rabbitmq-server/deps/rabbitmq_auth_backend_ldap/test/rabbit_ldap_seed.erl

%% This Source Code Form is subject to the terms of the Mozilla Public
%% License, v. 2.0. If a copy of the MPL was not distributed with this
%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
%%
%% Copyright (c) 2007-2025 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.
%%

-module(rabbit_ldap_seed).

-include_lib("stdlib/include/assert.hrl").

-export([seed/1,delete/1]).

seed(Logon) ->
    H = connect(Logon),
    ok = add(H, rabbitmq_com()),
    ok = add(H, ou("people")),
    [ add(H, P) || P <- people() ],
    ok = add(H, ou("vhosts")),
    ok = add(H, test()),
    ok = add(H, ou("groups")),
    [ add(H, P) || P <- groups() ],
    eldap:close(H),
    ok.

rabbitmq_com() ->
    {"dc=rabbitmq,dc=com",
      [{"objectClass", ["dcObject", "organization"]},
       {"dc", ["rabbitmq"]},
       {"o", ["Test"]}]}.


delete(Logon) ->
    H = connect(Logon),
    assert_benign(eldap:delete(H, "ou=test,dc=rabbitmq,dc=com")),
    assert_benign(eldap:delete(H, "ou=test,ou=vhosts,dc=rabbitmq,dc=com")),
    assert_benign(eldap:delete(H, "ou=vhosts,dc=rabbitmq,dc=com")),
    [ assert_benign(eldap:delete(H, P)) || {P, _} <- groups() ],
    [ assert_benign(eldap:delete(H, P)) || {P, _} <- people() ],
    assert_benign(eldap:delete(H, "ou=groups,dc=rabbitmq,dc=com")),
    assert_benign(eldap:delete(H, "ou=people,dc=rabbitmq,dc=com")),
    assert_benign(eldap:delete(H, "dc=rabbitmq,dc=com")),
    ok = eldap:close(H),
    ok.

assert_benign({error,noSuchObject}) ->
    ok;
assert_benign(Other) ->
    ?assertEqual(ok, Other).

people() ->
    [ bob(),
      dominic(),
      charlie(),
      edward(),
      johndoe(),
      alice(),
      peter(),
      carol(),
      jimmy()
    ].

groups() ->
    [wheel_group(),
     people_group(),
     staff_group(),
     bobs_group(),
     bobs2_group(),
     admins_group()
    ].

wheel_group() ->
    {A, _} = alice(),
    {C, _} = charlie(),
    {D, _} = dominic(),
    {P, _} = peter(),
    {"cn=wheel,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["wheel"]},
      {"member", [A, C, D, P]}]}.

people_group() ->
    {C, _} = charlie(),
    {D, _} = dominic(),
    {P, _} = peter(),
    {"cn=people,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["people"]},
      {"member", [C, D, P]}]}.

staff_group() ->
    {C, _} = charlie(),
    {D, _} = dominic(),
    {P, _} = peter(),
    {"cn=staff,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["people"]},
      {"member", [C, D, P]}]}.

bobs_group() ->
    {B, _} = bob(),
    {"cn=bobs,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["bobs"]},
      {"member", [B]}]}.

bobs2_group() ->
    {B, _} = bobs_group(),
    {"cn=bobs2,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["bobs2"]},
      {"member", [B]}]}.

admins_group() ->
    {B, _} = bobs2_group(),
    {W, _} = wheel_group(),
    {"cn=admins,ou=groups,dc=rabbitmq,dc=com",
     [{"objectClass", ["groupOfNames"]},
      {"cn", ["admins"]},
      {"member", [B, W]}]}.

person(Cn, Sn) ->
    {"cn="++Cn++",ou=people,dc=rabbitmq,dc=com",
     [{"objectClass", ["person"]},
      {"cn", [Cn]},
      {"sn", [Sn]},
      {"userPassword", ["password"]}]}.

bob() -> person("Bob", "Robert").
dominic() -> person("Dominic", "Dom").
charlie() -> person("Charlie", "Charlie Boy").
edward() -> person("Edward", "Ed").
johndoe() -> person("John Doe", "Doe").

alice() ->
    {"cn=Alice,ou=people,dc=rabbitmq,dc=com",
     [{"objectClass", ["person"]},
      {"cn", ["Alice"]},
      {"sn", ["Ali"]},
      {"userPassword", ["password"]},
      {"description", ["can-declare-queues"]}]}.

peter() ->
    {"uid=peter,ou=people,dc=rabbitmq,dc=com",
     [{"cn", ["Peter"]},
      {"givenName", ["Peter"]},
      {"sn", ["Jones"]},
      {"uid", ["peter"]},
      {"uidNumber", ["5000"]},
      {"gidNumber", ["10000"]},
      {"homeDirectory", ["/home/peter"]},
      {"mail", ["peter.jones@rabbitmq.com"]},
      {"objectClass", ["top",
                       "posixAccount",
                       "shadowAccount",
                       "inetOrgPerson",
                       "organizationalPerson",
                       "person"]},
      {"loginShell", ["/bin/bash"]},
      {"userPassword", ["password"]}]}.

carol() ->
    {"uid=carol,ou=people,dc=rabbitmq,dc=com",
     [{"cn", ["Carol"]},
      {"givenName", ["Carol"]},
      {"sn", ["Meyers"]},
      {"uid", ["peter"]},
      {"uidNumber", ["655"]},
      {"gidNumber", ["10000"]},
      {"homeDirectory", ["/home/carol"]},
      {"mail", ["carol.meyers@example.com"]},
      {"objectClass", ["top",
                       "posixAccount",
                       "shadowAccount",
                       "inetOrgPerson",
                       "organizationalPerson",
                       "person"]},
      {"loginShell", ["/bin/bash"]},
      {"userPassword", ["password"]}]}.

% rabbitmq/rabbitmq-auth-backend-ldap#100
jimmy() ->
    {"cn=Jimmy,ou=people,dc=rabbitmq,dc=com",
     [{"objectClass", ["person"]},
      {"cn", ["Jimmy"]},
      {"sn", ["Makes"]},
      {"userPassword", ["password"]},
      {"description", ["^RMQ-foobar", "^RMQ-.*$"]}]}.

add(H, {A, B}) ->
    ok = eldap:add(H, A, B).

connect({Host, Port}) ->
    LogOpts = [],
    %% This can be swapped with the line above to add verbose logging of the
    %% LDAP operations used for seeding.
    %% LogOpts = [{log, fun(_Level, FormatString, FormatArgs) -> ct:pal(FormatString, FormatArgs) end}],
    {ok, H} = eldap:open([Host], [{port, Port} | LogOpts]),
    ok = eldap:simple_bind(H, "cn=admin,dc=rabbitmq,dc=com", "admin"),
    H.

ou(Name) ->
    {"ou=" ++ Name ++ ",dc=rabbitmq,dc=com", [{"objectClass", ["organizationalUnit"]}, {"ou", [Name]}]}.

test() ->
    {"ou=test,ou=vhosts,dc=rabbitmq,dc=com", [{"objectClass", ["top", "organizationalUnit"]}, {"ou", ["test"]}]}.
Switch to Mozilla Public License 2.0 (MPL 2.0) 2020-07-11 03:19:35 +08:00			`%% This Source Code Form is subject to the terms of the Mozilla Public`
			`%% License, v. 2.0. If a copy of the MPL was not distributed with this`
			`%% file, You can obtain one at https://mozilla.org/MPL/2.0/.`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`%%`
(c) year bumps 2024-01-02 11:02:20 +08:00			`%% Copyright (c) 2007-2025 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved.`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`%%`

ldap_seed => rabbit_ldap_seed 2016-06-29 18:54:35 +08:00			`-module(rabbit_ldap_seed).`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00
rabbit_ldap_seed: Assert seed data deletions are benign 2024-05-01 23:11:09 +08:00			`-include_lib("stdlib/include/assert.hrl").`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00
			`-export([seed/1,delete/1]).`

			`seed(Logon) ->`
			`H = connect(Logon),`
			`ok = add(H, rabbitmq_com()),`
			`ok = add(H, ou("people")),`
			`[ add(H, P) \|\| P <- people() ],`
			`ok = add(H, ou("vhosts")),`
			`ok = add(H, test()),`
			`ok = add(H, ou("groups")),`
			`[ add(H, P) \|\| P <- groups() ],`
			`eldap:close(H),`
			`ok.`

			`rabbitmq_com() ->`
			`{"dc=rabbitmq,dc=com",`
			`[{"objectClass", ["dcObject", "organization"]},`
			`{"dc", ["rabbitmq"]},`
			`{"o", ["Test"]}]}.`


			`delete(Logon) ->`
			`H = connect(Logon),`
rabbit_ldap_seed: Assert seed data deletions are benign 2024-05-01 23:11:09 +08:00			`assert_benign(eldap:delete(H, "ou=test,dc=rabbitmq,dc=com")),`
			`assert_benign(eldap:delete(H, "ou=test,ou=vhosts,dc=rabbitmq,dc=com")),`
			`assert_benign(eldap:delete(H, "ou=vhosts,dc=rabbitmq,dc=com")),`
			`[ assert_benign(eldap:delete(H, P)) \|\| {P, _} <- groups() ],`
			`[ assert_benign(eldap:delete(H, P)) \|\| {P, _} <- people() ],`
			`assert_benign(eldap:delete(H, "ou=groups,dc=rabbitmq,dc=com")),`
			`assert_benign(eldap:delete(H, "ou=people,dc=rabbitmq,dc=com")),`
			`assert_benign(eldap:delete(H, "dc=rabbitmq,dc=com")),`
			`ok = eldap:close(H),`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`ok.`

rabbit_ldap_seed: Assert seed data deletions are benign 2024-05-01 23:11:09 +08:00			`assert_benign({error,noSuchObject}) ->`
			`ok;`
			`assert_benign(Other) ->`
			`?assertEqual(ok, Other).`

setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`people() ->`
			`[ bob(),`
			`dominic(),`
			`charlie(),`
			`edward(),`
			`johndoe(),`
			`alice(),`
			`peter(),`
Add failing test for rabbitmq/rabbitmq-auth-backend-ldap#100 2018-11-03 02:38:42 +08:00			`carol(),`
			`jimmy()`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`].`

			`groups() ->`
			`[wheel_group(),`
			`people_group(),`
			`staff_group(),`
			`bobs_group(),`
			`bobs2_group(),`
			`admins_group()`
			`].`

			`wheel_group() ->`
			`{A, _} = alice(),`
			`{C, _} = charlie(),`
			`{D, _} = dominic(),`
			`{P, _} = peter(),`
			`{"cn=wheel,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["wheel"]},`
			`{"member", [A, C, D, P]}]}.`

			`people_group() ->`
			`{C, _} = charlie(),`
			`{D, _} = dominic(),`
			`{P, _} = peter(),`
			`{"cn=people,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["people"]},`
			`{"member", [C, D, P]}]}.`

			`staff_group() ->`
			`{C, _} = charlie(),`
			`{D, _} = dominic(),`
			`{P, _} = peter(),`
			`{"cn=staff,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["people"]},`
			`{"member", [C, D, P]}]}.`

			`bobs_group() ->`
			`{B, _} = bob(),`
			`{"cn=bobs,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["bobs"]},`
			`{"member", [B]}]}.`

			`bobs2_group() ->`
			`{B, _} = bobs_group(),`
			`{"cn=bobs2,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["bobs2"]},`
			`{"member", [B]}]}.`

			`admins_group() ->`
			`{B, _} = bobs2_group(),`
rabbit_ldap_seed: Remove trailing whitespace 2020-03-26 21:52:36 +08:00			`{W, _} = wheel_group(),`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`{"cn=admins,ou=groups,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["groupOfNames"]},`
			`{"cn", ["admins"]},`
			`{"member", [B, W]}]}.`

			`person(Cn, Sn) ->`
			`{"cn="++Cn++",ou=people,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["person"]},`
			`{"cn", [Cn]},`
			`{"sn", [Sn]},`
			`{"userPassword", ["password"]}]}.`

			`bob() -> person("Bob", "Robert").`
			`dominic() -> person("Dominic", "Dom").`
			`charlie() -> person("Charlie", "Charlie Boy").`
			`edward() -> person("Edward", "Ed").`
			`johndoe() -> person("John Doe", "Doe").`

			`alice() ->`
			`{"cn=Alice,ou=people,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["person"]},`
			`{"cn", ["Alice"]},`
			`{"sn", ["Ali"]},`
			`{"userPassword", ["password"]},`
			`{"description", ["can-declare-queues"]}]}.`

			`peter() ->`
			`{"uid=peter,ou=people,dc=rabbitmq,dc=com",`
			`[{"cn", ["Peter"]},`
			`{"givenName", ["Peter"]},`
			`{"sn", ["Jones"]},`
			`{"uid", ["peter"]},`
			`{"uidNumber", ["5000"]},`
			`{"gidNumber", ["10000"]},`
			`{"homeDirectory", ["/home/peter"]},`
			`{"mail", ["peter.jones@rabbitmq.com"]},`
			`{"objectClass", ["top",`
			`"posixAccount",`
			`"shadowAccount",`
			`"inetOrgPerson",`
			`"organizationalPerson",`
			`"person"]},`
			`{"loginShell", ["/bin/bash"]},`
rabbit_ldap_seed: Remove 'memberOf' annotation for "peter" seed user In openldap 2.5, `memberOf` seems to be a read-only annotation. Instead the LDAPWiki recommends adding the user's name to the member attribute on the relevant group objects: <https://ldapwiki.com/wiki/Wiki.jsp?page=MemberOf> We already do that when setting up the group objects, so this annotation is safe to remove. 2024-05-01 23:11:47 +08:00			`{"userPassword", ["password"]}]}.`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00
			`carol() ->`
			`{"uid=carol,ou=people,dc=rabbitmq,dc=com",`
			`[{"cn", ["Carol"]},`
			`{"givenName", ["Carol"]},`
			`{"sn", ["Meyers"]},`
			`{"uid", ["peter"]},`
			`{"uidNumber", ["655"]},`
			`{"gidNumber", ["10000"]},`
			`{"homeDirectory", ["/home/carol"]},`
			`{"mail", ["carol.meyers@example.com"]},`
			`{"objectClass", ["top",`
			`"posixAccount",`
			`"shadowAccount",`
			`"inetOrgPerson",`
			`"organizationalPerson",`
			`"person"]},`
			`{"loginShell", ["/bin/bash"]},`
			`{"userPassword", ["password"]}]}.`

Add failing test for rabbitmq/rabbitmq-auth-backend-ldap#100 2018-11-03 02:38:42 +08:00			`% rabbitmq/rabbitmq-auth-backend-ldap#100`
			`jimmy() ->`
			`{"cn=Jimmy,ou=people,dc=rabbitmq,dc=com",`
			`[{"objectClass", ["person"]},`
			`{"cn", ["Jimmy"]},`
			`{"sn", ["Makes"]},`
			`{"userPassword", ["password"]},`
			`{"description", ["^RMQ-foobar", "^RMQ-.*$"]}]}.`

setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`add(H, {A, B}) ->`
			`ok = eldap:add(H, A, B).`

			`connect({Host, Port}) ->`
rabbit_ldap_seed: Add commented out verbose logging for LDAP operations 2024-05-01 23:19:12 +08:00			`LogOpts = [],`
			`%% This can be swapped with the line above to add verbose logging of the`
			`%% LDAP operations used for seeding.`
			`%% LogOpts = [{log, fun(_Level, FormatString, FormatArgs) -> ct:pal(FormatString, FormatArgs) end}],`
			`{ok, H} = eldap:open([Host], [{port, Port} \| LogOpts]),`
setup openldap as part of vagrant provisioning seed openldap as part of the test run 2016-06-29 16:51:28 +08:00			`ok = eldap:simple_bind(H, "cn=admin,dc=rabbitmq,dc=com", "admin"),`
			`H.`

			`ou(Name) ->`
			`{"ou=" ++ Name ++ ",dc=rabbitmq,dc=com", [{"objectClass", ["organizationalUnit"]}, {"ou", [Name]}]}.`

			`test() ->`
			`{"ou=test,ou=vhosts,dc=rabbitmq,dc=com", [{"objectClass", ["top", "organizationalUnit"]}, {"ou", ["test"]}]}.`