Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add configurable Search DNs for Users, Groups and Roles #72

Merged
merged 9 commits into from
Oct 15, 2024
Merged

Add configurable Search DNs for Users, Groups and Roles #72

merged 9 commits into from
Oct 15, 2024

Conversation

pquerna
Copy link
Contributor

@pquerna pquerna commented Oct 15, 2024
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Introduced a configuration module for LDAP connections, enhancing configurability.
    • Added unit tests for LDAP connector functionality and group management.
    • Enhanced LDAP group and role management capabilities with refined search parameters.
    • Improved LDAP user resource management with more robust search mechanisms.

  • Bug Fixes

    • Improved error handling in LDAP search and group management methods.

  • Chores

    • Updated dependencies and Go version for improved performance and security.

@pquerna pquerna requested a review from jirwin October 15, 2024 19:59
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Oct 15, 2024
edited
Loading

Walkthrough

The pull request introduces significant updates to the Go module and various components of the LDAP connector. The go.mod file is upgraded to Go version 1.22.0, with numerous dependencies updated or added, including the introduction of a configuration module for LDAP settings. New files for unit testing the LDAP connector and group management functionalities are also added, along with enhancements to existing structures and methods to improve configurability and error handling in LDAP operations.

Changes

File Change Summary
go.mod Updated Go version to 1.22.0, modified dependencies, added new dependencies.
pkg/config/config.go Introduced configuration module for LDAP with fields for connection settings.
pkg/connector/connector.go Enhanced LDAP struct to use configuration struct, updated method signatures.
pkg/connector/connector_test.go Added unit tests for LDAP connector functionality.
pkg/connector/group.go Improved LDAP group management with new fields and updated methods.
pkg/connector/group_test.go Added unit tests for group grants and revocations.
pkg/connector/role.go Enhanced LDAP role management with new search parameters.
pkg/connector/user.go Improved user resource management with new search capabilities.
pkg/ldap/client.go Updated Client struct methods for better search handling and removed baseDN.

Possibly related PRs

🐰 In the meadow, changes bloom,
With LDAP's grace, we make room.
Configs and tests, all in a row,
Upgrading our tools, watch us grow!
Dependencies dance, a joyful spree,
Hopping along, as happy as can be! 🌼✨

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between dbbe0d4 and 80a1ec2.

⛔ Files ignored due to path filters (1)
  • README.md is excluded by none and included by none
📒 Files selected for processing (1)
  • pkg/config/config.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • pkg/config/config.go

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Oct 15, 2024
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 14

🧹 Outside diff range and nitpick comments (8)
pkg/connector/group_test.go (2)

12-77: Enhance test robustness and readability

The TestGroupGrantRevoke function is well-structured and covers various scenarios. However, consider the following improvements:

  1. Add more descriptive error messages to assertions. For example:

    require.Len(t, groups, 2, "Expected 2 groups to be returned")

  2. Replace magic numbers with named constants or variables. For instance:

    const expectedGroupCount = 2
require.Len(t, groups, expectedGroupCount, "Unexpected number of groups")

  3. Consider parameterizing the test to make it more flexible. This could involve creating a test table with different LDIF files and expected outcomes.

These changes will improve the test's maintainability and make it easier to understand and debug if it fails.

79-87: Enhance pluck function with documentation and improved return value

The pluck function is well-implemented, but consider the following improvements:

  1. Add a brief documentation comment explaining the function's purpose and behavior:

    // pluck returns the first element in the slice that satisfies the given predicate function.
// If no element satisfies the predicate, it returns the zero value of type T.

  2. Consider modifying the function to return a boolean along with the value, indicating whether a match was found:

    func pluck[T any](slice []T, fn func(v T) bool) (T, bool) {
    for _, v := range slice {
        if fn(v) {
            return v, true
        }
    }
    var emptyT T
    return emptyT, false
}

    This change would allow callers to distinguish between a successful match and a zero value returned due to no match.

These changes will improve the function's usability and make it clearer to callers when no match is found.

pkg/connector/connector.go (1)

83-86: Ensure sensitive information is not logged

While logging the creation of a new LDAP connector, verify that no sensitive information, such as passwords, is included in the logs. Currently, the logged fields are:

l.Debug("creating new LDAP connector",
    zap.Stringer("server_url", cf.ServerURL),
    zap.Stringer("bind_dn", cf.BindDN),
    zap.Bool("disable_operational_attrs", cf.DisableOperationalAttrs))

Double-check that all logged fields are safe to include in logs.

pkg/config/config.go (1)

29-29: Consider reformatting code instead of disabling linter rule

Instead of disabling the line-length-limit linting rule, consider reformatting the code to comply with line length guidelines. This helps maintain consistency and readability.

Apply this diff to reformat the code:

-disableOperationalAttrsField = field.BoolField("disable-operational-attrs", field.WithDescription("Disable fetching operational attributes. Some LDAP servers don't support these. If disabled, created_at and last login info will not be fetched"))
+disableOperationalAttrsField = field.BoolField(
+    "disable-operational-attrs",
+    field.WithDescription("Disable fetching operational attributes. Some LDAP servers don't support these. If disabled, created_at and last login info will not be fetched"),
+)
pkg/ldap/client.go (1)

161-161: Logging improvement for clarity when searchDN is nil

Consider adding a conditional log message to handle cases when searchDN is nil to improve log clarity.

Suggested change:

 l.Debug("searching for ldap entries",
-    zap.String("search_dn", baseDN),
+    zap.String("search_dn", baseDN != "" ? baseDN : "root DSE"),
     zap.String("filter", filter),
     zap.Strings("attrNames", attrNames))
pkg/connector/connector_test.go (2)

18-18: Remove redundant import of "embed".

The package "embed" is imported twice—once at line 8 and again at line 18 with a blank import (_ "embed"). The second import is unnecessary and can be removed to clean up the code.

Apply this diff to remove the redundant import:

-	_ "embed"

79-79: Use a more descriptive variable name instead of sux.

The variable name sux is not descriptive of its purpose and could be confusing. Consider renaming it to parsedURL or serverURLParsed for better code readability and maintainability.

Apply this diff to rename the variable:

-sux, err := url.Parse(serverURL)
+parsedURL, err := url.Parse(serverURL)

Update the reference in the configuration:

 cf := &config.Config{
-	ServerURL:     sux,
+	ServerURL:     parsedURL,
pkg/connector/role.go (1)

31-31: Consider adding documentation for roleSearchDN.

Adding a comment for the new roleSearchDN field in the roleResourceType struct will enhance code readability and help other developers understand its purpose.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 8a310de and b1d07a3.

⛔ Files ignored due to path filters (290)
  • cmd/baton-ldap/config.go is excluded by none and included by none
  • cmd/baton-ldap/main.go is excluded by none and included by none
  • compose.yaml is excluded by none and included by none
  • go.sum is excluded by !**/*.sum and included by none
  • vendor/dario.cat/mergo/.deepsource.toml is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/.gitignore is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/.travis.yml is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/CODE_OF_CONDUCT.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/CONTRIBUTING.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/LICENSE is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/README.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/SECURITY.md is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/doc.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/map.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/merge.go is excluded by !vendor/** and included by none
  • vendor/dario.cat/mergo/mergo.go is excluded by !vendor/** and included by none
  • vendor/filippo.io/age/README.md is excluded by !vendor/** and included by none
  • vendor/filippo.io/age/age.go is excluded by !vendor/** and included by none
  • vendor/filippo.io/age/scrypt.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/constants.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/context.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/csi_entry_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/csi_param_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/escape_intermediate_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/escape_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/event_handler.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/ground_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/osc_string_state.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser_action_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/parser_actions.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/states.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/utilities.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/ansi.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/api.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/attr_translation.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/cursor_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/erase_helpers.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/scroll_helper.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/utilities.go is excluded by !vendor/** and included by none
  • vendor/github.com/Azure/go-ansiterm/winterm/win_event_handler.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.gitattributes is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.gitignore is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/.golangci.yml is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/CODEOWNERS is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/LICENSE is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/README.md is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/SECURITY.md is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/backup.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/ea.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/file.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/fileinfo.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/hvsock.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/fs.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/security.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/fs/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/rawaddr.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/socket.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/socket/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/internal/stringbuffer/wstring.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pipe.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid_nonwindows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/guid_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/pkg/guid/variant_string.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/privilege.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/reparse.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/sd.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/syscall.go is excluded by !vendor/** and included by none
  • vendor/github.com/Microsoft/go-winio/zsyscall_windows.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/private/metrics/metrics.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/retry/attempt_metrics.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/config.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/bucket_region.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/download.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/feature/s3/manager/upload.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/awsutil/path_value.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/ini/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/ini/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/middleware/middleware.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/checksum/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/internal/s3shared/metadata_retriever.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_AbortMultipartUpload.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CompleteMultipartUpload.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CopyObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateBucket.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateMultipartUpload.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_CreateSession.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucket.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketAnalyticsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketCors.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketEncryption.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketIntelligentTieringConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketInventoryConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketLifecycle.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketMetricsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketOwnershipControls.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketPolicy.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketReplication.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteBucketWebsite.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjectTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeleteObjects.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_DeletePublicAccessBlock.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAccelerateConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAcl.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketAnalyticsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketCors.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketEncryption.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketIntelligentTieringConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketInventoryConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLifecycleConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLocation.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketLogging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketMetricsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketNotificationConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketOwnershipControls.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicy.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketPolicyStatus.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketReplication.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketRequestPayment.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketVersioning.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetBucketWebsite.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAcl.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectAttributes.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLegalHold.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectLockConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectRetention.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetObjectTorrent.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_GetPublicAccessBlock.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadBucket.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_HeadObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketAnalyticsConfigurations.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketIntelligentTieringConfigurations.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketInventoryConfigurations.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBucketMetricsConfigurations.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListBuckets.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListDirectoryBuckets.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListMultipartUploads.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectVersions.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjects.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListObjectsV2.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_ListParts.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAccelerateConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAcl.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketAnalyticsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketCors.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketEncryption.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketIntelligentTieringConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketInventoryConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLifecycleConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketLogging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketMetricsConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketNotificationConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketOwnershipControls.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketPolicy.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketReplication.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketRequestPayment.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketVersioning.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutBucketWebsite.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectAcl.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLegalHold.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectLockConfiguration.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectRetention.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutObjectTagging.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_PutPublicAccessBlock.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_RestoreObject.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_SelectObjectContent.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPart.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_UploadPartCopy.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/api_op_WriteGetObjectResponse.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/auth.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/deserializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/express_user_agent.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/internal/endpoints/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/presign_post.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/serializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/enums.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/errors.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/types/types.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/s3/validators.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_GetRoleCredentials.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccountRoles.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_ListAccounts.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/api_op_Logout.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/auth.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/deserializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/internal/endpoints/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/serializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sso/types/types.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateToken.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_CreateTokenWithIAM.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_RegisterClient.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/api_op_StartDeviceAuthorization.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/auth.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/deserializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/doc.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/go_module_metadata.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/internal/endpoints/endpoints.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/options.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/serializers.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/ssooidc/types/errors.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_client.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRole.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithSAML.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_AssumeRoleWithWebIdentity.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_DecodeAuthorizationMessage.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetAccessKeyInfo.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetCallerIdentity.go is excluded by !vendor/** and included by none
  • vendor/github.com/aws/aws-sdk-go-v2/service/sts/api_op_GetFederationToken.go is excluded by !vendor/** and included by none
📒 Files selected for processing (10)
  • go.mod (2 hunks)
  • pkg/config/config.go (1 hunks)
  • pkg/connector/connector.go (3 hunks)
  • pkg/connector/connector_test.go (1 hunks)
  • pkg/connector/group.go (9 hunks)
  • pkg/connector/group_test.go (1 hunks)
  • pkg/connector/role.go (6 hunks)
  • pkg/connector/testfixtures/simple..ldif (1 hunks)
  • pkg/connector/user.go (4 hunks)
  • pkg/ldap/client.go (3 hunks)
🧰 Additional context used
🪛 GitHub Check: go-lint
pkg/connector/connector_test.go

