Skip to content
Permalink
Browse files

adding test for LDAP Account

  • Loading branch information
skublik committed Oct 2, 2018
1 parent e893b3e commit 32e0845e720acb42193dfbf2e1943d028426a119
@@ -81,7 +81,7 @@ load ../../../library

add_object tasks midpoint-objects-manual/tasks/task-import-sis-persons.xml
search_and_check_object tasks "Import from SIS persons"
wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa
wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a79aeaaa 6 10
assert_task_success 22c2a3d0-0961-4255-9eec-c550a79aeaaa

search_and_check_object users jsmith
@@ -97,7 +97,30 @@ load ../../../library
# TODO check in LDAP, check assignments etc
}

@test "230 Check 'TestUser230' in Midpoint and LDAP" {
if [ -e $BATS_TMPDIR/not-started ]; then skip 'not started'; fi
check_health
echo "<user><name>TestUser230</name><fullName>Test User230</fullName><givenName>Test</givenName><familyName>User230</familyName><credentials><password><value><clearValue>password</clearValue></value></password></credentials></user>" >/tmp/testuser230.xml
add_object users /tmp/testuser230.xml
rm /tmp/testuser230.xml
search_and_check_object users TestUser230

add_object tasks tests/resources/task/recom-role-grouper-sysadmin.xml
search_and_check_object tasks "Recompute role-grouper-sysadmin"
wait_for_task_completion 22c2a3d0-0961-4255-9eec-caasa79aeaaa 6 10
assert_task_success 22c2a3d0-0961-4255-9eec-caasa79aeaaa

add_object tasks tests/resources/task/assign-role-grouper-sysadmin-to-test-user.xml
search_and_check_object tasks "Assign role-grouper-sysadmin to TestUser230"
wait_for_task_completion 22c2a3d0-0961-4255-9eec-c550a791237s 6 10
assert_task_success 22c2a3d0-0961-4255-9eec-c550a791237s

check_ldap_account_by_user_name TestUser230
check_of_ldap_membership TestUser230 sysadmingroup
}


@test "999 Clean up" {
# skip TEMP
skip TEMP
docker-compose down -v
}
@@ -0,0 +1,33 @@
<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
oid="22c2a3d0-0961-4255-9eec-c550a791237s">
<name>Assign role-grouper-sysadmin to TestUser230</name>
<extension>
<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
<s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
<s:type>c:UserType</s:type>
<s:searchFilter>
<q:equal>
<q:path>c:name</q:path>
<q:value>TestUser230</q:value>
</q:equal>
</s:searchFilter>
<s:action>
<s:type>assign</s:type>
<s:parameter>
<s:name>role</s:name>
<c:value xsi:type="xsd:string">d48ec05b-fffd-4262-acd3-d9ff63365b62</c:value>
</s:parameter>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002"/>
<executionStatus>runnable</executionStatus>
<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
<recurrence>single</recurrence>
</task>
@@ -0,0 +1,27 @@
<task xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
oid="22c2a3d0-0961-4255-9eec-caasa79aeaaa">
<name>Recompute role-grouper-sysadmin</name>
<extension>
<scext:executeScript xmlns:scext="http://midpoint.evolveum.com/xml/ns/public/model/scripting/extension-3">
<s:search xmlns:s="http://midpoint.evolveum.com/xml/ns/public/model/scripting-3">
<s:type>c:RoleType</s:type>
<s:searchFilter>
<q:equal>
<q:path>name</q:path>
<q:value>role-grouper-sysadmin</q:value>
</q:equal>
</s:searchFilter>
<s:action>
<s:type>recompute</s:type>
</s:action>
</s:search>
</scext:executeScript>
</extension>
<ownerRef oid="00000000-0000-0000-0000-000000000002"/>
<executionStatus>runnable</executionStatus>
<category>BulkActions</category>
<handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/scripting/handler-3</handlerUri>
<recurrence>single</recurrence>
</task>
@@ -134,23 +134,23 @@ function add_object () {
local FILE=$2
echo "Adding to $TYPE from $FILE..."

response=$(curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE)
http_code=$(sed '$!d' <<<"$response")
local response=$(curl -k -sD - --silent --write-out "%{http_code}" --user administrator:5ecr3t -H "Content-Type: application/xml" -X POST "https://localhost:8443/midpoint/ws/rest/$TYPE" -d @$FILE)
local http_code=$(sed '$!d' <<<"$response")

if [ "$http_code" -eq 201 ] || [ "$http_code" -eq 202 ]; then

# get the real Location
location=$(grep -oP "Location: \K.*" <<<"$response")
oid=$(sed 's/.*\///' <<<"$location")
local location=$(grep -oP "Location: \K.*" <<<"$response")
OID=$(sed 's/.*\///' <<<"$location")

