1
0

test_ldap.py 4.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109
  1. # -*- coding: utf-8 -*-
  2. # Import python libs
  3. from __future__ import absolute_import
  4. # Import Salt Libs
  5. import salt.auth.ldap
  6. # Import Salt Testing Libs
  7. from tests.support.mock import patch, NO_MOCK, NO_MOCK_REASON
  8. from tests.support.unit import skipIf, TestCase
  9. salt.auth.ldap.__opts__ = {}
  10. class Bind(object):
  11. '''
  12. fake search_s return
  13. '''
  14. @staticmethod
  15. def search_s(*args, **kwargs):
  16. return [
  17. (
  18. 'cn=saltusers,cn=groups,cn=compat,dc=saltstack,dc=com',
  19. {'memberUid': [b'saltuser'], 'cn': [b'saltusers']},
  20. ),
  21. ]
  22. @skipIf(NO_MOCK, NO_MOCK_REASON)
  23. @skipIf(not salt.auth.ldap.HAS_LDAP, 'Install python-ldap for this test')
  24. class LDAPAuthTestCase(TestCase):
  25. '''
  26. Unit tests for salt.auth.ldap
  27. '''
  28. def setUp(self):
  29. self.opts = {
  30. 'auth.ldap.binddn': 'uid={{username}},cn=users,cn=compat,dc=saltstack,dc=com',
  31. 'auth.ldap.port': 389,
  32. 'auth.ldap.tls': False,
  33. 'auth.ldap.server': '172.18.0.2',
  34. 'auth.ldap.accountattributename': 'memberUid',
  35. 'auth.ldap.groupattribute': 'memberOf',
  36. 'auth.ldap.group_basedn': 'cn=groups,cn=compat,dc=saltstack,dc=com',
  37. 'auth.ldap.basedn': 'dc=saltstack,dc=com',
  38. 'auth.ldap.group_filter': '(&(memberUid={{ username }})(objectClass=posixgroup))'}
  39. def tearDown(self):
  40. self.opts['auth.ldap.freeipa'] = False
  41. self.opts['auth.ldap.activedirectory'] = False
  42. def test_config(self):
  43. '''
  44. Test that the _config function works correctly
  45. '''
  46. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  47. self.assertEqual(salt.auth.ldap._config('basedn'), 'dc=saltstack,dc=com')
  48. self.assertEqual(salt.auth.ldap._config('group_filter'), '(&(memberUid={{ username }})(objectClass=posixgroup))')
  49. self.assertEqual(salt.auth.ldap._config('accountattributename'), 'memberUid')
  50. self.assertEqual(salt.auth.ldap._config('groupattribute'), 'memberOf')
  51. def test_groups_freeipa(self):
  52. '''
  53. test groups in freeipa
  54. '''
  55. self.opts['auth.ldap.freeipa'] = True
  56. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  57. with patch('salt.auth.ldap._bind', return_value=Bind):
  58. self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
  59. def test_groups(self):
  60. '''
  61. test groups in ldap
  62. '''
  63. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  64. with patch('salt.auth.ldap._bind', return_value=Bind):
  65. self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
  66. def test_groups_activedirectory(self):
  67. '''
  68. test groups in activedirectory
  69. '''
  70. self.opts['auth.ldap.activedirectory'] = True
  71. with patch.dict(salt.auth.ldap.__opts__, self.opts):
  72. with patch('salt.auth.ldap._bind', return_value=Bind):
  73. self.assertIn('saltusers', salt.auth.ldap.groups('saltuser', password='password'))
  74. def test_auth_nopass(self):
  75. opts = self.opts.copy()
  76. opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
  77. with patch.dict(salt.auth.ldap.__opts__, opts):
  78. with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
  79. self.assertFalse(salt.auth.ldap.auth('foo', None))
  80. def test_auth_nouser(self):
  81. opts = self.opts.copy()
  82. opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
  83. with patch.dict(salt.auth.ldap.__opts__, opts):
  84. with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
  85. self.assertFalse(salt.auth.ldap.auth(None, 'foo'))
  86. def test_auth_nouserandpass(self):
  87. opts = self.opts.copy()
  88. opts['auth.ldap.bindpw'] = 'p@ssw0rd!'
  89. with patch.dict(salt.auth.ldap.__opts__, opts):
  90. with patch('salt.auth.ldap._bind_for_search', return_value=Bind):
  91. self.assertFalse(salt.auth.ldap.auth(None, None))