mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 18:54:29 +01:00
simplify roles configuration (backend groups)
This commit is contained in:
parent
2b52e121d1
commit
1735f5da20
@ -1,14 +1,12 @@
|
|||||||
admin-lv3:
|
admin-lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
@ -16,32 +14,26 @@ admin-lv3:
|
|||||||
admin-lv2:
|
admin-lv2:
|
||||||
display_name: Administrators Level 2
|
display_name: Administrators Level 2
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -34,10 +34,35 @@ class Roles:
|
|||||||
except DumplicatedKey as e:
|
except DumplicatedKey as e:
|
||||||
raise DumplicateRoleKey(e.key)
|
raise DumplicateRoleKey(e.key)
|
||||||
stream.close()
|
stream.close()
|
||||||
|
self.graph = {}
|
||||||
self.roles = {}
|
self.roles = {}
|
||||||
|
self.flatten = {}
|
||||||
self.admin_roles = []
|
self.admin_roles = []
|
||||||
self._nest()
|
self._nest()
|
||||||
|
|
||||||
|
def _merge_groups(self, backends_list):
|
||||||
|
ret = {}
|
||||||
|
for backends in backends_list:
|
||||||
|
for b in backends:
|
||||||
|
if not b in ret:
|
||||||
|
ret[b] = Set([])
|
||||||
|
for group in backends[b]:
|
||||||
|
ret[b].add(group)
|
||||||
|
return ret
|
||||||
|
|
||||||
|
def _flatten(self, roles=None, groups=[]):
|
||||||
|
if roles is None:
|
||||||
|
roles = copy(self.roles_raw)
|
||||||
|
for roleid in role:
|
||||||
|
role = self.roles_raw[roleid]
|
||||||
|
if 'subroles' in role:
|
||||||
|
self._flatten(role['subroles'], role)
|
||||||
|
del role['subroles']
|
||||||
|
|
||||||
|
self.flatten[roleid] = role
|
||||||
|
|
||||||
|
pass
|
||||||
|
|
||||||
def _set_admin(self, role):
|
def _set_admin(self, role):
|
||||||
for r in role['subroles']:
|
for r in role['subroles']:
|
||||||
self.admin_roles.append(r)
|
self.admin_roles.append(r)
|
||||||
@ -54,19 +79,19 @@ class Roles:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
# Check if role1 is contained by role2
|
# Check if role1 is contained by role2
|
||||||
for b1 in role1['backends']:
|
for b1 in role1['backends_groups']:
|
||||||
if not b1 in role2['backends']:
|
if not b1 in role2['backends_groups']:
|
||||||
return False
|
return False
|
||||||
for group in role1['backends'][b1]['groups']:
|
for group in role1['backends_groups'][b1]:
|
||||||
if not group in role2['backends'][b1]['groups']:
|
if not group in role2['backends_groups'][b1]:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# If role2 is inside role1, roles are equal, throw exception
|
# If role2 is inside role1, roles are equal, throw exception
|
||||||
for b2 in role2['backends']:
|
for b2 in role2['backends_groups']:
|
||||||
if not b2 in role1['backends']:
|
if not b2 in role1['backends_groups']:
|
||||||
return True
|
return True
|
||||||
for group in role2['backends'][b2]['groups']:
|
for group in role2['backends_groups'][b2]:
|
||||||
if not group in role1['backends'][b2]['groups']:
|
if not group in role1['backends_groups'][b2]:
|
||||||
return True
|
return True
|
||||||
raise DumplicateRoleContent(roleid1, roleid2)
|
raise DumplicateRoleContent(roleid1, roleid2)
|
||||||
|
|
||||||
@ -81,11 +106,11 @@ class Roles:
|
|||||||
raise MissingKey('display_name', role, self.role_file)
|
raise MissingKey('display_name', role, self.role_file)
|
||||||
|
|
||||||
# Backend is mandatory
|
# Backend is mandatory
|
||||||
if not 'backends' in role:
|
if not 'backends_groups' in role:
|
||||||
raise MissingKey('backends', role, self.role_file)
|
raise MissingKey('backends_groups', role, self.role_file)
|
||||||
|
|
||||||
# Create the list of backends
|
# Create the list of backends
|
||||||
for backend in role['backends']:
|
for backend in role['backends_groups']:
|
||||||
self.backends.add(backend)
|
self.backends.add(backend)
|
||||||
|
|
||||||
# Create the nested groups
|
# Create the nested groups
|
||||||
@ -145,8 +170,8 @@ class Roles:
|
|||||||
# (parentroles is a list of roles that the user is member of by
|
# (parentroles is a list of roles that the user is member of by
|
