socialcast 1.0.6 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/ext/array_ext.rb +11 -0
- data/lib/socialcast.rb +1 -0
- data/lib/socialcast/net_ldap_ext.rb +9 -4
- data/lib/socialcast/version.rb +1 -1
- data/spec/cli_spec.rb +72 -0
- data/spec/fixtures/ldap_with_array_permission_mapping.yml +50 -0
- metadata +10 -5
data/lib/socialcast.rb
CHANGED
|
@@ -36,15 +36,20 @@ class Net::LDAP::Entry
|
|
|
36
36
|
|
|
37
37
|
membership_attribute = permission_mappings.fetch 'attribute_name', 'memberof'
|
|
38
38
|
memberships = self[membership_attribute]
|
|
39
|
-
|
|
40
|
-
if external_ldap_group
|
|
39
|
+
external_ldap_groups = Array.wrap(permission_mappings.fetch('account_types', {})['external'])
|
|
40
|
+
if external_ldap_groups.any? { |external_ldap_group| memberships.include?(external_ldap_group) }
|
|
41
41
|
user.tag! 'account-type', 'external'
|
|
42
42
|
else
|
|
43
43
|
user.tag! 'account-type', 'member'
|
|
44
44
|
if permission_roles_mappings = permission_mappings['roles']
|
|
45
45
|
user.tag! 'roles', :type => 'array' do |roles|
|
|
46
|
-
permission_roles_mappings.each_pair do |socialcast_role,
|
|
47
|
-
|
|
46
|
+
permission_roles_mappings.each_pair do |socialcast_role, ldap_groups|
|
|
47
|
+
Array.wrap(ldap_groups).each do |ldap_group|
|
|
48
|
+
if memberships.include?(ldap_group)
|
|
49
|
+
roles.role socialcast_role
|
|
50
|
+
break
|
|
51
|
+
end
|
|
52
|
+
end
|
|
48
53
|
end
|
|
49
54
|
end
|
|
50
55
|
end
|
data/lib/socialcast/version.rb
CHANGED
data/spec/cli_spec.rb
CHANGED
|
@@ -64,6 +64,28 @@ describe Socialcast::CLI do
|
|
|
64
64
|
@result.should =~ %r{<account-type>external</account-type>}
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
|
+
context 'with multiple possible external group member' do
|
|
68
|
+
before do
|
|
69
|
+
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
|
|
70
|
+
@entry[:mail] = 'ryan@example.com'
|
|
71
|
+
@entry[:isMemberOf] = 'cn=Contractor,dc=example,dc=com'
|
|
72
|
+
|
|
73
|
+
Net::LDAP.any_instance.stub(:search).and_yield(@entry)
|
|
74
|
+
|
|
75
|
+
@result = ''
|
|
76
|
+
Zlib::GzipWriter.stub(:open).and_yield(@result)
|
|
77
|
+
File.stub(:open).with(/ldap.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'ldap_with_array_permission_mapping.yml')))
|
|
78
|
+
File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
|
|
79
|
+
File.stub(:open).with(/credentials.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
|
80
|
+
|
|
81
|
+
RestClient::Resource.any_instance.stub(:post)
|
|
82
|
+
|
|
83
|
+
Socialcast::CLI.start ['provision', '-c', 'spec/fixtures/ldap.yml']
|
|
84
|
+
end
|
|
85
|
+
it 'sets account-type to external' do
|
|
86
|
+
@result.should =~ %r{<account-type>external</account-type>}
|
|
87
|
+
end
|
|
88
|
+
end
|
|
67
89
|
|
|
68
90
|
context 'with tenant_admin group member' do
|
|
69
91
|
before do
|
|
@@ -90,5 +112,55 @@ describe Socialcast::CLI do
|
|
|
90
112
|
@result.should =~ %r{<role>tenant_admin</role>}
|
|
91
113
|
end
|
|
92
114
|
end
|
|
115
|
+
context 'entry isMemberOf Marketing group' do
|
|
116
|
+
before do
|
|
117
|
+
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
|
|
118
|
+
@entry[:mail] = 'ryan@example.com'
|
|
119
|
+
@entry[:isMemberOf] = 'cn=Marketing,dc=example,dc=com'
|
|
120
|
+
|
|
121
|
+
Net::LDAP.any_instance.stub(:search).and_yield(@entry)
|
|
122
|
+
|
|
123
|
+
@result = ''
|
|
124
|
+
Zlib::GzipWriter.stub(:open).and_yield(@result)
|
|
125
|
+
File.stub(:open).with(/ldap.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'ldap_with_array_permission_mapping.yml')))
|
|
126
|
+
File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
|
|
127
|
+
File.stub(:open).with(/credentials.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
|
128
|
+
|
|
129
|
+
RestClient::Resource.any_instance.stub(:post)
|
|
130
|
+
|
|
131
|
+
Socialcast::CLI.start ['provision', '-c', 'spec/fixtures/ldap.yml']
|
|
132
|
+
end
|
|
133
|
+
it 'sets account-type to member' do
|
|
134
|
+
@result.should =~ %r{<account-type>member</account-type>}
|
|
135
|
+
end
|
|
136
|
+
it 'adds sbi_admin role' do
|
|
137
|
+
@result.should =~ %r{<role>sbi_admin</role>}
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
context 'entry isMemberOf Engineering group' do
|
|
141
|
+
before do
|
|
142
|
+
@entry = Net::LDAP::Entry.new("dc=example,dc=com")
|
|
143
|
+
@entry[:mail] = 'ryan@example.com'
|
|
144
|
+
@entry[:isMemberOf] = 'cn=Engineering,dc=example,dc=com'
|
|
145
|
+
|
|
146
|
+
Net::LDAP.any_instance.stub(:search).and_yield(@entry)
|
|
147
|
+
|
|
148
|
+
@result = ''
|
|
149
|
+
Zlib::GzipWriter.stub(:open).and_yield(@result)
|
|
150
|
+
File.stub(:open).with(/ldap.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'ldap_with_array_permission_mapping.yml')))
|
|
151
|
+
File.stub(:open).with(/users.xml.gz/, anything).and_yield(@result)
|
|
152
|
+
File.stub(:open).with(/credentials.yml/).and_yield(File.read(File.join(File.dirname(__FILE__), 'fixtures', 'credentials.yml')))
|
|
153
|
+
|
|
154
|
+
RestClient::Resource.any_instance.stub(:post)
|
|
155
|
+
|
|
156
|
+
Socialcast::CLI.start ['provision', '-c', 'spec/fixtures/ldap.yml']
|
|
157
|
+
end
|
|
158
|
+
it 'sets account-type to member' do
|
|
159
|
+
@result.should =~ %r{<account-type>member</account-type>}
|
|
160
|
+
end
|
|
161
|
+
it 'adds sbi_admin role' do
|
|
162
|
+
@result.should =~ %r{<role>sbi_admin</role>}
|
|
163
|
+
end
|
|
164
|
+
end
|
|
93
165
|
end
|
|
94
166
|
end
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
---
|
|
2
|
+
# LDAP connections
|
|
3
|
+
connections:
|
|
4
|
+
example_connection_1:
|
|
5
|
+
username: "cn=Directory Manager"
|
|
6
|
+
password: "test"
|
|
7
|
+
host: localhost
|
|
8
|
+
port: 1389
|
|
9
|
+
basedn: "dc=example,dc=com"
|
|
10
|
+
filter: "(mail=*)"
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
# LDAP attribute mappings
|
|
14
|
+
mappings:
|
|
15
|
+
first_name: givenName
|
|
16
|
+
last_name: sn
|
|
17
|
+
email: mail
|
|
18
|
+
# only use employee_number if the email is unknown
|
|
19
|
+
# employee_number: emp_id
|
|
20
|
+
# only use unique_identifier if you do not wish to use email as the main user identification method
|
|
21
|
+
# unique_identifier: samaccountname
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
# Map LDAP Group Memberships to Socialcast Permissions
|
