Skip to content

Add CI build for OpenLDAP integration #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 33 commits into from
Oct 8, 2014
Merged

Add CI build for OpenLDAP integration #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
58a5315
Hook up separate OpenLDAP install, build steps
mtodd Sep 27, 2014
8759205
RVM exec rake for testing ApacheDS tests
mtodd Sep 27, 2014
392410f
Simplify a bit
mtodd Sep 27, 2014
5844fe6
Fast finish, simplify script, remove extraneous bits
mtodd Sep 29, 2014
2397389
Compute relative path to cd into, add debugging output
mtodd Sep 29, 2014
efcd72e
Bundle exec
mtodd Sep 29, 2014
f566aba
bundle install
mtodd Sep 29, 2014
4efafa6
Install, configure, seed OpenLDAP
mtodd Sep 30, 2014
6058337
:fire: unnecessary debugging
mtodd Sep 30, 2014
af39c0c
Fail on error, adjust base path computation
mtodd Sep 30, 2014
6e2d2c3
Wipe out old config first
mtodd Sep 30, 2014
e4f0a19
Switch things around to keep the path sane
mtodd Sep 30, 2014
2e4ce0f
Run the test suite with OpenLDAP
mtodd Sep 30, 2014
19d2fb9
Go back to dc=github,dc=com to match existing fixtures
mtodd Sep 30, 2014
2c6e174
Start test server with ladle when in apacheds test env only
mtodd Sep 30, 2014
33ad5a8
I hear commas are good
mtodd Sep 30, 2014
94d5b82
Create a 'common' fixture file
mtodd Oct 6, 2014
d2065f7
Hardcode server options
mtodd Oct 6, 2014
1e2b52e
Remove test-specific fixtures, use common seed
mtodd Oct 6, 2014
f0a3d75
Remove quiet option when verbose is set
mtodd Oct 6, 2014
19aa507
Use ENV.fetch with default
mtodd Oct 6, 2014
d80dbc5
Update one Domain test with correct fixture
mtodd Oct 6, 2014
010fbc4
Fix Domain posixGroup tests, fixtures
mtodd Oct 6, 2014
b3ac5f3
Add byebug as an development, test bundler dependency
mtodd Oct 6, 2014
1fe748e
Experiment with reusing the ApacheDS LDAP server for each test
mtodd Oct 6, 2014
34d63f6
byebug is supported on MRI 2.0, 2.1 only
mtodd Oct 6, 2014
84e37ce
Add supporting fixtures, fix email domain
mtodd Oct 6, 2014
919734e
Use common seed for OpenLDAP
mtodd Oct 6, 2014
46fea0d
Rewrite Domain tests
mtodd Oct 6, 2014
a1988ab
Include gidNumber in seed; fix posixGroup schema
mtodd Oct 6, 2014
102351c
Rewrite GitHub::Ldap tests
mtodd Oct 6, 2014
6502ab1
Fix Group tests, add fixture group with missing members
mtodd Oct 7, 2014
15953cc
Fix up posixGroup tests
mtodd Oct 8, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,20 @@
language: ruby
rvm:
- 1.9.3
- 2.1.0
- 1.9.3
- 2.1.0

env:
- TESTENV=openldap
- TESTENV=apacheds

install:
- if [ "$TESTENV" = "openldap" ]; then ./script/install-openldap; fi
- bundle install

script:
- ./script/cibuild-$TESTENV

matrix:
fast_finish: true
notifications:
email: false
4 changes: 4 additions & 0 deletions Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,7 @@ source 'https://rubygems.org'

# Specify your gem's dependencies in github-ldap.gemspec
gemspec

group :test, :development do
gem "byebug", :platforms => [:mri_20, :mri_21]
end
2 changes: 2 additions & 0 deletions lib/github/ldap/server.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ def self.start_server(options = {})
@server_options[:domain] = @server_options[:user_domain]
@server_options[:tmpdir] ||= server_tmp

@server_options[:quiet] = false if @server_options[:verbose]

@ldap_server = Ladle::Server.new(@server_options)
@ldap_server.start
end
Expand Down
7 changes: 7 additions & 0 deletions script/cibuild-apacheds
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/usr/bin/env sh
set -e
set -x

cd `dirname $0`/..
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Travis doesn't run scripts from the project root?


bundle exec rake
7 changes: 7 additions & 0 deletions script/cibuild-openldap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/usr/bin/env sh
set -e
set -x

cd `dirname $0`/..

bundle exec rake
44 changes: 44 additions & 0 deletions script/install-openldap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#!/usr/bin/env sh
set -e
set -x

BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )"
SEED_PATH="$( cd `dirname $0`/../test/fixtures/common && pwd )"

DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y --force-yes slapd time ldap-utils

sudo /etc/init.d/slapd stop

TMPDIR=$(mktemp -d)
cd $TMPDIR

# Delete data and reconfigure.
sudo cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG
sudo rm -rf /etc/ldap/slapd.d/*
sudo rm -rf /var/lib/ldap/*
sudo cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG
sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/slapd.conf.ldif
# Load memberof and ref-int overlays and configure them.
sudo slapadd -F /etc/ldap/slapd.d -b "cn=config" -l $BASE_PATH/memberof.ldif

# Add base domain.
sudo slapadd -F /etc/ldap/slapd.d <<EOM
dn: dc=github,dc=com
objectClass: top
objectClass: domain
dc: github
EOM

sudo chown -R openldap.openldap /etc/ldap/slapd.d
sudo chown -R openldap.openldap /var/lib/ldap

sudo /etc/init.d/slapd start

# Import seed data.
# NOTE: use ldapadd in order for memberOf and refint to apply, instead of:
# /vagrant/services/ldap/openldap/seed.rb | sudo slapadd -F /etc/ldap/slapd.d
cat $SEED_PATH/seed.ldif |
/usr/bin/time sudo ldapadd -x -D "cn=admin,dc=github,dc=com" -w passworD1 \
-h localhost -p 389
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, ldapadd also supports -f for specifying the filename.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heh, this was originally based on a script that generated the seed, and it wasn't clear if I'd move back to the script method or keep the seed file.


sudo rm -rf $TMPDIR
155 changes: 66 additions & 89 deletions test/domain_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,13 @@ def setup
end

def test_user_valid_login
user = @domain.valid_login?('calavera', 'passworD1')
assert_equal 'uid=calavera,dc=github,dc=com', user.dn
assert user = @domain.valid_login?('user1', 'passworD1')
assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
end

def test_user_with_invalid_password
assert !@domain.valid_login?('calavera', 'foo'),
"Login `calavera` expected to be invalid with password `foo`"
assert !@domain.valid_login?('user1', 'foo'),
"Login `user1` expected to be invalid with password `foo`"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick, but use refute?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

end

def test_user_with_invalid_login
Expand All @@ -22,115 +22,118 @@ def test_user_with_invalid_login
end

def test_groups_in_server
assert_equal 2, @domain.groups(%w(Enterprise People)).size
assert_equal 2, @domain.groups(%w(ghe-users ghe-admins)).size
end

def test_user_in_group
user = @domain.valid_login?('calavera', 'passworD1')
assert user = @domain.valid_login?('user1', 'passworD1')

assert @domain.is_member?(user, %w(Enterprise People)),
"Expected `Enterprise` or `Poeple` to include the member `#{user.dn}`"
assert @domain.is_member?(user, %w(ghe-users ghe-admins)),
"Expected `ghe-users` or `ghe-admins` to include the member `#{user.dn}`"
end

def test_user_not_in_different_group
user = @domain.valid_login?('calavera', 'passworD1')
user = @domain.valid_login?('user1', 'passworD1')

assert !@domain.is_member?(user, %w(People)),
"Expected `Poeple` not to include the member `#{user.dn}`"
refute @domain.is_member?(user, %w(ghe-admins)),
"Expected `ghe-admins` not to include the member `#{user.dn}`"
end

def test_user_without_group
user = @domain.valid_login?('ldaptest', 'secret')
user = @domain.valid_login?('groupless-user1', 'passworD1')

assert !@domain.is_member?(user, %w(People)),
"Expected `People` not to include the member `#{user.dn}`"
assert !@domain.is_member?(user, %w(all-users)),
"Expected `all-users` not to include the member `#{user.dn}`"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

refute

end

def test_authenticate_doesnt_return_invalid_users
user = @domain.authenticate!('calavera', 'passworD1')
assert_equal 'uid=calavera,dc=github,dc=com', user.dn
def test_authenticate_returns_valid_users
user = @domain.authenticate!('user1', 'passworD1')
assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
end

