ldap_fluff 0.4.4 → 0.6.0

data/test/config_test.rb

@@ -4,27 +4,27 @@ class ConfigTest < MiniTest::Test
   include LdapTestHelper
 
   def test_unsupported_type
-    assert_raises(LdapFluff::Config::ConfigError) { LdapFluff.new(config_hash.update :server_type => 'inactive_directory') }
+    assert_raises(LdapFluff::Config::ConfigError) { LdapFluff.new(config_hash.update(:server_type => 'inactive_directory')) }
   end
 
   def test_load_posix
-    ldap = LdapFluff.new(config_hash.update :server_type => 'posix')
+    ldap = LdapFluff.new(config_hash.update(:server_type => 'posix'))
     assert_instance_of LdapFluff::Posix, ldap.ldap
   end
 
   def test_load_ad
-    ldap = LdapFluff.new(config_hash.update :server_type => 'active_directory')
+    ldap = LdapFluff.new(config_hash.update(:server_type => 'active_directory'))
     assert_instance_of LdapFluff::ActiveDirectory, ldap.ldap
   end
 
   def test_load_free_ipa
-    ldap = LdapFluff.new(config_hash.update :server_type => 'free_ipa')
+    ldap = LdapFluff.new(config_hash.update(:server_type => 'free_ipa'))
     assert_instance_of LdapFluff::FreeIPA, ldap.ldap
   end
 
   def test_instrumentation_service
     is = Object.new
-    net_ldap = LdapFluff.new(config_hash.update :instrumentation_service => is).ldap.ldap
+    net_ldap = LdapFluff.new(config_hash.update(:instrumentation_service => is)).ldap.ldap
     assert_equal is, net_ldap.send(:instrumentation_service)
   end
 end

data/test/ipa_member_services_test.rb

@@ -19,7 +19,7 @@ class TestIPAMemberService < MiniTest::Test
   def test_find_user
     basic_user
     @ipams.ldap = @ldap
-    assert_equal(%w(group bros), @ipams.find_user_groups("john"))
+    assert_equal(%w[group bros], @ipams.find_user_groups("john"))
     @ldap.verify
   end
 
@@ -35,7 +35,7 @@ class TestIPAMemberService < MiniTest::Test
   def test_no_groups
     entry = Net::LDAP::Entry.new
     entry['memberof'] = []
-    @ldap.expect(:search, [ Net::LDAP::Entry.new, entry ], [:filter => ipa_name_filter("john")])
+    @ldap.expect(:search, [Net::LDAP::Entry.new, entry], [:filter => ipa_name_filter("john")])
     @ipams.ldap = @ldap
     assert_equal([], @ipams.find_user_groups('john'))
     @ldap.verify
@@ -68,5 +68,4 @@ class TestIPAMemberService < MiniTest::Test
       @ipams.find_group('broze')
     end
   end
-
 end

data/test/ipa_netgroup_member_services_test.rb

@@ -0,0 +1,67 @@
+require 'lib/ldap_test_helper'
+
+class TestIPANetgroupMemberService < MiniTest::Test
+  include LdapTestHelper
+
+  def setup
+    netgroups_config
+    super
+    @ipams = LdapFluff::FreeIPA::NetgroupMemberService.new(@ldap, netgroups_config)
+  end
+
+  def basic_user
+    @ldap.expect(:search, ipa_user_payload, [:filter => ipa_name_filter("john")])
+  end
+
+  def basic_group
+    @ldap.expect(:search, ipa_netgroup_payload('broze'), [:filter => ipa_group_filter("broze"), :base => @config.group_base])
+  end
+
+  def test_find_user
+    basic_user
+    @ipams.ldap = @ldap
+    assert_equal ipa_user_payload, @ipams.find_user('john')
+    @ldap.verify
+  end
+
+  def test_find_missing_user
+    @ldap.expect(:search, nil, [:filter => ipa_name_filter("john")])
+    @ipams.ldap = @ldap
+    assert_raises(LdapFluff::FreeIPA::MemberService::UIDNotFoundException) do
+      @ipams.find_user('john')
+    end
+  end
+
+  def test_find_user_groups
+    response = ipa_netgroup_payload('bros', ['(,john,)', '(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => @config.group_base])
+
+    @ipams.ldap = @ldap
+    assert_equal(['bros'], @ipams.find_user_groups('john'))
+    @ldap.verify
+  end
+
+  def test_find_no_user_groups
+    response = ipa_netgroup_payload('bros', ['(,joe,)'])
+    @ldap.expect(:search, response, [:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'),
+                                     :base => @config.group_base])
+    @ipams.ldap = @ldap
+    assert_equal([], @ipams.find_user_groups('john'))
+    @ldap.verify
+  end
+
+  def test_find_group
+    basic_group
+    @ipams.ldap = @ldap
+    assert_equal(ipa_netgroup_payload('broze'), @ipams.find_group('broze'))
+  end
+
+  def test_find_missing_group
+    @ldap.expect(:search, nil, [:filter => ipa_group_filter("broze"), :base => @config.group_base])
+    @ipams.ldap = @ldap
+    assert_raises(LdapFluff::FreeIPA::MemberService::GIDNotFoundException) do
+      @ipams.find_group('broze')
+    end
+  end
+end

data/test/ipa_test.rb

@@ -19,7 +19,7 @@ class TestIPA < MiniTest::Test
     @md = MiniTest::Mock.new
     user_result = MiniTest::Mock.new
     user_result.expect(:dn, ipa_user_bind('internet'))
-    @md.expect(:find_user, [user_result], %w(internet))
+    @md.expect(:find_user, [user_result], %w[internet])
     @ipa.member_service = @md
     service_bind
     @ldap.expect(:auth, nil, [ipa_user_bind('internet'), "password"])
@@ -48,14 +48,14 @@ class TestIPA < MiniTest::Test
   def test_groups
     service_bind
     basic_user
-    assert_equal(@ipa.groups_for_uid('john'), %w(bros))
+    assert_equal(@ipa.groups_for_uid('john'), %w[bros])
   end
 
   def test_bad_user
     service_bind
     @md = MiniTest::Mock.new
-    @md.expect(:find_user_groups, nil, %w(john))
-    def @md.find_user_groups(*args)
+    @md.expect(:find_user_groups, nil, %w[john])
+    def @md.find_user_groups(*_args)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
     end
     @ipa.member_service = @md
@@ -74,36 +74,42 @@ class TestIPA < MiniTest::Test
   def test_is_in_groups
     service_bind
     basic_user
-    assert_equal(@ipa.is_in_groups("john", %w(bros), false), true)
+    assert_equal(@ipa.is_in_groups("john", %w[bros], false), true)
   end
 
   def test_is_some_groups
     service_bind
     basic_user
-    assert_equal(@ipa.is_in_groups("john", %w(bros buds), false), true)
+    assert_equal(@ipa.is_in_groups("john", %w[bros buds], false), true)
+  end
+
+  def test_is_in_all_groupss
+    service_bind
+    bigtime_user
+    assert_equal(true, @ipa.is_in_groups("john", %w[broskies bros], true))
   end
 
   def test_isnt_in_all_groups
     service_bind
     basic_user
-    assert_equal(@ipa.is_in_groups("john", %w(bros buds), true), false)
+    assert_equal(@ipa.is_in_groups("john", %w[bros buds], true), false)
   end
 
   def test_isnt_in_groups
     service_bind
     basic_user
-    assert_equal(@ipa.is_in_groups("john", %w(broskies), false), false)
+    assert_equal(@ipa.is_in_groups("john", %w[broskies], false), false)
   end
 
   def test_group_subset
     service_bind
     bigtime_user
-    assert_equal(@ipa.is_in_groups('john', %w(broskies), true), true)
+    assert_equal(@ipa.is_in_groups('john', %w[broskies], true), true)
   end
 
   def test_user_exists
     @md = MiniTest::Mock.new
-    @md.expect(:find_user, 'notnilluser', %w(john))
+    @md.expect(:find_user, 'notnilluser', %w[john])
     @ipa.member_service = @md
     service_bind
     assert(@ipa.user_exists?('john'))
@@ -111,8 +117,8 @@ class TestIPA < MiniTest::Test
 
   def test_missing_user
     @md = MiniTest::Mock.new
-    @md.expect(:find_user, nil, %w(john))
-    def @md.find_user(uid)
+    @md.expect(:find_user, nil, %w[john])
+    def @md.find_user(_uid)
       raise LdapFluff::FreeIPA::MemberService::UIDNotFoundException
     end
     @ipa.member_service = @md
@@ -122,7 +128,7 @@ class TestIPA < MiniTest::Test
 
   def test_group_exists
     @md = MiniTest::Mock.new
-    @md.expect(:find_group, 'notnillgroup', %w(broskies))
+    @md.expect(:find_group, 'notnillgroup', %w[broskies])
     @ipa.member_service = @md
     service_bind
     assert(@ipa.group_exists?('broskies'))
@@ -130,8 +136,8 @@ class TestIPA < MiniTest::Test
 
   def test_missing_group
     @md = MiniTest::Mock.new
-    @md.expect(:find_group, nil, %w(broskies))
-    def @md.find_group(uid)
+    @md.expect(:find_group, nil, %w[broskies])
+    def @md.find_group(_uid)
       raise LdapFluff::FreeIPA::MemberService::GIDNotFoundException
     end
     @ipa.member_service = @md
@@ -156,6 +162,4 @@ class TestIPA < MiniTest::Test
     assert_equal @ipa.users_for_gid('foremaners'), ['testuser']
     md.verify
   end
-
 end
-

data/test/ldap_test.rb

@@ -9,42 +9,42 @@ class TestLDAP < MiniTest::Test
   end
 
   def test_bind
-    @ldap.expect(:bind?, true, %w(john password))
+    @ldap.expect(:bind?, true, %w[john password])
     @fluff.ldap = @ldap
     assert_equal(@fluff.authenticate?("john", "password"), true)
     @ldap.verify
   end
 
   def test_groups
-    @ldap.expect(:groups_for_uid, %w(bros), %w(john))
+    @ldap.expect(:groups_for_uid, %w[bros], %w[john])
     @fluff.ldap = @ldap
-    assert_equal(@fluff.group_list('john'), %w(bros))
+    assert_equal(@fluff.group_list('john'), %w[bros])
     @ldap.verify
   end
 
   def test_group_membership
-    @ldap.expect(:is_in_groups, false, ['john', %w(broskies girlfriends), true])
+    @ldap.expect(:is_in_groups, false, ['john', %w[broskies girlfriends], true])
     @fluff.ldap = @ldap
-    assert_equal(@fluff.is_in_groups?('john', %w(broskies girlfriends)), false)
+    assert_equal(@fluff.is_in_groups?('john', %w[broskies girlfriends]), false)
     @ldap.verify
   end
 
   def test_valid_user
-    @ldap.expect(:user_exists?, true, %w(john))
+    @ldap.expect(:user_exists?, true, %w[john])
     @fluff.ldap = @ldap
     assert(@fluff.valid_user?('john'))
     @ldap.verify
   end
 
   def test_valid_group
-    @ldap.expect(:group_exists?, true, %w(broskies))
+    @ldap.expect(:group_exists?, true, %w[broskies])
     @fluff.ldap = @ldap
     assert(@fluff.valid_group?('broskies'))
     @ldap.verify
   end
 
   def test_invalid_group
-    @ldap.expect(:group_exists?, false, %w(broskerinos))
+    @ldap.expect(:group_exists?, false, %w[broskerinos])
     @fluff.ldap = @ldap
     refute(@fluff.valid_group?('broskerinos'))
     @ldap.verify
@@ -56,7 +56,4 @@ class TestLDAP < MiniTest::Test
     refute(@fluff.valid_user?('johnny rotten'))
     @ldap.verify
   end
-
 end
-
-

data/test/lib/ldap_test_helper.rb

@@ -7,17 +7,16 @@ module LdapTestHelper
   attr_accessor :group_base, :class_filter, :user
 
   def config_hash
-    { :host          => "internet.com",
-      :port          => "387",
-      :encryption    => :start_tls,
-      :base_dn       => "dc=internet,dc=com",
-      :group_base    => "ou=group,dc=internet,dc=com",
-      :service_user  => "service",
-      :service_pass  => "pass",
-      :server_type   => :free_ipa,
-      :attr_login    => nil,
-      :search_filter => nil
-    }
+    { :host => "internet.com",
+      :port => "387",
+      :encryption => :start_tls,
+      :base_dn => "dc=internet,dc=com",
+      :group_base => "ou=group,dc=internet,dc=com",
+      :service_user => "service",
+      :service_pass => "pass",
+      :server_type => :free_ipa,
+      :attr_login => nil,
+      :search_filter => nil }
   end
 
   def setup
@@ -29,6 +28,10 @@ module LdapTestHelper
     @config ||= LdapFluff::Config.new config_hash
   end
 
+  def netgroups_config
+    @config ||= LdapFluff::Config.new config_hash.merge(:use_netgroups => true)
+  end
+
   def service_bind
     @ldap.expect(:bind, true)
     get_test_instance_variable.ldap = @ldap
@@ -36,13 +39,13 @@ module LdapTestHelper
 
   def basic_user
     @md = MiniTest::Mock.new
-    @md.expect(:find_user_groups, %w(bros), %w(john))
+    @md.expect(:find_user_groups, %w[bros], %w[john])
     get_test_instance_variable.member_service = @md
   end
 
   def bigtime_user
     @md = MiniTest::Mock.new
-    @md.expect(:find_user_groups, %w(bros broskies), %w(john))
+    @md.expect(:find_user_groups, %w[bros broskies], %w[john])
     get_test_instance_variable.member_service = @md
   end
 
@@ -78,11 +81,15 @@ module LdapTestHelper
     "CN=#{name},CN=Users,#{@config.base_dn}"
   end
 
-  def ad_group_dn(name='group')
+  def ad_group_dn(name = 'group')
     "cn=#{name},#{@config.group_base}"
   end
 
-  def ad_user_payload
+  def ad_user_payload(name = nil)
+    unless name.nil?
+      return [{ :memberof => [ad_group_dn], :distinguishedname => [ad_user_dn(name)] }]
+    end
+
     [{ :memberof => [ad_group_dn] }]
   end
 
@@ -99,20 +106,24 @@ module LdapTestHelper
   end
 
   def posix_user_payload
-    [{ :cn => ["bros"] }]
+    [{ :cn => ["john"] }]
   end
 
   def posix_group_payload
     [{ :cn => ["broze"] }]
   end
 
+  def posix_netgroup_payload(cn, netgroups = [])
+    [{ :cn => [cn], :nisnetgrouptriple => netgroups }]
+  end
+
   def ipa_user_payload
     @ipa_user_payload_cache ||= begin
       entry_1 = Net::LDAP::Entry.new
       entry_1['cn'] = 'John'
       entry_2 = Net::LDAP::Entry.new
       entry_2['memberof'] = ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com']
-      [ entry_1, entry_2 ]
+      [entry_1, entry_2]
     end
   end
 
@@ -120,6 +131,10 @@ module LdapTestHelper
     [{ :cn => 'group' }, { :memberof => ['cn=group,dc=internet,dc=com', 'cn=bros,dc=internet,dc=com'] }]
   end
 
+  def ipa_netgroup_payload(cn, netgroups = [])
+    [{ :cn => [cn], :nisnetgrouptriple => netgroups }]
+  end
+
   private
 
   def get_test_instance_variable

data/test/posix_member_services_test.rb

@@ -11,24 +11,33 @@ class TestPosixMemberService < MiniTest::Test
   def test_find_user
     user = posix_user_payload
     @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
-                                 :base   => config.base_dn])
+                                 :base => config.base_dn])
     @ms.ldap = @ldap
     assert_equal posix_user_payload, @ms.find_user('john')
     @ldap.verify
   end
 
   def test_find_user_groups
-    user = posix_user_payload
-    @ldap.expect(:search, user, [:filter => @ms.name_filter('john')])
+    user = posix_group_payload
+    @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
+                                 :base => config.group_base])
+    @ms.ldap = @ldap
+    assert_equal ['broze'], @ms.find_user_groups('john')
+    @ldap.verify
+  end
+
+  def test_find_no_groups
+    @ldap.expect(:search, [], [:filter => @ms.name_filter("john"),
+                               :base => config.group_base])
     @ms.ldap = @ldap
-    assert_equal ['bros'], @ms.find_user_groups('john')
+    assert_equal [], @ms.find_user_groups('john')
     @ldap.verify
   end
 
   def test_user_exists
     user = posix_user_payload
     @ldap.expect(:search, user, [:filter => @ms.name_filter('john'),
-                                 :base   => config.base_dn])
+                                 :base => config.base_dn])
     @ms.ldap = @ldap
     assert @ms.find_user('john')
     @ldap.verify
@@ -36,7 +45,7 @@ class TestPosixMemberService < MiniTest::Test
 
   def test_user_doesnt_exists
     @ldap.expect(:search, nil, [:filter => @ms.name_filter('john'),
-                                :base   => config.base_dn])
+                                :base => config.base_dn])
     @ms.ldap = @ldap
     assert_raises(LdapFluff::Posix::MemberService::UIDNotFoundException) { @ms.find_user('john') }
     @ldap.verify
@@ -45,7 +54,7 @@ class TestPosixMemberService < MiniTest::Test
   def test_group_exists
     group = posix_group_payload
     @ldap.expect(:search, group, [:filter => @ms.group_filter('broze'),
-                                  :base   => config.group_base])
+                                  :base => config.group_base])
     @ms.ldap = @ldap
     assert @ms.find_group('broze')
     @ldap.verify
@@ -53,7 +62,7 @@ class TestPosixMemberService < MiniTest::Test
 
   def test_group_doesnt_exists
     @ldap.expect(:search, nil, [:filter => @ms.group_filter('broze'),
-                                :base   => config.group_base])
+                                :base => config.group_base])
     @ms.ldap = @ldap
     assert_raises(LdapFluff::Posix::MemberService::GIDNotFoundException) { @ms.find_group('broze') }
     @ldap.verify