x[ErrUnsupportedSQLOperation-230] - _ = x[ErrUnsupportedSQLStructure-231] - _ = x[ErrUnsupportedSyntax-232] - _ = x[ErrUnsupportedRangeHeader-233] - _ = x[ErrLexerInvalidChar-234] - _ = x[ErrLexerInvalidOperator-235] - _ = x[ErrLexerInvalidLiteral-236] - _ = x[ErrLexerInvalidIONLiteral-237] - _ = x[ErrParseExpectedDatePart-238] - _ = x[ErrParseExpectedKeyword-239] - _ = x[ErrParseExpectedTokenType-240] - _ = x[ErrParseExpected2TokenTypes-241] - _ = x[ErrParseExpectedNumber-242] - _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-243] - _ = x[ErrParseExpectedTypeName-244] - _ = x[ErrParseExpectedWhenClause-245] - _ = x[ErrParseUnsupportedToken-246] - _ = x[ErrParseUnsupportedLiteralsGroupBy-247] - _ = x[ErrParseExpectedMember-248] - _ = x[ErrParseUnsupportedSelect-249] - _ = x[ErrParseUnsupportedCase-250] - _ = x[ErrParseUnsupportedCaseClause-251] - _ = x[ErrParseUnsupportedAlias-252] - _ = x[ErrParseUnsupportedSyntax-253] - _ = x[ErrParseUnknownOperator-254] - _ = x[ErrParseMissingIdentAfterAt-255] - _ = x[ErrParseUnexpectedOperator-256] - _ = x[ErrParseUnexpectedTerm-257] - _ = x[ErrParseUnexpectedToken-258] - _ = x[ErrParseUnexpectedKeyword-259] - _ = x[ErrParseExpectedExpression-260] - _ = x[ErrParseExpectedLeftParenAfterCast-261] - _ = x[ErrParseExpectedLeftParenValueConstructor-262] - _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-263] - _ = x[ErrParseExpectedArgumentDelimiter-264] - _ = x[ErrParseCastArity-265] - _ = x[ErrParseInvalidTypeParam-266] - _ = x[ErrParseEmptySelect-267] - _ = x[ErrParseSelectMissingFrom-268] - _ = x[ErrParseExpectedIdentForGroupName-269] - _ = x[ErrParseExpectedIdentForAlias-270] - _ = x[ErrParseUnsupportedCallWithStar-271] - _ = x[ErrParseNonUnaryAgregateFunctionCall-272] - _ = x[ErrParseMalformedJoin-273] - _ = x[ErrParseExpectedIdentForAt-274] - _ = x[ErrParseAsteriskIsNotAloneInSelectList-275] - _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-276] - _ = x[ErrParseInvalidContextForWildcardInSelectList-277] - _ = x[ErrIncorrectSQLFunctionArgumentType-278] - _ = x[ErrValueParseFailure-279] - _ = x[ErrEvaluatorInvalidArguments-280] - _ = x[ErrIntegerOverflow-281] - _ = x[ErrLikeInvalidInputs-282] - _ = x[ErrCastFailed-283] - _ = x[ErrInvalidCast-284] - _ = x[ErrEvaluatorInvalidTimestampFormatPattern-285] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-286] - _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-287] - _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-288] - _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-289] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-290] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-291] - _ = x[ErrEvaluatorBindingDoesNotExist-292] - _ = x[ErrMissingHeaders-293] - _ = x[ErrInvalidColumnIndex-294] - _ = x[ErrAdminConfigNotificationTargetsFailed-295] - _ = x[ErrAdminProfilerNotEnabled-296] - _ = x[ErrInvalidDecompressedSize-297] - _ = x[ErrAddUserInvalidArgument-298] - _ = x[ErrAdminResourceInvalidArgument-299] - _ = x[ErrAdminAccountNotEligible-300] - _ = x[ErrAccountNotEligible-301] - _ = x[ErrAdminServiceAccountNotFound-302] - _ = x[ErrPostPolicyConditionInvalidFormat-303] - _ = x[ErrInvalidChecksum-304] - _ = x[ErrLambdaARNInvalid-305] - _ = x[ErrLambdaARNNotFound-306] - _ = x[apiErrCodeEnd-307] + _ = x[ErrAdminConfigLDAPNonDefaultConfigName-186] + _ = x[ErrAdminConfigLDAPValidation-187] + _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-188] + _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-189] + _ = x[ErrAdminCredentialsMismatch-190] + _ = x[ErrInsecureClientRequest-191] + _ = x[ErrObjectTampered-192] + _ = x[ErrSiteReplicationInvalidRequest-193] + _ = x[ErrSiteReplicationPeerResp-194] + _ = x[ErrSiteReplicationBackendIssue-195] + _ = x[ErrSiteReplicationServiceAccountError-196] + _ = x[ErrSiteReplicationBucketConfigError-197] + _ = x[ErrSiteReplicationBucketMetaError-198] + _ = x[ErrSiteReplicationIAMError-199] + _ = x[ErrSiteReplicationConfigMissing-200] + _ = x[ErrAdminRebalanceAlreadyStarted-201] + _ = x[ErrAdminRebalanceNotStarted-202] + _ = x[ErrAdminBucketQuotaExceeded-203] + _ = x[ErrAdminNoSuchQuotaConfiguration-204] + _ = x[ErrHealNotImplemented-205] + _ = x[ErrHealNoSuchProcess-206] + _ = x[ErrHealInvalidClientToken-207] + _ = x[ErrHealMissingBucket-208] + _ = x[ErrHealAlreadyRunning-209] + _ = x[ErrHealOverlappingPaths-210] + _ = x[ErrIncorrectContinuationToken-211] + _ = x[ErrEmptyRequestBody-212] + _ = x[ErrUnsupportedFunction-213] + _ = x[ErrInvalidExpressionType-214] + _ = x[ErrBusy-215] + _ = x[ErrUnauthorizedAccess-216] + _ = x[ErrExpressionTooLong-217] + _ = x[ErrIllegalSQLFunctionArgument-218] + _ = x[ErrInvalidKeyPath-219] + _ = x[ErrInvalidCompressionFormat-220] + _ = x[ErrInvalidFileHeaderInfo-221] + _ = x[ErrInvalidJSONType-222] + _ = x[ErrInvalidQuoteFields-223] + _ = x[ErrInvalidRequestParameter-224] + _ = x[ErrInvalidDataType-225] + _ = x[ErrInvalidTextEncoding-226] + _ = x[ErrInvalidDataSource-227] + _ = x[ErrInvalidTableAlias-228] + _ = x[ErrMissingRequiredParameter-229] + _ = x[ErrObjectSerializationConflict-230] + _ = x[ErrUnsupportedSQLOperation-231] + _ = x[ErrUnsupportedSQLStructure-232] + _ = x[ErrUnsupportedSyntax-233] + _ = x[ErrUnsupportedRangeHeader-234] + _ = x[ErrLexerInvalidChar-235] + _ = x[ErrLexerInvalidOperator-236] + _ = x[ErrLexerInvalidLiteral-237] + _ = x[ErrLexerInvalidIONLiteral-238] + _ = x[ErrParseExpectedDatePart-239] + _ = x[ErrParseExpectedKeyword-240] + _ = x[ErrParseExpectedTokenType-241] + _ = x[ErrParseExpected2TokenTypes-242] + _ = x[ErrParseExpectedNumber-243] + _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-244] + _ = x[ErrParseExpectedTypeName-245] + _ = x[ErrParseExpectedWhenClause-246] + _ = x[ErrParseUnsupportedToken-247] + _ = x[ErrParseUnsupportedLiteralsGroupBy-248] + _ = x[ErrParseExpectedMember-249] + _ = x[ErrParseUnsupportedSelect-250] + _ = x[ErrParseUnsupportedCase-251] + _ = x[ErrParseUnsupportedCaseClause-252] + _ = x[ErrParseUnsupportedAlias-253] + _ = x[ErrParseUnsupportedSyntax-254] + _ = x[ErrParseUnknownOperator-255] + _ = x[ErrParseMissingIdentAfterAt-256] + _ = x[ErrParseUnexpectedOperator-257] + _ = x[ErrParseUnexpectedTerm-258] + _ = x[ErrParseUnexpectedToken-259] + _ = x[ErrParseUnexpectedKeyword-260] + _ = x[ErrParseExpectedExpression-261] + _ = x[ErrParseExpectedLeftParenAfterCast-262] + _ = x[ErrParseExpectedLeftParenValueConstructor-263] + _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-264] + _ = x[ErrParseExpectedArgumentDelimiter-265] + _ = x[ErrParseCastArity-266] + _ = x[ErrParseInvalidTypeParam-267] + _ = x[ErrParseEmptySelect-268] + _ = x[ErrParseSelectMissingFrom-269] + _ = x[ErrParseExpectedIdentForGroupName-270] + _ = x[ErrParseExpectedIdentForAlias-271] + _ = x[ErrParseUnsupportedCallWithStar-272] + _ = x[ErrParseNonUnaryAgregateFunctionCall-273] + _ = x[ErrParseMalformedJoin-274] + _ = x[ErrParseExpectedIdentForAt-275] + _ = x[ErrParseAsteriskIsNotAloneInSelectList-276] + _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-277] + _ = x[ErrParseInvalidContextForWildcardInSelectList-278] + _ = x[ErrIncorrectSQLFunctionArgumentType-279] + _ = x[ErrValueParseFailure-280] + _ = x[ErrEvaluatorInvalidArguments-281] + _ = x[ErrIntegerOverflow-282] + _ = x[ErrLikeInvalidInputs-283] + _ = x[ErrCastFailed-284] + _ = x[ErrInvalidCast-285] + _ = x[ErrEvaluatorInvalidTimestampFormatPattern-286] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-287] + _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-288] + _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-289] + _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-290] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-291] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-292] + _ = x[ErrEvaluatorBindingDoesNotExist-293] + _ = x[ErrMissingHeaders-294] + _ = x[ErrInvalidColumnIndex-295] + _ = x[ErrAdminConfigNotificationTargetsFailed-296] + _ = x[ErrAdminProfilerNotEnabled-297] + _ = x[ErrInvalidDecompressedSize-298] + _ = x[ErrAddUserInvalidArgument-299] + _ = x[ErrAdminResourceInvalidArgument-300] + _ = x[ErrAdminAccountNotEligible-301] + _ = x[ErrAccountNotEligible-302] + _ = x[ErrAdminServiceAccountNotFound-303] + _ = x[ErrPostPolicyConditionInvalidFormat-304] + _ = x[ErrInvalidChecksum-305] + _ = x[ErrLambdaARNInvalid-306] + _ = x[ErrLambdaARNNotFound-307] + _ = x[apiErrCodeEnd-308] } -const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyEditErrorReplicationNoExistingObjectsObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" +const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyEditErrorReplicationNoExistingObjectsObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" -var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1250, 1278, 1308, 1317, 1329, 1345, 1358, 1372, 1390, 1410, 1431, 1447, 1458, 1474, 1502, 1522, 1538, 1566, 1580, 1597, 1617, 1630, 1644, 1657, 1670, 1686, 1703, 1724, 1738, 1759, 1772, 1794, 1817, 1833, 1848, 1863, 1884, 1902, 1917, 1934, 1959, 1977, 2000, 2015, 2034, 2050, 2069, 2083, 2091, 2110, 2120, 2135, 2171, 2202, 2235, 2264, 2276, 2296, 2320, 2344, 2365, 2389, 2408, 2429, 2446, 2469, 2491, 2517, 2538, 2556, 2583, 2614, 2641, 2662, 2683, 2707, 2732, 2760, 2788, 2804, 2827, 2857, 2868, 2880, 2897, 2912, 2930, 2959, 2976, 2992, 3008, 3026, 3044, 3067, 3088, 3111, 3122, 3138, 3161, 3178, 3206, 3225, 3245, 3262, 3280, 3297, 3311, 3346, 3365, 3376, 3389, 3404, 3420, 3438, 3456, 3470, 3487, 3518, 3538, 3559, 3580, 3599, 3618, 3636, 3659, 3683, 3707, 3732, 3757, 3791, 3824, 3848, 3869, 3883, 3912, 3935, 3962, 3996, 4028, 4058, 4081, 4109, 4137, 