security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-09-23 07:01:42 +02:00
Code Releases Activity

unit test + admin roles fix

Browse Source 
* adding various unit tests
* now admin roles are inherited (ex admin-lv2 is admin -> admin-lv3 is admin
* adding an exception when requesting groups for none existant role
This commit is contained in:
kakwa 2015-05-16 23:52:59 +02:00
parent 87820da7d0
commit 0416ebe05b
4 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/roles.yml
View File

@ -1,6 +1,5 @@
admin-lv3: admin-lv3:
display_name: Administrators Level 3 display_name: Administrators Level 3
LC_admins: True
backends: backends:
ldap: ldap:
groups: groups:
@ -16,6 +15,7 @@ admin-lv3:
admin-lv2: admin-lv2:
display_name: Administrators Level 2 display_name: Administrators Level 2
LC_admins: True
backends: backends:
ldap: ldap:
groups: groups:

5
ldapcherry/exceptions.py
View File

@ -23,6 +23,11 @@ class DumplicateRoleKey(Exception):
self.role = role self.role = role
self.log = "duplicate role key <%(role)s> in role file" % { 'role' : role} self.log = "duplicate role key <%(role)s> in role file" % { 'role' : role}
class MissingRole(Exception):
def __init__(self, role):
self.role = role
self.log = "role <%(role)s> does not exist in role file" % { 'role' : role}
class DumplicateRoleContent(Exception): class DumplicateRoleContent(Exception):
def __init__(self, role1, role2): def __init__(self, role1, role2):
self.role1 = role1 self.role1 = role1

24
ldapcherry/roles.py
View File

@ -11,7 +11,7 @@ import sys
from sets import Set from sets import Set
from ldapcherry.pyyamlwrapper import loadNoDump from ldapcherry.pyyamlwrapper import loadNoDump
from ldapcherry.pyyamlwrapper import DumplicatedKey from ldapcherry.pyyamlwrapper import DumplicatedKey
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
import yaml import yaml
class CustomDumper(yaml.SafeDumper): class CustomDumper(yaml.SafeDumper):
@ -38,6 +38,12 @@ class Roles:
self.admin_roles = [] self.admin_roles = []
self._nest() self._nest()
def _set_admin(self, role):
for r in role['subroles']:
self.admin_roles.append(r)
self._set_admin(role['subroles'][r])
def _is_parent(self, roleid1, roleid2): def _is_parent(self, roleid1, roleid2):
"""Test if roleid1 is contained inside roleid2""" """Test if roleid1 is contained inside roleid2"""
@ -82,10 +88,6 @@ class Roles:
for backend in role['backends']: for backend in role['backends']:
self.backends.add(backend) self.backends.add(backend)
# Create the list of roles which are ldapcherry admins
if 'LC_admins' in role and role['LC_admins']:
self.admin_roles.append(roleid)
# Create the nested groups # Create the nested groups
for roleid in self.roles_raw: for roleid in self.roles_raw:
role = self.roles_raw[roleid] role = self.roles_raw[roleid]
@ -117,6 +119,16 @@ class Roles:
if p in parents: if p in parents:
self.roles[p] = nest(p) self.roles[p] = nest(p)
for roleid in self.roles:
role = self.roles[roleid]
# Create the list of roles which are ldapcherry admins
if 'LC_admins' in role and role['LC_admins']:
self.admin_roles.append(roleid)
self._set_admin(role)
def get_admin_roles(self):
return self.admin_roles
def dump_nest(self): def dump_nest(self):
"""dump the nested role hierarchy""" """dump the nested role hierarchy"""
return yaml.dump(self.roles, Dumper=CustomDumper) return yaml.dump(self.roles, Dumper=CustomDumper)
@ -188,6 +200,8 @@ class Roles:
def get_groups(self, role): def get_groups(self, role):
"""get the list of groups from role""" """get the list of groups from role"""
if not role in self.roles_raw:
raise MissingRole(role)
return self.roles_raw[role]['backends'] return self.roles_raw[role]['backends']
def is_admin(self, roles): def is_admin(self, roles):

37
tests/test_Roles.py
View File

@ -8,7 +8,7 @@ import pytest
import sys import sys
from sets import Set from sets import Set
from ldapcherry.roles import Roles from ldapcherry.roles import Roles
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError
class TestError(object): class TestError(object):
@ -42,7 +42,6 @@ class TestError(object):
else: else:
raise AssertionError("expected an exception") raise AssertionError("expected an exception")
def testNoFile(self): def testNoFile(self):
try: try:
inv = Roles('./tests/cfg/dontexist') inv = Roles('./tests/cfg/dontexist')
@ -59,6 +58,40 @@ class TestError(object):
else: else:
raise AssertionError("expected an exception") raise AssertionError("expected an exception")
def testGetGroup(self):
inv = Roles('./tests/cfg/roles.yml')
res = inv.get_groups('users')
expected = {
'ad': {'groups': ['Domain Users']},
'ldap': {'groups': ['cn=users,ou=group,dc=example,dc=com']}
}
assert res == expected
def testGetGroupMissingRole(self):
inv = Roles('./tests/cfg/roles.yml')
try:
res = inv.get_groups('notarole')
except MissingRole:
return
else:
raise AssertionError("expected an exception")
def testAdminRoles(self):
inv = Roles('./tests/cfg/roles.yml')
res = inv.get_admin_roles()
expected = ['admin-lv2', 'admin-lv3']
assert res == expected
def testIsAdmin(self):
inv = Roles('./tests/cfg/roles.yml')
res = inv.is_admin(['admin-lv3', 'users'])
assert res == True
def testIsNotAdmin(self):
inv = Roles('./tests/cfg/roles.yml')
res = inv.is_admin(['users'])
assert res == False
def testGetRole(self): def testGetRole(self):
inv = Roles('./tests/cfg/roles.yml') inv = Roles('./tests/cfg/roles.yml')
groups = { groups = {