Skip to content

Commit

Permalink
WIP2
Browse files Browse the repository at this point in the history
  • Loading branch information
eduardoj committed Oct 2, 2024
1 parent 8e9619e commit e740a79
Show file tree
Hide file tree
Showing 9 changed files with 72 additions and 78 deletions.
6 changes: 6 additions & 0 deletions docker-compose.openldap.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,15 @@ services:
- LDAP_ADMIN_PASSWORD=opensuse
- LDAP_CONFIG_PASSWORD=config
- LDAP_SEED_LDIF_PATH=/tmp/ldap_seed_ldif
# - LDAP_TLS_CA_CRT=/etc/openldap/certs/ca.crt
# - LDAP_TLS_CRT=/etc/openldap/certs/ldap.crt
# - LDAP_TLS_KEY=/etc/openldap/certs/ldap.key
# - LDAP_TLS_VERIFY_CLIENT=never
# - SLAPD_LOG_LEVEL=3
hostname: openldap.example.org
volumes:
- ./docker-files/openldap/certs:/etc/openldap/certs
- ./docker-files/openldap/conf:/etc/openldap/slapd.d
- ./docker-files/openldap/db:/var/lib/ldap
- ./docker-files/openldap/seed_ldif:/tmp/ldap_seed_ldif
# - ./docker-files/openldap/ldap_workbench:/etc/openldap/slapd.d
48 changes: 24 additions & 24 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,27 @@ services:
ports:
- "3306:3306"
command: /usr/lib/mysql/mysql-systemd-helper start
cache:
image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/memcached
ports:
- "11211:11211"
command: /usr/bin/memcached -u memcached
backend:
image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/backend
volumes:
- .:/obs:z
- ./dist/aws_credentials:/etc/obs/cloudupload/.aws/config:Z
- ./dist/ec2utils.conf:/etc/obs/cloudupload/.ec2utils.conf:Z
- ./dist/clouduploader.rb:/usr/bin/clouduploader:Z
command: /obs/contrib/start_development_backend -d /obs
worker:
image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/backend
volumes:
- .:/obs:z
privileged: true
depends_on:
- backend
command: /obs/contrib/start_development_worker
# cache:
# image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/memcached
# ports:
# - "11211:11211"
# command: /usr/bin/memcached -u memcached
# backend:
# image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/backend
# volumes:
# - .:/obs:z
# - ./dist/aws_credentials:/etc/obs/cloudupload/.aws/config:Z
# - ./dist/ec2utils.conf:/etc/obs/cloudupload/.ec2utils.conf:Z
# - ./dist/clouduploader.rb:/usr/bin/clouduploader:Z
# command: /obs/contrib/start_development_backend -d /obs
# worker:
# image: registry.opensuse.org/obs/server/unstable/containers/containers/openbuildservice/backend
# volumes:
# - .:/obs:z
# privileged: true
# depends_on:
# - backend
# command: /obs/contrib/start_development_worker
frontend:
image: openbuildservice/frontend
command: foreman start -p 3000
Expand All @@ -40,6 +40,6 @@ services:
- "1080:1080"
depends_on:
- db
- cache
- backend
- worker
# - cache
# - backend
# - worker
4 changes: 2 additions & 2 deletions src/api/Procfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
web: bin/rails server -b 0.0.0.0
delayed: bundle exec script/delayed_job.api.rb run
clock: bin/clockworkd --log-dir=log -l -c config/clock.rb run
# delayed: bundle exec script/delayed_job.api.rb run
# clock: bin/clockworkd --log-dir=log -l -c config/clock.rb run
search: bin/rails sphinx:start_for_development
18 changes: 10 additions & 8 deletions src/api/app/models/user_ldap_strategy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -159,12 +159,13 @@ def initialize_ldap_con(user_name, password)

# Do 10 attempts to connect to one of the configured LDAP servers. LDAP server
# to connect to is chosen randomly.
(CONFIG['ldap_max_attempts'] || 10).times do
server = ldap_servers[rand(ldap_servers.length)]
con = try_ldap_con(server, user_name, password)
# (CONFIG['ldap_max_attempts'] || 10).times do
server = ldap_servers[rand(ldap_servers.length)]
con = try_ldap_con(server, user_name, password)

return con if con.try(:bound?)
end
return con if con.try(:bound?)

