github-ldap 1.3.3 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +15 -2
  3. data/CHANGELOG.md +13 -0
  4. data/Gemfile +4 -0
  5. data/README.md +15 -1
  6. data/Rakefile +1 -1
  7. data/github-ldap.gemspec +2 -2
  8. data/lib/github/ldap.rb +55 -12
  9. data/lib/github/ldap/domain.rb +6 -2
  10. data/lib/github/ldap/filter.rb +15 -7
  11. data/lib/github/ldap/group.rb +1 -1
  12. data/lib/github/ldap/instrumentation.rb +28 -0
  13. data/lib/github/ldap/membership_validators.rb +18 -0
  14. data/lib/github/ldap/membership_validators/active_directory.rb +56 -0
  15. data/lib/github/ldap/membership_validators/base.rb +37 -0
  16. data/lib/github/ldap/membership_validators/classic.rb +34 -0
  17. data/lib/github/ldap/membership_validators/recursive.rb +93 -0
  18. data/lib/github/ldap/server.rb +2 -0
  19. data/script/changelog +29 -0
  20. data/script/cibuild-apacheds +7 -0
  21. data/script/cibuild-openldap +7 -0
  22. data/script/install-openldap +44 -0
  23. data/script/package +7 -0
  24. data/script/release +16 -0
  25. data/test/domain_test.rb +71 -89
  26. data/test/filter_test.rb +12 -1
  27. data/test/fixtures/common/seed.ldif +369 -0
  28. data/test/fixtures/openldap/memberof.ldif +33 -0
  29. data/test/fixtures/openldap/slapd.conf.ldif +67 -0
  30. data/test/fixtures/posixGroup.schema.ldif +34 -8
  31. data/test/group_test.rb +19 -25
  32. data/test/ldap_test.rb +28 -21
  33. data/test/membership_validators/active_directory_test.rb +68 -0
  34. data/test/membership_validators/classic_test.rb +51 -0
  35. data/test/membership_validators/recursive_test.rb +56 -0
  36. data/test/membership_validators_test.rb +46 -0
  37. data/test/posix_group_test.rb +25 -28
  38. data/test/support/vm/openldap/.gitignore +1 -0
  39. data/test/support/vm/openldap/README.md +32 -0
  40. data/test/support/vm/openldap/Vagrantfile +35 -0
  41. data/test/test_helper.rb +72 -10
  42. metadata +52 -27
  43. data/test/fixtures/github-with-looped-subgroups.ldif +0 -82
  44. data/test/fixtures/github-with-missing-entries.ldif +0 -85
  45. data/test/fixtures/github-with-posixGroups.ldif +0 -50
  46. data/test/fixtures/github-with-subgroups.ldif +0 -146
@@ -1,54 +1,51 @@
1
1
  require_relative 'test_helper'
2
2
 
3
3
  class GitHubLdapPosixGroupTest < GitHub::Ldap::Test
4
- def self.test_server_options
5
- {user_fixtures: FIXTURES.join('github-with-subgroups.ldif').to_s}
6
- end
7
-
8
4
  def setup
9
5
  @simple_group = Net::LDAP::Entry._load("""
10
- dn: cn=enterprise-posix-devs,ou=groups,dc=github,dc=com
11
- cn: enterprise-posix-devs
6
+ dn: cn=simple-group,ou=Groups,dc=github,dc=com
7
+ cn: simple-group
12
8
  objectClass: posixGroup
13
- memberUid: benburkert
14
- memberUid: mtodd""")
9
+ memberUid: user1
10
+ memberUid: user2""")
15
11
 
16
12
  @one_level_deep_group = Net::LDAP::Entry._load("""
17
- dn: cn=enterprise-posix-ops,ou=groups,dc=github,dc=com
18
- cn: enterprise-posix-ops
13
+ dn: cn=one-level-deep-group,ou=Groups,dc=github,dc=com
14
+ cn: one-level-deep-group
19
15
  objectClass: posixGroup
20
16
  objectClass: groupOfNames
21
- memberUid: sbryant
22
- member: cn=spaniards,ou=groups,dc=github,dc=com""")
17
+ memberUid: user6
18
+ member: cn=ghe-users,ou=Groups,dc=github,dc=com""")
23
19
 