[failure] 51-51:
unhandled-error: Unhandled error in call to function os.File.Close (revive)

[failure] 53-53:
unhandled-error: Unhandled error in call to function os.Remove (revive)

🔇 Additional comments (33)
pkg/connector/testfixtures/simple..ldif (7)

1-2: LGTM: File header and version are correctly defined.

The comment clearly describes the purpose of the file, and the version declaration is correct for the LDIF format.

4-7: LGTM: Groups organizational unit is correctly defined.

The entry for the 'groups' organizational unit is well-structured with the correct DN, objectClasses, and 'ou' attribute.

9-13: LGTM: Staff group is correctly defined.

The 'staff' group entry is well-structured with the correct DN, objectClasses, and required attributes ('cn' and 'gidnumber').

15-20: LGTM: Test group is correctly defined with a member reference.

The 'test' group entry is well-structured with the correct DN, objectClasses, and required attributes. The 'memberUid' attribute correctly references the user 'roger', which is defined later in the file.

22-26: Clarify the purpose of the commented-out users OU entry.

The users organizational unit entry is correctly formatted but commented out. This might cause issues with the user entry that follows, as it references this OU in its DN. Could you please clarify why this entry is commented out and if it should be uncommented?

28-41: LGTM: User entry is well-defined, but verify OU existence.

The user entry for Roger Rabbit is correctly structured with appropriate objectClasses and attributes. The password is properly hashed. However, please ensure that the 'ou=users,dc=example,dc=org' organizational unit exists, as it's referenced in the user's DN but is commented out earlier in the file.

1-41: Overall, the LDIF file is well-structured but requires clarification on the users OU.

The LDIF file is well-formatted and contains appropriate entries for testing LDAP operations. It defines organizational units, groups, and a user entry with correct attributes and object classes. However, the commented-out users organizational unit (lines 22-26) needs attention, as it's referenced in the user entry's DN. Please clarify if this OU should be uncommented or if there's a specific reason for its current state.

To ensure the LDIF file's validity, you can use the ldapmodify command with the -c (continuous operation mode) and -n (show what would be done) options:

This will perform a dry run and highlight any potential issues in the LDIF file structure.

go.mod (5)

Line range hint 1-136: Summary of go.mod changes: Comprehensive update with potential impacts

This update to go.mod introduces several significant changes:

  1. Go version upgrade to 1.22.0
  2. Major update to baton-sdk (v0.2.41)
  3. Introduction of new test container dependencies
  4. Comprehensive update of indirect dependencies, including AWS SDK consolidation

While these updates are generally positive for security, performance, and feature enhancements, they also introduce potential risks:

  • The Go version upgrade may introduce breaking changes.
  • The baton-sdk update may require code adjustments.
  • New test dependencies may require infrastructure changes.
  • AWS SDK consolidation may affect existing AWS-related functionality.

To ensure a smooth transition with these changes:

  1. Review the Go 1.22 release notes and test thoroughly.
  2. Check the baton-sdk changelog and update usage if necessary.
  3. Set up and verify the new test container environment.
  4. Test all AWS-related functionality with the consolidated SDK.
  5. Run comprehensive tests across the entire codebase.

Consider creating a checklist or issue to track the verification of each major change to ensure nothing is overlooked during the integration of these updates.

8-8: Verify compatibility with updated baton-sdk

The github.com/conductorone/baton-sdk has been updated to v0.2.41. This update may introduce new features, changes, or bug fixes that could affect your project.

  • Review the changelog or release notes for baton-sdk to understand the changes introduced in this version.
  • Ensure that your code is compatible with any API changes or new features in the updated SDK.

