Auth Providers: Add search_using_service_account field (#13223)

* Add LPDAP option for search * Add unit tests for LDAP config * Add restriction for searchUsingServiceAccount config to specific types * Use computed over direct check due lack of rendering issues with the prop * Add tooltip for searchUsingServiceAccount
rancher · Jan 30, 2025 · 85c31a4 · 85c31a4
1 parent 78d3e1e
commit 85c31a4
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 0 deletions.
diff --git a/shell/assets/translations/en-us.yaml b/shell/assets/translations/en-us.yaml
@@ -517,6 +517,9 @@ authConfig:
     starttls:
       label: Start TLS
       tip: Upgrades non-encrypted connections by wrapping with TLS during the connection process. Can not be used in conjunction with TLS.
+    searchUsingServiceAccount: 
+      label: Enable Service Account Search
+      tip: When enabled, Rancher will use the service account instead of the user account to search for users and groups.
     tls: TLS
     userEnabledAttribute: User Enabled Attribute
     userMemberAttribute: User Member Attribute

diff --git a/shell/edit/auth/ldap/__tests__/config.test.ts b/shell/edit/auth/ldap/__tests__/config.test.ts
@@ -0,0 +1,18 @@
+import { mount } from '@vue/test-utils';
+import LDAPConfig from '@shell/edit/auth/ldap/config.vue';
+
+describe('lDAP config', () => {
+  it.each([
+    'openldap', 'freeipa'
+  ])('should display searchUsingServiceAccount checkbox if type %p', (type) => {
+    const wrapper = mount(LDAPConfig, {
+      propsData: {
+        value: {},
+        type,
+      }
+    });
+    const checkbox = wrapper.find('[data-testid="searchUsingServiceAccount"]');
+
+    expect(checkbox).toBeDefined();
+  });
+});
diff --git a/shell/edit/auth/ldap/config.vue b/shell/edit/auth/ldap/config.vue
@@ -11,6 +11,8 @@ const DEFAULT_TLS_PORT = 636;
 
 export const SHIBBOLETH = 'shibboleth';
 export const OKTA = 'okta';
+export const OPEN_LDAP = 'openldap';
+export const FREE_IPA = 'freeipa';
 
 export default {
   emits: ['update:value'],
@@ -64,6 +66,11 @@ export default {
     // Does the auth provider support LDAP for search in addition to SAML?
     isSamlProvider() {
       return this.type === SHIBBOLETH || this.type === OKTA;
+    },
+
+    // Allow to enable user search just for these providers
+    isSearchAllowed() {
+      return this.type === OPEN_LDAP || this.type === FREE_IPA;
     }
   },
 
@@ -226,6 +233,23 @@ export default {
         />
       </div>
     </div>
+
+    <div
+      v-if="isSearchAllowed"
+      class="row mb-20"
+    >
+      <div class="col">
+        <Checkbox
+          v-model:value="model.searchUsingServiceAccount"
+          :mode="mode"
+          data-testid="searchUsingServiceAccount"
+          class="full-height"
+          :label="t('authConfig.ldap.searchUsingServiceAccount.label')"
+          :tooltip="t('authConfig.ldap.searchUsingServiceAccount.tip')"
+        />
+      </div>
+    </div>
+
     <div class="row mb-20">
       <div class="col span-6">
         <LabeledInput