def test_authenticate_doesnt_return_invalid_users
assert !@domain.authenticate!('calavera', 'foo'),
refute @domain.authenticate!('user1', 'foo'),
"Expected `authenticate!` to not return an invalid user"
end

def test_authenticate_check_valid_user_and_groups
user = @domain.authenticate!('calavera', 'passworD1', %w(Enterprise People))
user = @domain.authenticate!('user1', 'passworD1', %w(ghe-users ghe-admins))

assert_equal 'uid=calavera,dc=github,dc=com', user.dn
assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
end

def test_authenticate_doesnt_return_valid_users_in_different_groups
assert !@domain.authenticate!('calavera', 'passworD1', %w(People)),
refute @domain.authenticate!('user1', 'passworD1', %w(ghe-admins)),
"Expected `authenticate!` to not return an user"
end

def test_membership_empty_for_non_members
user = @ldap.domain('uid=calavera,dc=github,dc=com').bind
user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

assert @domain.membership(user, %w(People)).empty?,
"Expected `calavera` not to be a member of `People`."
assert @domain.membership(user, %w(ghe-admins)).empty?,
"Expected `user1` not to be a member of `ghe-admins`."
end

def test_membership_groups_for_members
user = @ldap.domain('uid=calavera,dc=github,dc=com').bind
groups = @domain.membership(user, %w(Enterprise People))
user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
groups = @domain.membership(user, %w(ghe-users ghe-admins))

assert_equal 1, groups.size
assert_equal 'cn=Enterprise,ou=Group,dc=github,dc=com', groups.first.dn
assert_equal 'cn=ghe-users,ou=Groups,dc=github,dc=com', groups.first.dn
end

def test_membership_with_virtual_attributes
ldap = GitHub::Ldap.new(options.merge(virtual_attributes: true))
user = ldap.domain('uid=calavera,dc=github,dc=com').bind
user[:memberof] = 'cn=Enterprise,ou=Group,dc=github,dc=com'

user = ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind
user[:memberof] = 'cn=ghe-admins,ou=Groups,dc=github,dc=com'

domain = ldap.domain("dc=github,dc=com")
groups = domain.membership(user, %w(Enterprise People))
groups = domain.membership(user, %w(ghe-admins))

assert_equal 1, groups.size
assert_equal 'cn=Enterprise,ou=Group,dc=github,dc=com', groups.first.dn
assert_equal 'cn=ghe-admins,ou=Groups,dc=github,dc=com', groups.first.dn
end

def test_search
assert 1, @domain.search(
attributes: %w(uid),
filter: Net::LDAP::Filter.eq('uid', 'calavera')).size
filter: Net::LDAP::Filter.eq('uid', 'user1')).size
end

def test_search_override_base_name
assert 1, @domain.search(
base: "this base name is incorrect",
attributes: %w(uid),
filter: Net::LDAP::Filter.eq('uid', 'calavera')).size
filter: Net::LDAP::Filter.eq('uid', 'user1')).size
end

def test_user_exists
assert_equal 'uid=calavera,dc=github,dc=com', @domain.user?('calavera').dn
assert user = @domain.user?('user1')
assert_equal 'uid=user1,ou=People,dc=github,dc=com', user.dn
end

def test_user_wildcards_are_filtered
assert !@domain.user?('cal*'), 'Expected uid `cal*` to not complete'
refute @domain.user?('user*'), 'Expected uid `user*` to not complete'
end

def test_user_does_not_exist
assert !@domain.user?('foobar'), 'Expected uid `foobar` to not exist.'
refute @domain.user?('foobar'), 'Expected uid `foobar` to not exist.'
end

def test_user_returns_every_attribute
assert_equal ['calavera@github.com'], @domain.user?('calavera')[:mail]
assert user = @domain.user?('user1')
assert_equal ['user1@github.com'], user[:mail]
end

def test_auth_binds
user = @domain.user?('calavera')
assert @domain.auth(user, 'passworD1'), 'Expected user to be bound.'
assert user = @domain.user?('user1')
assert @domain.auth(user, 'passworD1'), 'Expected user to bind'
end

def test_auth_does_not_bind
user = @domain.user?('calavera')
assert !@domain.auth(user, 'foo'), 'Expected user not to be bound.'
assert user = @domain.user?('user1')
refute @domain.auth(user, 'foo'), 'Expected user not not bind'
end
end

