Add failing test for rabbitmq/rabbitmq-auth-backend-ldap#100
This commit is contained in:
Luke Bakken
parent
f8fd4393e1
commit
51e1a16a93
|
|
@ -2,7 +2,7 @@
|
|||
# vi: set ft=ruby :
|
||||
|
||||
Vagrant.configure(2) do |config|
|
||||
config.vm.box = "ubuntu/trusty64"
|
||||
config.vm.box = 'ubuntu/xenial64'
|
||||
config.vm.network "forwarded_port", guest: 389, host: 3890
|
||||
config.vm.provision "shell", inline: "sudo apt-get -y update"
|
||||
config.vm.provision "file", source: "example", destination: "~/example"
|
||||
|
|
|
|||
|
|
@ -60,7 +60,8 @@ people() ->
|
|||
johndoe(),
|
||||
alice(),
|
||||
peter(),
|
||||
carol()
|
||||
carol(),
|
||||
jimmy()
|
||||
].
|
||||
|
||||
groups() ->
|
||||
|
|
@ -184,6 +185,15 @@ carol() ->
|
|||
{"loginShell", ["/bin/bash"]},
|
||||
{"userPassword", ["password"]}]}.
|
||||
|
||||
% rabbitmq/rabbitmq-auth-backend-ldap#100
|
||||
jimmy() ->
|
||||
{"cn=Jimmy,ou=people,dc=rabbitmq,dc=com",
|
||||
[{"objectClass", ["person"]},
|
||||
{"cn", ["Jimmy"]},
|
||||
{"sn", ["Makes"]},
|
||||
{"userPassword", ["password"]},
|
||||
{"description", ["^RMQ-foobar", "^RMQ-.*$"]}]}.
|
||||
|
||||
add(H, {A, B}) ->
|
||||
ok = eldap:add(H, A, B).
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
-define(BOB_NAME, "Bob").
|
||||
-define(CAROL_NAME, "Carol").
|
||||
-define(PETER_NAME, "Peter").
|
||||
-define(JIMMY_NAME, "Jimmy").
|
||||
|
||||
-define(VHOST, "test").
|
||||
-define(DEFAULT_LDAP_PORT, "3890").
|
||||
|
|
@ -45,6 +46,10 @@
|
|||
password = <<"password">>,
|
||||
virtual_host = <<?VHOST>>}).
|
||||
|
||||
-define(JIMMY, #amqp_params_network{username = <<?JIMMY_NAME>>,
|
||||
password = <<"password">>,
|
||||
virtual_host = <<?VHOST>>}).
|
||||
|
||||
-define(BASE_CONF_RABBIT, {rabbit, [{default_vhost, <<"test">>}]}).
|
||||
|
||||
base_conf_ldap(LdapPort, IdleTimeout, PoolSize) ->
|
||||
|
|
@ -113,7 +118,8 @@ groups() ->
|
|||
invalid_and_clause_ldap_only,
|
||||
topic_authorisation_publishing_ldap_only,
|
||||
topic_authorisation_consumption,
|
||||
match_bidirectional
|
||||
match_bidirectional,
|
||||
match_bidirectional_gh_100
|
||||
],
|
||||
[
|
||||
{non_parallel_tests, [], Tests
|
||||
|
|
@ -475,10 +481,8 @@ topic_authorisation_consumption1(Config) ->
|
|||
false = rabbit_auth_backend_ldap:check_topic_access(Alice, Resource, read, #{routing_key => <<"b.c">>}),
|
||||
%% user KO, routing key OK, should fail
|
||||
false = rabbit_auth_backend_ldap:check_topic_access(Bob, Resource, read, #{routing_key => <<"a.b.c">>}),
|
||||
|
||||
ok.
|
||||
|
||||
|
||||
match_bidirectional(Config) ->
|
||||
ok = rabbit_ct_broker_helpers:rpc(Config, 0,
|
||||
application, set_env, [rabbit, auth_backends, [rabbit_auth_backend_ldap]]),
|
||||
|
|
@ -500,6 +504,25 @@ match_bidirectional(Config) ->
|
|||
end || ConfigurationFunction <- Configurations],
|
||||
ok.
|
||||
|
||||
match_bidirectional_gh_100(Config) ->
|
||||
ok = rabbit_ct_broker_helpers:rpc(Config, 0,
|
||||
application, set_env, [rabbit, auth_backends, [rabbit_auth_backend_ldap]]),
|
||||
|
||||
Configurations = [
|
||||
fun resource_access_query_match_gh_100/0,
|
||||
fun resource_access_query_match_query_is_string_gh_100/0
|
||||
],
|
||||
|
||||
[begin
|
||||
set_env(Config, ConfigurationFunction()),
|
||||
Q1 = [#'queue.declare'{queue = <<"Jimmy-queue">>}],
|
||||
Q2 = [#'queue.declare'{queue = <<"Jimmy">>}],
|
||||
P = #amqp_params_network{port = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_amqp)},
|
||||
[test_resource(PTR) || PTR <- [{P?JIMMY, Q1, ok},
|
||||
{P?JIMMY, Q2, ok}]]
|
||||
end || ConfigurationFunction <- Configurations],
|
||||
ok.
|
||||
|
||||
%%--------------------------------------------------------------------
|
||||
|
||||
test_publish(Person, Exchange, RoutingKey, ExpectedResult) ->
|
||||
|
|
@ -646,6 +669,22 @@ vhost_access_query_and_in_group() ->
|
|||
vhost_access_query_nested_groups_env() ->
|
||||
[{vhost_access_query, {in_group_nested, "cn=admins,ou=groups,dc=rabbitmq,dc=com"}}].
|
||||
|
||||
vhost_access_query_base_env() ->
|
||||
[{vhost_access_query, vhost_access_query_base()}].
|
||||
|
||||
vhost_access_query_base() ->
|
||||
{exists, "ou=${vhost},ou=vhosts,dc=rabbitmq,dc=com"}.
|
||||
|
||||
resource_access_query_match_gh_100() ->
|
||||
[{resource_access_query,
|
||||
{match, {string, "RMQ-${vhost}"}, {attribute, "${user_dn}", "description"}}
|
||||
}].
|
||||
|
||||
resource_access_query_match_query_is_string_gh_100() ->
|
||||
[{resource_access_query,
|
||||
{match, "RMQ-${vhost}", {attribute, "${user_dn}", "description"}}
|
||||
}].
|
||||
|
||||
resource_access_query_match() ->
|
||||
[{resource_access_query, {match, {string, "${name}"},
|
||||
{string, "^${username}-"}}
|
||||
|
|
@ -666,12 +705,6 @@ resource_access_query_match_query_and_re_query_are_strings() ->
|
|||
"^${username}-"}
|
||||
}].
|
||||
|
||||
vhost_access_query_base_env() ->
|
||||
[{vhost_access_query, vhost_access_query_base()}].
|
||||
|
||||
vhost_access_query_base() ->
|
||||
{exists, "ou=${vhost},ou=vhosts,dc=rabbitmq,dc=com"}.
|
||||
|
||||
topic_access_query_base_env() ->
|
||||
[{topic_access_query, topic_access_query_base()}].
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue