From 2aa8c10eea518d2ffd4d8d917b7ab6c50dfded42 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 28 Oct 2014 15:12:47 -0700 Subject: [PATCH 1/5] document local AD integration testing --- test/support/vm/activedirectory/.gitignore | 1 + test/support/vm/activedirectory/README.md | 23 +++++++++++++++++++ .../support/vm/activedirectory/env.sh.example | 8 +++++++ test/support/vm/activedirectory/reset-env.sh | 6 +++++ 4 files changed, 38 insertions(+) create mode 100644 test/support/vm/activedirectory/.gitignore create mode 100644 test/support/vm/activedirectory/README.md create mode 100644 test/support/vm/activedirectory/env.sh.example create mode 100644 test/support/vm/activedirectory/reset-env.sh diff --git a/test/support/vm/activedirectory/.gitignore b/test/support/vm/activedirectory/.gitignore new file mode 100644 index 0000000..137e678 --- /dev/null +++ b/test/support/vm/activedirectory/.gitignore @@ -0,0 +1 @@ +env.sh diff --git a/test/support/vm/activedirectory/README.md b/test/support/vm/activedirectory/README.md new file mode 100644 index 0000000..7450b49 --- /dev/null +++ b/test/support/vm/activedirectory/README.md @@ -0,0 +1,23 @@ +# Local ActiveDirectory Integration Testing + +Integration tests are not run for ActiveDirectory in continuous integration +because we cannot install a Windows VM on TravisCI. To test ActiveDirectory, +configure a local VM with AD running. + +From the project root, run: + +```sh +$ cp test/support/vm/activedirectory/env.sh{.example,} + +# edit ad-env.sh and fill in with your VM's values, then +$ source test/support/vm/activedirectory/env.sh + +# run all tests against AD +$ time bundle exec rake + +# run a specific test file against AD +$ time bundle exec ruby test/membership_validators/active_directory_test.rb + +# reset environment to test other ldap servers +$ source test/support/vm/activedirectory/reset-env.sh +``` diff --git a/test/support/vm/activedirectory/env.sh.example b/test/support/vm/activedirectory/env.sh.example new file mode 100644 index 0000000..5a17fe8 --- /dev/null +++ b/test/support/vm/activedirectory/env.sh.example @@ -0,0 +1,8 @@ +# Copy this to ad-env.sh, and fill in with your own values + +export TESTENV=activedirectory +export ACTIVEDIRECTORY_HOST=123.123.123.123 +export ACTIVEDIRECTORY_PORT=389 +export ACTIVEDIRECTORY_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com" +export ACTIVEDIRECTORY_PASSWORD='passworD1' +export ACTIVEDIRECTORY_SEARCH_DOMAINS='CN=Users,DC=ad,DC=ghe,DC=local' diff --git a/test/support/vm/activedirectory/reset-env.sh b/test/support/vm/activedirectory/reset-env.sh new file mode 100644 index 0000000..6bfab09 --- /dev/null +++ b/test/support/vm/activedirectory/reset-env.sh @@ -0,0 +1,6 @@ +unset TESTENV +unset ACTIVEDIRECTORY_HOST +unset ACTIVEDIRECTORY_PORT +unset ACTIVEDIRECTORY_USER +unset ACTIVEDIRECTORY_PASSWORD +unset ACTIVEDIRECTORY_SEARCH_DOMAINS From 8ef4551e16a69e0ee4d9e63cb7cb5433455aa26b Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 28 Oct 2014 15:13:13 -0700 Subject: [PATCH 2/5] add activedirectory test options --- test/test_helper.rb | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/test/test_helper.rb b/test/test_helper.rb index 7780371..1f828c4 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -79,6 +79,15 @@ def options uid: 'uid', instrumentation_service: @service } + when "activedirectory" + { + host: ENV.fetch("ACTIVEDIRECTORY_HOST"), + port: ENV.fetch("ACTIVEDIRECTORY_PORT", 389), + admin_user: ENV.fetch("ACTIVEDIRECTORY_USER"), + admin_password: ENV.fetch("ACTIVEDIRECTORY_PASSWORD"), + search_domains: ENV.fetch("ACTIVEDIRECTORY_SEARCH_DOMAINS"), + instrumentation_service: @service + } end end end From cf0d90720f67179f8fff0409fc36b2778db3cc64 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 28 Oct 2014 15:13:31 -0700 Subject: [PATCH 3/5] add AD validator integration tests --- .../active_directory_test.rb | 66 +++++++++++++++++-- 1 file changed, 62 insertions(+), 4 deletions(-) diff --git a/test/membership_validators/active_directory_test.rb b/test/membership_validators/active_directory_test.rb index b44d9b2..0caafe2 100644 --- a/test/membership_validators/active_directory_test.rb +++ b/test/membership_validators/active_directory_test.rb @@ -1,10 +1,11 @@ require_relative '../test_helper' -# NOTE: Since this strategy is targeted at ActiveDirectory and we don't have -# AD setup in CI, we stub out actual queries and test against what AD *would* -# respond with. +class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test + # Only run when AD integration tests aren't run + def run(*) + self.class.test_env != "activedirectory" ? super : self + end -class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test def setup @ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com))) @domain = @ldap.domain("dc=github,dc=com") @@ -66,3 +67,60 @@ def test_does_not_validate_user_not_in_any_group end end end + +# See test/support/vm/activedirectory/README.md for details +class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test + # Only run this test suite if ActiveDirectory is configured + def run(*) + self.class.test_env == "activedirectory" ? super : self + end + + def setup + @ldap = GitHub::Ldap.new(options) + @domain = @ldap.domain(options[:search_domains]) + @entry = @domain.user?('user1') + @validator = GitHub::Ldap::MembershipValidators::ActiveDirectory + end + + def make_validator(groups) + groups = @domain.groups(groups) + @validator.new(@ldap, groups) + end + + def test_validates_user_in_group + validator = make_validator(%w(nested-group1)) + assert validator.perform(@entry) + end + + def test_validates_user_in_child_group + validator = make_validator(%w(n-depth-nested-group1)) + assert validator.perform(@entry) + end + + def test_validates_user_in_grandchild_group + validator = make_validator(%w(n-depth-nested-group2)) + assert validator.perform(@entry) + end + + def test_validates_user_in_great_grandchild_group + validator = make_validator(%w(n-depth-nested-group3)) + assert validator.perform(@entry) + end + + def test_does_not_validate_user_not_in_group + validator = make_validator(%w(ghe-admins)) + refute validator.perform(@entry) + end + + def test_does_not_validate_user_not_in_any_group + skip "update AD ldif to have a groupless user" + @entry = @domain.user?('groupless-user1') + validator = make_validator(%w(all-users)) + refute validator.perform(@entry) + end + + def test_validates_user_in_posix_group + validator = make_validator(%w(posix-group1)) + assert validator.perform(@entry) + end +end From a316402f5326e7d54cebcb29cbba994c15fd8ab1 Mon Sep 17 00:00:00 2001 From: Matt Todd Date: Fri, 14 Nov 2014 14:10:54 -0800 Subject: [PATCH 4/5] Minor tweaks and corrections --- test/support/vm/activedirectory/README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/test/support/vm/activedirectory/README.md b/test/support/vm/activedirectory/README.md index 7450b49..36155bd 100644 --- a/test/support/vm/activedirectory/README.md +++ b/test/support/vm/activedirectory/README.md @@ -2,14 +2,17 @@ Integration tests are not run for ActiveDirectory in continuous integration because we cannot install a Windows VM on TravisCI. To test ActiveDirectory, -configure a local VM with AD running. +configure a local VM with AD running (this is left as an exercise for the +reader). -From the project root, run: +To run integration tests against the local ActiveDirectory VM, from the project +root run: -```sh +``` bash +# duplicate example env.sh for specific config $ cp test/support/vm/activedirectory/env.sh{.example,} -# edit ad-env.sh and fill in with your VM's values, then +# edit env.sh and fill in with your VM's values, then $ source test/support/vm/activedirectory/env.sh # run all tests against AD @@ -18,6 +21,6 @@ $ time bundle exec rake # run a specific test file against AD $ time bundle exec ruby test/membership_validators/active_directory_test.rb -# reset environment to test other ldap servers +# reset environment to test other LDAP servers $ source test/support/vm/activedirectory/reset-env.sh ``` From ec9021e0956f15447d9aaa2d809df10b7510c152 Mon Sep 17 00:00:00 2001 From: Matt Todd Date: Fri, 14 Nov 2014 14:26:18 -0800 Subject: [PATCH 5/5] Use INTEGRATION_* instead of flavor-specific ENV vars --- test/support/vm/activedirectory/env.sh.example | 10 +++++----- test/support/vm/activedirectory/reset-env.sh | 10 +++++----- test/support/vm/openldap/README.md | 4 ++-- test/test_helper.rb | 12 ++++++------ 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/test/support/vm/activedirectory/env.sh.example b/test/support/vm/activedirectory/env.sh.example index 5a17fe8..3ca2c9b 100644 --- a/test/support/vm/activedirectory/env.sh.example +++ b/test/support/vm/activedirectory/env.sh.example @@ -1,8 +1,8 @@ # Copy this to ad-env.sh, and fill in with your own values export TESTENV=activedirectory -export ACTIVEDIRECTORY_HOST=123.123.123.123 -export ACTIVEDIRECTORY_PORT=389 -export ACTIVEDIRECTORY_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com" -export ACTIVEDIRECTORY_PASSWORD='passworD1' -export ACTIVEDIRECTORY_SEARCH_DOMAINS='CN=Users,DC=ad,DC=ghe,DC=local' +export INTEGRATION_HOST=123.123.123.123 +export INTEGRATION_PORT=389 +export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com" +export INTEGRATION_PASSWORD='passworD1' +export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com' diff --git a/test/support/vm/activedirectory/reset-env.sh b/test/support/vm/activedirectory/reset-env.sh index 6bfab09..971423f 100644 --- a/test/support/vm/activedirectory/reset-env.sh +++ b/test/support/vm/activedirectory/reset-env.sh @@ -1,6 +1,6 @@ unset TESTENV -unset ACTIVEDIRECTORY_HOST -unset ACTIVEDIRECTORY_PORT -unset ACTIVEDIRECTORY_USER -unset ACTIVEDIRECTORY_PASSWORD -unset ACTIVEDIRECTORY_SEARCH_DOMAINS +unset INTEGRATION_HOST +unset INTEGRATION_PORT +unset INTEGRATION_USER +unset INTEGRATION_PASSWORD +unset INTEGRATION_SEARCH_DOMAINS diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md index 67a4ded..ced5a63 100644 --- a/test/support/vm/openldap/README.md +++ b/test/support/vm/openldap/README.md @@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9] $ cd ../../../.. # run all tests against OpenLDAP -$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake +$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake # run a specific test file against OpenLDAP -$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb +$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb # run OpenLDAP tests by default $ export TESTENV=openldap diff --git a/test/test_helper.rb b/test/test_helper.rb index 1f828c4..5beca09 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -71,7 +71,7 @@ def options instrumentation_service: @service when "openldap" { - host: ENV.fetch("OPENLDAP_HOST", "localhost"), + host: ENV.fetch("INTEGRATION_HOST", "localhost"), port: 389, admin_user: 'uid=admin,dc=github,dc=com', admin_password: 'passworD1', @@ -81,11 +81,11 @@ def options } when "activedirectory" { - host: ENV.fetch("ACTIVEDIRECTORY_HOST"), - port: ENV.fetch("ACTIVEDIRECTORY_PORT", 389), - admin_user: ENV.fetch("ACTIVEDIRECTORY_USER"), - admin_password: ENV.fetch("ACTIVEDIRECTORY_PASSWORD"), - search_domains: ENV.fetch("ACTIVEDIRECTORY_SEARCH_DOMAINS"), + host: ENV.fetch("INTEGRATION_HOST"), + port: ENV.fetch("INTEGRATION_PORT", 389), + admin_user: ENV.fetch("INTEGRATION_USER"), + admin_password: ENV.fetch("INTEGRATION_PASSWORD"), + search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"), instrumentation_service: @service } end pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy