Test tag attribution by configuring from within the test-suite

Put the necessary configuration in the test itself, testing a more complex assortment of tag queries, rather than in the configuration file. Introduce another user into the LDAP server for this test. Revert the `management` tag query, in the configuration file, to a trivial constant query.
2016-04-14 10:10:22 +00:00 · 2016-04-14 10:10:22 +00:00 · 45a5ff0311
parent b19915b617
commit 45a5ff0311
3 changed files with 40 additions and 4 deletions
--- a/deps/rabbitmq_auth_backend_ldap/etc/rabbit-test.config
+++ b/deps/rabbitmq_auth_backend_ldap/etc/rabbit-test.config
@ -38,7 +38,6 @@
            ]}},
    {tag_queries, [{monitor,       {constant, true}},
                   {administrator, {constant, false}},
-                   {management,
-                    {exists, "cn=${username},ou=Faculty,dc=Computer Science,dc=Engineering"}}]}
+                   {management,    {constant, false}}]}
  ]}
 ].
--- a/deps/rabbitmq_auth_backend_ldap/example/people.ldif
+++ b/deps/rabbitmq_auth_backend_ldap/example/people.ldif
@ -35,6 +35,12 @@ cn: Charlie
 sn: Charlie Boy
 userPassword: password

+dn: cn=Edward,ou=people,dc=example,dc=com
+objectClass: person
+cn: Edward
+sn: Ed
+userPassword: password
+
 dn: cn=John Doe,ou=people,dc=example,dc=com
 objectClass: person
 cn: John Doe
--- a/deps/rabbitmq_auth_backend_ldap/test/src/rabbit_auth_backend_ldap_test.erl
+++ b/deps/rabbitmq_auth_backend_ldap/test/src/rabbit_auth_backend_ldap_test.erl
@ -88,6 +88,34 @@ internal_followed_ldap_and_internal_test_() ->
        {"Internal, LDAP&Internal Tags", tag_check([monitor, management, foo])}
    ]}.

+tag_attribution_test_() ->
+    {setup,
+     fun () ->
+         %% Configuration parameter under test.
+         Cfg = [{tag_queries,
+                 [{administrator, {constant, false}},
+                  %% Query result for tag `management` is FALSE
+                  %% because this object does NOT exist.
+                  {management,
+                   {exists, "cn=${username},ou=Faculty,dc=Computer Science,dc=Engineering"}},
+                  {monitor, {constant, true}},
+                  %% Query result for tag `normal` is TRUE because
+                  %% this object exists.
+                  {normal,
+                   {exists, "cn=${username},ou=people,dc=example,dc=com"}}]}],
+         %% Configure only the LDAP backend then set it up with tag
+         %% queries.
+         ok = application:set_env(rabbit, auth_backends, [rabbit_auth_backend_ldap]),
+         set_env(Cfg)
+     end,
+     fun (_) ->
+         set_env(base_login_env()),
+         ok = application:unset_env(rabbit, auth_backends)
+     end,
+     [ { %% Test that the user is attributed all the tags for which the
+         %% corresponding query should succeed.
+         "LDAP Tag attribution", tag_check(<<"Edward">>, <<"password">>, [monitor, normal])}]
+    }.

 %%--------------------------------------------------------------------

@ -199,13 +227,16 @@ permission_match() ->
                        {?ALICE, B(<<"xch-Alice-abc123">>), fail}]).

 tag_check(Tags) ->
+    tag_check(<<?ALICE_NAME>>, <<"password">>, Tags).
+
+tag_check(Username, Password, Tags)
+  when is_binary(Username), is_binary(Password), is_list(Tags) ->
    fun() ->
            {ok, User} = rabbit_access_control:check_user_pass_login(
-                        << ?ALICE_NAME >>, <<"password">>),
+                           Username, Password),
            ?assertEqual(Tags, User#user.tags)
    end.

-
 %%--------------------------------------------------------------------

 test_resource_funs(PTRs) -> [test_resource_fun(PTR) || PTR <- PTRs].