socialcast 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/socialcast/cli.rb +7 -4
- data/lib/socialcast/version.rb +1 -1
- data/spec/cli_spec.rb +21 -0
- data/spec/fixtures/ldap_without_permission_mappings.yml +53 -0
- metadata +6 -4
data/lib/socialcast/cli.rb
CHANGED
|
@@ -149,13 +149,16 @@ module Socialcast
|
|
|
149
149
|
end
|
|
150
150
|
|
|
151
151
|
memberships = entry[membership_attribute]
|
|
152
|
-
|
|
152
|
+
external_ldap_group = permission_mappings.fetch('account_types', {})['external']
|
|
153
|
+
if external_ldap_group && memberships.include?(external_ldap_group)
|
|
153
154
|
user.tag! 'account-type', 'external'
|
|
154
155
|
else
|
|
155
156
|
user.tag! 'account-type', 'member'
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
157
|
+
if permission_roles_mappings = permission_mappings['roles']
|
|
158
|
+
user.tag! 'roles', :type => 'array' do |roles|
|
|
159
|
+
permission_roles_mappings.each_pair do |socialcast_role, ldap_group|
|
|
160
|
+
roles.role socialcast_role if entry[membership_attribute].include?(ldap_group)
|
|
161
|
+
end
|
|
159
162
|
end
|
|
160
163
|
end
|
|
161
164
|
end
|
data/lib/socialcast/version.rb
CHANGED
data/spec/cli_spec.rb
CHANGED
|
@@ -2,6 +2,27 @@ require 'spec_helper'
|
|
|
2
2
|
|
|
3
3
|
describe Socialcast::CLI do
|
|
4
4
|
describe '#provision' do
|
|
5
|
+
context 'with ldap.yml configuration excluding permission_mappings' do
|
|
6
|
+
before do
|
|
7
|
+
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
|
|
8
|
+
@entry[:mail] = 'ryan@example.com'
|
|
9
|
+
|
|
10
|
+
Net::LDAP.any_instance.stub(:search).and_yield(@entry)
|
|
11
|
+
|
|
12
|
+
@result = ''
|
|
13
|
+
Zlib::GzipWriter.stub(:open).and_yield(@result)
|
|
14
|
+
File.stub(:open).with(/ldap.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'ldap_without_permission_mappings.yml')))
|
|
15
|
+
File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
|
|
16
|
+
File.stub(:open).with(/credentials.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
|
17
|
+
|
|
18
|
+
RestClient::Resource.any_instance.stub(:post)
|
|
19
|
+
|
|
20
|
+
Socialcast::CLI.start ['provision', '-c', 'spec/fixtures/ldap.yml']
|
|
21
|
+
end
|
|
22
|
+
it 'excludes roles element' do
|
|
23
|
+
@result.should_not =~ %r{roles}
|
|
24
|
+
end
|
|
25
|
+
end
|
|
5
26
|
context 'with external group member' do
|
|
6
27
|
before do
|
|
7
28
|
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
---
|
|
2
|
+
# LDAP connections
|
|
3
|
+
connections:
|
|
4
|
+
example_connection_1:
|
|
5
|
+
username: "cn=Directory Manager"
|
|
6
|
+
password: "test"
|
|
7
|
+
host: localhost
|
|
8
|
+
port: 1389
|
|
9
|
+
basedn: "dc=example,dc=com"
|
|
10
|
+
filter: "(mail=*)"
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
# LDAP attribute mappings
|
|
14
|
+
mappings:
|
|
15
|
+
first_name: givenName
|
|
16
|
+
last_name: sn
|
|
17
|
+
email: mail
|
|
18
|
+
# only use employee_number if the email is unknown
|
|
19
|
+
# employee_number: emp_id
|
|
20
|
+
# only use unique_identifier if you do not wish to use email as the main user identification method
|
|
21
|
+
# unique_identifier: samaccountname
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
# Map LDAP Group Memberships to Socialcast Permissions
|
|
25
|
+
# permission_mappings:
|
|
26
|
+
# # configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
|
|
27
|
+
# attribute_name: isMemberOf
|
|
28
|
+
# account_types:
|
|
29
|
+
# external: "cn=External,dc=example,dc=com"
|
|
30
|
+
# roles:
|
|
31
|
+
# tenant_admin: "cn=Admins,dc=example,dc=com"
|
|
32
|
+
# sbi_admin: "cn=SbiAdmins,dc=example,dc=com"
|
|
33
|
+
# reach_admin: "cn=ReachAdmins,dc=example,dc=com"
|
|
34
|
+
# town_hall_admin: "cn=TownHallAdmins,dc=example,dc=com"
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
# general script options
|
|
38
|
+
options:
|
|
39
|
+
# cleanup the extracted ldap data file after run is complete
|
|
40
|
+
delete_users_file: false
|
|
41
|
+
# skip sending emails to newly activated users
|
|
42
|
+
skip_emails: true
|
|
43
|
+
# do not actually provision accounts
|
|
44
|
+
# useful during testing
|
|
45
|
+
test: true
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
# http options for connecting to Socialcast servers
|
|
49
|
+
http:
|
|
50
|
+
timeout: 660
|
|
51
|
+
# optional setting if script must connect to Socialcast server through a proxy
|
|
52
|
+
# proxy: "http://username:password@proxy.company.com:3128"
|
|
53
|
+
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: socialcast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 19
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 1.0.
|
|
9
|
+
- 2
|
|
10
|
+
version: 1.0.2
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Ryan Sonnek
|
|
@@ -16,7 +16,7 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2011-07-
|
|
19
|
+
date: 2011-07-14 00:00:00 Z
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
22
22
|
name: rest-client
|
|
@@ -159,6 +159,7 @@ files:
|
|
|
159
159
|
- spec/cli_spec.rb
|
|
160
160
|
- spec/fixtures/credentials.yml
|
|
161
161
|
- spec/fixtures/ldap.yml
|
|
162
|
+
- spec/fixtures/ldap_without_permission_mappings.yml
|
|
162
163
|
- spec/spec_helper.rb
|
|
163
164
|
homepage: http://github.com/wireframe/socialcast-command-line
|
|
164
165
|
licenses: []
|
|
@@ -197,4 +198,5 @@ test_files:
|
|
|
197
198
|
- spec/cli_spec.rb
|
|
198
199
|
- spec/fixtures/credentials.yml
|
|
199
200
|
- spec/fixtures/ldap.yml
|
|
201
|
+
- spec/fixtures/ldap_without_permission_mappings.yml
|
|
200
202
|
- spec/spec_helper.rb
|