# end

Rails.logger.error("UserLdapStrategy:: Unable to bind to any of the servers '#{CONFIG['ldap_servers']}'")
nil
Expand All @@ -189,10 +190,11 @@ def try_ldap_con(server, user_name, password)
end
con.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
con.set_option(LDAP::LDAP_OPT_REFERRALS, LDAP::LDAP_OPT_OFF) if CONFIG['ldap_referrals'] == :off
# con.set_option(LDAP::LDAP_OPT_X_TLS_REQUIRE_CERT, LDAP::LDAP_OPT_X_TLS_ALLOW) if Rails.env.test_ldap? && (CONFIG['ldap_ssl'] == :on || CONFIG['ldap_start_tls'] == :on)
con.bind(user_name, password)
rescue LDAP::ResultError
rescue LDAP::ResultError => e
Rails.logger.info("UserLdapStrategy: Failed to bind as user '#{user_name}': #{con.nil? ? e.message : con.err2string(con.err)}")
con.unbind if con.try(:bound?)
Rails.logger.info("UserLdapStrategy: Failed to bind as user '#{user_name}': #{con.err2string(con.err)}")
return
end
Rails.logger.debug { "UserLdapStrategy: Bound as '#{user_name}'" }
Expand Down Expand Up @@ -328,7 +330,7 @@ def ldap_user_filter(login)
def ldap_port
return CONFIG['ldap_port'] if CONFIG['ldap_port']

CONFIG['ldap_ssl'] == :on ? 636 : 389
CONFIG['ldap_ssl'] == :on || CONFIG['ldap_start_tls'] == :on ? 636 : 389
end
end

Expand Down
2 changes: 2 additions & 0 deletions src/api/config/environments/test_ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -140,3 +140,5 @@
CONFIG['ldap_search_auth'] = 'opensuse'
CONFIG['ldap_authenticate'] = :ldap
CONFIG['ldap_auth_attr'] = 'userPassword'
CONFIG['ldap_group_search_base'] = 'dc=example,dc=org'
CONFIG['ldap_group_title_attr'] = 'cn'
2 changes: 2 additions & 0 deletions src/api/docker-files/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ ADD Gemfile /obs/src/api/Gemfile
ADD Gemfile.lock /obs/src/api/Gemfile.lock
RUN chown -R frontend /obs/src/api

RUN zypper install -y bind-utils iputils openldap2-client telnet

# Now do the rest as the user with the same ID as the user who
# builds this container
USER frontend
Expand Down
27 changes: 15 additions & 12 deletions src/api/spec/models/user_ldap_strategy_spec.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
RSpec.describe UserLdapStrategy do
RSpec.describe UserLdapStrategy, skip: !Rails.env.test_ldap? do
let(:dn_string_no_uid) { 'cn=jsmith,ou=Promotions,dc=noam,dc=com' }
let(:dn_string_no_dc) { 'cn=jsmith,ou=Promotions,uid=dister' }
let(:dn_string_complete) { 'cn=jsmith,ou=Promotions,dc=noam,dc=com,uid=dister' }
Expand Down Expand Up @@ -93,7 +93,7 @@

context 'when ldap servers are configured' do
before do
stub_const('CONFIG', CONFIG.merge('ldap_servers' => 'my_ldap_server.com'))
stub_const('CONFIG', CONFIG.merge('ldap_servers' => 'openldap'))
end

context 'for SSL' do
Expand All @@ -103,7 +103,7 @@
stub_const('CONFIG', CONFIG.merge('ldap_ssl' => :on))
end

it_behaves_like 'a ldap connection'
it_behaves_like 'a mocked ldap connection'
end

context 'configured for TSL' do
Expand All @@ -113,11 +113,11 @@
stub_const('CONFIG', CONFIG.merge('ldap_start_tls' => :on))
end

it_behaves_like 'a ldap connection'
it_behaves_like 'a mocked ldap connection'
end

