Merge pull request #2052 from Infisical/maidul-2132

Main

.github/workflows/build-staging-and-deploy-aws.yml

@@ -105,6 +105,13 @@ jobs:
     environment:
       name: Production
     steps:
+      - uses: twingate/github-action@v1
+        with:
+        # The Twingate Service Key used to connect Twingate to the proper service
+        # Learn more about [Twingate Services](https://docs.twingate.com/docs/services)
+        #
+        # Required
+          service-key: ${{ secrets.TWINGATE_SERVICE_KEY }}
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Setup Node.js environment

.github/workflows/check-migration-file-edited.yml

@@ -0,0 +1,25 @@
+name: Check migration file edited
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    paths:
+      - 'backend/src/db/migrations/**'
+
+jobs:
+  rename:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Check any migration files are modified, renamed or duplicated.
+        run: |
+          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^M\|^R\|^C' || true | cut -f2 | xargs -r -n1 basename > edited_files.txt
+          if [ -s edited_files.txt ]; then
+            echo "Exiting migration files cannot be modified."
+            cat edited_files.txt
+            exit 1
+          fi

.github/workflows/update-be-new-migration-latest-timestamp.yml

@@ -19,18 +19,16 @@ jobs:
 
       - name: Get list of newly added files in migration folder
         run: |
-          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^A' | cut -f2 | xargs -n1 basename > added_files.txt
+          git diff --name-status HEAD^ HEAD backend/src/db/migrations | grep '^A' || true | cut -f2 | xargs -r -n1 basename > added_files.txt
           if [ ! -s added_files.txt ]; then
             echo "No new files added. Skipping"
-            echo "SKIP_RENAME=true" >> $GITHUB_ENV
+            exit 0
           fi
 
       - name: Script to rename migrations
-        if: env.SKIP_RENAME != 'true'
         run: python .github/resources/rename_migration_files.py
 
       - name: Commit and push changes
-        if: env.SKIP_RENAME != 'true'
         run: |
           git config user.name github-actions
           git config user.email github-actions@github.com

backend/scripts/create-migration.ts

@@ -2,13 +2,14 @@
 import { execSync } from "child_process";
 import path from "path";
 import promptSync from "prompt-sync";
+import slugify from "@sindresorhus/slugify"
 
 const prompt = promptSync({ sigint: true });
 
 const migrationName = prompt("Enter name for migration: ");
 
 // Remove spaces from migration name and replace with hyphens
-const formattedMigrationName = migrationName.replace(/\s+/g, "-");
+const formattedMigrationName = slugify(migrationName);
 
 execSync(
   `npx knex migrate:make --knexfile ${path.join(__dirname, "../src/db/knexfile.ts")} -x ts ${formattedMigrationName}`,

backend/src/ee/services/ldap-config/ldap-config-service.ts

@@ -53,7 +53,7 @@ import {
   TTestLdapConnectionDTO,
   TUpdateLdapCfgDTO
 } from "./ldap-config-types";
-import { testLDAPConfig } from "./ldap-fns";
+import { searchGroups, testLDAPConfig } from "./ldap-fns";
 import { TLdapGroupMapDALFactory } from "./ldap-group-map-dal";
 
 type TLdapConfigServiceFactoryDep = {
@@ -286,7 +286,7 @@ export const ldapConfigServiceFactory = ({
     return ldapConfig;
   };
 
-  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean }) => {
+  const getLdapCfg = async (filter: { orgId: string; isActive?: boolean; id?: string }) => {
     const ldapConfig = await ldapConfigDAL.findOne(filter);
     if (!ldapConfig) throw new BadRequestError({ message: "Failed to find organization LDAP data" });
 
@@ -716,11 +716,25 @@ export const ldapConfigServiceFactory = ({
         message: "Failed to create LDAP group map due to plan restriction. Upgrade plan to create LDAP group map."
       });
 
-    const ldapConfig = await ldapConfigDAL.findOne({
-      id: ldapConfigId,
-      orgId
+    const ldapConfig = await getLdapCfg({
+      orgId,
+      id: ldapConfigId
     });
-    if (!ldapConfig) throw new BadRequestError({ message: "Failed to find organization LDAP data" });
+
+    if (!ldapConfig.groupSearchBase) {
+      throw new BadRequestError({
+        message: "Configure a group search base in your LDAP configuration in order to proceed."
+      });
+    }
+
+    const groupSearchFilter = `(cn=${ldapGroupCN})`;
+    const groups = await searchGroups(ldapConfig, groupSearchFilter, ldapConfig.groupSearchBase);
+
+    if (!groups.some((g) => g.cn === ldapGroupCN)) {
+      throw new BadRequestError({
+        message: "Failed to find LDAP Group CN"
+      });
+    }
 
     const group = await groupDAL.findOne({ slug: groupSlug, orgId });
     if (!group) throw new BadRequestError({ message: "Failed to find group" });

backend/src/lib/logger/logger.ts

@@ -58,7 +58,8 @@ const redactedKeys = [
   "decryptedSecret",
   "secrets",
   "key",
-  "password"
+  "password",
+  "config"
 ];
 
 export const initLogger = async () => {

frontend/src/views/Settings/OrgSettingsPage/components/OrgAuthTab/LDAPGroupMapModal.tsx

@@ -1,4 +1,6 @@
+import { useEffect } from "react";
 import { Controller, useForm } from "react-hook-form";
+import { useRouter } from "next/router";
 import { faUsers, faXmark } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
@@ -66,8 +68,9 @@ export const LDAPGroupMapModal = ({ popUp, handlePopUpOpen, handlePopUpToggle }:
   const { mutateAsync: createLDAPGroupMapping, isLoading: createIsLoading } =
     useCreateLDAPGroupMapping();
   const { mutateAsync: deleteLDAPGroupMapping } = useDeleteLDAPGroupMapping();
+  const router = useRouter();
 
-  const { control, handleSubmit, reset } = useForm<TFormData>({
+  const { control, handleSubmit, reset, setValue } = useForm<TFormData>({
     resolver: zodResolver(schema),
     defaultValues: {
       ldapGroupCN: "",
@@ -130,6 +133,12 @@ export const LDAPGroupMapModal = ({ popUp, handlePopUpOpen, handlePopUpToggle }:
     }
   };
 
+  useEffect(() => {
+    if (groups && groups.length > 0) {
+      setValue("groupSlug", groups[0].slug);
+    }
+  }, [groups, popUp.ldapGroupMap.isOpen]);
+
   return (
     <Modal
       isOpen={popUp?.ldapGroupMap?.isOpen}
@@ -139,117 +148,141 @@ export const LDAPGroupMapModal = ({ popUp, handlePopUpOpen, handlePopUpToggle }:
       }}
     >
       <ModalContent title="Manage LDAP Group Mappings">
-        <h2 className="mb-4">New Group Mapping</h2>
-        <form onSubmit={handleSubmit(onFormSubmit)} className="mb-8">
-          <div className="flex">
-            <Controller
-              control={control}
-              name="ldapGroupCN"
-              render={({ field, fieldState: { error } }) => (
-                <FormControl
-                  label="LDAP Group CN"
-                  errorText={error?.message}
-                  isError={Boolean(error)}
-                >
-                  <Input {...field} placeholder="Engineering" />
-                </FormControl>
-              )}
-            />
-            <Controller
-              control={control}
-              name="groupSlug"
-              defaultValue=""
-              render={({ field: { onChange, ...field }, fieldState: { error } }) => (
-                <FormControl
-                  label="Infisical Group"
-                  errorText={error?.message}
-                  isError={Boolean(error)}
-                  className="ml-4 w-full"
-                >
-                  <div className="flex">
-                    <Select
-                      defaultValue={field.value}
-                      {...field}
-                      onValueChange={(e) => onChange(e)}
-                      className="w-full"
+        {groups && groups.length > 0 && (
+          <>
+            <h2 className="mb-4">New Group Mapping</h2>
+            <form onSubmit={handleSubmit(onFormSubmit)} className="mb-8">
+              <div className="flex">
+                <Controller
+                  control={control}
+                  name="ldapGroupCN"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="LDAP Group CN"
+                      errorText={error?.message}
+                      isError={Boolean(error)}
                     >
-                      {(groups || []).map(({ name, id, slug }) => (
-                        <SelectItem value={slug} key={`internal-group-${id}`}>
-                          {name}
-                        </SelectItem>
-                      ))}
-                    </Select>
-                    <Button className="ml-4" size="sm" type="submit" isLoading={createIsLoading}>
-                      Add mapping
-                    </Button>
-                  </div>
-                </FormControl>
-              )}
-            />
-          </div>
-        </form>
-        <h2 className="mb-4">Group Mappings</h2>
-        <TableContainer>
-          <Table>
-            <THead>
-              <Tr>
-                <Th>LDAP Group CN</Th>
-                <Th>Infisical Group</Th>
-                <Th className="w-5" />
-              </Tr>
-            </THead>
-            <TBody>
-              {isLoading && <TableSkeleton columns={3} innerKey="ldap-group-maps" />}
-              {!isLoading &&
-                groupMaps?.map(({ id, ldapGroupCN, group }) => {
-                  return (
-                    <Tr className="h-10 items-center" key={`ldap-group-map-${id}`}>
-                      <Td>{ldapGroupCN}</Td>
-                      <Td>{group.name}</Td>
-                      <Td>
-                        <IconButton
-                          onClick={() => {
-                            handlePopUpOpen("deleteLdapGroupMap", {
-                              ldapGroupMapId: id,
-                              ldapGroupCN
-                            });
-                          }}
-                          size="lg"
-                          colorSchema="danger"
-                          variant="plain"
-                          ariaLabel="update"
+                      <Input {...field} placeholder="Engineering" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="groupSlug"
+                  defaultValue=""
+                  render={({ field: { onChange, ...field }, fieldState: { error } }) => (
+                    <FormControl
+                      label="Infisical Group"
+                      errorText={error?.message}
+                      isError={Boolean(error)}
+                      className="ml-4 w-full"
+                    >
+                      <div className="flex">
+                        <Select
+                          defaultValue={field.value}
+                          {...field}
+                          onValueChange={(e) => onChange(e)}
+                          className="w-full"
                         >
-                          <FontAwesomeIcon icon={faXmark} />
-                        </IconButton>
-                      </Td>
-                    </Tr>
-                  );
-                })}
-            </TBody>
-          </Table>
-          {groupMaps?.length === 0 && (
-            <EmptyState title="No LDAP group mappings found" icon={faUsers} />
-          )}
-        </TableContainer>
-        <DeleteActionModal
-          isOpen={popUp.deleteLdapGroupMap.isOpen}
-          title={`Are you sure want to delete the group mapping for ${
-            (popUp?.deleteLdapGroupMap?.data as { ldapGroupCN: string })?.ldapGroupCN || ""
-          }?`}
-          onChange={(isOpen) => handlePopUpToggle("deleteLdapGroupMap", isOpen)}
-          deleteKey="confirm"
-          onDeleteApproved={() => {
-            const deleteLdapGroupMapData = popUp?.deleteLdapGroupMap?.data as {
-              ldapGroupMapId: string;
-              ldapGroupCN: string;
-            };
-            return onDeleteGroupMapSubmit({
-              ldapConfigId: ldapConfig?.id ?? "",
-              ldapGroupMapId: deleteLdapGroupMapData.ldapGroupMapId,
-              ldapGroupCN: deleteLdapGroupMapData.ldapGroupCN
-            });
-          }}
-        />
+                          {(groups || []).map(({ name, id, slug }) => (
+                            <SelectItem value={slug} key={`internal-group-${id}`}>
+                              {name}
+                            </SelectItem>
+                          ))}
+                        </Select>
+                        <Button
+                          className="ml-4"
+                          size="sm"
+                          type="submit"
+                          isLoading={createIsLoading}
+                        >
+                          Add mapping
+                        </Button>
+                      </div>
+                    </FormControl>
+                  )}
+                />
+              </div>
+            </form>
+            <h2 className="mb-4">Group Mappings</h2>
+            <TableContainer>
+              <Table>
+                <THead>
+                  <Tr>
+                    <Th>LDAP Group CN</Th>
+                    <Th>Infisical Group</Th>
+                    <Th className="w-5" />
+                  </Tr>
+                </THead>
+                <TBody>
+                  {isLoading && <TableSkeleton columns={3} innerKey="ldap-group-maps" />}
+                  {!isLoading &&
+                    groupMaps?.map(({ id, ldapGroupCN, group }) => {
+                      return (
+                        <Tr className="h-10 items-center" key={`ldap-group-map-${id}`}>
+                          <Td>{ldapGroupCN}</Td>
+                          <Td>{group.name}</Td>
+                          <Td>
+                            <IconButton
+                              onClick={() => {
+                                handlePopUpOpen("deleteLdapGroupMap", {
+                                  ldapGroupMapId: id,
+                                  ldapGroupCN
+                                });
+                              }}
+                              size="lg"
+                              colorSchema="danger"
+                              variant="plain"
+                              ariaLabel="update"
+                            >
+                              <FontAwesomeIcon icon={faXmark} />
+                            </IconButton>
+                          </Td>
+                        </Tr>
+                      );
+                    })}
+                </TBody>
+              </Table>
+              {groupMaps?.length === 0 && (
+                <EmptyState title="No LDAP group mappings found" icon={faUsers} />
+              )}
+            </TableContainer>
+            <DeleteActionModal
+              isOpen={popUp.deleteLdapGroupMap.isOpen}
+              title={`Are you sure want to delete the group mapping for ${
+                (popUp?.deleteLdapGroupMap?.data as { ldapGroupCN: string })?.ldapGroupCN || ""
+              }?`}
+              onChange={(isOpen) => handlePopUpToggle("deleteLdapGroupMap", isOpen)}
+              deleteKey="confirm"
+              onDeleteApproved={() => {
+                const deleteLdapGroupMapData = popUp?.deleteLdapGroupMap?.data as {
+                  ldapGroupMapId: string;
+                  ldapGroupCN: string;
+                };
+                return onDeleteGroupMapSubmit({
+                  ldapConfigId: ldapConfig?.id ?? "",
+                  ldapGroupMapId: deleteLdapGroupMapData.ldapGroupMapId,
+                  ldapGroupCN: deleteLdapGroupMapData.ldapGroupCN
+                });
+              }}
+            />
+          </>
+        )}
+        {groups && groups.length === 0 && (
+          <div>
+            <div>
+              You do not have any Infisical groups in your organization. Create one in order to
+              proceed.
+            </div>
+            <Button
+              className="mt-4"
+              size="sm"
+              onClick={() => router.push(`/org/${currentOrg?.id}/members`)}
+            >
+              Create
+            </Button>
+          </div>
+        )}
       </ModalContent>
     </Modal>
   );