Expand All @@ -143,72 +146,54 @@ class GitHubLdapDomainUnauthenticatedTest < GitHub::Ldap::UnauthenticatedTest
end

class GitHubLdapDomainNestedGroupsTest < GitHub::Ldap::Test
def self.test_server_options
{user_fixtures: FIXTURES.join('github-with-subgroups.ldif').to_s}
end

def setup
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@ldap = GitHub::Ldap.new(options)
@domain = @ldap.domain("dc=github,dc=com")
end

def test_membership_in_subgroups
user = @ldap.domain('uid=rubiojr,ou=users,dc=github,dc=com').bind
user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

assert @domain.is_member?(user, %w(enterprise-ops)),
"Expected `enterprise-ops` to include the member `#{user.dn}`"
assert @domain.is_member?(user, %w(nested-groups)),
"Expected `nested-groups` to include the member `#{user.dn}`"
end

def test_membership_in_deeply_nested_subgroups
assert user = @ldap.domain('uid=user1.1.1.1,ou=users,dc=github,dc=com').bind
assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

assert @domain.is_member?(user, %w(group1)),
"Expected `group1` to include the member `#{user.dn}` via deep recursion"
assert @domain.is_member?(user, %w(n-depth-nested-group4)),
"Expected `n-depth-nested-group4` to include the member `#{user.dn}` via deep recursion"
end
end

class GitHubLdapPosixGroupsWithRecursionFallbackTest < GitHub::Ldap::Test
def self.test_server_options
{
custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
# so we exercise the recursive group search fallback
recursive_group_search_fallback: true
}
end

def setup
@ldap = GitHub::Ldap.new(options)
opts = options.merge \
recursive_group_search_fallback: true
@ldap = GitHub::Ldap.new(opts)
@domain = @ldap.domain("dc=github,dc=com")
@cn = "enterprise-posix-devs"
@cn = "posix-group1"
end

def test_membership_for_posixGroups
assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

assert @domain.is_member?(user, [@cn]),
"Expected `#{@cn}` to include the member `#{user.dn}`"
end
end

class GitHubLdapPosixGroupsWithoutRecursionTest < GitHub::Ldap::Test
def self.test_server_options
{
custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
# so we test the test the non-recursive group membership search
recursive_group_search_fallback: false
}
end

def setup
@ldap = GitHub::Ldap.new(options)
opts = options.merge \
recursive_group_search_fallback: false
@ldap = GitHub::Ldap.new(opts)
@domain = @ldap.domain("dc=github,dc=com")
@cn = "enterprise-posix-devs"
@cn = "posix-group1"
end

def test_membership_for_posixGroups
assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

assert @domain.is_member?(user, [@cn]),
"Expected `#{@cn}` to include the member `#{user.dn}`"
Expand All @@ -218,25 +203,17 @@ def test_membership_for_posixGroups
# Specifically testing that this doesn't break when posixGroups are not
# supported.
class GitHubLdapWithoutPosixGroupsTest < GitHub::Ldap::Test
def self.test_server_options
{
custom_schemas: FIXTURES.join('posixGroup.schema.ldif'),
user_fixtures: FIXTURES.join('github-with-posixGroups.ldif').to_s,
# so we test the test the non-recursive group membership search
recursive_group_search_fallback: false,
# explicitly disable posixGroup support (even if the schema supports it)
posix_support: false
}
end

def setup
@ldap = GitHub::Ldap.new(options)
opts = options.merge \
recursive_group_search_fallback: false, # test non-recursive group membership search
posix_support: false # disable posixGroup support
@ldap = GitHub::Ldap.new(opts)
@domain = @ldap.domain("dc=github,dc=com")
@cn = "enterprise-posix-devs"
@cn = "posix-group1"
end

def test_membership_for_posixGroups
assert user = @ldap.domain('uid=mtodd,ou=users,dc=github,dc=com').bind
assert user = @ldap.domain('uid=user1,ou=People,dc=github,dc=com').bind

refute @domain.is_member?(user, [@cn]),
"Expected `#{@cn}` to not include the member `#{user.dn}`"
Expand Down
Loading