||||||
# being member of one of their subroles)
|
# being member of one of their subroles)
|
||||||
if not (role in parentroles or role in roles):
|
if not (role in parentroles or role in roles):
|
||||||
for b in self.roles[role]['backends']:
|
for b in self.roles[role]['backends_groups']:
|
||||||
for g in self.roles[role]['backends'][b]['groups']:
|
for g in self.roles[role]['backends_groups'][b]:
|
||||||
if b not in groups:
|
if b not in groups:
|
||||||
notroles.add(role)
|
notroles.add(role)
|
||||||
return False
|
return False
|
||||||
@ -155,10 +180,10 @@ class Roles:
|
|||||||
return False
|
return False
|
||||||
|
|
||||||
# add groups of the role to usedgroups
|
# add groups of the role to usedgroups
|
||||||
for b in self.roles[role]['backends']:
|
for b in self.roles[role]['backends_groups']:
|
||||||
if not b in usedgroups:
|
if not b in usedgroups:
|
||||||
usedgroups[b] = Set([])
|
usedgroups[b] = Set([])
|
||||||
for g in self.roles[role]['backends'][b]['groups']:
|
for g in self.roles[role]['backends_groups'][b]:
|
||||||
usedgroups[b].add(g)
|
usedgroups[b].add(g)
|
||||||
|
|
||||||
flag = True
|
flag = True
|
||||||
@ -212,7 +237,7 @@ class Roles:
|
|||||||
"""get the list of groups from role"""
|
"""get the list of groups from role"""
|
||||||
if not role in self.roles_raw:
|
if not role in self.roles_raw:
|
||||||
raise MissingRole(role)
|
raise MissingRole(role)
|
||||||
return self.roles_raw[role]['backends']
|
return self.roles_raw[role]['backends_groups']
|
||||||
|
|
||||||
def is_admin(self, roles):
|
def is_admin(self, roles):
|
||||||
"""determine from a list of roles if is ldapcherry administrator"""
|
"""determine from a list of roles if is ldapcherry administrator"""
|
||||||
|
@ -7,21 +7,21 @@ cn:
|
|||||||
args:
|
args:
|
||||||
- $first-name
|
- $first-name
|
||||||
- $name
|
- $name
|
||||||
bakends:
|
backends:
|
||||||
ldap: cn
|
ldap: cn
|
||||||
ad: CN
|
ad: CN
|
||||||
first-name:
|
first-name:
|
||||||
description: "First name of the user"
|
description: "First name of the user"
|
||||||
display_name: "First Name"
|
display_name: "First Name"
|
||||||
type: string
|
type: string
|
||||||
bakends:
|
backends:
|
||||||
ldap: givenName
|
ldap: givenName
|
||||||
ad: givenName
|
ad: givenName
|
||||||
name:
|
name:
|
||||||
description: "Family name of the user"
|
description: "Family name of the user"
|
||||||
display_name: "Name"
|
display_name: "Name"
|
||||||
type: string
|
type: string
|
||||||
bakends:
|
backends:
|
||||||
ldap: sn
|
ldap: sn
|
||||||
ad: sn
|
ad: sn
|
||||||
email:
|
email:
|
||||||
@ -34,7 +34,7 @@ email:
|
|||||||
- $first-name
|
- $first-name
|
||||||
- $last-name
|
- $last-name
|
||||||
- '@example.com'
|
- '@example.com'
|
||||||
bakends:
|
backends:
|
||||||
ldap: email
|
ldap: email
|
||||||
ad: EMAIL
|
ad: EMAIL
|
||||||
uid:
|
uid:
|
||||||
@ -46,7 +46,7 @@ uid:
|
|||||||
args:
|
args:
|
||||||
- $first-name
|
- $first-name
|
||||||
- $last-name
|
- $last-name
|
||||||
bakends:
|
backends:
|
||||||
ldap: uid
|
ldap: uid
|
||||||
ad: UID
|
ad: UID
|
||||||
uidNumber:
|
uidNumber:
|
||||||
@ -58,7 +58,7 @@ uidNumber:
|
|||||||
args:
|
args:
|
||||||
- $first-name
|
- $first-name
|
||||||
- $last-name
|
- $last-name
|
||||||
bakends:
|
backends:
|
||||||
ldap: uidNumber
|
ldap: uidNumber
|
||||||
ad: UIDNumber
|
ad: UIDNumber
|
||||||
gidNumber:
|
gidNumber:
|
||||||
@ -66,7 +66,7 @@ gidNumber:
|
|||||||
display_name: "GID Number"
|
display_name: "GID Number"
|
||||||
type: int
|
type: int
|
||||||
default: 10000
|
default: 10000
|
||||||
bakends:
|
backends:
|
||||||
ldap: gidNumber
|
ldap: gidNumber
|
||||||
ad: GIDNumber
|
ad: GIDNumber
|
||||||
shell:
|
shell:
|
||||||
@ -78,7 +78,7 @@ shell:
|
|||||||
- /bin/bash
|
- /bin/bash
|
||||||
- /bin/zsh
|
- /bin/zsh
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
bakends:
|
backends:
|
||||||
ldap: shell
|
ldap: shell
|
||||||
ad: SHELL
|
ad: SHELL
|
||||||
home:
|
home:
|