echo "Oid created object: $oid"
echo "Oid created object: $OID"
return 0
else
echo "Error code: $http_code"
if [ "$http_code" -eq 500 ]; then
echo "Error message: Internal server error. Unexpected error occurred, if necessary please contact system administrator."
else
error_message=$(grep 'message' <<<"$response" | head -1 | awk -F">" '{print $2}' | awk -F"<" '{print $1}')
local error_message=$(grep 'message' <<<"$response" | head -1 | awk -F">" '{print $2}' | awk -F"<" '{print $1}')
echo "Error message: $error_message"
fi
return 1
@@ -186,6 +186,7 @@ EOF
if [ "$http_code" -eq 200 ]; then
return 0
else
rm $SEARCH_RESULT_FILE
return 1
fi
}
@@ -243,6 +244,81 @@ function assert_task_success () {

function wait_for_task_completion () {
local OID=$1
sleep 60 # TODO
local ATTEMPT=0
local MAX_ATTEMPTS=$2
local DELAY=$3

until [[ $ATTEMPT = $MAX_ATTEMPTS ]]; do
ATTEMPT=$((ATTEMPT+1))
echo "Waiting $DELAY seconds for task with oid $OID to finish (attempt $ATTEMPT) ..."
sleep $DELAY
get_object tasks $OID
TASK_EXECUTION_STATUS=$(xmllint --xpath "/*/*[local-name()='executionStatus']/text()" $TMPFILE) || (echo "Couldn't extract task status from task $OID" ; cat $TMPFILE ; rm $TMPFILE ; return 1)
if [[ $TASK_EXECUTION_STATUS = "suspended" ]] || [[ $TASK_EXECUTION_STATUS = "closed" ]]; then
echo "Task $OID is finished"
rm $TMPFILE
return 0
fi
done
rm $TMPFILE
echo Task with $OID did not finish in $(( $MAX_ATTEMPTS * $DELAY )) seconds
return 1
}


#search LDAP accout by uid
function search_ldap_object_by_filter () {
local BASE_CONTEXT_FOR_SEARCH=$1
local FILTER="$2"
TMPFILE=$(mktemp /tmp/ldapsearch.XXXXXX)

ldapsearch -h localhost -p 389 -D "cn=Directory Manager" -w password -b "$BASE_CONTEXT_FOR_SEARCH" "($FILTER)" >$TMPFILE || (rm $TMPFILE ; return 1)
LDAPSEARCH_RESULT_FILE=$TMPFILE
return 0
}

function check_ldap_account_by_user_name () {
local NAME=$1
search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME"
search_objects_by_name users $NAME

local MP_FULL_NAME=$(xmllint --xpath "/*/*/*[local-name()='fullName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user fullName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
local MP_GIVEN_NAME=$(xmllint --xpath "/*/*/*[local-name()='givenName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
local MP_FAMILY_NAME=$(xmllint --xpath "/*/*/*[local-name()='familyName']/text()" $SEARCH_RESULT_FILE) || (echo "Couldn't extract user familyName from file:" ; cat $SEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

local LDAP_CN=$(grep -oP "cn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user cn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
local LDAP_GIVEN_NAME=$(grep -oP "givenName: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user givenName from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)
local LDAP_SN=$(grep -oP "sn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user sn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $SEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

rm $SEARCH_RESULT_FILE
rm $LDAPSEARCH_RESULT_FILE

if [[ $MP_FULL_NAME = $LDAP_CN ]] && [[ $MP_GIVEN_NAME = $LDAP_GIVEN_NAME ]] && [[ $MP_FAMILY_NAME = $LDAP_SN ]]; then
return 0
fi

echo "User in Midpoint and LDAP Account with uid $NAME are not same"
return 1
}

function check_of_ldap_membership () {
local NAME_OF_USER=$1
local NAME_OF_GROUP=$2
search_ldap_object_by_filter "ou=people,dc=internet2,dc=edu" "uid=$NAME_OF_USER"

local LDAP_ACCOUNT_DN=$(grep -oP "dn: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user dn from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

search_ldap_object_by_filter "ou=groups,dc=internet2,dc=edu" "cn=$NAME_OF_GROUP"

local LDAP_MEMBERS_DNS=$(grep -oP "uniqueMember: \K.*" $LDAPSEARCH_RESULT_FILE) || (echo "Couldn't extract user uniqueMember from file:" ; cat $LDAPSEARCH_RESULT_FILE ; rm $LDAPSEARCH_RESULT_FILE ; return 1)

rm $LDAPSEARCH_RESULT_FILE

if [[ $LDAP_MEMBERS_DNS =~ $LDAP_ACCOUNT_DN ]]; then
return 0
fi

echo "LDAP Account with uid $NAME_OF_USER is not member of LDAP Group $NAME_OF_GROUP"
return 1
}

0 comments on commit 32e0845

Please sign in to comment.
You can’t perform that action at this time.