github-ldap 1.3.3 → 1.4.0

data/test/posix_group_test.rb

@@ -1,54 +1,51 @@
 require_relative 'test_helper'
 
 class GitHubLdapPosixGroupTest < GitHub::Ldap::Test
-  def self.test_server_options
-    {user_fixtures: FIXTURES.join('github-with-subgroups.ldif').to_s}
-  end
-
   def setup
     @simple_group = Net::LDAP::Entry._load("""
-dn: cn=enterprise-posix-devs,ou=groups,dc=github,dc=com
-cn: enterprise-posix-devs
+dn: cn=simple-group,ou=Groups,dc=github,dc=com
+cn: simple-group
 objectClass: posixGroup
-memberUid: benburkert
-memberUid: mtodd""")
+memberUid: user1
+memberUid: user2""")
 
     @one_level_deep_group = Net::LDAP::Entry._load("""
-dn: cn=enterprise-posix-ops,ou=groups,dc=github,dc=com
-cn: enterprise-posix-ops
+dn: cn=one-level-deep-group,ou=Groups,dc=github,dc=com
+cn: one-level-deep-group
 objectClass: posixGroup
 objectClass: groupOfNames
-memberUid: sbryant
-member: cn=spaniards,ou=groups,dc=github,dc=com""")
+memberUid: user6
+member: cn=ghe-users,ou=Groups,dc=github,dc=com""")
 
     @two_levels_deep_group = Net::LDAP::Entry._load("""
-dn: cn=enterprise-posix,ou=groups,dc=github,dc=com
-cn: Enterprise Posix
+dn: cn=two-levels-deep-group,ou=Groups,dc=github,dc=com
+cn: two-levels-deep-group
 objectClass: posixGroup
 objectClass: groupOfNames
-memberUid: calavera
-member: cn=enterprise-devs,ou=groups,dc=github,dc=com
-member: cn=enterprise-ops,ou=groups,dc=github,dc=com""")
+memberUid: user6
+member: cn=n-depth-nested-group2,ou=Groups,dc=github,dc=com
+member: cn=posix-group1,ou=Groups,dc=github,dc=com""")
 
     @empty_group = Net::LDAP::Entry._load("""
-dn: cn=enterprise-posix-empty,ou=groups,dc=github,dc=com
-cn: enterprise-posix-empty
+dn: cn=empty-group,ou=Groups,dc=github,dc=com
+cn: empty-group
 objectClass: posixGroup""")
 
     @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
   end
 
   def test_posix_group
-    assert GitHub::Ldap::PosixGroup.valid?(@simple_group),
+    entry = @ldap.search(filter: "(cn=posix-group1)").first
+    assert GitHub::Ldap::PosixGroup.valid?(entry),
       "Expected entry to be a valid posixGroup"
   end
 
   def test_posix_simple_members
-    group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
+    assert group = @ldap.group("cn=posix-group1,ou=Groups,dc=github,dc=com")
     members = group.members
 
-    assert_equal 2, members.size
-    assert_equal %w(benburkert mtodd), members.map(&:uid).flatten.sort
+    assert_equal 5, members.size
+    assert_equal %w(user1 user2 user3 user4 user5), members.map(&:uid).flatten.sort
   end
 
   def test_posix_combined_group
@@ -62,7 +59,7 @@ objectClass: posixGroup""")
     group = GitHub::Ldap::PosixGroup.new(@ldap, @two_levels_deep_group)
     members = group.members
 
-    assert_equal 4, members.size
+    assert_equal 10, members.size
   end
 
   def test_empty_subgroups
@@ -81,7 +78,7 @@ objectClass: posixGroup""")
 
   def test_is_member_simple_group
     group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
-    user  = @ldap.domain("uid=benburkert,ou=users,dc=github,dc=com").bind
+    user  = @ldap.domain("uid=user1,ou=People,dc=github,dc=com").bind
 
     assert group.is_member?(user),
       "Expected user in the memberUid list to be a member of the posixgroup"
@@ -89,7 +86,7 @@ objectClass: posixGroup""")
 
   def test_is_member_combined_group
     group = GitHub::Ldap::PosixGroup.new(@ldap, @one_level_deep_group)
-    user  = @ldap.domain("uid=calavera,ou=users,dc=github,dc=com").bind
+    user  = @ldap.domain("uid=user1,ou=People,dc=github,dc=com").bind
 
     assert group.is_member?(user),
       "Expected user in a subgroup to be a member of the posixgroup"
@@ -97,7 +94,7 @@ objectClass: posixGroup""")
 
   def test_is_not_member_simple_group
     group = GitHub::Ldap::PosixGroup.new(@ldap, @simple_group)
-    user  = @ldap.domain("uid=calavera,ou=users,dc=github,dc=com").bind
+    user  = @ldap.domain("uid=user10,ou=People,dc=github,dc=com").bind
 
     refute group.is_member?(user),
       "Expected user to not be member when her uid is not in the list of memberUid"
@@ -105,7 +102,7 @@ objectClass: posixGroup""")
 
   def test_is_member_combined_group
     group = GitHub::Ldap::PosixGroup.new(@ldap, @one_level_deep_group)
-    user  = @ldap.domain("uid=benburkert,ou=users,dc=github,dc=com").bind
+    user  = @ldap.domain("uid=user10,ou=People,dc=github,dc=com").bind
 
     refute group.is_member?(user),
       "Expected user to not be member when she's not member of any subgroup"

data/test/support/vm/openldap/.gitignore

@@ -0,0 +1 @@
+/.vagrant

data/test/support/vm/openldap/README.md

@@ -0,0 +1,32 @@
+# Local OpenLDAP Integration Testing
+
+Set up a [Vagrant](http://www.vagrantup.com/) VM to run tests against OpenLDAP locally.
+
+To run tests against OpenLDAP (instead of ApacheDS) locally:
+
+``` bash
+# start VM (from the correct directory)
+$ cd test/support/vm/openldap/
+$ vagrant up
+
+# get the IP address of the VM
+$ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -n1")
+
+# change back to root project directory
+$ cd ../../../..
+
+# run all tests against OpenLDAP
+$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
+
+# run a specific test file against OpenLDAP
+$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
+
+# run OpenLDAP tests by default
+$ export TESTENV=openldap
+$ export TESTENV=$ip
+
+# now run tests without having to set ENV variables
+$ time bundle exec rake
+```
+
+You may need to `gem install vagrant` first in order to provision the VM.

data/test/support/vm/openldap/Vagrantfile

@@ -0,0 +1,35 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.hostname = "openldap.github.org"
+
+  config.vm.box = "hashicorp/precise64"
+
+  config.vm.network "private_network", type: :dhcp
+
+  config.ssh.forward_agent = true
+
+  # config.vm.provision "shell", inline: "apt-get update; exec env /vagrant_data/script/install-openldap"
+  config.vm.provision "shell", inline: 'echo "HIIIIIII"', run: "always"
+
+  config.vm.synced_folder "../../../..", "/vagrant_data"
+
+  config.vm.provider "vmware_fusion" do |vb, override|
+    override.vm.box = "hashicorp/precise64"
+    vb.memory = 4596
+    vb.vmx["displayname"] = "integration tests vm"
+    vb.vmx["numvcpus"] = "2"
+  end
+
+  config.vm.provider "virtualbox" do |vb, override|
+    vb.memory = 4096
+    vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
+    vb.customize ["modifyvm", :id, "--chipset", "ich9"]
+    vb.customize ["modifyvm", :id, "--vram", "16"]
+  end
+
+end

data/test/test_helper.rb

@@ -10,9 +10,23 @@ FIXTURES = Pathname(File.expand_path('fixtures', __dir__))
 require 'github/ldap'
 require 'github/ldap/server'
 
+require 'minitest/mock'
 require 'minitest/autorun'
 
+if ENV.fetch('TESTENV', "apacheds") == "apacheds"
+  # Make sure we clean up running test server
+  # NOTE: We need to do this manually since its internal `at_exit` hook
+  # collides with Minitest's autorun at_exit handling, hence this hook.
+  Minitest.after_run do
+    GitHub::Ldap.stop_server
+  end
+end
+
 class GitHub::Ldap::Test < Minitest::Test
+  def self.test_env
+    ENV.fetch("TESTENV", "apacheds")
+  end
+
   def self.run(reporter, options = {})
     start_server
     super
@@ -20,29 +34,77 @@ class GitHub::Ldap::Test < Minitest::Test
   end
 
   def self.stop_server
-    GitHub::Ldap.stop_server
+    if test_env == "apacheds"
+      # see Minitest.after_run hook above.
+      # GitHub::Ldap.stop_server
+    end
+  end
+
+  def self.test_server_options
+    {
+      custom_schemas:   FIXTURES.join('posixGroup.schema.ldif').to_s,
+      user_fixtures:    FIXTURES.join('common/seed.ldif').to_s,
+      allow_anonymous:  true,
+      verbose:          ENV.fetch("VERBOSE", "0") == "1"
+    }
   end
 
   def self.start_server
-    server_opts = respond_to?(:test_server_options) ? test_server_options : {}
-    GitHub::Ldap.start_server(server_opts)
+    if test_env == "apacheds"
+      # skip this if a server has already been started
+      return if GitHub::Ldap.ldap_server
+
+      GitHub::Ldap.start_server(test_server_options)
+    end
   end
 
   def options
-    @options ||= GitHub::Ldap.server_options.merge \
-      host: 'localhost',
-      uid:  'uid'
+    @service   = MockInstrumentationService.new
+    @options ||=
+      case self.class.test_env
+      when "apacheds"
+        GitHub::Ldap.server_options.merge \
+          admin_user: 'uid=admin,dc=github,dc=com',
+          admin_password: 'passworD1',
+          host: 'localhost',
+          uid:  'uid',
+          instrumentation_service: @service
+      when "openldap"
+        {
+          host: ENV.fetch("OPENLDAP_HOST", "localhost"),
+          port: 389,
+          admin_user:     'uid=admin,dc=github,dc=com',
+          admin_password: 'passworD1',
+          search_domains: %w(dc=github,dc=com),
+          uid: 'uid',
+          instrumentation_service: @service
+        }
+      end
   end
 end
 
 class GitHub::Ldap::UnauthenticatedTest < GitHub::Ldap::Test
-  def self.start_server
-    GitHub::Ldap.start_server(:allow_anonymous => true)
-  end
-
   def options
     @options ||= begin
       super.delete_if {|k, _| [:admin_user, :admin_password].include?(k)}
     end
   end
 end
+
+class MockInstrumentationService
+  def initialize
+    @events = {}
+  end
+
+  def instrument(event, payload)
+    result = yield(payload)
+    @events[event] ||= []
+    @events[event] << [payload, result]
+    result
+  end
+
+  def subscribe(event)
+    @events[event] ||= []
+    @events[event]
+  end
+end

metadata

@@ -1,83 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: github-ldap
 version: !ruby/object:Gem::Version
-  version: 1.3.3
+  version: 1.4.0
 platform: ruby
 authors:
 - David Calavera
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-29 00:00:00.000000000 Z
+date: 2014-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-ldap
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.7.0
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: ladle
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Ldap authentication for humans
@@ -87,8 +87,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".travis.yml"
+- .gitignore
+- .travis.yml
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -99,20 +100,38 @@ files:
 - lib/github/ldap/filter.rb
 - lib/github/ldap/fixtures.ldif
 - lib/github/ldap/group.rb
+- lib/github/ldap/instrumentation.rb
+- lib/github/ldap/membership_validators.rb
+- lib/github/ldap/membership_validators/active_directory.rb
+- lib/github/ldap/membership_validators/base.rb
+- lib/github/ldap/membership_validators/classic.rb
+- lib/github/ldap/membership_validators/recursive.rb
 - lib/github/ldap/posix_group.rb
 - lib/github/ldap/server.rb
 - lib/github/ldap/virtual_attributes.rb
 - lib/github/ldap/virtual_group.rb
+- script/changelog
+- script/cibuild-apacheds
+- script/cibuild-openldap
+- script/install-openldap
+- script/package
+- script/release
 - test/domain_test.rb
 - test/filter_test.rb
-- test/fixtures/github-with-looped-subgroups.ldif
-- test/fixtures/github-with-missing-entries.ldif
-- test/fixtures/github-with-posixGroups.ldif
-- test/fixtures/github-with-subgroups.ldif
+- test/fixtures/common/seed.ldif
+- test/fixtures/openldap/memberof.ldif
+- test/fixtures/openldap/slapd.conf.ldif
 - test/fixtures/posixGroup.schema.ldif
 - test/group_test.rb
 - test/ldap_test.rb
+- test/membership_validators/active_directory_test.rb
+- test/membership_validators/classic_test.rb
+- test/membership_validators/recursive_test.rb
+- test/membership_validators_test.rb
 - test/posix_group_test.rb
+- test/support/vm/openldap/.gitignore
+- test/support/vm/openldap/README.md
+- test/support/vm/openldap/Vagrantfile
 - test/test_helper.rb
 homepage: https://github.com/github/github-ldap
 licenses:
@@ -124,29 +143,35 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: Ldap client authentication wrapper without all the boilerplate
 test_files:
 - test/domain_test.rb
 - test/filter_test.rb
-- test/fixtures/github-with-looped-subgroups.ldif
-- test/fixtures/github-with-missing-entries.ldif
-- test/fixtures/github-with-posixGroups.ldif
-- test/fixtures/github-with-subgroups.ldif
+- test/fixtures/common/seed.ldif
+- test/fixtures/openldap/memberof.ldif
+- test/fixtures/openldap/slapd.conf.ldif
 - test/fixtures/posixGroup.schema.ldif
 - test/group_test.rb
 - test/ldap_test.rb
+- test/membership_validators/active_directory_test.rb
+- test/membership_validators/classic_test.rb
+- test/membership_validators/recursive_test.rb
+- test/membership_validators_test.rb
 - test/posix_group_test.rb
+- test/support/vm/openldap/.gitignore
+- test/support/vm/openldap/README.md
+- test/support/vm/openldap/Vagrantfile
 - test/test_helper.rb