Fix reporting task using ldap cn with spaces (#466)

# Description fixes #465 Co-authored-by: Malte Sander <[email protected]>
stackabletech · May 4, 2023 · ca4b83e · ca4b83e
1 parent 7c4d571
commit ca4b83e
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,9 +14,15 @@ All notable changes to this project will be documented in this file.
 - Use 0.0.0-dev product images for testing ([#463])
 - Use testing-tools 0.2.0 ([#463])
 
+### Fixed
+
+- Use ou with spaces in LDAP tests ([#466]).
+- Reporting task now escapes user and password input in case of whitespaces ([#466]).
+
 [#461]: https://github.com/stackabletech/nifi-operator/pull/461
 [#463]: https://github.com/stackabletech/nifi-operator/pull/463
 [#464]: https://github.com/stackabletech/nifi-operator/pull/464
+[#466]: https://github.com/stackabletech/nifi-operator/pull/466
 
 ## [23.4.0] - 2023-04-17
 

diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs
@@ -1159,9 +1159,9 @@ fn build_reporting_task_job(
         // In case of the username being simple (e.g. admin) just use it as is
         // If the username is a bind dn (e.g. cn=integrationtest,ou=users,dc=example,dc=org) we have to extract the cn/dn/uid (in this case integrationtest)
         format!(
-            "-u $(cat {admin_username_file} | grep -oP '((cn|dn|uid)=\\K[^,]+|.*)' | head -n 1)"
+            "-u \"$(cat {admin_username_file} | grep -oP '((cn|dn|uid)=\\K[^,]+|.*)' | head -n 1)\""
         ),
-        format!("-p $(cat {admin_password_file})"),
+        format!("-p \"$(cat {admin_password_file})\""),
         format!("-v {product_version}"),
         format!("-m {METRICS_PORT}"),
         format!("-c {KEYSTORE_REPORTING_TASK_MOUNT}/ca.crt"),

diff --git a/tests/templates/kuttl/ldap/02-assert.yaml b/tests/templates/kuttl/ldap/02-assert.yaml
@@ -2,5 +2,5 @@
 apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
 commands:
-  - script: kubectl exec -n $NAMESPACE openldap-0 -- ldapsearch -H ldap://localhost:1389 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org > /dev/null
-  - script: kubectl exec -n $NAMESPACE openldap-0 -- bash -c LDAPTLS_CACERT=/tls/ca.crt ldapsearch -Z -H ldaps://localhost:1636 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org > /dev/null
+  - script: kubectl exec -n $NAMESPACE openldap-0 -- ldapsearch -H ldap://localhost:1389 -D "cn=integrationtest,ou=my users,dc=example,dc=org" -w integrationtest -b "ou=my users,dc=example,dc=org" > /dev/null
+  - script: kubectl exec -n $NAMESPACE openldap-0 -- bash -c LDAPTLS_CACERT=/tls/ca.crt ldapsearch -Z -H ldaps://localhost:1636 -D "cn=integrationtest,ou=my users,dc=example,dc=org" -w integrationtest -b "ou=my users,dc=example,dc=org" > /dev/null
diff --git a/tests/templates/kuttl/ldap/12-install-nifi.yaml.j2 b/tests/templates/kuttl/ldap/12-install-nifi.yaml.j2
@@ -21,7 +21,7 @@ metadata:
   labels:
     secrets.stackable.tech/class: nifi-with-ldap-bind
 stringData:
-  user: cn=integrationtest,ou=users,dc=example,dc=org
+  user: cn=integrationtest,ou=my users,dc=example,dc=org
   password: integrationtest
 ---
 apiVersion: nifi.stackable.tech/v1alpha1

diff --git a/tests/templates/kuttl/ldap/create-authentication-classes.yaml.j2 b/tests/templates/kuttl/ldap/create-authentication-classes.yaml.j2
@@ -11,7 +11,7 @@ spec:
   provider:
     ldap:
       hostname: openldap.$NAMESPACE.svc.cluster.local
-      searchBase: ou=users,dc=example,dc=org
+      searchBase: ou=my users,dc=example,dc=org
       bindCredentials:
         secretClass: nifi-with-ldap-bind
 {% if test_scenario['values']['ldap-use-tls'] == 'false' %}

diff --git a/tests/templates/kuttl/ldap/create_ldap_user.sh b/tests/templates/kuttl/ldap/create_ldap_user.sh
@@ -7,7 +7,14 @@
 # ldapsearch -H ldap://localhost:1389 -D cn=integrationtest,ou=users,dc=example,dc=org -w integrationtest -b ou=users,dc=example,dc=org
 
 cat << 'EOF' | ldapadd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin
-dn: cn=integrationtest,ou=users,dc=example,dc=org
+dn: ou=my users,dc=example,dc=org
+ou: my users
+objectclass: top
+objectclass: organizationalUnit
+EOF
+
+cat << 'EOF' | ldapadd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin
+dn: cn=integrationtest,ou=my users,dc=example,dc=org
 objectClass: inetOrgPerson
 objectClass: posixAccount
 objectClass: shadowAccount
@@ -26,4 +33,4 @@ shadowMax: 0
 shadowWarning: 0
 EOF
 
-ldappasswd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin -s integrationtest "cn=integrationtest,ou=users,dc=example,dc=org"
+ldappasswd -H ldap://localhost:1389 -D cn=admin,dc=example,dc=org -w admin -s integrationtest "cn=integrationtest,ou=my users,dc=example,dc=org"