24
20
  @two_levels_deep_group = Net::LDAP::Entry._load("""
25
- dn: cn=enterprise-posix,ou=groups,dc=github,dc=com
26
- cn: Enterprise Posix
21
+ dn: cn=two-levels-deep-group,ou=Groups,dc=github,dc=com
22
+ cn: two-levels-deep-group
27
23
  objectClass: posixGroup
28
24
  objectClass: groupOfNames
29
- memberUid: calavera
30
- member: cn=enterprise-devs,ou=groups,dc=github,dc=com
31
- member: cn=enterprise-ops,ou=groups,dc=github,dc=com""")
25
+ memberUid: user6
26
+ member: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
27
+ member: cn=posix-group1,ou=Groups,dc=github,dc=com""")
32
28
 
33
29
  @empty_group = Net::LDAP::Entry._load("""
34
- dn: cn=enterprise-posix-empty,ou=groups,dc=github,dc=com
35
- cn: enterprise-posix-empty
30
+ dn: cn=empty-group,ou=Groups,dc=github,dc=com
31
+ cn: empty-group
36
32
  objectClass: posixGroup""")
37
33
 
38
34
  @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
39
35
  end
40
36
 
41
37
  def test_posix_group
42
- assert GitHub::Ldap::PosixGroup.valid?(@simple_group),
38
+ entry = @ldap.search(filter: "(cn=posix-group1)").first
39
+ assert GitHub::Ldap::PosixGroup.valid?(entry),
43
40
  "Expected entry to be a valid posixGroup"
44
41
  end
45
42
 
46
43
  def test_posix_simple_members
47
- group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
44
+ assert group = @ldap.group("cn=posix-group1,ou=Groups,dc=github,dc=com")
48
45
  members = group.members
49
46
 
50
- assert_equal 2, members.size
51
- assert_equal %w(benburkert mtodd), members.map(&:uid).flatten.sort
47
+ assert_equal 5, members.size
48
+ assert_equal %w(user1 user2 user3 user4 user5), members.map(&:uid).flatten.sort
52
49
  end
53
50
 
54
51
  def test_posix_combined_group
@@ -62,7 +59,7 @@ objectClass: posixGroup""")
62
59
  group = GitHub::Ldap::PosixGroup.new(@ldap, @two_levels_deep_group)
63
60
  members = group.members
64
61
 
65
- assert_equal 4, members.size
62
+ assert_equal 10, members.size
66
63
  end
67
64
 
68
65
  def test_empty_subgroups
@@ -81,7 +78,7 @@ objectClass: posixGroup""")
81
78
 
82
79
  def test_is_member_simple_group
83
80
  group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
84
- user = @ldap.domain("uid=benburkert,ou=users,dc=github,dc=com").bind
81
+ user = @ldap.domain("uid=user1,ou=People,dc=github,dc=com").bind
85
82
 
86
83
  assert group.is_member?(user),
87
84
  "Expected user in the memberUid list to be a member of the posixgroup"
@@ -89,7 +86,7 @@ objectClass: posixGroup""")
89
86
 
90
87
  def test_is_member_combined_group
91
88
  group = GitHub::Ldap::PosixGroup.new(@ldap, @one_level_deep_group)
92
- user = @ldap.domain("uid=calavera,ou=users,dc=github,dc=com").bind
89
+ user = @ldap.domain("uid=user1,ou=People,dc=github,dc=com").bind
93
90
 
94
91
  assert group.is_member?(user),
95
92
  "Expected user in a subgroup to be a member of the posixgroup"
@@ -97,7 +94,7 @@ objectClass: posixGroup""")
97
94
 
98
95
  def test_is_not_member_simple_group
99
96
  group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
100
- user = @ldap.domain("uid=calavera,ou=users,dc=github,dc=com").bind
97
+ user = @ldap.domain("uid=user10,ou=People,dc=github,dc=com").bind
101
98
 
102
99
  refute group.is_member?(user),
103
100
  "Expected user to not be member when her uid is not in the list of memberUid"
@@ -105,7 +102,7 @@ objectClass: posixGroup""")
105
102
 
106
103
  def test_is_member_combined_group
107
104
  group = GitHub::Ldap::PosixGroup.new(@ldap, @one_level_deep_group)
108
- user = @ldap.domain("uid=benburkert,ou=users,dc=github,dc=com").bind
105
+ user = @ldap.domain("uid=user10,ou=People,dc=github,dc=com").bind
109
106
 
110
107
  refute group.is_member?(user),
111
108
  "Expected user to not be member when she's not member of any subgroup"
@@ -0,0 +1 @@
1
+ /.vagrant
@@ -0,0 +1,32 @@
1
+ # Local OpenLDAP Integration Testing
2
+
3
+ Set up a [Vagrant](http://www.vagrantup.com/) VM to run tests against OpenLDAP locally.
4
+
5
+ To run tests against OpenLDAP (instead of ApacheDS) locally:
6
+
7
+ ``` bash
8
+ # start VM (from the correct directory)
9
+ $ cd test/support/vm/openldap/
10
+ $ vagrant up
11
+
12
+ # get the IP address of the VM
13
+ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n1")
14
+
15
+ # change back to root project directory
16
+ $ cd ../../../..
17
+
18
+ # run all tests against OpenLDAP
19
+ $ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
20
+
21
+ # run a specific test file against OpenLDAP
22
+ $ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
23
+
24
+ # run OpenLDAP tests by default
25
+ $ export TESTENV=openldap
26
+ $ export TESTENV=$ip
27
+
28
+ # now run tests without having to set ENV variables
29
+ $ time bundle exec rake
30
+ ```
31
+
32
+ You may need to `gem install vagrant` first in order to provision the VM.
@@ -0,0 +1,35 @@
1
+ # -*- mode: ruby -*-
2
+ # vi: set ft=ruby :
3
+
4
+ # Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
5
+ VAGRANTFILE_API_VERSION = "2"
6
+
7
+ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
8
+ config.vm.hostname = "openldap.github.org"
9
+
10
+ config.vm.box = "hashicorp/precise64"
11
+
12
+ config.vm.network "private_network", type: :dhcp
13
+
14
+ config.ssh.forward_agent = true
15
+
16
+ # config.vm.provision "shell", inline: "apt-get update; exec env /vagrant_data/script/install-openldap"
17
+ config.vm.provision "shell", inline: 'echo "HIIIIIII"', run: "always"
18
+
19
+ config.vm.synced_folder "../../../..", "/vagrant_data"
20
+
21
+ config.vm.provider "vmware_fusion" do |vb, override|
22
+ override.vm.box = "hashicorp/precise64"
23
+ vb.memory = 4596
24
+ vb.vmx["displayname"] = "integration tests vm"
25
+ vb.vmx["numvcpus"] = "2"
26
+ end
27
+
28
+ config.vm.provider "virtualbox" do |vb, override|
29
+ vb.memory = 4096
30
+ vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
31
+ vb.customize ["modifyvm", :id, "--chipset", "ich9"]
32
+ vb.customize ["modifyvm", :id, "--vram", "16"]
33
+ end
34
+
35
+ end
data/test/test_helper.rb CHANGED
@@ -10,9 +10,23 @@ FIXTURES = Pathname(File.expand_path('fixtures', __dir__))
10
10
  require 'github/ldap'
11
11
  require 'github/ldap/server'
12
12
 
13
+ require 'minitest/mock'
13
14
  require 'minitest/autorun'
14
15
 
16
+ if ENV.fetch('TESTENV', "apacheds") == "apacheds"
17
+ # Make sure we clean up running test server
18
+ # NOTE: We need to do this manually since its internal `at_exit` hook
19
+ # collides with Minitest's autorun at_exit handling, hence this hook.
20
+ Minitest.after_run do
21
+ GitHub::Ldap.stop_server
22
+ end
23
+ end
24
+
15
25
  class GitHub::Ldap::Test < Minitest::Test
26
+ def self.test_env
27
+ ENV.fetch("TESTENV", "apacheds")
28
+ end
29
+
16
30
  def self.run(reporter, options = {})
17
31
  start_server
18
32
  super
@@ -20,29 +34,77 @@ class GitHub::Ldap::Test < Minitest::Test
20
34
  end
21
35
 
22
36
  def self.stop_server
23
- GitHub::Ldap.stop_server
37
+ if test_env == "apacheds"
38
+ # see Minitest.after_run hook above.
39
+ # GitHub::Ldap.stop_server
40
+ end
41
+ end
42
+
43
+ def self.test_server_options
44
+ {
45
+ custom_schemas: FIXTURES.join('posixGroup.schema.ldif').to_s,
46
+ user_fixtures: FIXTURES.join('common/seed.ldif').to_s,
47
+ allow_anonymous: true,
48
+ verbose: ENV.fetch("VERBOSE", "0") == "1"
49
+ }
24
50
  end
25
51
 
