outposts/ldap: fix client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
1b346866da
commit
763c3fcfe0
2
Makefile
2
Makefile
|
@ -56,7 +56,7 @@ gen-outpost:
|
||||||
-i /local/schema.yml \
|
-i /local/schema.yml \
|
||||||
-g go \
|
-g go \
|
||||||
-o /local/outpost/api \
|
-o /local/outpost/api \
|
||||||
--additional-properties=packageName=api,enumClassPrefix=true
|
--additional-properties=packageName=api,enumClassPrefix=true,useOneOfDiscriminatorLookup=true
|
||||||
rm -f outpost/api/go.mod outpost/api/go.sum
|
rm -f outpost/api/go.mod outpost/api/go.sum
|
||||||
|
|
||||||
gen: gen-build gen-clean gen-web gen-outpost
|
gen: gen-build gen-clean gen-web gen-outpost
|
||||||
|
|
|
@ -88,7 +88,10 @@ class TaskInfo:
|
||||||
start = default_timer()
|
start = default_timer()
|
||||||
if hasattr(self, "start_timestamp"):
|
if hasattr(self, "start_timestamp"):
|
||||||
start = self.start_timestamp
|
start = self.start_timestamp
|
||||||
duration = max(self.finish_timestamp - start, 0)
|
try:
|
||||||
|
duration = max(self.finish_timestamp - start, 0)
|
||||||
|
except TypeError:
|
||||||
|
duration = 0
|
||||||
GAUGE_TASKS.labels(
|
GAUGE_TASKS.labels(
|
||||||
task_name=self.task_name,
|
task_name=self.task_name,
|
||||||
task_uid=self.result.uid or "",
|
task_uid=self.result.uid or "",
|
||||||
|
|
|
@ -277,7 +277,7 @@ class FlowExecutorView(APIView):
|
||||||
if self.plan.stages:
|
if self.plan.stages:
|
||||||
self._logger.debug(
|
self._logger.debug(
|
||||||
"f(exec): Continuing with next stage",
|
"f(exec): Continuing with next stage",
|
||||||
reamining=len(self.plan.stages),
|
remaining=len(self.plan.stages),
|
||||||
)
|
)
|
||||||
kwargs = self.kwargs
|
kwargs = self.kwargs
|
||||||
kwargs.update({"flow_slug": self.flow.slug})
|
kwargs.update({"flow_slug": self.flow.slug})
|
||||||
|
|
|
@ -152,17 +152,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
|
||||||
responseReq := client.FlowsApi.FlowsExecutorSolve(context.Background(), pi.flowSlug).Query(urlParams)
|
responseReq := client.FlowsApi.FlowsExecutorSolve(context.Background(), pi.flowSlug).Query(urlParams)
|
||||||
switch ch.GetComponent() {
|
switch ch.GetComponent() {
|
||||||
case "ak-stage-identification":
|
case "ak-stage-identification":
|
||||||
responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
|
responseReq = responseReq.ChallengeResponseRequest(api.IdentificationChallengeResponseRequestAsChallengeResponseRequest(api.NewIdentificationChallengeResponseRequest(bindDN)))
|
||||||
IdentificationChallengeResponseRequest: &api.IdentificationChallengeResponseRequest{
|
|
||||||
UidField: bindDN,
|
|
||||||
},
|
|
||||||
})
|
|
||||||
case "ak-stage-password":
|
case "ak-stage-password":
|
||||||
responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
|
responseReq = responseReq.ChallengeResponseRequest(api.PasswordChallengeResponseRequestAsChallengeResponseRequest(api.NewPasswordChallengeResponseRequest(password)))
|
||||||
PasswordChallengeResponseRequest: &api.PasswordChallengeResponseRequest{
|
|
||||||
Password: password,
|
|
||||||
},
|
|
||||||
})
|
|
||||||
case "ak-stage-authenticator-validate":
|
case "ak-stage-authenticator-validate":
|
||||||
// We only support duo as authenticator, check if that's allowed
|
// We only support duo as authenticator, check if that's allowed
|
||||||
var deviceChallenge *api.DeviceChallenge
|
var deviceChallenge *api.DeviceChallenge
|
||||||
|
@ -179,11 +171,9 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
|
||||||
return false, errors.New("failed to convert duo device id to int")
|
return false, errors.New("failed to convert duo device id to int")
|
||||||
}
|
}
|
||||||
devId32 := int32(devId)
|
devId32 := int32(devId)
|
||||||
responseReq.ChallengeResponseRequest(api.ChallengeResponseRequest{
|
inner := api.NewAuthenticatorValidationChallengeResponseRequest()
|
||||||
AuthenticatorValidationChallengeResponseRequest: &api.AuthenticatorValidationChallengeResponseRequest{
|
inner.Duo = &devId32
|
||||||
Duo: &devId32,
|
responseReq = responseReq.ChallengeResponseRequest(api.AuthenticatorValidationChallengeResponseRequestAsChallengeResponseRequest(inner))
|
||||||
},
|
|
||||||
})
|
|
||||||
case "ak-stage-access-denied":
|
case "ak-stage-access-denied":
|
||||||
return false, errors.New("got ak-stage-access-denied")
|
return false, errors.New("got ak-stage-access-denied")
|
||||||
default:
|
default:
|
||||||
|
@ -206,7 +196,7 @@ func (pi *ProviderInstance) solveFlowChallenge(bindDN string, password string, c
|
||||||
if len(ch.GetResponseErrors()) > 0 {
|
if len(ch.GetResponseErrors()) > 0 {
|
||||||
for key, errs := range ch.GetResponseErrors() {
|
for key, errs := range ch.GetResponseErrors() {
|
||||||
for _, err := range errs {
|
for _, err := range errs {
|
||||||
pi.log.WithField("key", key).WithField("code", err.Code).Debug(err.String)
|
pi.log.WithField("key", key).WithField("code", err.Code).WithField("msg", err.String).Warning("Flow error")
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Reference in New Issue