207 lines
9.1 KiB
Go
207 lines
9.1 KiB
Go
package mongodbatlas
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
)
|
|
|
|
const (
|
|
ldapConfigurationPath = "groups/%s/userSecurity"
|
|
ldapConfigurationPathuserToDNMapping = ldapConfigurationPath + "/ldap/userToDNMapping"
|
|
ldapVerifyConfigurationPath = ldapConfigurationPath + "/ldap/verify"
|
|
)
|
|
|
|
// LDAPConfigurationsService is an interface of the LDAP Configuration
|
|
// endpoints of the MongoDB Atlas API.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration/
|
|
type LDAPConfigurationsService interface {
|
|
Verify(context.Context, string, *LDAP) (*LDAPConfiguration, *Response, error)
|
|
Get(context.Context, string) (*LDAPConfiguration, *Response, error)
|
|
GetStatus(context.Context, string, string) (*LDAPConfiguration, *Response, error)
|
|
Save(context.Context, string, *LDAPConfiguration) (*LDAPConfiguration, *Response, error)
|
|
Delete(context.Context, string) (*LDAPConfiguration, *Response, error)
|
|
}
|
|
|
|
// LDAPConfigurationsServiceOp handles communication with the LDAP Configuration related methods of the MongoDB Atlas API
|
|
type LDAPConfigurationsServiceOp service
|
|
|
|
var _ LDAPConfigurationsService = &LDAPConfigurationsServiceOp{}
|
|
|
|
// LDAPConfiguration represents MongoDB LDAP Configuration.
|
|
type LDAPConfiguration struct {
|
|
RequestID string `json:"requestId,omitempty"` // Identifier for the Atlas project associated with the request to verify an LDAP over TLS/SSL configuration.
|
|
GroupID string `json:"groupId,omitempty"` // Unique identifier of the project that owns this alert configuration.
|
|
Request *LDAPRequest `json:"request,omitempty"` // Contains the details of the request to verify an LDAP over TLS/SSL configuration.
|
|
Status string `json:"status,omitempty"` // The current status of the LDAP over TLS/SSL configuration.
|
|
Validations []*LDAPValidation `json:"validations,omitempty"` // Array of validation messages related to the verification of the provided LDAP over TLS/SSL configuration details.
|
|
Links []*Link `json:"links,omitempty"`
|
|
LDAP *LDAP `json:"ldap,omitempty"` // Specifies the LDAP over TLS/SSL configuration details for an Atlas group.
|
|
}
|
|
|
|
// LDAP specifies an LDAP configuration for a Atlas project.
|
|
type LDAP struct {
|
|
AuthenticationEnabled bool `json:"authenticationEnabled,omitempty"` // Specifies whether user authentication with LDAP is enabled.
|
|
AuthorizationEnabled bool `json:"authorizationEnabled,omitempty"` // The current status of the LDAP over TLS/SSL configuration.
|
|
Hostname string `json:"hostname,omitempty"` // The hostname or IP address of the LDAP server
|
|
Port int `json:"port,omitempty"` // The port to which the LDAP server listens for client connections.
|
|
BindUsername string `json:"bindUsername,omitempty"` // The user DN that Atlas uses to connect to the LDAP server.
|
|
UserToDNMapping []*UserToDNMapping `json:"userToDNMapping,omitempty"` // Maps an LDAP username for authentication to an LDAP Distinguished Name (DN).
|
|
BindPassword string `json:"bindPassword,omitempty"` // The password used to authenticate the bindUsername.
|
|
CaCertificate string `json:"caCertificate,omitempty"` // CA certificate used to verify the identify of the LDAP server.
|
|
AuthzQueryTemplate string `json:"authzQueryTemplate,omitempty"` // An LDAP query template that Atlas executes to obtain the LDAP groups to which the authenticated user belongs.
|
|
}
|
|
|
|
// UserToDNMapping maps an LDAP username for authentication to an LDAP Distinguished Name (DN). Each document contains a match regular expression and either a substitution or ldapQuery template used to transform the LDAP username extracted from the regular expression
|
|
type UserToDNMapping struct {
|
|
Match string `json:"match,omitempty"` // A regular expression to match against a provided LDAP username.
|
|
Substitution string `json:"substitution,omitempty"` // An LDAP Distinguished Name (DN) formatting template that converts the LDAP name matched by the match regular expression into an LDAP Distinguished Name.
|
|
LDAPQuery string `json:"ldapQuery,omitempty"` // An LDAP query formatting template that inserts the LDAP name matched by the match regular expression into an LDAP query URI as specified by RFC 4515 and RFC 4516.
|
|
}
|
|
|
|
// LDAPValidation contains an array of validation messages related to the verification of the provided LDAP over TLS/SSL configuration details.
|
|
type LDAPValidation struct {
|
|
Status string `json:"status,omitempty"` // The status of the validation.
|
|
ValidationType string `json:"validationType,omitempty"` // The type of the validation.
|
|
}
|
|
|
|
// LDAPRequest contains the details of the request to verify an LDAP over TLS/SSL configuration.
|
|
type LDAPRequest struct {
|
|
Hostname string `json:"hostname,omitempty"` // The hostname or IP address of the LDAP server.
|
|
Port int `json:"port,omitempty"` // The port to which the LDAP server listens for client connections from Atlas.
|
|
BindUsername string `json:"bindUsername,omitempty"` // The user DN that Atlas uses to connect to the LDAP server.
|
|
}
|
|
|
|
// Verify requests verification of an LDAP configuration. Use this endpoint to test your LDAP configuration details before saving them.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration-request-verification/
|
|
func (s *LDAPConfigurationsServiceOp) Verify(ctx context.Context, groupID string, configuration *LDAP) (*LDAPConfiguration, *Response, error) {
|
|
if groupID == "" {
|
|
return nil, nil, NewArgError("groupID", "must be set")
|
|
}
|
|
|
|
if configuration == nil {
|
|
return nil, nil, NewArgError("configuration", "must be set")
|
|
}
|
|
|
|
path := fmt.Sprintf(ldapVerifyConfigurationPath, groupID)
|
|
|
|
req, err := s.Client.NewRequest(ctx, http.MethodPost, path, configuration)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
root := new(LDAPConfiguration)
|
|
resp, err := s.Client.Do(ctx, req, root)
|
|
if err != nil {
|
|
return nil, resp, err
|
|
}
|
|
|
|
return root, resp, err
|
|
}
|
|
|
|
// GetStatus retrieves the status of a request for verification of an LDAP configuration.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration-verification-status/
|
|
func (s *LDAPConfigurationsServiceOp) GetStatus(ctx context.Context, groupID, requestID string) (*LDAPConfiguration, *Response, error) {
|
|
if groupID == "" {
|
|
return nil, nil, NewArgError("groupID", "must be set")
|
|
}
|
|
if requestID == "" {
|
|
return nil, nil, NewArgError("requestID", "must be set")
|
|
}
|
|
|
|
basePath := fmt.Sprintf(ldapVerifyConfigurationPath, groupID)
|
|
path := fmt.Sprintf("%s/%s", basePath, requestID)
|
|
|
|
req, err := s.Client.NewRequest(ctx, http.MethodGet, path, nil)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
root := new(LDAPConfiguration)
|
|
resp, err := s.Client.Do(ctx, req, root)
|
|
if err != nil {
|
|
return nil, resp, err
|
|
}
|
|
|
|
return root, resp, err
|
|
}
|
|
|
|
// Save saves an LDAP configuration for a Atlas project.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration-save/
|
|
func (s *LDAPConfigurationsServiceOp) Save(ctx context.Context, groupID string, configuration *LDAPConfiguration) (*LDAPConfiguration, *Response, error) {
|
|
if groupID == "" {
|
|
return nil, nil, NewArgError("groupID", "must be set")
|
|
}
|
|
|
|
if configuration == nil {
|
|
return nil, nil, NewArgError("configuration", "must be set")
|
|
}
|
|
|
|
path := fmt.Sprintf(ldapConfigurationPath, groupID)
|
|
|
|
req, err := s.Client.NewRequest(ctx, http.MethodPatch, path, configuration)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
root := new(LDAPConfiguration)
|
|
resp, err := s.Client.Do(ctx, req, root)
|
|
if err != nil {
|
|
return nil, resp, err
|
|
}
|
|
|
|
return root, resp, err
|
|
}
|
|
|
|
// Get retrieves the current LDAP configuration for an Atlas project.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration-get-current/
|
|
func (s *LDAPConfigurationsServiceOp) Get(ctx context.Context, groupID string) (*LDAPConfiguration, *Response, error) {
|
|
if groupID == "" {
|
|
return nil, nil, NewArgError("groupID", "must be set")
|
|
}
|
|
|
|
path := fmt.Sprintf(ldapConfigurationPath, groupID)
|
|
|
|
req, err := s.Client.NewRequest(ctx, http.MethodGet, path, nil)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
root := new(LDAPConfiguration)
|
|
resp, err := s.Client.Do(ctx, req, root)
|
|
if err != nil {
|
|
return nil, resp, err
|
|
}
|
|
|
|
return root, resp, err
|
|
}
|
|
|
|
// Delete removes the current userToDNMapping from the LDAP configuration for an Atlas project.
|
|
//
|
|
// See more: https://docs.atlas.mongodb.com/reference/api/ldaps-configuration-remove-usertodnmapping/
|
|
func (s *LDAPConfigurationsServiceOp) Delete(ctx context.Context, groupID string) (*LDAPConfiguration, *Response, error) {
|
|
if groupID == "" {
|
|
return nil, nil, NewArgError("groupID", "must be set")
|
|
}
|
|
|
|
path := fmt.Sprintf(ldapConfigurationPathuserToDNMapping, groupID)
|
|
|
|
req, err := s.Client.NewRequest(ctx, http.MethodDelete, path, nil)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
root := new(LDAPConfiguration)
|
|
resp, err := s.Client.Do(ctx, req, root)
|
|
if err != nil {
|
|
return nil, resp, err
|
|
}
|
|
|
|
return root, resp, err
|
|
}
|