Other dependency updates appear to be minor version bumps or patch updates, which are generally safe but should still be tested:

  • github.com/jackc/puddle/v2 to v2.2.2
  • golang.org/x/exp to a newer commit
  • google.golang.org/protobuf to v1.35.1

To verify the impact of these updates, especially the baton-sdk, you can run:

#!/bin/bash
# Check for any compilation issues
go build ./...

# Run all tests to ensure compatibility
go test ./...

# If there are integration tests specifically for baton-sdk functionality
# go test -tags=integration ./...

Also applies to: 11-11, 15-15, 16-16

12-13: New test dependencies added: Verify test setup

Two new test-related dependencies have been added:

  1. github.com/testcontainers/testcontainers-go v0.33.0
  2. github.com/testcontainers/testcontainers-go/modules/openldap v0.33.0

These additions suggest that containerized tests, particularly for LDAP functionality, are being introduced or enhanced in the project.

  • Ensure that the necessary infrastructure (Docker) is available in your development and CI environments to support these test containers.
  • Review any new test files that utilize these dependencies to understand the new testing approach.
  • Verify that the OpenLDAP module is correctly configured for your LDAP testing needs.

To verify the setup and usage of these new test dependencies:

#!/bin/bash
# Check for test files using the new dependencies
grep -R "testcontainers" .

# If found, run the relevant tests
# go test -v ./path/to/test/package

Line range hint 20-136: Comprehensive indirect dependency update: Note AWS SDK changes

A significant update has been made to the AWS SDK and numerous other indirect dependencies:

  1. AWS SDK consolidation:

    • The AWS SDK has been consolidated into a single entry github.com/aws/aws-sdk-go-v2 v1.32.2 (line 62).
    • Various AWS service-specific packages have been updated (lines 63-80).

  2. Other notable updates include:

    • github.com/klauspost/compress to v1.17.11
    • github.com/pelletier/go-toml/v2 to v2.2.3
    • github.com/shirou/gopsutil/v3 to v3.24.5
    • github.com/spf13/viper to v1.19.0
    • golang.org/x/crypto to v0.28.0
    • golang.org/x/net to v0.30.0
    • modernc.org/libc to v1.61.0
    • modernc.org/sqlite to v1.33.1

This comprehensive update of indirect dependencies suggests a thorough dependency refresh, which is generally good for security and performance.

To verify the impact of these updates, especially the AWS SDK changes:

#!/bin/bash
# Check for any AWS SDK usage in the codebase
grep -R "aws-sdk-go-v2" .

# If found, run relevant tests
# go test -v ./path/to/aws/related/package

# Run all tests to ensure overall compatibility
go test ./...

Ensure that any AWS-related functionality in your codebase is still working as expected with the consolidated SDK.

3-3: Significant Go version upgrade: Verify compatibility

The Go version has been updated from 1.21 to 1.22.0, which is a major version upgrade. This change may introduce breaking changes or new features that could affect the codebase.

  • Ensure all code is compatible with Go 1.22.0.
  • Review the Go 1.22 release notes for any changes that may impact your project.
  • Consider running thorough tests to catch any potential issues introduced by this upgrade.

The toolchain version (1.22.3) is appropriately newer than the Go version, which is good for stability.

To verify the impact of this upgrade, you can run:

Also applies to: 5-5

pkg/connector/connector.go (5)

43-44: Good use of centralized configuration in LDAP struct

Adding the config *config.Config field to the LDAP struct centralizes configuration management, enhancing maintainability and readability.

49-51: Verify the parameters passed to ResourceSyncers

In the ResourceSyncers method, please confirm that passing l.config.UserSearchDN as a parameter to groupBuilder is intentional. Specifically, in:

groupBuilder(l.client, l.config.GroupSearchDN, l.config.UserSearchDN),

Ensure that l.config.UserSearchDN is required by groupBuilder. If not, it might be an oversight and could lead to unexpected behavior.

