mirror of
https://github.com/valitydev/salt.git
synced 2024-11-06 16:45:27 +00:00
110 lines
4.0 KiB
Python
110 lines
4.0 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
# Import python libs
|
|
from __future__ import absolute_import
|
|
|
|
# Import Salt Libs
|
|
import salt.auth.ldap
|
|
|
|
# Import Salt Testing Libs
|
|
from tests.support.mock import patch, NO_MOCK, NO_MOCK_REASON
|
|
from tests.support.unit import skipIf, TestCase
|
|
|
|
salt.auth.ldap.__opts__ = {}
|
|
|
|
|
|
class Bind(object):
|
|
'''
|
|
fake search_s return
|
|
'''
|
|
|
|
@staticmethod
|
|
def search_s(*args, **kwargs):
|
|
return [
|
|
(
|
|
'cn=saltusers,cn=groups,cn=compat,dc=saltstack,dc=com',
|
|
{'memberUid': [b'saltuser'], 'cn': [b'saltusers']},
|
|
),
|
|
]
|
|
|
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
|
@skipIf(not salt.auth.ldap.HAS_LDAP, 'Install python-ldap for this test')
|
|
class LDAPAuthTestCase(TestCase):
|
|
'''
|
|
Unit tests for salt.auth.ldap
|
|
'''
|
|
|
|
def setUp(self):
|
|
self.opts = {
|
|
'auth.ldap.binddn': 'uid={{username}},cn=users,cn=compat,dc=saltstack,dc=com',
|
|
'auth.ldap.port': 389,
|
|
'auth.ldap.tls': False,
|
|
'auth.ldap.server': '172.18.0.2',
|
|
'auth.ldap.accountattributename': 'memberUid',
|
|
'auth.ldap.groupattribute': 'memberOf',
|
|
'auth.ldap.group_basedn': 'cn=groups,cn=compat,dc=saltstack,dc=com',
|
|
'auth.ldap.basedn': 'dc=saltstack,dc=com',
|
|
'auth.ldap.group_filter': '(&(memberUid={{ username }})(objectClass=posixgroup))'}
|
|
|
|
def tearDown(self):
|
|
self.opts['auth.ldap.freeipa'] = False
|
|
self.opts['auth.ldap.activedirectory'] = False
|
|
|
|
def test_config(self):
|
|
'''
|
|
Test that the _config function works correctly
|
|
'''
|
|
with patch.dict(salt.auth.ldap.__opts__, self.opts):
|
|
self.assertEqual(salt.auth.ldap._config('basedn'), 'dc=saltstack,dc=com')
|
|
self.assertEqual(salt.auth.ldap._config('group_filter'), '(&(memberUid={{ username }})(objectClass=posixgroup))')
|
|
self.assertEqual(salt.auth.ldap._config('accountattributename'), 'memberUid')
|
|
self.assertEqual(salt.auth.ldap._config('groupattribute'), 'memberOf')
|
|
|
|
def test_groups_freeipa(self):
|
|
'''
|
|
test groups in freeipa
|
|
'''
|
|
self.opts['auth.ldap.freeipa'] = True
|
|
with patch.dict(salt.auth.ldap.__opts__, self.opts):
|
|
with patch('salt.auth.ldap._bind', return_value=Bind):
|
|
self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
|
|
|
|
def test_groups(self):
|
|
'''
|
|
test groups in ldap
|
|
'''
|
|
with patch.dict(salt.auth.ldap.__opts__, self.opts):
|
|
with patch('salt.auth.ldap._bind', return_value=Bind):
|
|
self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
|
|
|
|
def test_groups_activedirectory(self):
|
|
'''
|
|
test groups in activedirectory
|
|
'''
|
|
self.opts['auth.ldap.activedirectory'] = True
|
|
with patch.dict(salt.auth.ldap.__opts__, self.opts):
|
|
with patch('salt.auth.ldap._bind', return_value=Bind):
|
|
self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
|
|
|
|
def test_auth_nopass(self):
|
|
opts = self.opts.copy()
|
|
opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
|
|
with patch.dict(salt.auth.ldap.__opts__, opts):
|
|
with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
|
|
self.assertFalse(salt.auth.ldap.auth('foo', None))
|
|
|
|
def test_auth_nouser(self):
|
|
opts = self.opts.copy()
|
|
opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
|
|
with patch.dict(salt.auth.ldap.__opts__, opts):
|
|
with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
|
|
self.assertFalse(salt.auth.ldap.auth(None, 'foo'))
|
|
|
|
def test_auth_nouserandpass(self):
|
|
opts = self.opts.copy()
|
|
opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
|
|
with patch.dict(salt.auth.ldap.__opts__, opts):
|
|
with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
|
|
self.assertFalse(salt.auth.ldap.auth(None, None))
|