4161, 4185, 4214, 4232, 4249, 4271, 4288, 4306, 4326, 4352, 4368, 4387, 4408, 4412, 4430, 4447, 4473, 4487, 4511, 4532, 4547, 4565, 4588, 4603, 4622, 4639, 4656, 4680, 4707, 4730, 4753, 4770, 4792, 4808, 4828, 4847, 4869, 4890, 4910, 4932, 4956, 4975, 5017, 5038, 5061, 5082, 5113, 5132, 5154, 5174, 5200, 5221, 5243, 5263, 5287, 5310, 5329, 5349, 5371, 5394, 5425, 5463, 5504, 5534, 5548, 5569, 5585, 5607, 5637, 5663, 5691, 5724, 5742, 5765, 5800, 5840, 5882, 5914, 5931, 5956, 5971, 5988, 5998, 6009, 6047, 6101, 6147, 6199, 6247, 6290, 6334, 6362, 6376, 6394, 6430, 6453, 6476, 6498, 6526, 6549, 6567, 6594, 6626, 6641, 6657, 6674, 6687} +var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1250, 1278, 1308, 1317, 1329, 1345, 1358, 1372, 1390, 1410, 1431, 1447, 1458, 1474, 1502, 1522, 1538, 1566, 1580, 1597, 1617, 1630, 1644, 1657, 1670, 1686, 1703, 1724, 1738, 1759, 1772, 1794, 1817, 1833, 1848, 1863, 1884, 1902, 1917, 1934, 1959, 1977, 2000, 2015, 2034, 2050, 2069, 2083, 2091, 2110, 2120, 2135, 2171, 2202, 2235, 2264, 2276, 2296, 2320, 2344, 2365, 2389, 2408, 2429, 2446, 2469, 2491, 2517, 2538, 2556, 2583, 2614, 2641, 2662, 2683, 2707, 2732, 2760, 2788, 2804, 2827, 2857, 2868, 2880, 2897, 2912, 2930, 2959, 2976, 2992, 3008, 3026, 3044, 3067, 3088, 3111, 3122, 3138, 3161, 3178, 3206, 3225, 3245, 3262, 3280, 3297, 3311, 3346, 3365, 3376, 3389, 3404, 3420, 3438, 3456, 3470, 3487, 3518, 3538, 3559, 3580, 3599, 3618, 3636, 3659, 3683, 3707, 3732, 3767, 3792, 3826, 3859, 3883, 3904, 3918, 3947, 3970, 3997, 4031, 4063, 4093, 4116, 4144, 4172, 4196, 4220, 4249, 4267, 4284, 4306, 4323, 4341, 4361, 4387, 4403, 4422, 4443, 4447, 4465, 4482, 4508, 4522, 4546, 4567, 4582, 4600, 4623, 4638, 4657, 4674, 4691, 4715, 4742, 4765, 4788, 4805, 4827, 4843, 4863, 4882, 4904, 4925, 4945, 4967, 4991, 5010, 5052, 5073, 5096, 5117, 5148, 5167, 5189, 5209, 5235, 5256, 5278, 5298, 5322, 5345, 5364, 5384, 5406, 5429, 5460, 5498, 5539, 5569, 5583, 5604, 5620, 5642, 5672, 5698, 5726, 5759, 5777, 5800, 5835, 5875, 5917, 5949, 5966, 5991, 6006, 6023, 6033, 6044, 6082, 6136, 6182, 6234, 6282, 6325, 6369, 6397, 6411, 6429, 6465, 6488, 6511, 6533, 6561, 6584, 6602, 6629, 6661, 6676, 6692, 6709, 6722} func (i APIErrorCode) String() string { if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) { diff --git a/internal/config/identity/ldap/config.go b/internal/config/identity/ldap/config.go index 3850f3d54..d7aef70a3 100644 --- a/internal/config/identity/ldap/config.go +++ b/internal/config/identity/ldap/config.go @@ -98,6 +98,10 @@ var removedKeys = []string{ // DefaultKVS - default config for LDAP config var ( DefaultKVS = config.KVS{ + config.KV{ + Key: config.Enable, + Value: "", + }, config.KV{ Key: ServerAddr, Value: "", @@ -184,6 +188,16 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) { ServerAddr: ldapServer, SRVRecordName: getCfgVal(SRVRecordName), } + + // Parse explicity enable=on/off flag. If not set, defaults to `true` + // because ServerAddr is set. + if v := getCfgVal(config.Enable); v != "" { + l.LDAP.Enabled, err = config.ParseBool(v) + if err != nil { + return l, err + } + } + l.stsExpiryDuration = defaultLDAPExpiry // LDAP connection configuration