26
52
  def self.start_server
27
- server_opts = respond_to?(:test_server_options) ? test_server_options : {}
28
- GitHub::Ldap.start_server(server_opts)
53
+ if test_env == "apacheds"
54
+ # skip this if a server has already been started
55
+ return if GitHub::Ldap.ldap_server
56
+
57
+ GitHub::Ldap.start_server(test_server_options)
58
+ end
29
59
  end
30
60
 
31
61
  def options
32
- @options ||= GitHub::Ldap.server_options.merge \
33
- host: 'localhost',
34
- uid: 'uid'
62
+ @service = MockInstrumentationService.new
63
+ @options ||=
64
+ case self.class.test_env
65
+ when "apacheds"
66
+ GitHub::Ldap.server_options.merge \
67
+ admin_user: 'uid=admin,dc=github,dc=com',
68
+ admin_password: 'passworD1',
69
+ host: 'localhost',
70
+ uid: 'uid',
71
+ instrumentation_service: @service
72
+ when "openldap"
73
+ {
74
+ host: ENV.fetch("OPENLDAP_HOST", "localhost"),
75
+ port: 389,
76
+ admin_user: 'uid=admin,dc=github,dc=com',
77
+ admin_password: 'passworD1',
78
+ search_domains: %w(dc=github,dc=com),
79
+ uid: 'uid',
80
+ instrumentation_service: @service
81
+ }
82
+ end
35
83
  end
36
84
  end
37
85
 