|
25
|
+
permission_mappings:
|
|
26
|
+
# configure LDAP field for group memberships (ex: memberof, isMemberOf, etc)
|
|
27
|
+
attribute_name: isMemberOf
|
|
28
|
+
account_types:
|
|
29
|
+
external: ["cn=External,dc=example,dc=com", "cn=Contractor,dc=example,dc=com"]
|
|
30
|
+
roles:
|
|
31
|
+
tenant_admin: "cn=Admins,dc=example,dc=com"
|
|
32
|
+
sbi_admin: ["cn=Marketing,dc=example,dc=com", "cn=Engineering,dc=example,dc=com"]
|
|
33
|
+
reach_admin: "cn=ReachAdmins,dc=example,dc=com"
|
|
34
|
+
town_hall_admin: "cn=TownHallAdmins,dc=example,dc=com"
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
# general script options
|
|
38
|
+
options:
|
|
39
|
+
# cleanup the extracted ldap data file after run is complete
|
|
40
|
+
delete_users_file: false
|
|
41
|
+
# skip sending emails to newly activated users
|
|
42
|
+
skip_emails: true
|
|
43
|
+
# do not actually provision accounts
|
|
44
|
+
# useful during testing
|
|
45
|
+
test: true
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
# http options for connecting to Socialcast servers
|
|
49
|
+
http:
|
|
50
|
+
timeout: 660
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: socialcast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 25
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 1
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 1.0.
|
|
9
|
+
- 7
|
|
10
|
+
version: 1.0.7
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Ryan Sonnek
|
|
@@ -16,7 +16,8 @@ autorequire:
|
|
|
16
16
|
bindir: bin
|
|
17
17
|
cert_chain: []
|
|
18
18
|
|
|
19
|
-
date: 2011-
|
|
19
|
+
date: 2011-09-13 00:00:00 -07:00
|
|
20
|
+
default_executable:
|
|
20
21
|
dependencies:
|
|
21
22
|
- !ruby/object:Gem::Dependency
|
|
22
23
|
name: rest-client
|
|
@@ -151,6 +152,7 @@ files:
|
|
|
151
152
|
- Rakefile
|
|
152
153
|
- bin/socialcast
|
|
153
154
|
- config/ldap.yml
|
|
155
|
+
- lib/ext/array_ext.rb
|
|
154
156
|
- lib/socialcast.rb
|
|
155
157
|
- lib/socialcast/cli.rb
|
|
156
158
|
- lib/socialcast/message.rb
|
|
@@ -160,8 +162,10 @@ files:
|
|
|
160
162
|
- spec/cli_spec.rb
|
|
161
163
|
- spec/fixtures/credentials.yml
|
|
162
164
|
- spec/fixtures/ldap.yml
|
|
165
|
+
- spec/fixtures/ldap_with_array_permission_mapping.yml
|
|
163
166
|
- spec/fixtures/ldap_without_permission_mappings.yml
|
|
164
167
|
- spec/spec_helper.rb
|
|
168
|
+
has_rdoc: true
|
|
165
169
|
homepage: http://github.com/wireframe/socialcast-command-line
|
|
166
170
|
licenses: []
|
|
167
171
|
|
|
@@ -191,7 +195,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
191
195
|
requirements: []
|
|
192
196
|
|
|
193
197
|
rubyforge_project: socialcast
|
|
194
|
-
rubygems_version: 1.
|
|
198
|
+
rubygems_version: 1.5.3
|
|
195
199
|
signing_key:
|
|
196
200
|
specification_version: 3
|
|
197
201
|
summary: command line interface to socialcast api
|
|
@@ -199,5 +203,6 @@ test_files:
|
|
|
199
203
|
- spec/cli_spec.rb
|
|
200
204
|
- spec/fixtures/credentials.yml
|
|
201
205
|
- spec/fixtures/ldap.yml
|
|
206
|
+
- spec/fixtures/ldap_with_array_permission_mapping.yml
|
|
202
207
|
- spec/fixtures/ldap_without_permission_mappings.yml
|
|
203
208
|
- spec/spec_helper.rb
|