From 6eb1b3652c461588c9eed5ea3e9d74e994d722a7 Mon Sep 17 00:00:00 2001 From: Steve Kuznetsov Date: Thu, 17 Dec 2015 08:29:38 -0700 Subject: [PATCH] promoted group prune and sync from experimental --- contrib/completions/bash/oadm | 226 +++++++++++++++ contrib/completions/bash/openshift | 268 ++++++++++++++++-- docs/generated/oadm_by_example_content.adoc | 72 +++++ pkg/cmd/admin/groups/groups.go | 3 + .../sync}/ad/augmented_ldapinterface.go | 4 +- .../sync}/ad/augmented_ldapinterface_test.go | 0 .../groups/sync}/ad/ldapinterface.go | 4 +- .../groups/sync}/ad/ldapinterface_test.go | 0 .../groups/sync}/cli/ad.go | 6 +- .../groups/sync}/cli/augmented_ad.go | 6 +- .../groups/sync}/cli/interfaces.go | 2 +- .../groups/sync/cli/prune.go} | 38 +-- .../groups/sync}/cli/rfc2307.go | 6 +- .../groups/sync/cli/sync.go} | 61 ++-- .../sync}/groupdetector/groupdetector.go | 2 +- .../sync}/groupdetector/groupdetector_test.go | 2 +- .../groups/sync}/grouplister.go | 2 +- .../groups/sync}/grouplister_test.go | 0 .../groups/sync}/groupnamemapper.go | 2 +- .../groups/sync}/grouppruner.go | 2 +- .../groups/sync}/grouppruner_test.go | 2 +- .../groups/sync}/groupsyncer.go | 2 +- .../groups/sync}/groupsyncer_test.go | 2 +- .../groups/sync}/interfaces/errors.go | 0 .../groups/sync}/interfaces/interfaces.go | 0 .../groups/sync}/rfc2307/ldapinterface.go | 4 +- .../sync}/rfc2307/ldapinterface_test.go | 2 +- .../groups/sync}/usernamemapper.go | 2 +- pkg/cmd/admin/prune/prune.go | 2 + pkg/cmd/openshift/openshift.go | 8 +- test/cmd/help.sh | 7 + ... => valid_all_ldap_sync_delete_prune.yaml} | 0 test/extended/ldap_groups.sh | 56 ++-- 33 files changed, 666 insertions(+), 127 deletions(-) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/ad/augmented_ldapinterface.go (95%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/ad/augmented_ldapinterface_test.go (100%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/ad/ldapinterface.go (97%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/ad/ldapinterface_test.go (100%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/cli/ad.go (87%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/cli/augmented_ad.go (90%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/cli/interfaces.go (94%) rename pkg/cmd/{experimental/syncgroups/cli/prunegroups.go => admin/groups/sync/cli/prune.go} (85%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/cli/rfc2307.go (90%) rename pkg/cmd/{experimental/syncgroups/cli/syncgroups.go => admin/groups/sync/cli/sync.go} (87%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/groupdetector/groupdetector.go (97%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/groupdetector/groupdetector_test.go (99%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/grouplister.go (98%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/grouplister_test.go (100%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/groupnamemapper.go (97%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/grouppruner.go (97%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/grouppruner_test.go (98%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/groupsyncer.go (98%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/groupsyncer_test.go (99%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/interfaces/errors.go (100%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/interfaces/interfaces.go (100%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/rfc2307/ldapinterface.go (97%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/rfc2307/ldapinterface_test.go (99%) rename pkg/cmd/{experimental/syncgroups => admin/groups/sync}/usernamemapper.go (92%) rename test/extended/authentication/ldap/augmented-ad/{valid_all_ldap_sync_delete_prune.txt => valid_all_ldap_sync_delete_prune.yaml} (100%) diff --git a/contrib/completions/bash/oadm b/contrib/completions/bash/oadm index 16ca3f7fccda..ac35626e6049 100644 --- a/contrib/completions/bash/oadm +++ b/contrib/completions/bash/oadm @@ -1786,6 +1786,158 @@ _oadm_groups_remove-users() must_have_one_noun=() } +_oadm_groups_sync() +{ + last_command="oadm_groups_sync" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + flags+=("--output-version=") + flags+=("--show-all") + flags+=("-a") + flags+=("--sort-by=") + flags+=("--sync-config=") + flags+=("--template=") + two_word_flags+=("-t") + flags+=("--type=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + +_oadm_groups_prune() +{ + last_command="oadm_groups_prune" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--sync-config=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + _oadm_groups() { last_command="oadm_groups" @@ -1793,6 +1945,8 @@ _oadm_groups() commands+=("new") commands+=("add-users") commands+=("remove-users") + commands+=("sync") + commands+=("prune") flags=() two_word_flags=() @@ -2512,6 +2666,77 @@ _oadm_prune_images() must_have_one_noun=() } +_oadm_prune_prune() +{ + last_command="oadm_prune_prune" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--sync-config=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + _oadm_prune() { last_command="oadm_prune" @@ -2519,6 +2744,7 @@ _oadm_prune() commands+=("builds") commands+=("deployments") commands+=("images") + commands+=("prune") flags=() two_word_flags=() diff --git a/contrib/completions/bash/openshift b/contrib/completions/bash/openshift index 77aae69f9913..4b1546894c7c 100644 --- a/contrib/completions/bash/openshift +++ b/contrib/completions/bash/openshift @@ -2399,6 +2399,158 @@ _openshift_admin_groups_remove-users() must_have_one_noun=() } +_openshift_admin_groups_sync() +{ + last_command="openshift_admin_groups_sync" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + flags+=("--output-version=") + flags+=("--show-all") + flags+=("-a") + flags+=("--sort-by=") + flags+=("--sync-config=") + flags+=("--template=") + two_word_flags+=("-t") + flags+=("--type=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + +_openshift_admin_groups_prune() +{ + last_command="openshift_admin_groups_prune" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--sync-config=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + _openshift_admin_groups() { last_command="openshift_admin_groups" @@ -2406,6 +2558,8 @@ _openshift_admin_groups() commands+=("new") commands+=("add-users") commands+=("remove-users") + commands+=("sync") + commands+=("prune") flags=() two_word_flags=() @@ -3125,6 +3279,77 @@ _openshift_admin_prune_images() must_have_one_noun=() } +_openshift_admin_prune_prune() +{ + last_command="openshift_admin_prune_prune" + commands=() + + flags=() + two_word_flags=() + flags_with_completion=() + flags_completion=() + + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--sync-config=") + flags+=("--whitelist=") + flags+=("--alsologtostderr") + flags+=("--api-version=") + flags+=("--boot-id-file=") + flags+=("--certificate-authority=") + flags_with_completion+=("--certificate-authority") + flags_completion+=("_filedir") + flags+=("--client-certificate=") + flags_with_completion+=("--client-certificate") + flags_completion+=("_filedir") + flags+=("--client-key=") + flags_with_completion+=("--client-key") + flags_completion+=("_filedir") + flags+=("--cluster=") + flags+=("--config=") + flags_with_completion+=("--config") + flags_completion+=("_filedir") + flags+=("--container-hints=") + flags+=("--context=") + flags+=("--docker=") + flags+=("--docker-only") + flags+=("--docker-root=") + flags+=("--docker-run=") + flags+=("--enable-load-reader") + flags+=("--event-storage-age-limit=") + flags+=("--event-storage-event-limit=") + flags+=("--global-housekeeping-interval=") + flags+=("--google-json-key=") + flags+=("--housekeeping-interval=") + flags+=("--httptest.serve=") + flags+=("--insecure-skip-tls-verify") + flags+=("--ir-data-source=") + flags+=("--ir-dbname=") + flags+=("--ir-influxdb-host=") + flags+=("--ir-namespace-only") + flags+=("--ir-password=") + flags+=("--ir-percentile=") + flags+=("--ir-user=") + flags+=("--log-backtrace-at=") + flags+=("--log-cadvisor-usage") + flags+=("--log-dir=") + flags+=("--log-flush-frequency=") + flags+=("--logtostderr") + flags+=("--machine-id-file=") + flags+=("--match-server-version") + flags+=("--namespace=") + two_word_flags+=("-n") + flags+=("--server=") + flags+=("--stderrthreshold=") + flags+=("--token=") + flags+=("--user=") + flags+=("--v=") + flags+=("--vmodule=") + + must_have_one_flag=() + must_have_one_noun=() +} + _openshift_admin_prune() { last_command="openshift_admin_prune" @@ -3132,6 +3357,7 @@ _openshift_admin_prune() commands+=("builds") commands+=("deployments") commands+=("images") + commands+=("prune") flags=() two_word_flags=() @@ -13809,9 +14035,9 @@ _openshift_ex_diagnostics() must_have_one_noun=() } -_openshift_ex_sync-groups() +_openshift_ex_options() { - last_command="openshift_ex_sync-groups" + last_command="openshift_ex_options" commands=() flags=() @@ -13819,20 +14045,6 @@ _openshift_ex_sync-groups() flags_with_completion=() flags_completion=() - flags+=("--blacklist=") - flags+=("--confirm") - flags+=("--no-headers") - flags+=("--output=") - two_word_flags+=("-o") - flags+=("--output-version=") - flags+=("--show-all") - flags+=("-a") - flags+=("--sort-by=") - flags+=("--sync-config=") - flags+=("--template=") - two_word_flags+=("-t") - flags+=("--type=") - flags+=("--whitelist=") flags+=("--alsologtostderr") flags+=("--api-version=") flags+=("--boot-id-file=") @@ -13890,9 +14102,9 @@ _openshift_ex_sync-groups() must_have_one_noun=() } -_openshift_ex_prune-groups() +_openshift_ex_sync-groups() { - last_command="openshift_ex_prune-groups" + last_command="openshift_ex_sync-groups" commands=() flags=() @@ -13902,7 +14114,17 @@ _openshift_ex_prune-groups() flags+=("--blacklist=") flags+=("--confirm") + flags+=("--no-headers") + flags+=("--output=") + two_word_flags+=("-o") + flags+=("--output-version=") + flags+=("--show-all") + flags+=("-a") + flags+=("--sort-by=") flags+=("--sync-config=") + flags+=("--template=") + two_word_flags+=("-t") + flags+=("--type=") flags+=("--whitelist=") flags+=("--alsologtostderr") flags+=("--api-version=") @@ -13961,9 +14183,9 @@ _openshift_ex_prune-groups() must_have_one_noun=() } -_openshift_ex_options() +_openshift_ex_prune-groups() { - last_command="openshift_ex_options" + last_command="openshift_ex_prune-groups" commands=() flags=() @@ -13971,6 +14193,10 @@ _openshift_ex_options() flags_with_completion=() flags_completion=() + flags+=("--blacklist=") + flags+=("--confirm") + flags+=("--sync-config=") + flags+=("--whitelist=") flags+=("--alsologtostderr") flags+=("--api-version=") flags+=("--boot-id-file=") @@ -14037,9 +14263,9 @@ _openshift_ex() commands+=("ipfailover") commands+=("build-chain") commands+=("diagnostics") + commands+=("options") commands+=("sync-groups") commands+=("prune-groups") - commands+=("options") flags=() two_word_flags=() diff --git a/docs/generated/oadm_by_example_content.adoc b/docs/generated/oadm_by_example_content.adoc index 70cf9f40a0cc..a43bfbc573d5 100644 --- a/docs/generated/oadm_by_example_content.adoc +++ b/docs/generated/oadm_by_example_content.adoc @@ -136,6 +136,29 @@ Create a new group ==== +== oadm groups prune +Prune OpenShift groups referencing missing records on an external provider. + +==== + +[options="nowrap"] +---- + # Prune all orphaned groups + $ oadm groups prune --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups except the ones from the blacklist file + $ oadm groups prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups from a list of specific groups specified in a whitelist file + $ oadm groups prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups from a list of specific groups specified in a whitelist + $ oadm groups prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm + +---- +==== + + == oadm groups remove-users Remove users from a group @@ -149,6 +172,32 @@ Remove users from a group ==== +== oadm groups sync +Sync OpenShift groups with records from an external provider. + +==== + +[options="nowrap"] +---- + # Sync all groups from an LDAP server + $ oadm groups sync --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Sync all groups except the ones from the blacklist file from an LDAP server + $ oadm groups sync --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Sync specific groups specified in a whitelist file with an LDAP server + $ oadm groups sync --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm + + # Sync all OpenShift Groups that have been synced previously with an LDAP server + $ oadm groups sync --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Sync specific OpenShift Groups if they have been synced previously with an LDAP server + $ oadm groups sync groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm + +---- +==== + + == oadm ipfailover Install an IP failover group to a set of nodes @@ -297,6 +346,29 @@ Replace cluster SCCs to match the recommended bootstrap policy ==== +== oadm prune prune +Prune OpenShift groups referencing missing records on an external provider. + +==== + +[options="nowrap"] +---- + # Prune all orphaned groups + $ oadm prune prune --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups except the