Closed clevesque closed 1 year ago
Note: does not do any assertion that the string is legal, user must provide a valid expression.
Future work could include assertion on the filter string with regex, e.g. https://rgxdb.com/r/5VS2C5LM /^(\s((?:&|+|(?:!(?1))|[a-zA-Z][a-zA-Z0-9-][<>~]?=[^()])\s)\s*)$/ This expression supports a strict subset of the full grammar. This means that anything that matches will be a valid filter, but not all valid filters will match.
See RFC 2254.
1) Added unnecessary svcs (rhel8) nm-cloud-setup.timer & nm-cloud-setup roles/prereqs/os/defaults/main.yml per ENG
2) Don't create linux accounts on ecs hosts from the list of Base Cluster accounts, we only need cloudera-scm on ecs hosts. roles/prereqs/user_accounts/tasks/main.yml
3) On ECS hosts only create file acls for cloduera-scm and not other base accounts. roles/security/tls_generate_csr/tasks/main.yml roles/security/tls_generate_csr/tasks/acls_ecs.yml
@clevesque your branch here appears to have duplicated the commits from my Ranger fix, and also needs the DCO signing completed before we can merge please.
Expand ldap search filters (user & group) to allow for any legal filter expression.
Older implementation assumed all ldap filters end with "={0}"
This newer implementation allows the user to craft any legal filter expression, including complex compound expressions, like (&(|(member={0})(member={1}))(objectClass=group)) Introduces attribute: auth_provider.ldap_search_filter.group obsoletes attribute: auth_provider.ldap_search_filter.member Signed-off-by: Chuck Levesque clevesque@cloudera.com