Merge pull request #3290 from Icinga/bugfix/missing-validate-configuration-3233

UserGroupBackendForm: add button "Validate Configuration"
2018-01-19 16:32:09 +01:00 · 2018-01-19 16:32:09 +01:00 · d9978d19a4
parent 0b9ae48530 7106de5aa2
commit d9978d19a4
3 changed files with 203 additions and 2 deletions
--- a/application/forms/Config/UserGroup/UserGroupBackendForm.php
+++ b/application/forms/Config/UserGroup/UserGroupBackendForm.php
@ -3,6 +3,11 @@

 namespace Icinga\Forms\Config\UserGroup;

+use Icinga\Authentication\UserGroup\UserGroupBackend;
+use Icinga\Data\ConfigObject;
+use Icinga\Data\Inspectable;
+use Icinga\Data\Inspection;
+use Icinga\Web\Form;
 use InvalidArgumentException;
 use Icinga\Exception\IcingaException;
 use Icinga\Exception\NotFoundError;
@ -13,6 +18,8 @@ use Icinga\Forms\ConfigForm;
 */
 class UserGroupBackendForm extends ConfigForm
 {
+    protected $validatePartial = true;
+
    /**
     * The backend to load when displaying the form for the first time
     *
@ -20,6 +27,23 @@ class UserGroupBackendForm extends ConfigForm
     */
    protected $backendToLoad;

+    /**
+     * Create a user group backend by using the given form's values and return its inspection results
+     *
+     * Returns null for non-inspectable backends.
+     *
+     * @param   Form    $form
+     *
+     * @return  Inspection|null
+     */
+    public static function inspectUserBackend(Form $form)
+    {
+        $backend = UserGroupBackend::create(null, new ConfigObject($form->getValues()));
+        if ($backend instanceof Inspectable) {
+            return $backend->inspect();
+        }
+    }
+
    /**
     * Initialize this form
     */
@ -190,4 +214,87 @@ class UserGroupBackendForm extends ConfigForm
            $this->populate($data);
        }
    }
+
+    /**
+     * Run the configured backend's inspection checks and show the result, if necessary
+     *
+     * This will only run any validation if the user pushed the 'backend_validation' button.
+     *
+     * @param   array   $formData
+     *
+     * @return  bool
+     */
+    public function isValidPartial(array $formData)
+    {
+        if (isset($formData['backend_validation']) && parent::isValid($formData)) {
+            $inspection = static::inspectUserBackend($this);
+            if ($inspection !== null) {
+                $join = function ($e) use (& $join) {
+                    return is_string($e) ? $e : join("\n", array_map($join, $e));
+                };
+                $this->addElement(
+                    'note',
+                    'inspection_output',
+                    array(
+                        'order'         => 0,
+                        'value'         => '<strong>' . $this->translate('Validation Log') . "</strong>\n\n"
+                            . join("\n", array_map($join, $inspection->toArray())),
+                        'decorators'    => array(
+                            'ViewHelper',
+                            array('HtmlTag', array('tag' => 'pre', 'class' => 'log-output')),
+                        )
+                    )
+                );
+
+                if ($inspection->hasError()) {
+                    $this->warning(sprintf(
+                        $this->translate('Failed to successfully validate the configuration: %s'),
+                        $inspection->getError()
+                    ));
+                    return false;
+                }
+            }
+
+            $this->info($this->translate('The configuration has been successfully validated.'));
+        }
+
+        return true;
+    }
+
+    /**
+     * Add a submit button to this form and one to manually validate the configuration
+     *
+     * Calls parent::addSubmitButton() to add the submit button.
+     *
+     * @return  $this
+     */
+    public function addSubmitButton()
+    {
+        parent::addSubmitButton()
+            ->getElement('btn_submit')
+            ->setDecorators(array('ViewHelper'));
+
+        $this->addElement(
+            'submit',
+            'backend_validation',
+            array(
+                'ignore'                => true,
+                'label'                 => $this->translate('Validate Configuration'),
+                'data-progress-label'   => $this->translate('Validation In Progress'),
+                'decorators'            => array('ViewHelper')
+            )
+        );
+        $this->addDisplayGroup(
+            array('btn_submit', 'backend_validation'),
+            'submit_validation',
+            array(
+                'decorators' => array(
+                    'FormElements',
+                    array('HtmlTag', array('tag' => 'div', 'class' => 'control-group form-controls'))
+                )
+            )
+        );
+
+        return $this;
+    }
 }
--- a/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/DbUserGroupBackend.php
@ -3,13 +3,16 @@

 namespace Icinga\Authentication\UserGroup;

+use Exception;
 use Icinga\Data\Filter\Filter;
+use Icinga\Data\Inspectable;
+use Icinga\Data\Inspection;
 use Icinga\Exception\NotFoundError;
 use Icinga\Repository\DbRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;

-class DbUserGroupBackend extends DbRepository implements UserGroupBackendInterface
+class DbUserGroupBackend extends DbRepository implements Inspectable, UserGroupBackendInterface
 {
    /**
     * The query columns being provided
@ -300,4 +303,23 @@ class DbUserGroupBackend extends DbRepository implements UserGroupBackendInterfa

        return $groupId;
    }
+
+    /**
+     * Inspect this object to gain extended information about its health
+     *
+     * @return Inspection           The inspection result
+     */
+    public function inspect()
+    {
+        $insp = new Inspection('Db User Group Backend');
+        $insp->write($this->ds->inspect());
+
+        try {
+            $insp->write(sprintf('%s group(s)', $this->select()->count()));
+        } catch (Exception $e) {
+            $insp->error(sprintf('Query failed: %s', $e->getMessage()));
+        }
+
+        return $insp;
+    }
 }
--- a/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
+++ b/library/Icinga/Authentication/UserGroup/LdapUserGroupBackend.php
@ -3,10 +3,14 @@

 namespace Icinga\Authentication\UserGroup;

+use Exception;
 use Icinga\Authentication\User\UserBackend;
 use Icinga\Authentication\User\LdapUserBackend;
 use Icinga\Application\Logger;
 use Icinga\Data\ConfigObject;
+use Icinga\Data\Inspectable;
+use Icinga\Data\Inspection;
+use Icinga\Exception\AuthenticationException;
 use Icinga\Exception\ConfigurationError;
 use Icinga\Exception\ProgrammingError;
 use Icinga\Protocol\Ldap\LdapException;
@ -15,7 +19,7 @@ use Icinga\Repository\LdapRepository;
 use Icinga\Repository\RepositoryQuery;
 use Icinga\User;

-class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInterface
+class LdapUserGroupBackend extends LdapRepository implements Inspectable, UserGroupBackendInterface
 {
    /**
     * The user backend being associated with this user group backend
@ -846,4 +850,72 @@ class LdapUserGroupBackend extends LdapRepository implements UserGroupBackendInt
            'nested_group_search'       => '0'
        ));
    }
+
+    /**
+     * Inspect if this LDAP User Group Backend is working as expected by probing the backend
+     *
+     * Try to bind to the backend and fetch a single group to check if:
+     * <ul>
+     *  <li>Connection credentials are correct and the bind is possible</li>
+     *  <li>At least one group exists</li>
+     *  <li>The specified groupClass has the property specified by groupNameAttribute</li>
+     * </ul>
+     *
+     * @return  Inspection  Inspection result
+     */
+    public function inspect()
+    {
+        $result = new Inspection('Ldap User Group Backend');
+
+        // inspect the used connection to get more diagnostic info in case the connection is not working
+        $result->write($this->ds->inspect());
+
+        try {
+            try {
+                $groupQuery = $this->ds
+                    ->select()
+                    ->from($this->groupClass, array($this->groupNameAttribute))
+                    ->setBase($this->groupBaseDn);
+
+                if ($this->groupFilter) {
+                    $groupQuery->setNativeFilter($this->groupFilter);
+                }
+
+                $res = $groupQuery->fetchRow();
+            } catch (LdapException $e) {
+                throw new AuthenticationException('Connection not possible', $e);
+            }
+
+            $result->write('Searching for: ' . sprintf(
+                'objectClass "%s" in DN "%s" (Filter: %s)',
+                $this->groupClass,
+                $this->groupBaseDn ?: $this->ds->getDn(),
+                $this->groupFilter ?: 'None'
+            ));
+
+            if ($res === false) {
+                throw new AuthenticationException('Error, no groups found in backend');
+            }
+
+            $result->write(sprintf('%d groups found in backend', $groupQuery->count()));
+
+            if (! isset($res->{$this->groupNameAttribute})) {
+                throw new AuthenticationException(
+                    'GroupNameAttribute "%s" not existing in objectClass "%s"',
+                    $this->groupNameAttribute,
+                    $this->groupClass
+                );
+            }
+        } catch (AuthenticationException $e) {
+            if (($previous = $e->getPrevious()) !== null) {
+                $result->error($previous->getMessage());
+            } else {
+                $result->error($e->getMessage());
+            }
+        } catch (Exception $e) {
+            $result->error(sprintf('Unable to validate backend: %s', $e->getMessage()));
+        }
+
+        return $result;
+    }
 }