Merge pull request #1483 from coreos-inc/superuser-external-user

Fix setup tool when binding to external auth
2016-05-23 17:17:45 -04:00 · 2016-05-23 17:17:45 -04:00 · fa3b342901
commit fa3b342901
parent 1df9ba2a03 60bbca2185
6 changed files with 151 additions and 62 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -15,6 +15,7 @@ from playhouse.test_utils import assert_query_count, _QueryLogHandler
 from httmock import urlmatch, HTTMock
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.backends import default_backend
+from mockldap import MockLdap

 from endpoints.api import api_bp, api
 from endpoints.building import PreparedBuild
@ -3523,6 +3524,51 @@ class TestSuperUserConfig(ApiTestCase):
    json = self.getJsonResponse(SuperUserConfigFile, params=dict(filename='ssl.cert'))
    self.assertTrue(json['exists'])

+  def test_update_with_external_auth(self):
+    self.login(ADMIN_ACCESS_USER)
+
+    # Run a mock LDAP.
+    mockldap = MockLdap({
+      'dc=quay,dc=io': {'dc': ['quay', 'io']},
+      'ou=employees,dc=quay,dc=io': {
+        'dc': ['quay', 'io'],
+        'ou': 'employees'
+      },
+      'uid=' + ADMIN_ACCESS_USER + ',ou=employees,dc=quay,dc=io': {
+        'dc': ['quay', 'io'],
+        'ou': 'employees',
+        'uid': [ADMIN_ACCESS_USER],
+        'userPassword': ['password'],
+        'mail': [ADMIN_ACCESS_EMAIL],
+      },
+    })
+
+    config = {
+      'AUTHENTICATION_TYPE': 'LDAP',
+      'LDAP_BASE_DN': ['dc=quay', 'dc=io'],
+      'LDAP_ADMIN_DN': 'uid=devtable,ou=employees,dc=quay,dc=io',
+      'LDAP_ADMIN_PASSWD': 'password',
+      'LDAP_USER_RDN': ['ou=employees'],
+      'LDAP_UID_ATTR': 'uid',
+      'LDAP_EMAIL_ATTR': 'mail',
+    }
+
+    mockldap.start()
+    try:
+      # Try writing some config with an invalid password.
+      self.putResponse(SuperUserConfig, data={'config': config, 'hostname': 'foo'}, expected_code=400)
+      self.putResponse(SuperUserConfig,
+                       data={'config': config, 'password': 'invalid', 'hostname': 'foo'}, expected_code=400)
+
+      # Write the config with the valid password.
+      self.putResponse(SuperUserConfig,
+                       data={'config': config, 'password': 'password', 'hostname': 'foo'}, expected_code=200)
+
+      # Ensure that the user row has been linked.
+      self.assertEquals(ADMIN_ACCESS_USER, model.user.verify_federated_login('ldap', ADMIN_ACCESS_USER).username)
+    finally:
+      mockldap.stop()
+


@urlmatch(netloc=r'(.*\.)?mockclairservice', path=r'/v1/layers/(.+)')