67-68: Confirm the changes in LDAP search scope in Validate method

The LDAP search scope has been changed to ldap3.ScopeBaseObject with attributes set to nil. Please verify that this modification still effectively validates the LDAP connection as intended.

75-75: Improved error message enhances clarity

Updating the error message to:

return nil, fmt.Errorf("ldap-connector: failed to validate connection: %w", err)

provides a clearer indication of the failure during the connection validation process.

98-99: Proper initialization of the LDAP struct

The returned LDAP struct correctly initializes both the client and config fields:

return &LDAP{
    client: ldapClient,
    config: cf,
}, nil

This ensures that all necessary components are available for the connector's operation.

pkg/ldap/client.go (2)

122-127: Enhancement of LdapSearch function signature

The addition of searchScope and searchDN parameters to the LdapSearch method increases the flexibility of LDAP search operations, allowing for more granular control over the search scope and distinguished name.

156-159: Verify the handling of a nil searchDN

When searchDN is nil, baseDN remains an empty string. Depending on your LDAP server configuration, an empty BaseDN may refer to the root DSE or might not be acceptable. Please verify that this behavior aligns with your intended use and that it will function correctly in all target environments.

pkg/connector/group.go (12)

5-5: Addition of 'errors' package for enhanced error handling.

Importing the errors package is appropriate given the additional error handling implemented in the code.

39-42: Inclusion of 'groupSearchDN' and 'userSearchDN' in 'groupResourceType'.

Adding groupSearchDN and userSearchDN fields improves the configurability and flexibility of LDAP searches within the group resource type.

88-89: Verify performance implications of setting search scope to 'ldap3.ScopeWholeSubtree'.

Changing the search scope to ldap3.ScopeWholeSubtree while using g.groupSearchDN as the search base may impact performance if the subtree contains many entries. Ensure that g.groupSearchDN is appropriately scoped to limit unnecessary searches.

96-96: Enhanced error message with search DN information.

Including g.groupSearchDN in the error message provides clearer context for debugging.

156-159: Improved error handling for invalid group DNs in 'Grants' method.

Adding error handling for invalid group DNs increases the robustness of the Grants method by catching and reporting parsing errors promptly.

185-186: Appropriate use of 'ldap3.ScopeBaseObject' in group search.

Using ldap3.ScopeBaseObject for searching the specific group DN is suitable and efficient.

196-197: Effective application of group ID filter in group search.

Applying a group ID filter enhances the precision of the search, ensuring that the correct group is retrieved.

236-237: Confirm performance impact of 'ldap3.ScopeWholeSubtree' in user search.

Setting the search scope to ldap3.ScopeWholeSubtree for user searches may affect performance if g.userSearchDN covers a large subtree. Ensure that g.userSearchDN is as specific as necessary to optimize search performance.

262-265: Improved error handling in 'getGroup' method for invalid DNs.

Checking for invalid group DNs enhances error reporting and prevents potential runtime errors.

269-270: Use of 'ldap3.ScopeBaseObject' in group retrieval.

Limiting the search scope to ldap3.ScopeBaseObject efficiently retrieves the specific group entry.

362-367: Graceful handling of 'LDAPResultNoSuchAttribute' error in 'Revoke' method.

By specifically checking for LDAPResultNoSuchAttribute, the method avoids returning errors when the attribute to delete does not exist, which is acceptable behavior for idempotent operations.

374-379: Modification of 'groupBuilder' to accept search DNs enhances configurability.

Allowing groupBuilder to receive groupSearchDN and userSearchDN as parameters increases flexibility in specifying search bases for groups and users.

pkg/connector/role.go (2)

209-213: Ensure all calls to roleBuilder are updated with the new parameter.

With the addition of roleSearchDN to the roleBuilder function signature, verify that all invocations of this function provide the new parameter to prevent build errors.

Run the following script to find and review all usages of roleBuilder:

✅ Verification successful

All roleBuilder invocations correctly include the new roleSearchDN parameter.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find all calls to roleBuilder and check for correct parameters.

# Test: Search for roleBuilder function calls. Expect: All calls include the new parameter.
rg --type go 'roleBuilder\(' -A 1

Length of output: 535

74-75: Verify the impact of changing the search scope and base DN.

Changing the search scope to ldap3.ScopeWholeSubtree and using r.roleSearchDN as the search base could affect performance and search results, especially in large directories. Ensure that this change is intended and that it doesn't introduce unintended side effects.

Run the following script to check the number of entries returned with the new search parameters:

Replace <<roleSearchDN>> with the actual DN value used in your configuration.

pkg/connector/connector.go Show resolved Hide resolved
pkg/connector/connector.go Show resolved Hide resolved
pkg/config/config.go Outdated
Comment on lines 37 to 38
// depreciated: use userBindDNField
userDNField = field.StringField("user-dn", field.WithDescription("The user DN to bind to the LDAP server (depreciated, use user-bind-dn)"), field.WithHidden(true))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Correct misspelling of "depreciated" to "deprecated"

The word "depreciated" in the comment and field description should be "deprecated".

Apply this diff to fix the typo:

-// depreciated: use userBindDNField
+// deprecated: use userBindDNField
-userDNField = field.StringField("user-dn", field.WithDescription("The user DN to bind to the LDAP server (depreciated, use user-bind-dn)"), field.WithHidden(true))
+userDNField = field.StringField("user-dn", field.WithDescription("The user DN to bind to the LDAP server (deprecated, use user-bind-dn)"), field.WithHidden(true))
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// depreciated: use userBindDNField
userDNField = field.StringField("user-dn", field.WithDescription("The user DN to bind to the LDAP server (depreciated, use user-bind-dn)"), field.WithHidden(true))
// deprecated: use userBindDNField
userDNField = field.StringField("user-dn", field.WithDescription("The user DN to bind to the LDAP server (deprecated, use user-bind-dn)"), field.WithHidden(true))

pkg/config/config.go Outdated
Comment on lines 34 to 35
// depreciated: use urlField
domainField = field.StringField("domain", field.WithDescription(`The fully-qualified LDAP domain to connect to. Example: "baton.example.com (depreciated, use url"`), field.WithHidden(true))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix typo and string formatting in domainField definition

The word "depreciated" is misspelled; it should be "deprecated". Additionally, there is a mismatched quotation mark and missing closing parenthesis in the field description.

Apply this diff to correct the spelling and fix the string formatting:

-// depreciated: use urlField
+// deprecated: use urlField
-domainField = field.StringField("domain", field.WithDescription(`The fully-qualified LDAP domain to connect to. Example: "baton.example.com (depreciated, use url"`), field.WithHidden(true))
+domainField = field.StringField("domain", field.WithDescription(`The fully-qualified LDAP domain to connect to. Example: "baton.example.com" (deprecated, use url)`), field.WithHidden(true))
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
// depreciated: use urlField
domainField = field.StringField("domain", field.WithDescription(`The fully-qualified LDAP domain to connect to. Example: "baton.example.com (depreciated, use url"`), field.WithHidden(true))
// deprecated: use urlField
domainField = field.StringField("domain", field.WithDescription(`The fully-qualified LDAP domain to connect to. Example: "baton.example.com" (deprecated, use url)`), field.WithHidden(true))

pkg/ldap/client.go Show resolved Hide resolved
pkg/connector/user.go Show resolved Hide resolved
pkg/connector/group.go
Comment on lines +374 to +375
func groupBuilder(client *ldap.Client, groupSearchDN *ldap3.DN,
userSearchDN *ldap3.DN) *groupResourceType {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Ensure non-nil 'groupSearchDN' and 'userSearchDN' in 'groupBuilder'.

Passing nil values for groupSearchDN or userSearchDN could lead to runtime nil pointer dereferences during LDAP searches. Consider adding validation to ensure these parameters are not nil.

