diff --git a/test/membership_validators/active_directory_test.rb b/test/membership_validators/active_directory_test.rb
index b44d9b2..0caafe2 100644
--- a/test/membership_validators/active_directory_test.rb
+++ b/test/membership_validators/active_directory_test.rb
@@ -1,10 +1,11 @@
require_relative '../test_helper'
-# NOTE: Since this strategy is targeted at ActiveDirectory and we don't have
-# AD setup in CI, we stub out actual queries and test against what AD *would*
-# respond with.
+class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
+ # Only run when AD integration tests aren't run
+ def run(*)
+ self.class.test_env != "activedirectory" ? super : self
+ end
-class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
def setup
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
@domain = @ldap.domain("dc=github,dc=com")
@@ -66,3 +67,60 @@ def test_does_not_validate_user_not_in_any_group
end
end
end
+
+# See test/support/vm/activedirectory/README.md for details
+class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
+ # Only run this test suite if ActiveDirectory is configured
+ def run(*)
+ self.class.test_env == "activedirectory" ? super : self
+ end
+
+ def setup
+ @ldap = GitHub::Ldap.new(options)
+ @domain = @ldap.domain(options[:search_domains])
+ @entry = @domain.user?('user1')
+ @validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
+ end
+
+ def make_validator(groups)
+ groups = @domain.groups(groups)
+ @validator.new(@ldap, groups)
+ end
+
+ def test_validates_user_in_group
+ validator = make_validator(%w(nested-group1))
+ assert validator.perform(@entry)
+ end
+
+ def test_validates_user_in_child_group
+ validator = make_validator(%w(n-depth-nested-group1))
+ assert validator.perform(@entry)
+ end
+
+ def test_validates_user_in_grandchild_group
+ validator = make_validator(%w(n-depth-nested-group2))
+ assert validator.perform(@entry)
+ end
+
+ def test_validates_user_in_great_grandchild_group
+ validator = make_validator(%w(n-depth-nested-group3))
+ assert validator.perform(@entry)
+ end
+
+ def test_does_not_validate_user_not_in_group
+ validator = make_validator(%w(ghe-admins))
+ refute validator.perform(@entry)
+ end
+
+ def test_does_not_validate_user_not_in_any_group
+ skip "update AD ldif to have a groupless user"
+ @entry = @domain.user?('groupless-user1')
+ validator = make_validator(%w(all-users))
+ refute validator.perform(@entry)
+ end
+
+ def test_validates_user_in_posix_group
+ validator = make_validator(%w(posix-group1))
+ assert validator.perform(@entry)
+ end
+end
diff --git a/test/support/vm/activedirectory/.gitignore b/test/support/vm/activedirectory/.gitignore
new file mode 100644
index 0000000..137e678
--- /dev/null
+++ b/test/support/vm/activedirectory/.gitignore
@@ -0,0 +1 @@
+env.sh
diff --git a/test/support/vm/activedirectory/README.md b/test/support/vm/activedirectory/README.md
new file mode 100644
index 0000000..36155bd
--- /dev/null
+++ b/test/support/vm/activedirectory/README.md
@@ -0,0 +1,26 @@
+# Local ActiveDirectory Integration Testing
+
+Integration tests are not run for ActiveDirectory in continuous integration
+because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
+configure a local VM with AD running (this is left as an exercise for the
+reader).
+
+To run integration tests against the local ActiveDirectory VM, from the project
+root run:
+
+``` bash
+# duplicate example env.sh for specific config
+$ cp test/support/vm/activedirectory/env.sh{.example,}
+
+# edit env.sh and fill in with your VM's values, then
+$ source test/support/vm/activedirectory/env.sh
+
+# run all tests against AD
+$ time bundle exec rake
+
+# run a specific test file against AD
+$ time bundle exec ruby test/membership_validators/active_directory_test.rb
+
+# reset environment to test other LDAP servers
+$ source test/support/vm/activedirectory/reset-env.sh
+```
diff --git a/test/support/vm/activedirectory/env.sh.example b/test/support/vm/activedirectory/env.sh.example
new file mode 100644
index 0000000..3ca2c9b
--- /dev/null
+++ b/test/support/vm/activedirectory/env.sh.example
@@ -0,0 +1,8 @@
+# Copy this to ad-env.sh, and fill in with your own values
+
+export TESTENV=activedirectory
+export INTEGRATION_HOST=123.123.123.123
+export INTEGRATION_PORT=389
+export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
+export INTEGRATION_PASSWORD='passworD1'
+export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'
diff --git a/test/support/vm/activedirectory/reset-env.sh b/test/support/vm/activedirectory/reset-env.sh
new file mode 100644
index 0000000..971423f
--- /dev/null
+++ b/test/support/vm/activedirectory/reset-env.sh
@@ -0,0 +1,6 @@
+unset TESTENV
+unset INTEGRATION_HOST
+unset INTEGRATION_PORT
+unset INTEGRATION_USER
+unset INTEGRATION_PASSWORD
+unset INTEGRATION_SEARCH_DOMAINS
diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md
index 67a4ded..ced5a63 100644
--- a/test/support/vm/openldap/README.md
+++ b/test/support/vm/openldap/README.md
@@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
$ cd ../../../..
# run all tests against OpenLDAP
-$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
+$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake
# run a specific test file against OpenLDAP
-$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
+$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
# run OpenLDAP tests by default
$ export TESTENV=openldap
diff --git a/test/test_helper.rb b/test/test_helper.rb
index 7780371..5beca09 100644
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -71,7 +71,7 @@ def options
instrumentation_service: @service
when "openldap"
{
- host: ENV.fetch("OPENLDAP_HOST", "localhost"),
+ host: ENV.fetch("INTEGRATION_HOST", "localhost"),
port: 389,
admin_user: 'uid=admin,dc=github,dc=com',
admin_password: 'passworD1',
@@ -79,6 +79,15 @@ def options
uid: 'uid',
instrumentation_service: @service
}
+ when "activedirectory"
+ {
+ host: ENV.fetch("INTEGRATION_HOST"),
+ port: ENV.fetch("INTEGRATION_PORT", 389),
+ admin_user: ENV.fetch("INTEGRATION_USER"),
+ admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
+ search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
+ instrumentation_service: @service
+ }
end
end
end
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy