Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
lemur/lemur/tests/test_ldap.py

65 lines
2.5 KiB
Python
Raw Blame History

import pytest
from lemur.auth.ldap import * # noqa
from mock import patch, MagicMock
class LdapPrincipalTester(LdapPrincipal):
def __init__(self, args):
super().__init__(args)
self.ldap_server = 'ldap://localhost'
def bind_test(self):
groups = [('user', {'memberOf': ['CN=Lemur Access,OU=Groups,DC=example,DC=com'.encode('utf-8'),
'CN=Pen Pushers,OU=Groups,DC=example,DC=com'.encode('utf-8')]})]
self.ldap_client = MagicMock()
self.ldap_client.search_s.return_value = groups
self._bind()
def authorize_test_groups_to_roles_admin(self):
self.ldap_groups = ''.join(['CN=Pen Pushers,OU=Groups,DC=example,DC=com',
'CN=Lemur Admins,OU=Groups,DC=example,DC=com',
'CN=Lemur Read Only,OU=Groups,DC=example,DC=com'])
self.ldap_required_group = None
self.ldap_groups_to_roles = {'Lemur Admins': 'admin', 'Lemur Read Only': 'read-only'}
return self._authorize()
def authorize_test_required_group(self, group):
self.ldap_groups = ''.join(['CN=Lemur Access,OU=Groups,DC=example,DC=com',
'CN=Pen Pushers,OU=Groups,DC=example,DC=com'])
self.ldap_required_group = group
return self._authorize()
@pytest.fixture()
def principal(session):
args = {'username': 'user', 'password': 'p4ssw0rd'}
yield LdapPrincipalTester(args)
class TestLdapPrincipal:
@patch('ldap.initialize')
def test_bind(self, app, principal):
self.test_ldap_user = principal
self.test_ldap_user.bind_test()
group = 'Pen Pushers'
assert group in self.test_ldap_user.ldap_groups
assert self.test_ldap_user.ldap_principal == 'user@example.com'
def test_authorize_groups_to_roles_admin(self, app, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_groups_to_roles_admin()
assert any(x.name == "admin" for x in roles)
def test_authorize_required_group_missing(self, app, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_required_group('Not Allowed')
assert not roles
def test_authorize_required_group_access(self, session, principal):
self.test_ldap_user = principal
roles = self.test_ldap_user.authorize_test_required_group('Lemur Access')
assert len(roles) >= 1
assert any(x.name == "user@example.com" for x in roles)
Reference in New Issue View Git Blame Copy Permalink