38
86
  class GitHub::Ldap::UnauthenticatedTest < GitHub::Ldap::Test
39
- def self.start_server
40
- GitHub::Ldap.start_server(:allow_anonymous => true)
41
- end
42
-
43
87
  def options
44
88
  @options ||= begin
45
89
  super.delete_if {|k, _| [:admin_user, :admin_password].include?(k)}
46
90
  end
47
91
  end
48
92
  end
93
+
94
+ class MockInstrumentationService
95
+ def initialize
96
+ @events = {}
97
+ end
98
+
99
+ def instrument(event, payload)
100
+ result = yield(payload)
101
+ @events[event] ||= []
102
+ @events[event] << [payload, result]
103
+ result
104
+ end
105
+
106
+ def subscribe(event)
107
+ @events[event] ||= []
108
+ @events[event]
109
+ end
110
+ end
metadata CHANGED
@@ -1,83 +1,83 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: github-ldap
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.3
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Calavera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-08-29 00:00:00.000000000 Z
11
+ date: 2014-11-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: net-ldap
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ~>
18
18
  - !ruby/object:Gem::Version
19
- version: 0.7.0
19
+ version: 0.9.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ~>
25
25
  - !ruby/object:Gem::Version
26
- version: 0.7.0
26
+ version: 0.9.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: bundler
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
- - - "~>"
31
+ - - ~>
32
32
  - !ruby/object:Gem::Version
33
33
  version: '1.3'
34
34
  type: :development
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
- - - "~>"
38
+ - - ~>
39
39
  - !ruby/object:Gem::Version
40
40
  version: '1.3'
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: ladle
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - ">="
45
+ - - '>='
46
46
  - !ruby/object:Gem::Version
47
47
  version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - ">="
52
+ - - '>='
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: minitest
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
- - - "~>"
59
+ - - ~>
60
60
  - !ruby/object:Gem::Version
61
61
  version: '5'
62
62
  type: :development
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
- - - "~>"
66
+ - - ~>
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5'
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: rake
71
71
  requirement: !ruby/object:Gem::Requirement
72
72
  requirements:
73
- - - ">="
73
+ - - '>='
74
74
  - !ruby/object:Gem::Version
75
75
  version: '0'
76
76
  type: :development
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
- - - ">="
80
+ - - '>='
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
83
  description: Ldap authentication for humans
@@ -87,8 +87,9 @@ executables: []
87
87
  extensions: []
88
88
  extra_rdoc_files: []
89
89
  files:
90
- - ".gitignore"
91
- - ".travis.yml"
90
+ - .gitignore
91
+ - .travis.yml
92
+ - CHANGELOG.md
92
93
  - Gemfile
93
94
  - LICENSE.txt
94
95
  - README.md
@@ -99,20 +100,38 @@ files:
99
100
  - lib/github/ldap/filter.rb
100
101
  - lib/github/ldap/fixtures.ldif
101
102
  - lib/github/ldap/group.rb
103
+ - lib/github/ldap/instrumentation.rb
104
+ - lib/github/ldap/membership_validators.rb
105
+ - lib/github/ldap/membership_validators/active_directory.rb
106
+ - lib/github/ldap/membership_validators/base.rb
107
+ - lib/github/ldap/membership_validators/classic.rb
108
+ - lib/github/ldap/membership_validators/recursive.rb
102
109
  - lib/github/ldap/posix_group.rb
103
110
  - lib/github/ldap/server.rb
104
111
  - lib/github/ldap/virtual_attributes.rb
105
112
  - lib/github/ldap/virtual_group.rb
113
+ - script/changelog
114
+ - script/cibuild-apacheds
115
+ - script/cibuild-openldap
116
+ - script/install-openldap
117
+ - script/package
118
+ - script/release
106
119
  - test/domain_test.rb
107
120
  - test/filter_test.rb
108
- - test/fixtures/github-with-looped-subgroups.ldif
109
- - test/fixtures/github-with-missing-entries.ldif
110
- - test/fixtures/github-with-posixGroups.ldif
111
- - test/fixtures/github-with-subgroups.ldif
121
+ - test/fixtures/common/seed.ldif
122
+ - test/fixtures/openldap/memberof.ldif
123
+ - test/fixtures/openldap/slapd.conf.ldif
112
124
  - test/fixtures/posixGroup.schema.ldif
113
125
  - test/group_test.rb
114
126
  - test/ldap_test.rb
127
+ - test/membership_validators/active_directory_test.rb
128
+ - test/membership_validators/classic_test.rb
129
+ - test/membership_validators/recursive_test.rb
130
+ - test/membership_validators_test.rb
115
131
  - test/posix_group_test.rb
132
+ - test/support/vm/openldap/.gitignore
133
+ - test/support/vm/openldap/README.md
134
+ - test/support/vm/openldap/Vagrantfile
116
135
  - test/test_helper.rb
117
136
  homepage: https://github.com/github/github-ldap
118
137
  licenses:
@@ -124,29 +143,35 @@ require_paths:
124
143
  - lib
125
144
  required_ruby_version: !ruby/object:Gem::Requirement
126
145
  requirements:
127
- - - ">="
146
+ - - '>='
128
147
  - !ruby/object:Gem::Version
129
148
  version: '0'
130
149
  required_rubygems_version: !ruby/object:Gem::Requirement
131
150
  requirements:
132
- - - ">="
151
+ - - '>='
133
152
  - !ruby/object:Gem::Version
134
153
  version: '0'
135
154
  requirements: []
136
155
  rubyforge_project:
137
- rubygems_version: 2.2.2
156
+ rubygems_version: 2.0.14
138
157
  signing_key:
139
158
  specification_version: 4
140
159
  summary: Ldap client authentication wrapper without all the boilerplate
141
160
  test_files:
142
161
  - test/domain_test.rb
143
162
  - test/filter_test.rb
144
- - test/fixtures/github-with-looped-subgroups.ldif
145
- - test/fixtures/github-with-missing-entries.ldif
146
- - test/fixtures/github-with-posixGroups.ldif
147
- - test/fixtures/github-with-subgroups.ldif
163
+ - test/fixtures/common/seed.ldif
164
+ - test/fixtures/openldap/memberof.ldif
165
+ - test/fixtures/openldap/slapd.conf.ldif
148
166
  - test/fixtures/posixGroup.schema.ldif
149
167
  - test/group_test.rb
150
168
  - test/ldap_test.rb
169
+ - test/membership_validators/active_directory_test.rb
170
+ - test/membership_validators/classic_test.rb
171
+ - test/membership_validators/recursive_test.rb
172
+ - test/membership_validators_test.rb
151
173
  - test/posix_group_test.rb
174
+ - test/support/vm/openldap/.gitignore
175
+ - test/support/vm/openldap/README.md
176
+ - test/support/vm/openldap/Vagrantfile
152
177
  - test/test_helper.rb