context 'not configured for TSL or SSL' do
include_context 'setup ldap mock'
include_context 'setup ldap conn'

before do
stub_const('CONFIG', CONFIG.merge('ldap_ssl' => :off))
Expand All @@ -129,6 +129,12 @@
end

describe '.find_group_with_ldap' do
after do
# rspec-mocks doubles are not designed to last longer than for one
# example. Therefore we have to clear the stored connection.
UserLdapStrategy.class_variable_set(:@@ldap_search_con, nil)
end

context 'when there is no connection' do
it { expect(UserLdapStrategy.find_group_with_ldap('any_group')).to be_blank }
end
Expand All @@ -139,18 +145,15 @@
before do
stub_const('CONFIG', CONFIG.merge('ldap_search_user' => 'tux',
'ldap_search_auth' => 'tux_password',
'ldap_group_title_attr' => 'ldap_group'))
'ldap_group_objectclass_attr' => 'groupOfNames',
'ldap_group_search_base' => 'ou=OBSGROUPS,dc=EXAMPLE,dc=COM',
'ldap_group_title_attr' => 'ldap_group',
'ldap_ssl' => :on))

allow(ldap_mock).to receive(:bind).with('tux', 'tux_password')
allow(ldap_mock).to receive(:bound?).and_return(true)
end

after do
# rspec-mocks doubles are not designed to last longer than for one
# example. Therefore we have to clear the stored connection.
UserLdapStrategy.class_variable_set(:@@ldap_search_con, nil)
end

context "with 'ldap_group_objectclass_attr' configured" do
before do
allow(ldap_mock).to receive(:search).with(
Expand Down
31 changes: 5 additions & 26 deletions src/api/spec/shared/examples/a_ldap_connection.rb
Original file line number Diff line number Diff line change
@@ -1,34 +1,13 @@
RSpec.shared_examples 'a ldap connection' do
context 'when a connection can be established' do
before do
allow(ldap_mock).to receive(:bind).with('tux', 'tux_password')
allow(ldap_mock).to receive(:bound?).and_return(true)
end
let(:user_tux) { 'cn=tux,ou=people,dc=example,dc=org' }

context 'when a connection can be established' do
it 'returns the connection object' do
expect(UserLdapStrategy.send(:initialize_ldap_con, 'tux', 'tux_password')).to be(ldap_mock)
end
end

context 'when no connection can be established' do
before do
allow(ldap_mock).to receive(:bind).with('tux', 'tux_password')
allow(ldap_mock).to receive(:bound?).and_return(false)
expect(UserLdapStrategy.send(:initialize_ldap_con, user_tux, 'tux_password')).to be_bound
end

it { expect(UserLdapStrategy.send(:initialize_ldap_con, 'tux', 'tux_password')).to be_nil }
end

context 'when establishing a connection fails with an error' do
let(:err_object) { double(error: 'something happened') }

before do
allow(ldap_mock).to receive(:bound?)
allow(ldap_mock).to receive(:bind).with('tux', 'tux_password').and_raise(LDAP::ResultError)
allow(ldap_mock).to receive(:err).and_return(err_object)
allow(ldap_mock).to receive(:err2string).with(err_object).and_return('something happened')
end

it { expect(UserLdapStrategy.send(:initialize_ldap_con, 'tux', 'tux_password')).to be_nil }
context 'when a connection can not be established' do
it { expect(UserLdapStrategy.send(:initialize_ldap_con, user_tux, 'WRONG_password')).to be_nil }
end
end
12 changes: 6 additions & 6 deletions src/api/spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -96,14 +96,14 @@
# support fixtures
require 'support/factory_bot'

# support database cleanup
require 'support/database_cleaner'
# # support database cleanup
# require 'support/database_cleaner'

# support Suse::backend
require 'support/backend'
# # support Suse::backend
# require 'support/backend'

# support shoulda matcher
require 'support/shoulda_matchers'
# # support shoulda matcher
# require 'support/shoulda_matchers'

# helper methods for authentication
require 'support/controllers/controllers_authentication'
Expand Down

0 comments on commit e740a79

Please sign in to comment.