1
0

test_ldap.py 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120
  1. # -*- coding: utf-8 -*-
  2. # Import python libs
  3. from __future__ import absolute_import
  4. # Import Salt Libs
  5. import salt.auth.ldap
  6. # Import Salt Testing Libs
  7. from tests.support.mock import patch
  8. from tests.support.unit import TestCase, skipIf
  9. salt.auth.ldap.__opts__ = {}
  10. class Bind(object):
  11. """
  12. fake search_s return
  13. """
  14. @staticmethod
  15. def search_s(*args, **kwargs):
  16. return [
  17. (
  18. "cn=saltusers,cn=groups,cn=compat,dc=saltstack,dc=com",
  19. {"memberUid": [b"saltuser"], "cn": [b"saltusers"]},
  20. ),
  21. ]
  22. @skipIf(not salt.auth.ldap.HAS_LDAP, "Install python-ldap for this test")
  23. class LDAPAuthTestCase(TestCase):
  24. """
  25. Unit tests for salt.auth.ldap
  26. """
  27. def setUp(self):
  28. self.opts = {
  29. "auth.ldap.binddn": "uid={{username}},cn=users,cn=compat,dc=saltstack,dc=com",
  30. "auth.ldap.port": 389,
  31. "auth.ldap.tls": False,
  32. "auth.ldap.server": "172.18.0.2",
  33. "auth.ldap.accountattributename": "memberUid",
  34. "auth.ldap.groupattribute": "memberOf",
  35. "auth.ldap.group_basedn": "cn=groups,cn=compat,dc=saltstack,dc=com",
  36. "auth.ldap.basedn": "dc=saltstack,dc=com",
  37. "auth.ldap.group_filter": "(&(memberUid={{ username }})(objectClass=posixgroup))",
  38. }
  39. def tearDown(self):
  40. self.opts["auth.ldap.freeipa"] = False
  41. self.opts["auth.ldap.activedirectory"] = False
  42. def test_config(self):
  43. """
  44. Test that the _config function works correctly
  45. """
  46. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  47. self.assertEqual(salt.auth.ldap._config("basedn"), "dc=saltstack,dc=com")
  48. self.assertEqual(
  49. salt.auth.ldap._config("group_filter"),
  50. "(&(memberUid={{ username }})(objectClass=posixgroup))",
  51. )
  52. self.assertEqual(
  53. salt.auth.ldap._config("accountattributename"), "memberUid"
  54. )
  55. self.assertEqual(salt.auth.ldap._config("groupattribute"), "memberOf")
  56. def test_groups_freeipa(self):
  57. """
  58. test groups in freeipa
  59. """
  60. self.opts["auth.ldap.freeipa"] = True
  61. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  62. with patch("salt.auth.ldap._bind", return_value=Bind):
  63. self.assertIn(
  64. "saltusers", salt.auth.ldap.groups("saltuser", password="password")
  65. )
  66. def test_groups(self):
  67. """
  68. test groups in ldap
  69. """
  70. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  71. with patch("salt.auth.ldap._bind", return_value=Bind):
  72. self.assertIn(
  73. "saltusers", salt.auth.ldap.groups("saltuser", password="password")
  74. )
  75. def test_groups_activedirectory(self):
  76. """
  77. test groups in activedirectory
  78. """
  79. self.opts["auth.ldap.activedirectory"] = True
  80. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  81. with patch("salt.auth.ldap._bind", return_value=Bind):
  82. self.assertIn(
  83. "saltusers", salt.auth.ldap.groups("saltuser", password="password")
  84. )
  85. def test_auth_nopass(self):
  86. opts = self.opts.copy()
  87. opts["auth.ldap.bindpw"] = "p@ssw0rd!"
  88. with patch.dict(salt.auth.ldap.__opts__, opts):
  89. with patch("salt.auth.ldap._bind_for_search", return_value=Bind):
  90. self.assertFalse(salt.auth.ldap.auth("foo", None))
  91. def test_auth_nouser(self):
  92. opts = self.opts.copy()
  93. opts["auth.ldap.bindpw"] = "p@ssw0rd!"
  94. with patch.dict(salt.auth.ldap.__opts__, opts):
  95. with patch("salt.auth.ldap._bind_for_search", return_value=Bind):
  96. self.assertFalse(salt.auth.ldap.auth(None, "foo"))
  97. def test_auth_nouserandpass(self):
  98. opts = self.opts.copy()
  99. opts["auth.ldap.bindpw"] = "p@ssw0rd!"
  100. with patch.dict(salt.auth.ldap.__opts__, opts):
  101. with patch("salt.auth.ldap._bind_for_search", return_value=Bind):
  102. self.assertFalse(salt.auth.ldap.auth(None, None))