ones from the blacklist file + $ oadm prune prune --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups from a list of specific groups specified in a whitelist file + $ oadm prune prune --whitelist=/path/to/whitelist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm + + # Prune all orphaned groups from a list of specific groups specified in a whitelist + $ oadm prune prune groups/group_name groups/other_name --sync-config=/path/to/ldap-sync-config.yaml --confirm + +---- +==== + + == oadm registry Install the integrated Docker registry diff --git a/pkg/cmd/admin/groups/groups.go b/pkg/cmd/admin/groups/groups.go index 8c38e33ba645..68f4c26a9a4b 100644 --- a/pkg/cmd/admin/groups/groups.go +++ b/pkg/cmd/admin/groups/groups.go @@ -5,6 +5,7 @@ import ( "github.com/spf13/cobra" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/cli" cmdutil "github.com/openshift/origin/pkg/cmd/util" "github.com/openshift/origin/pkg/cmd/util/clientcmd" ) @@ -30,6 +31,8 @@ func NewCmdGroups(name, fullName string, f *clientcmd.Factory, out io.Writer) *c cmds.AddCommand(NewCmdNewGroup(NewGroupRecommendedName, fullName+" "+NewGroupRecommendedName, f, out)) cmds.AddCommand(NewCmdAddUsers(AddRecommendedName, fullName+" "+AddRecommendedName, f, out)) cmds.AddCommand(NewCmdRemoveUsers(RemoveRecommendedName, fullName+" "+RemoveRecommendedName, f, out)) + cmds.AddCommand(cli.NewCmdSync(cli.SyncRecommendedName, fullName+" "+cli.SyncRecommendedName, f, out)) + cmds.AddCommand(cli.NewCmdPrune(cli.PruneRecommendedName, fullName+" "+cli.PruneRecommendedName, f, out)) return cmds } diff --git a/pkg/cmd/experimental/syncgroups/ad/augmented_ldapinterface.go b/pkg/cmd/admin/groups/sync/ad/augmented_ldapinterface.go similarity index 95% rename from pkg/cmd/experimental/syncgroups/ad/augmented_ldapinterface.go rename to pkg/cmd/admin/groups/sync/ad/augmented_ldapinterface.go index 9d4b60460f8b..2270f948df40 100644 --- a/pkg/cmd/experimental/syncgroups/ad/augmented_ldapinterface.go +++ b/pkg/cmd/admin/groups/sync/ad/augmented_ldapinterface.go @@ -7,8 +7,8 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/groupdetector" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/groupdetector" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewLDAPInterface builds a new LDAPInterface using a schema-appropriate config diff --git a/pkg/cmd/experimental/syncgroups/ad/augmented_ldapinterface_test.go b/pkg/cmd/admin/groups/sync/ad/augmented_ldapinterface_test.go similarity index 100% rename from pkg/cmd/experimental/syncgroups/ad/augmented_ldapinterface_test.go rename to pkg/cmd/admin/groups/sync/ad/augmented_ldapinterface_test.go diff --git a/pkg/cmd/experimental/syncgroups/ad/ldapinterface.go b/pkg/cmd/admin/groups/sync/ad/ldapinterface.go similarity index 97% rename from pkg/cmd/experimental/syncgroups/ad/ldapinterface.go rename to pkg/cmd/admin/groups/sync/ad/ldapinterface.go index b7e9685d0b09..88a8212c3274 100644 --- a/pkg/cmd/experimental/syncgroups/ad/ldapinterface.go +++ b/pkg/cmd/admin/groups/sync/ad/ldapinterface.go @@ -9,8 +9,8 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/groupdetector" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/groupdetector" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewADLDAPInterface builds a new ADLDAPInterface using a schema-appropriate config diff --git a/pkg/cmd/experimental/syncgroups/ad/ldapinterface_test.go b/pkg/cmd/admin/groups/sync/ad/ldapinterface_test.go similarity index 100% rename from pkg/cmd/experimental/syncgroups/ad/ldapinterface_test.go rename to pkg/cmd/admin/groups/sync/ad/ldapinterface_test.go diff --git a/pkg/cmd/experimental/syncgroups/cli/ad.go b/pkg/cmd/admin/groups/sync/cli/ad.go similarity index 87% rename from pkg/cmd/experimental/syncgroups/cli/ad.go rename to pkg/cmd/admin/groups/sync/cli/ad.go index 7b4553bfae33..e8167ea2e072 100644 --- a/pkg/cmd/experimental/syncgroups/cli/ad.go +++ b/pkg/cmd/admin/groups/sync/cli/ad.go @@ -3,9 +3,9 @@ package cli import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/ad" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/ad" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" "github.com/openshift/origin/pkg/cmd/server/api" ) diff --git a/pkg/cmd/experimental/syncgroups/cli/augmented_ad.go b/pkg/cmd/admin/groups/sync/cli/augmented_ad.go similarity index 90% rename from pkg/cmd/experimental/syncgroups/cli/augmented_ad.go rename to pkg/cmd/admin/groups/sync/cli/augmented_ad.go index 5ef190a068ee..bc8c01f7d4a4 100644 --- a/pkg/cmd/experimental/syncgroups/cli/augmented_ad.go +++ b/pkg/cmd/admin/groups/sync/cli/augmented_ad.go @@ -3,9 +3,9 @@ package cli import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/ad" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/ad" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" "github.com/openshift/origin/pkg/cmd/server/api" ) diff --git a/pkg/cmd/experimental/syncgroups/cli/interfaces.go b/pkg/cmd/admin/groups/sync/cli/interfaces.go similarity index 94% rename from pkg/cmd/experimental/syncgroups/cli/interfaces.go rename to pkg/cmd/admin/groups/sync/cli/interfaces.go index 610f88d6a0b4..4f395cffac9b 100644 --- a/pkg/cmd/experimental/syncgroups/cli/interfaces.go +++ b/pkg/cmd/admin/groups/sync/cli/interfaces.go @@ -2,7 +2,7 @@ package cli import ( "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // SyncBuilder describes an object that can build all the schema-specific parts of an LDAPGroupSyncer diff --git a/pkg/cmd/experimental/syncgroups/cli/prunegroups.go b/pkg/cmd/admin/groups/sync/cli/prune.go similarity index 85% rename from pkg/cmd/experimental/syncgroups/cli/prunegroups.go rename to pkg/cmd/admin/groups/sync/cli/prune.go index e55323ce6ed6..d4408c8785df 100644 --- a/pkg/cmd/experimental/syncgroups/cli/prunegroups.go +++ b/pkg/cmd/admin/groups/sync/cli/prune.go @@ -14,16 +14,16 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" osclient "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync" "github.com/openshift/origin/pkg/cmd/server/api" "github.com/openshift/origin/pkg/cmd/server/api/validation" "github.com/openshift/origin/pkg/cmd/util/clientcmd" ) const ( - PruneGroupsRecommendedName = "prune-groups" + PruneRecommendedName = "prune" - pruneGroupsLong = ` + pruneLong = ` Prune OpenShift Groups referencing missing records on from an external provider. In order to prune OpenShift Group records using those from an external provider, determine which Groups you wish @@ -34,7 +34,7 @@ describe how data is requested from the external record store. Default behavior for which the external record does not exist, to run the pruning process and commit the results, use the --confirm flag. ` - pruneGroupsExamples = ` # Prune all orphaned groups + pruneExamples = ` # Prune all orphaned groups $ %[1]s --sync-config=/path/to/ldap-sync-config.yaml --confirm # Prune all orphaned groups except the ones from the blacklist file @@ -48,7 +48,7 @@ flag. ` ) -type PruneGroupsOptions struct { +type PruneOptions struct { // Config is the LDAP sync config read from file Config *api.LDAPSyncConfig @@ -71,15 +71,15 @@ type PruneGroupsOptions struct { Out io.Writer } -func NewPruneGroupsOptions() *PruneGroupsOptions { - return &PruneGroupsOptions{ +func NewPruneOptions() *PruneOptions { + return &PruneOptions{ Stderr: os.Stderr, Whitelist: []string{}, } } -func NewCmdPruneGroups(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command { - options := NewPruneGroupsOptions() +func NewCmdPrune(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command { + options := NewPruneOptions() options.Out = out whitelistFile := "" @@ -89,8 +89,8 @@ func NewCmdPruneGroups(name, fullName string, f *clientcmd.Factory, out io.Write cmd := &cobra.Command{ Use: fmt.Sprintf("%s [WHITELIST] [--whitelist=WHITELIST-FILE] [--blacklist=BLACKLIST-FILE] --sync-config=CONFIG-SOURCE", name), Short: "Prune OpenShift groups referencing missing records on an external provider.", - Long: pruneGroupsLong, - Example: fmt.Sprintf(pruneGroupsExamples, fullName), + Long: pruneLong, + Example: fmt.Sprintf(pruneExamples, fullName), Run: func(c *cobra.Command, args []string) { if err := options.Complete(whitelistFile, blacklistFile, configFile, args, f); err != nil { cmdutil.CheckErr(cmdutil.UsageError(c, err.Error())) @@ -123,7 +123,7 @@ func NewCmdPruneGroups(name, fullName string, f *clientcmd.Factory, out io.Write return cmd } -func (o *PruneGroupsOptions) Complete(whitelistFile, blacklistFile, configFile string, args []string, f *clientcmd.Factory) error { +func (o *PruneOptions) Complete(whitelistFile, blacklistFile, configFile string, args []string, f *clientcmd.Factory) error { var err error o.Whitelist, err = buildOpenShiftGroupNameList(args, whitelistFile) if err != nil { @@ -149,7 +149,7 @@ func (o *PruneGroupsOptions) Complete(whitelistFile, blacklistFile, configFile s return nil } -func (o *PruneGroupsOptions) Validate() error { +func (o *PruneOptions) Validate() error { results := validation.ValidateLDAPSyncConfig(o.Config) if o.GroupInterface == nil { results.Errors = append(results.Errors, fmt.Errorf("an OpenShift group client is required")) @@ -163,7 +163,7 @@ func (o *PruneGroupsOptions) Validate() error { // Run creates the GroupSyncer specified and runs it to sync groups // the arguments are only here because its the only way to get the printer we need -func (o *PruneGroupsOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error { +func (o *PruneOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error { clientConfig, err := ldaputil.NewLDAPClientConfig(o.Config.URL, o.Config.BindDN, o.Config.BindPassword, o.Config.CA, o.Config.Insecure) if err != nil { return fmt.Errorf("could not determine LDAP client configuration: %v", err) @@ -215,20 +215,20 @@ func buildPruneBuilder(clientConfig ldapclient.Config, pruneConfig *api.LDAPSync } } -// The following getters ensure that PruneGroupsOptions satisfies the name restriction interfaces +// The following getters ensure that PruneOptions satisfies the name restriction interfaces -func (o *PruneGroupsOptions) GetWhitelist() []string { +func (o *PruneOptions) GetWhitelist() []string { return o.Whitelist } -func (o *PruneGroupsOptions) GetBlacklist() []string { +func (o *PruneOptions) GetBlacklist() []string { return o.Blacklist } -func (o *PruneGroupsOptions) GetClient() osclient.GroupInterface { +func (o *PruneOptions) GetClient() osclient.GroupInterface { return o.GroupInterface } -func (o *PruneGroupsOptions) GetGroupNameMappings() map[string]string { +func (o *PruneOptions) GetGroupNameMappings() map[string]string { return o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping } diff --git a/pkg/cmd/experimental/syncgroups/cli/rfc2307.go b/pkg/cmd/admin/groups/sync/cli/rfc2307.go similarity index 90% rename from pkg/cmd/experimental/syncgroups/cli/rfc2307.go rename to pkg/cmd/admin/groups/sync/cli/rfc2307.go index 6ced83401db3..45fea28d54b2 100644 --- a/pkg/cmd/experimental/syncgroups/cli/rfc2307.go +++ b/pkg/cmd/admin/groups/sync/cli/rfc2307.go @@ -3,9 +3,9 @@ package cli import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/rfc2307" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/rfc2307" "github.com/openshift/origin/pkg/cmd/server/api" ) diff --git a/pkg/cmd/experimental/syncgroups/cli/syncgroups.go b/pkg/cmd/admin/groups/sync/cli/sync.go similarity index 87% rename from pkg/cmd/experimental/syncgroups/cli/syncgroups.go rename to pkg/cmd/admin/groups/sync/cli/sync.go index 57d12523b53a..8cbe1fdd2625 100644 --- a/pkg/cmd/experimental/syncgroups/cli/syncgroups.go +++ b/pkg/cmd/admin/groups/sync/cli/sync.go @@ -20,40 +20,41 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" osclient "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" "github.com/openshift/origin/pkg/cmd/server/api" "github.com/openshift/origin/pkg/cmd/server/api/validation" "github.com/openshift/origin/pkg/cmd/util/clientcmd" ) const ( - SyncGroupsRecommendedName = "sync-groups" + SyncRecommendedName = "sync" - syncGroupsLong = ` + syncLong = ` Sync OpenShift Groups with records from an external provider. In order to sync OpenShift Group records with those from an external provider, determine which Groups you wish to sync and where their records live. For instance, all or some groups may be selected from the current Groups stored in OpenShift that have been synced previously, or similarly all or some groups may be selected from those stored on an LDAP server. The path to a sync configuration file is required in order to describe how data is -requested from the external record store and migrated to OpenShift records. Default behavior is to sync all -groups from the LDAP server returned by the LDAP query templates. +requested from the external record store and migrated to OpenShift records. Default behavior is to do a dry-run +without changing OpenShift records. Passing '--confirm' will sync all groups from the LDAP server returned by the +LDAP query templates. ` - syncGroupsExamples = ` # Sync all groups from an LDAP server - $ %[1]s --sync-config=/path/to/ldap-sync-config.yaml + syncExamples = ` # Sync all groups from an LDAP server + $ %[1]s --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync all groups except the ones from the blacklist file from an LDAP server - $ %[1]s --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml + $ %[1]s --blacklist=/path/to/blacklist.txt --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync specific groups specified in a whitelist file with an LDAP server - $ %[1]s --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml + $ %[1]s --whitelist=/path/to/whitelist.txt --sync-config=/path/to/sync-config.yaml --confirm # Sync all OpenShift Groups that have been synced previously with an LDAP server - $ %[1]s --existing --sync-config=/path/to/ldap-sync-config.yaml + $ %[1]s --type=openshift --sync-config=/path/to/ldap-sync-config.yaml --confirm # Sync specific OpenShift Groups if they have been synced previously with an LDAP server - $ %[1]s groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml + $ %[1]s groups/group1 groups/group2 groups/group3 --sync-config=/path/to/sync-config.yaml --confirm ` ) @@ -74,7 +75,7 @@ func ValidateSource(source GroupSyncSource) bool { return knownSources.Has(string(source)) } -type SyncGroupsOptions struct { +type SyncOptions struct { // Source determines the source of the list of groups to sync Source GroupSyncSource @@ -100,15 +101,15 @@ type SyncGroupsOptions struct { Out io.Writer } -func NewSyncGroupsOptions() *SyncGroupsOptions { - return &SyncGroupsOptions{ +func NewSyncOptions() *SyncOptions { + return &SyncOptions{ Stderr: os.Stderr, Whitelist: []string{}, } } -func NewCmdSyncGroups(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command { - options := NewSyncGroupsOptions() +func NewCmdSync(name, fullName string, f *clientcmd.Factory, out io.Writer) *cobra.Command { + options := NewSyncOptions() options.Out = out typeArg := string(GroupSyncSourceLDAP) @@ -117,10 +118,10 @@ func NewCmdSyncGroups(name, fullName string, f *clientcmd.Factory, out io.Writer configFile := "" cmd := &cobra.Command{ - Use: fmt.Sprintf("%s [SOURCE SCOPE WHITELIST --whitelist=WHITELIST-FILE] --sync-config=CONFIG-SOURCE", name), + Use: fmt.Sprintf("%s [--type=TYPE] [WHITELIST] [--whitelist=WHITELIST-FILE] --sync-config=CONFIG-FILE [--confirm]", name), Short: "Sync OpenShift groups with records from an external provider.", - Long: syncGroupsLong, - Example: fmt.Sprintf(syncGroupsExamples, fullName), + Long: syncLong, + Example: fmt.Sprintf(syncExamples, fullName), Run: func(c *cobra.Command, args []string) { if err := options.Complete(typeArg, whitelistFile, blacklistFile, configFile, args, f); err != nil { cmdutil.CheckErr(cmdutil.UsageError(c, err.Error())) @@ -148,8 +149,8 @@ func NewCmdSyncGroups(name, fullName string, f *clientcmd.Factory, out io.Writer // TODO: enable this once we're able to support string slice elements that have commas // cmd.Flags().StringSliceVar(&options.Blacklist, "blacklist-group", options.Blacklist, "group to blacklist") cmd.Flags().StringVar(&configFile, "sync-config", configFile, "path to the sync config") - cmd.Flags().StringVar(&typeArg, "type", typeArg, "type of group used to locate LDAP group UIDs: "+strings.Join(AllowedSourceTypes, ",")) - cmd.Flags().BoolVar(&options.Confirm, "confirm", false, "if true, modify OpenShift groups; if false, display groups") + cmd.Flags().StringVar(&typeArg, "type", typeArg, "which groups white- and blacklist entries refer to: "+strings.Join(AllowedSourceTypes, ",")) + cmd.Flags().BoolVar(&options.Confirm, "confirm", false, "if true, modify OpenShift groups; if false, display results of a dry-run") cmdutil.AddPrinterFlags(cmd) cmd.Flags().Lookup("output").DefValue = "yaml" cmd.Flags().Lookup("output").Value.Set("yaml") @@ -157,7 +158,7 @@ func NewCmdSyncGroups(name, fullName string, f *clientcmd.Factory, out io.Writer return cmd } -func (o *SyncGroupsOptions) Complete(typeArg, whitelistFile, blacklistFile, configFile string, args []string, f *clientcmd.Factory) error { +func (o *SyncOptions) Complete(typeArg, whitelistFile, blacklistFile, configFile string, args []string, f *clientcmd.Factory) error { switch typeArg { case string(GroupSyncSourceLDAP): o.Source = GroupSyncSourceLDAP @@ -292,7 +293,7 @@ func readLines(path string) ([]string, error) { return trimmedLines, nil } -func (o *SyncGroupsOptions) Validate() error { +func (o *SyncOptions) Validate() error { if !ValidateSource(o.Source) { return fmt.Errorf("sync source must be one of the following: %v", strings.Join(AllowedSourceTypes, ",")) } @@ -310,7 +311,7 @@ func (o *SyncGroupsOptions) Validate() error { // Run creates the GroupSyncer specified and runs it to sync groups // the arguments are only here because its the only way to get the printer we need -func (o *SyncGroupsOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error { +func (o *SyncOptions) Run(cmd *cobra.Command, f *clientcmd.Factory) error { clientConfig, err := ldaputil.NewLDAPClientConfig(o.Config.URL, o.Config.BindDN, o.Config.BindPassword, o.Config.CA, o.Config.Insecure) if err != nil { return fmt.Errorf("could not determine LDAP client configuration: %v", err) @@ -441,20 +442,20 @@ func getGroupNameMapper(syncBuilder SyncBuilder, info MappedNameRestrictions) (i return syncNameMapper, nil } -// The following getters ensure that SyncGroupsOptions satisfies the name restriction interfaces +// The following getters ensure that SyncOptions satisfies the name restriction interfaces -func (o *SyncGroupsOptions) GetWhitelist() []string { +func (o *SyncOptions) GetWhitelist() []string { return o.Whitelist } -func (o *SyncGroupsOptions) GetBlacklist() []string { +func (o *SyncOptions) GetBlacklist() []string { return o.Blacklist } -func (o *SyncGroupsOptions) GetClient() osclient.GroupInterface { +func (o *SyncOptions) GetClient() osclient.GroupInterface { return o.GroupInterface } -func (o *SyncGroupsOptions) GetGroupNameMappings() map[string]string { +func (o *SyncOptions) GetGroupNameMappings() map[string]string { return o.Config.LDAPGroupUIDToOpenShiftGroupNameMapping } diff --git a/pkg/cmd/experimental/syncgroups/groupdetector/groupdetector.go b/pkg/cmd/admin/groups/sync/groupdetector/groupdetector.go similarity index 97% rename from pkg/cmd/experimental/syncgroups/groupdetector/groupdetector.go rename to pkg/cmd/admin/groups/sync/groupdetector/groupdetector.go index 850e86ec9c3c..e58f27c5e13b 100644 --- a/pkg/cmd/experimental/syncgroups/groupdetector/groupdetector.go +++ b/pkg/cmd/admin/groups/sync/groupdetector/groupdetector.go @@ -2,7 +2,7 @@ package groupdetector import ( "github.com/openshift/origin/pkg/auth/ldaputil" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewGroupBasedDetector returns an LDAPGroupDetector that determines group existence based on diff --git a/pkg/cmd/experimental/syncgroups/groupdetector/groupdetector_test.go b/pkg/cmd/admin/groups/sync/groupdetector/groupdetector_test.go similarity index 99% rename from pkg/cmd/experimental/syncgroups/groupdetector/groupdetector_test.go rename to pkg/cmd/admin/groups/sync/groupdetector/groupdetector_test.go index 930008d34318..3c7f912875f1 100644 --- a/pkg/cmd/experimental/syncgroups/groupdetector/groupdetector_test.go +++ b/pkg/cmd/admin/groups/sync/groupdetector/groupdetector_test.go @@ -8,7 +8,7 @@ import ( "gopkg.in/ldap.v2" "github.com/openshift/origin/pkg/auth/ldaputil" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) func TestGroupBasedDetectorExists(t *testing.T) { diff --git a/pkg/cmd/experimental/syncgroups/grouplister.go b/pkg/cmd/admin/groups/sync/grouplister.go similarity index 98% rename from pkg/cmd/experimental/syncgroups/grouplister.go rename to pkg/cmd/admin/groups/sync/grouplister.go index c285d01ee59d..7a4495e73818 100644 --- a/pkg/cmd/experimental/syncgroups/grouplister.go +++ b/pkg/cmd/admin/groups/sync/grouplister.go @@ -10,7 +10,7 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" osclient "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ouserapi "github.com/openshift/origin/pkg/user/api" ) diff --git a/pkg/cmd/experimental/syncgroups/grouplister_test.go b/pkg/cmd/admin/groups/sync/grouplister_test.go similarity index 100% rename from pkg/cmd/experimental/syncgroups/grouplister_test.go rename to pkg/cmd/admin/groups/sync/grouplister_test.go diff --git a/pkg/cmd/experimental/syncgroups/groupnamemapper.go b/pkg/cmd/admin/groups/sync/groupnamemapper.go similarity index 97% rename from pkg/cmd/experimental/syncgroups/groupnamemapper.go rename to pkg/cmd/admin/groups/sync/groupnamemapper.go index ab005de94c64..ea7572e45555 100644 --- a/pkg/cmd/experimental/syncgroups/groupnamemapper.go +++ b/pkg/cmd/admin/groups/sync/groupnamemapper.go @@ -7,7 +7,7 @@ import ( kutilerrors "k8s.io/kubernetes/pkg/util/errors" "github.com/openshift/origin/pkg/auth/ldaputil" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewUserDefinedGroupNameMapper returns a new UserDefinedLDAPGroupNameMapper which maps a ldapGroupUID diff --git a/pkg/cmd/experimental/syncgroups/grouppruner.go b/pkg/cmd/admin/groups/sync/grouppruner.go similarity index 97% rename from pkg/cmd/experimental/syncgroups/grouppruner.go rename to pkg/cmd/admin/groups/sync/grouppruner.go index 3fedc1de8a9e..cf295638d266 100644 --- a/pkg/cmd/experimental/syncgroups/grouppruner.go +++ b/pkg/cmd/admin/groups/sync/grouppruner.go @@ -7,7 +7,7 @@ import ( "github.com/golang/glog" "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // GroupPruner runs a prune job on Groups diff --git a/pkg/cmd/experimental/syncgroups/grouppruner_test.go b/pkg/cmd/admin/groups/sync/grouppruner_test.go similarity index 98% rename from pkg/cmd/experimental/syncgroups/grouppruner_test.go rename to pkg/cmd/admin/groups/sync/grouppruner_test.go index a2e9c221930a..77fb06f89650 100644 --- a/pkg/cmd/experimental/syncgroups/grouppruner_test.go +++ b/pkg/cmd/admin/groups/sync/grouppruner_test.go @@ -11,7 +11,7 @@ import ( "k8s.io/kubernetes/pkg/util/sets" "github.com/openshift/origin/pkg/client/testclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) func TestGoodPrune(t *testing.T) { diff --git a/pkg/cmd/experimental/syncgroups/groupsyncer.go b/pkg/cmd/admin/groups/sync/groupsyncer.go similarity index 98% rename from pkg/cmd/experimental/syncgroups/groupsyncer.go rename to pkg/cmd/admin/groups/sync/groupsyncer.go index 6487f9108505..3a6a03d837e4 100644 --- a/pkg/cmd/experimental/syncgroups/groupsyncer.go +++ b/pkg/cmd/admin/groups/sync/groupsyncer.go @@ -13,7 +13,7 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/client" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" userapi "github.com/openshift/origin/pkg/user/api" ) diff --git a/pkg/cmd/experimental/syncgroups/groupsyncer_test.go b/pkg/cmd/admin/groups/sync/groupsyncer_test.go similarity index 99% rename from pkg/cmd/experimental/syncgroups/groupsyncer_test.go rename to pkg/cmd/admin/groups/sync/groupsyncer_test.go index 7e954dc1b3f6..0468e6e057a7 100644 --- a/pkg/cmd/experimental/syncgroups/groupsyncer_test.go +++ b/pkg/cmd/admin/groups/sync/groupsyncer_test.go @@ -15,7 +15,7 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/client/testclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" userapi "github.com/openshift/origin/pkg/user/api" ) diff --git a/pkg/cmd/experimental/syncgroups/interfaces/errors.go b/pkg/cmd/admin/groups/sync/interfaces/errors.go similarity index 100% rename from pkg/cmd/experimental/syncgroups/interfaces/errors.go rename to pkg/cmd/admin/groups/sync/interfaces/errors.go diff --git a/pkg/cmd/experimental/syncgroups/interfaces/interfaces.go b/pkg/cmd/admin/groups/sync/interfaces/interfaces.go similarity index 100% rename from pkg/cmd/experimental/syncgroups/interfaces/interfaces.go rename to pkg/cmd/admin/groups/sync/interfaces/interfaces.go diff --git a/pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface.go b/pkg/cmd/admin/groups/sync/rfc2307/ldapinterface.go similarity index 97% rename from pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface.go rename to pkg/cmd/admin/groups/sync/rfc2307/ldapinterface.go index a425d8b3feb5..2bd413f253dc 100644 --- a/pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface.go +++ b/pkg/cmd/admin/groups/sync/rfc2307/ldapinterface.go @@ -9,8 +9,8 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/ldapclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/groupdetector" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/groupdetector" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewLDAPInterface builds a new LDAPInterface using a schema-appropriate config diff --git a/pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface_test.go b/pkg/cmd/admin/groups/sync/rfc2307/ldapinterface_test.go similarity index 99% rename from pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface_test.go rename to pkg/cmd/admin/groups/sync/rfc2307/ldapinterface_test.go index 060eed75e09a..dc2a0a3ca510 100644 --- a/pkg/cmd/experimental/syncgroups/rfc2307/ldapinterface_test.go +++ b/pkg/cmd/admin/groups/sync/rfc2307/ldapinterface_test.go @@ -10,7 +10,7 @@ import ( "github.com/openshift/origin/pkg/auth/ldaputil" "github.com/openshift/origin/pkg/auth/ldaputil/testclient" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) func newTestLDAPInterface(client ldap.Client) *LDAPInterface { diff --git