Apply this diff to add validation:

 func groupBuilder(client *ldap.Client, groupSearchDN *ldap3.DN,
 	userSearchDN *ldap3.DN) *groupResourceType {
+	if groupSearchDN == nil || userSearchDN == nil {
+		panic("groupSearchDN and userSearchDN must not be nil")
+	}
 	return &groupResourceType{
 		groupSearchDN: groupSearchDN,
 		userSearchDN:  userSearchDN,
 		resourceType:  resourceTypeGroup,
 		client:        client,
 	}
 }

Alternatively, handle the nil case gracefully or return an error to prevent potential nil pointer dereferences.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
func groupBuilder(client *ldap.Client, groupSearchDN *ldap3.DN,
userSearchDN *ldap3.DN) *groupResourceType {
func groupBuilder(client *ldap.Client, groupSearchDN *ldap3.DN,
userSearchDN *ldap3.DN) *groupResourceType {
if groupSearchDN == nil || userSearchDN == nil {
panic("groupSearchDN and userSearchDN must not be nil")
}
return &groupResourceType{
groupSearchDN: groupSearchDN,
userSearchDN: userSearchDN,
resourceType: resourceTypeGroup,
client: client,
}
}

pkg/connector/connector_test.go Outdated Show resolved Hide resolved
pkg/connector/connector_test.go Outdated Show resolved Hide resolved
pkg/connector/role.go
Comment on lines +138 to +145
dnx, err := ldap3.ParseDN(dn)
if err != nil {
return nil, "", nil, fmt.Errorf("ldap-connector: failed to get user with dn %s: %w", dn, err)
return nil, "", nil, fmt.Errorf("ldap-connector: invalid DN in role_members: '%s': %w", dn, err)
}

if len(memberEntry) == 0 {
return nil, "", nil, fmt.Errorf("ldap-connector: failed to find user with dn %s", dn)
}

memberCopy := memberEntry
ur, err := userResource(ctx, memberCopy[0])
urId, err := rs.NewResourceID(resourceTypeUser, dnx.String())
if err != nil {
return nil, "", nil, err
return nil, "", nil, fmt.Errorf("ldap-connector: failed to find user with dn %s", dn)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Clarify error messages in the Grants method.

The error message at line 145 implies that the user was not found, but the error originates from creating a new resource ID. Consider updating the error message to accurately reflect the issue.

Apply this diff to improve the error handling:

    		urId, err := rs.NewResourceID(resourceTypeUser, dnx.String())
    		if err != nil {
-    			return nil, "", nil, fmt.Errorf("ldap-connector: failed to find user with dn %s", dn)
+    			return nil, "", nil, fmt.Errorf("ldap-connector: failed to create resource ID for user DN '%s': %w", dn, err)
    		}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
dnx, err := ldap3.ParseDN(dn)
if err != nil {
return nil, "", nil, fmt.Errorf("ldap-connector: failed to get user with dn %s: %w", dn, err)
return nil, "", nil, fmt.Errorf("ldap-connector: invalid DN in role_members: '%s': %w", dn, err)
}
if len(memberEntry) == 0 {
return nil, "", nil, fmt.Errorf("ldap-connector: failed to find user with dn %s", dn)
}
memberCopy := memberEntry
ur, err := userResource(ctx, memberCopy[0])
urId, err := rs.NewResourceID(resourceTypeUser, dnx.String())
if err != nil {
return nil, "", nil, err
return nil, "", nil, fmt.Errorf("ldap-connector: failed to find user with dn %s", dn)
dnx, err := ldap3.ParseDN(dn)
if err != nil {
return nil, "", nil, fmt.Errorf("ldap-connector: invalid DN in role_members: '%s': %w", dn, err)
}
urId, err := rs.NewResourceID(resourceTypeUser, dnx.String())
if err != nil {
return nil, "", nil, fmt.Errorf("ldap-connector: failed to create resource ID for user DN '%s': %w", dn, err)

jirwin
jirwin approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@jirwin jirwin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to bail out of the config setup if the userDN was used for the baseDN and you're attempting to specify a search DN for groups/roles. Might lead to confusion.

Looks good otherwise.

@pquerna pquerna merged commit af3889d into main Oct 15, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jirwin jirwin jirwin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pquerna @jirwin