Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Local ActiveDirectory integration testing #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Nov 14, 2014
Merged

Local ActiveDirectory integration testing #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2aa8c10
document local AD integration testing
Oct 28, 2014
8ef4551
add activedirectory test options
Oct 28, 2014
cf0d907
add AD validator integration tests
Oct 28, 2014
a316402
Minor tweaks and corrections
mtodd Nov 14, 2014
ec9021e
Use INTEGRATION_* instead of flavor-specific ENV vars
mtodd Nov 14, 2014
f95f985
Merge branch 'master' into local-activedirectory-integration-testing
mtodd Nov 14, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 62 additions & 4 deletions test/membership_validators/active_directory_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
require_relative '../test_helper'

# NOTE: Since this strategy is targeted at ActiveDirectory and we don't have
# AD setup in CI, we stub out actual queries and test against what AD *would*
# respond with.
class GitHubLdapActiveDirectoryMembershipValidatorsStubbedTest < GitHub::Ldap::Test
# Only run when AD integration tests aren't run
def run(*)
self.class.test_env != "activedirectory" ? super : self
end

class GitHubLdapActiveDirectoryMembershipValidatorsTest < GitHub::Ldap::Test
def setup
@ldap = GitHub::Ldap.new(options.merge(search_domains: %w(dc=github,dc=com)))
@domain = @ldap.domain("dc=github,dc=com")
Expand Down Expand Up @@ -66,3 +67,60 @@ def test_does_not_validate_user_not_in_any_group
end
end
end

# See test/support/vm/activedirectory/README.md for details
class GitHubLdapActiveDirectoryMembershipValidatorsIntegrationTest < GitHub::Ldap::Test
# Only run this test suite if ActiveDirectory is configured
def run(*)
self.class.test_env == "activedirectory" ? super : self
end

def setup
@ldap = GitHub::Ldap.new(options)
@domain = @ldap.domain(options[:search_domains])
@entry = @domain.user?('user1')
@validator = GitHub::Ldap::MembershipValidators::ActiveDirectory
end

def make_validator(groups)
groups = @domain.groups(groups)
@validator.new(@ldap, groups)
end

def test_validates_user_in_group
validator = make_validator(%w(nested-group1))
assert validator.perform(@entry)
end

def test_validates_user_in_child_group
validator = make_validator(%w(n-depth-nested-group1))
assert validator.perform(@entry)
end

def test_validates_user_in_grandchild_group
validator = make_validator(%w(n-depth-nested-group2))
assert validator.perform(@entry)
end

def test_validates_user_in_great_grandchild_group
validator = make_validator(%w(n-depth-nested-group3))
assert validator.perform(@entry)
end

def test_does_not_validate_user_not_in_group
validator = make_validator(%w(ghe-admins))
refute validator.perform(@entry)
end

def test_does_not_validate_user_not_in_any_group
skip "update AD ldif to have a groupless user"
@entry = @domain.user?('groupless-user1')
validator = make_validator(%w(all-users))
refute validator.perform(@entry)
end

def test_validates_user_in_posix_group
validator = make_validator(%w(posix-group1))
assert validator.perform(@entry)
end
end
1 change: 1 addition & 0 deletions test/support/vm/activedirectory/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
env.sh
26 changes: 26 additions & 0 deletions test/support/vm/activedirectory/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Local ActiveDirectory Integration Testing

Integration tests are not run for ActiveDirectory in continuous integration
because we cannot install a Windows VM on TravisCI. To test ActiveDirectory,
configure a local VM with AD running (this is left as an exercise for the
reader).

To run integration tests against the local ActiveDirectory VM, from the project
root run:

``` bash
# duplicate example env.sh for specific config
$ cp test/support/vm/activedirectory/env.sh{.example,}

# edit env.sh and fill in with your VM's values, then
$ source test/support/vm/activedirectory/env.sh

# run all tests against AD
$ time bundle exec rake

# run a specific test file against AD
$ time bundle exec ruby test/membership_validators/active_directory_test.rb

# reset environment to test other LDAP servers
$ source test/support/vm/activedirectory/reset-env.sh
```
8 changes: 8 additions & 0 deletions test/support/vm/activedirectory/env.sh.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Copy this to ad-env.sh, and fill in with your own values

export TESTENV=activedirectory
export INTEGRATION_HOST=123.123.123.123
export INTEGRATION_PORT=389
export INTEGRATION_USER="CN=Administrator,CN=Users,DC=ad,DC=example,DC=com"
export INTEGRATION_PASSWORD='passworD1'
export INTEGRATION_SEARCH_DOMAINS='CN=Users,DC=example,DC=com'
6 changes: 6 additions & 0 deletions test/support/vm/activedirectory/reset-env.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
unset TESTENV
unset INTEGRATION_HOST
unset INTEGRATION_PORT
unset INTEGRATION_USER
unset INTEGRATION_PASSWORD
unset INTEGRATION_SEARCH_DOMAINS
4 changes: 2 additions & 2 deletions test/support/vm/openldap/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
$ cd ../../../..

# run all tests against OpenLDAP
$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec rake
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec rake

# run a specific test file against OpenLDAP
$ time TESTENV=openldap OPENLDAP_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb
$ time TESTENV=openldap INTEGRATION_HOST=$ip bundle exec ruby test/membership_validators/recursive_test.rb

# run OpenLDAP tests by default
$ export TESTENV=openldap
Expand Down
11 changes: 10 additions & 1 deletion test/test_helper.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,23 @@ def options
instrumentation_service: @service
when "openldap"
{
host: ENV.fetch("OPENLDAP_HOST", "localhost"),
host: ENV.fetch("INTEGRATION_HOST", "localhost"),
port: 389,
admin_user: 'uid=admin,dc=github,dc=com',
admin_password: 'passworD1',
search_domains: %w(dc=github,dc=com),
uid: 'uid',
instrumentation_service: @service
}
when "activedirectory"
{
host: ENV.fetch("INTEGRATION_HOST"),
port: ENV.fetch("INTEGRATION_PORT", 389),
admin_user: ENV.fetch("INTEGRATION_USER"),
admin_password: ENV.fetch("INTEGRATION_PASSWORD"),
search_domains: ENV.fetch("INTEGRATION_SEARCH_DOMAINS"),
instrumentation_service: @service
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might be able to make this generic using INTEGRATION_HOST et al.

}
end
end
end
Expand Down