a/pkg/cmd/experimental/syncgroups/usernamemapper.go b/pkg/cmd/admin/groups/sync/usernamemapper.go similarity index 92% rename from pkg/cmd/experimental/syncgroups/usernamemapper.go rename to pkg/cmd/admin/groups/sync/usernamemapper.go index ac930c241c57..1cafc7c7db9d 100644 --- a/pkg/cmd/experimental/syncgroups/usernamemapper.go +++ b/pkg/cmd/admin/groups/sync/usernamemapper.go @@ -6,7 +6,7 @@ import ( "gopkg.in/ldap.v2" "github.com/openshift/origin/pkg/auth/ldaputil" - "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/interfaces" + "github.com/openshift/origin/pkg/cmd/admin/groups/sync/interfaces" ) // NewUserNameMapper returns a new DefaultLDAPGroupUserNameMapper diff --git a/pkg/cmd/admin/prune/prune.go b/pkg/cmd/admin/prune/prune.go index 47a0a433ff70..444b2920867f 100644 --- a/pkg/cmd/admin/prune/prune.go +++ b/pkg/cmd/admin/prune/prune.go @@ -5,6 +5,7 @@ import ( "github.com/spf13/cobra" + groups "github.com/openshift/origin/pkg/cmd/admin/groups/sync/cli" cmdutil "github.com/openshift/origin/pkg/cmd/util" "github.com/openshift/origin/pkg/cmd/util/clientcmd" ) @@ -28,5 +29,6 @@ func NewCommandPrune(name, fullName string, f *clientcmd.Factory, out io.Writer) cmds.AddCommand(NewCmdPruneBuilds(f, fullName, PruneBuildsRecommendedName, out)) cmds.AddCommand(NewCmdPruneDeployments(f, fullName, PruneDeploymentsRecommendedName, out)) cmds.AddCommand(NewCmdPruneImages(f, fullName, PruneImagesRecommendedName, out)) + cmds.AddCommand(groups.NewCmdPrune(groups.PruneRecommendedName, fullName+" "+groups.PruneRecommendedName, f, out)) return cmds } diff --git a/pkg/cmd/openshift/openshift.go b/pkg/cmd/openshift/openshift.go index ec3fb4ab9b37..f48e1a40671d 100644 --- a/pkg/cmd/openshift/openshift.go +++ b/pkg/cmd/openshift/openshift.go @@ -9,13 +9,13 @@ import ( "github.com/spf13/cobra" "github.com/openshift/origin/pkg/cmd/admin" + sync "github.com/openshift/origin/pkg/cmd/admin/groups/sync/cli" "github.com/openshift/origin/pkg/cmd/admin/validate" "github.com/openshift/origin/pkg/cmd/cli" "github.com/openshift/origin/pkg/cmd/cli/cmd" "github.com/openshift/origin/pkg/cmd/experimental/buildchain" diagnostics "github.com/openshift/origin/pkg/cmd/experimental/diagnostics" exipfailover "github.com/openshift/origin/pkg/cmd/experimental/ipfailover" - syncgroups "github.com/openshift/origin/pkg/cmd/experimental/syncgroups/cli" "github.com/openshift/origin/pkg/cmd/experimental/tokens" "github.com/openshift/origin/pkg/cmd/flagtypes" "github.com/openshift/origin/pkg/cmd/infra/builder" @@ -156,8 +156,10 @@ func newExperimentalCommand(name, fullName string) *cobra.Command { experimental.AddCommand(exipfailover.NewCmdIPFailoverConfig(f, fullName, "ipfailover", out)) experimental.AddCommand(buildchain.NewCmdBuildChain(name, fullName+" "+buildchain.BuildChainRecommendedCommandName, f, out)) experimental.AddCommand(diagnostics.NewCommandDiagnostics("diagnostics", fullName+" diagnostics", out)) - experimental.AddCommand(syncgroups.NewCmdSyncGroups(syncgroups.SyncGroupsRecommendedName, fullName+" "+syncgroups.SyncGroupsRecommendedName, f, out)) - experimental.AddCommand(syncgroups.NewCmdPruneGroups(syncgroups.PruneGroupsRecommendedName, fullName+" "+syncgroups.PruneGroupsRecommendedName, f, out)) experimental.AddCommand(cmd.NewCmdOptions(out)) + + // these groups also live under `oadm groups {sync,prune}` and are here only for backwards compatibility + experimental.AddCommand(sync.NewCmdSync("sync-groups", fullName+" "+"sync-groups", f, out)) + experimental.AddCommand(sync.NewCmdPrune("prune-groups", fullName+" "+"prune-groups", f, out)) return experimental } diff --git a/test/cmd/help.sh b/test/cmd/help.sh index ea80e468bc71..ece0d45bac1c 100755 --- a/test/cmd/help.sh +++ b/test/cmd/help.sh @@ -124,3 +124,10 @@ os::cmd::expect_failure 'openshift admin TYPO' os::cmd::expect_failure 'openshift cli TYPO' os::cmd::expect_failure 'oc policy TYPO' os::cmd::expect_failure 'oc secrets TYPO' + +# make sure that LDAP group sync and prune exist under both parents +os::cmd::expect_success_and_text 'openshift ex sync-groups --help' 'external provider' +os::cmd::expect_success_and_text 'openshift ex prune-groups --help' 'external provider' +os::cmd::expect_success_and_text 'openshift admin groups sync --help' 'external provider' +os::cmd::expect_success_and_text 'openshift admin groups prune --help' 'external provider' +os::cmd::expect_success_and_text 'openshift admin prune groups --help' 'external provider' \ No newline at end of file diff --git a/test/extended/authentication/ldap/augmented-ad/valid_all_ldap_sync_delete_prune.txt b/test/extended/authentication/ldap/augmented-ad/valid_all_ldap_sync_delete_prune.yaml similarity index 100% rename from test/extended/authentication/ldap/augmented-ad/valid_all_ldap_sync_delete_prune.txt rename to test/extended/authentication/ldap/augmented-ad/valid_all_ldap_sync_delete_prune.yaml diff --git a/test/extended/ldap_groups.sh b/test/extended/ldap_groups.sh index d7c0e2868749..0004fdba923c 100755 --- a/test/extended/ldap_groups.sh +++ b/test/extended/ldap_groups.sh @@ -143,99 +143,99 @@ for (( i=0; i<${#schema[@]}; i++ )); do done echo -e "\tTEST: Sync all LDAP groups from LDAP server" - openshift ex sync-groups --sync-config=sync-config.yaml --confirm + oadm groups sync --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_ldap_sync.yaml # WHITELISTS echo -e "\tTEST: Sync subset of LDAP groups from LDAP server using whitelist file" - openshift ex sync-groups --whitelist=whitelist_ldap.txt --sync-config=sync-config.yaml --confirm + oadm groups sync --whitelist=whitelist_ldap.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_sync.yaml echo -e "\tTEST: Sync subset of LDAP groups from LDAP server using literal whitelist" - openshift ex sync-groups ${group1_ldapuid} --sync-config=sync-config.yaml --confirm + oadm groups sync ${group1_ldapuid} --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_sync.yaml echo -e "\tTEST: Sync subset of LDAP groups from LDAP server using union of literal whitelist and whitelist file" - openshift ex sync-groups ${group2_ldapuid} --whitelist=whitelist_ldap.txt --sync-config=sync-config.yaml --confirm + oadm groups sync ${group2_ldapuid} --whitelist=whitelist_ldap.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_union_sync.yaml echo -e "\tTEST: Sync subset of OpenShift groups from LDAP server using whitelist file" - openshift ex sync-groups ${group1_ldapuid} --sync-config=sync-config.yaml --confirm + oadm groups sync ${group1_ldapuid} --sync-config=sync-config.yaml --confirm oc patch group ${group1_osuid} -p 'users: []' - openshift ex sync-groups --type=openshift --whitelist=whitelist_openshift.txt --sync-config=sync-config.yaml --confirm + oadm groups sync --type=openshift --whitelist=whitelist_openshift.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_sync.yaml echo -e "\tTEST: Sync subset of OpenShift groups from LDAP server using literal whitelist" # sync group from LDAP - openshift ex sync-groups ${group1_ldapuid} --sync-config=sync-config.yaml --confirm + oadm groups sync ${group1_ldapuid} --sync-config=sync-config.yaml --confirm oc patch group ${group1_osuid} -p 'users: []' - openshift ex sync-groups --type=openshift ${group1_osuid} --sync-config=sync-config.yaml --confirm + oadm groups sync --type=openshift ${group1_osuid} --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_sync.yaml echo -e "\tTEST: Sync subset of OpenShift groups from LDAP server using union of literal whitelist and whitelist file" # sync groups from LDAP - openshift ex sync-groups ${group1_ldapuid} ${group2_ldapuid} --sync-config=sync-config.yaml --confirm + oadm groups sync ${group1_ldapuid} ${group2_ldapuid} --sync-config=sync-config.yaml --confirm oc patch group ${group1_osuid} -p 'users: []' oc patch group ${group2_osuid} -p 'users: []' - openshift ex sync-groups --type=openshift group/${group2_osuid} --whitelist=whitelist_openshift.txt --sync-config=sync-config.yaml --confirm + oadm groups sync --type=openshift group/${group2_osuid} --whitelist=whitelist_openshift.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_whitelist_union_sync.yaml # BLACKLISTS echo -e "\tTEST: Sync subset of LDAP groups from LDAP server using whitelist and blacklist file" - # openshift ex sync-groups --whitelist=ldapgroupuids.txt --blacklist=blacklist_ldap.txt --blacklist-group="${group1_ldapuid}" --sync-config=sync-config.yaml --confirm - openshift ex sync-groups --whitelist=ldapgroupuids.txt --blacklist=blacklist_ldap.txt --sync-config=sync-config.yaml --confirm + # oadm groups sync --whitelist=ldapgroupuids.txt --blacklist=blacklist_ldap.txt --blacklist-group="${group1_ldapuid}" --sync-config=sync-config.yaml --confirm + oadm groups sync --whitelist=ldapgroupuids.txt --blacklist=blacklist_ldap.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_blacklist_sync.yaml echo -e "\tTEST: Sync subset of LDAP groups from LDAP server using blacklist" - # openshift ex sync-groups --blacklist=blacklist_ldap.txt --blacklist-group=${group1_ldapuid} --sync-config=sync-config.yaml --confirm - openshift ex sync-groups --blacklist=blacklist_ldap.txt --sync-config=sync-config.yaml --confirm + # oadm groups sync --blacklist=blacklist_ldap.txt --blacklist-group=${group1_ldapuid} --sync-config=sync-config.yaml --confirm + oadm groups sync --blacklist=blacklist_ldap.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_blacklist_sync.yaml echo -e "\tTEST: Sync subset of OpenShift groups from LDAP server using whitelist and blacklist file" - openshift ex sync-groups --sync-config=sync-config.yaml --confirm + oadm groups sync --sync-config=sync-config.yaml --confirm oc get group -o name --no-headers | xargs -n 1 oc patch -p 'users: []' - # openshift ex sync-groups --type=openshift --whitelist=osgroupuids.txt --blacklist=blacklist_openshift.txt --blacklist-group=${group1_osuid} --sync-config=sync-config.yaml --confirm - openshift ex sync-groups --type=openshift --whitelist=osgroupuids.txt --blacklist=blacklist_openshift.txt --sync-config=sync-config.yaml --confirm + # oadm groups sync --type=openshift --whitelist=osgroupuids.txt --blacklist=blacklist_openshift.txt --blacklist-group=${group1_osuid} --sync-config=sync-config.yaml --confirm + oadm groups sync --type=openshift --whitelist=osgroupuids.txt --blacklist=blacklist_openshift.txt --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_openshift_blacklist_sync.yaml # MAPPINGS echo -e "\tTEST: Sync all LDAP groups from LDAP server using a user-defined mapping" - openshift ex sync-groups --sync-config=sync-config-user-defined.yaml --confirm + oadm groups sync --sync-config=sync-config-user-defined.yaml --confirm compare_and_cleanup valid_all_ldap_sync_user_defined.yaml echo -e "\tTEST: Sync all LDAP groups from LDAP server using a partially user-defined mapping" - openshift ex sync-groups --sync-config=sync-config-partially-user-defined.yaml --confirm + oadm groups sync --sync-config=sync-config-partially-user-defined.yaml --confirm compare_and_cleanup valid_all_ldap_sync_partially_user_defined.yaml echo -e "\tTEST: Sync based on OpenShift groups respecting OpenShift mappings" - openshift ex sync-groups --sync-config=sync-config-user-defined.yaml --confirm + oadm groups sync --sync-config=sync-config-user-defined.yaml --confirm oc get group -o name --no-headers | xargs -n 1 oc patch -p 'users: []' - openshift ex sync-groups --type=openshift --sync-config=sync-config.yaml --confirm + oadm groups sync --type=openshift --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_ldap_sync_user_defined.yaml echo -e "\tTEST: Sync all LDAP groups from LDAP server using DN as attribute whenever possible" - openshift ex sync-groups --sync-config=sync-config-dn-everywhere.yaml --confirm + oadm groups sync --sync-config=sync-config-dn-everywhere.yaml --confirm compare_and_cleanup valid_all_ldap_sync_dn_everywhere.yaml # PRUNING echo -e "\tTEST: Sync all LDAP groups from LDAP server, change LDAP UID, then prune OpenShift groups" - openshift ex sync-groups --sync-config=sync-config.yaml --confirm + oadm groups sync --sync-config=sync-config.yaml --confirm oc patch group ${group2_osuid} -p "{\"metadata\":{\"annotations\":{\"openshift.io/ldap.uid\":\"cn=garbage,${group2_ldapuid}\"}}}" - openshift ex prune-groups --sync-config=sync-config.yaml --confirm + oadm groups prune --sync-config=sync-config.yaml --confirm compare_and_cleanup valid_all_ldap_sync_prune.yaml popd > /dev/null done -# special test for ad-extended +# special test for augmented-ad pushd ${BASETMPDIR}/augmented-ad > /dev/null echo -e "\tTEST: Sync all LDAP groups from LDAP server, remove LDAP group metadata entry, then prune OpenShift groups" -openshift ex sync-groups --sync-config=sync-config.yaml --confirm +oadm groups sync --sync-config=sync-config.yaml --confirm ldapdelete -x -h $LDAP_SERVICE_IP -p 389 -D cn=Manager,dc=example,dc=com -w admin "${group1_ldapuid}" -openshift ex prune-groups --sync-config=sync-config.yaml --confirm -compare_and_cleanup valid_all_ldap_sync_delete_prune.txt +oadm groups prune --sync-config=sync-config.yaml --confirm +compare_and_cleanup valid_all_ldap_sync_delete_prune.yaml popd > /dev/null \ No newline at end of file