||||||
@ -91,7 +91,7 @@ home:
|
|||||||
- $first-name
|
- $first-name
|
||||||
- $last-name
|
- $last-name
|
||||||
- /home/
|
- /home/
|
||||||
bakends:
|
backends:
|
||||||
ldap: home
|
ldap: home
|
||||||
ad: Home
|
ad: Home
|
||||||
|
|
||||||
@ -100,7 +100,7 @@ password:
|
|||||||
display_name: "Password"
|
display_name: "Password"
|
||||||
self: True
|
self: True
|
||||||
type: password
|
type: password
|
||||||
bakends:
|
backends:
|
||||||
ldap: userPassword
|
ldap: userPassword
|
||||||
ad: userPassword
|
ad: userPassword
|
||||||
logscript:
|
logscript:
|
||||||
@ -108,5 +108,5 @@ logscript:
|
|||||||
display_name: "Login script"
|
display_name: "Login script"
|
||||||
type: fix
|
type: fix
|
||||||
value: login1.bat
|
value: login1.bat
|
||||||
bakends:
|
backends:
|
||||||
ad: logonScript
|
ad: logonScript
|
||||||
|
@ -1,14 +1,12 @@
|
|||||||
admin-lv3:
|
admin-lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
@ -16,32 +14,26 @@ admin-lv3:
|
|||||||
admin-lv2:
|
admin-lv2:
|
||||||
display_name: Administrators Level 2
|
display_name: Administrators Level 2
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -1,57 +1,47 @@
|
|||||||
admin-lv3:
|
admin -lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
|
|
||||||
admin-lv2:
|
admin -lv2:
|
||||||
display_name: Administrators Level 2
|
display_name: Administrators Level 2
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users2:
|
users2:
|
||||||
display_name: Simple Users 2
|
display_name: Simple Users 2
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -1,47 +1,39 @@
|
|||||||
admin-lv3:
|
admin -lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
|
|
||||||
admin-lv3:
|
admin -lv3:
|
||||||
display_name: Administrators Level 2
|
display_name: Administrators Level 2
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -1,15 +1,13 @@
|
|||||||
admin-lv3:
|
admin-lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
@ -19,21 +17,17 @@ admin-lv2:
|
|||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -1,46 +1,38 @@
|
|||||||
admin-lv3:
|
admin-lv3:
|
||||||
display_name: Administrators Level 3
|
display_name: Administrators Level 3
|
||||||
LC_admins: True
|
LC_admins: True
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=dns admins,ou=group,dc=example,dc=com
|
- cn=dns admins,ou=group,dc=example,dc=com
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=puppet admins,ou=group,dc=example,dc=com
|
- cn=puppet admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
- Administrators
|
- Administrators
|
||||||
- Domain Controllers
|
- Domain Controllers
|
||||||
|
|
||||||
admin-lv2:
|
admin-lv2:
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=nagios admins,ou=group,dc=example,dc=com
|
- cn=nagios admins,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
developpers:
|
developpers:
|
||||||
display_name: Developpers
|
display_name: Developpers
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=developpers,ou=group,dc=example,dc=com
|
- cn=developpers,ou=group,dc=example,dc=com
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
|
||||||
users:
|
users:
|
||||||
display_name: Simple Users
|
display_name: Simple Users
|
||||||
backends:
|
backends_groups:
|
||||||
ldap:
|
ldap:
|
||||||
groups:
|
|
||||||
- cn=users,ou=group,dc=example,dc=com
|
- cn=users,ou=group,dc=example,dc=com
|
||||||
ad:
|
ad:
|
||||||
groups:
|
|
||||||
- Domain Users
|
- Domain Users
|
||||||
|
@ -62,8 +62,8 @@ class TestError(object):
|
|||||||
inv = Roles('./tests/cfg/roles.yml')
|
inv = Roles('./tests/cfg/roles.yml')
|
||||||
res = inv.get_groups('users')
|
res = inv.get_groups('users')
|
||||||
expected = {
|
expected = {
|
||||||
'ad': {'groups': ['Domain Users']},
|
'ad': ['Domain Users'],
|
||||||
'ldap': {'groups': ['cn=users,ou=group,dc=example,dc=com']}
|
'ldap': ['cn=users,ou=group,dc=example,dc=com']
|
||||||
}
|
}
|
||||||
assert res == expected
|
assert res == expected
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user