-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(SIMP-9738) Add tests with 398ds to freeradius (#61)
- Add acceptance tests that connect to 389ds LDAP server
- Maint
- update packagecloud repos to simp-project
SIMP-9738 #close
SIMP-9737 #close- Loading branch information
1 parent
bded7d3
commit 56199be
Showing
12 changed files
with
258 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| require 'spec_helper_acceptance' | ||
|
|
||
| test_name 'Set up ds389 server ' | ||
|
|
||
| describe 'Setup 389ds server for freeradius' do | ||
| #stunnel just needs to be set, it does not effect this test | ||
| stunnel_setting = true | ||
| ldap_server = only_host_with_role(hosts,'389ds') | ||
| ldap_server_fqdn = fact_on(ldap_server, 'fqdn') | ||
|
|
||
| _domains = fact_on(ldap_server, 'domain').split('.') | ||
| _domains.map! { |d| | ||
| "dc=#{d}" | ||
| } | ||
| base_dn = _domains.join(',') | ||
| common_hieradata = File.read(File.expand_path('files/common_hieradata.yaml.erb', File.dirname(__FILE__))) | ||
|
|
||
| context 'setup 389ds ldap server ' do | ||
| let(:root_pw) { 'suP3rP@ssw0r!' } | ||
| let(:ldap_type) { '389ds' } | ||
| let(:server_hieradata) { File.read(File.expand_path("files/#{ldap_type}/server_hieradata.yaml.erb", File.dirname(__FILE__))) } | ||
| let(:hieradata) { "#{common_hieradata}" + "\n#{server_hieradata}" } | ||
| let(:add_testuser) { File.read(File.expand_path("files/#{ldap_type}/add_testuser.erb", File.dirname(__FILE__))) } | ||
| let(:ds_root_name) { 'accounts' } | ||
|
|
||
| it 'should install, 389ds accounts instance' do | ||
|
|
||
| server_manifest = <<-EOM | ||
| include 'simp_options' | ||
| include 'simp_ds389::instances::accounts' | ||
| EOM | ||
|
|
||
| # Apply | ||
| set_hieradata_on(ldap_server, ERB.new(hieradata).result(binding), 'default') | ||
| apply_manifest_on(ldap_server, server_manifest, catch_failures: true) | ||
| apply_manifest_on(ldap_server, server_manifest, catch_failures: true) | ||
| apply_manifest_on(ldap_server, server_manifest, catch_changes: true) | ||
| end | ||
|
|
||
| # Create test users | ||
| it 'should add the test users' do | ||
| create_remote_file(ldap_server, '/root/ldap_add_user',ERB.new(add_testuser).result(binding)) | ||
| on(ldap_server, 'chmod +x /root/ldap_add_user') | ||
| on(ldap_server, '/root/ldap_add_user') | ||
| result = on(ldap_server, "dsidm #{ds_root_name} -b #{base_dn} user list") | ||
| expect(result.stdout).to include("radius1") | ||
| expect(result.stdout).to include("radius2") | ||
| expect(result.stdout).to include("notradius") | ||
| end | ||
|
|
||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| require 'spec_helper_acceptance' | ||
|
|
||
| test_name 'Set up ldap server ' | ||
|
|
||
| describe 'Setup openldap server for freeradius' do | ||
| ldap_server = only_host_with_role(hosts,'ldap') | ||
| ldap_server_fqdn = fact_on(ldap_server, 'fqdn') | ||
|
|
||
| _domains = fact_on(ldap_server, 'domain').split('.') | ||
| _domains.map! { |d| | ||
| "dc=#{d}" | ||
| } | ||
| base_dn = _domains.join(',') | ||
|
|
||
| common_hieradata = File.read(File.expand_path('files/common_hieradata.yaml.erb', File.dirname(__FILE__))) | ||
|
|
||
| context 'setup ldap server ' do | ||
|
|
||
| let(:ldap_type) { 'plain' } | ||
| let(:server_hieradata) { File.read(File.expand_path("files/#{ldap_type}/server_hieradata.yaml.erb", File.dirname(__FILE__)))} | ||
| let (:hieradata){ "#{common_hieradata}" + "\n#{server_hieradata}"} | ||
|
|
||
|
|
||
| let(:test_user_ldif) { ERB.new(File.read(File.expand_path("files/#{ldap_type}/add_users.ldif.erb",File.dirname(__FILE__)))).result(binding) } | ||
|
|
||
| it 'should install, openldap, and create users' do | ||
|
|
||
|
|
||
| server_manifest = <<-EOM | ||
| include 'simp_options' | ||
| include 'simp_openldap::server' | ||
| EOM | ||
|
|
||
| # Apply | ||
| set_hieradata_on(ldap_server, ERB.new(hieradata).result(binding), 'default') | ||
| apply_manifest_on(ldap_server, server_manifest, catch_failures: true) | ||
| apply_manifest_on(ldap_server, server_manifest, catch_failures: true) | ||
| apply_manifest_on(ldap_server, server_manifest, catch_changes: true) | ||
|
|
||
| end | ||
| it 'should create users on ldap server' do | ||
| # Create test.user | ||
| create_remote_file(ldap_server, '/root/user_ldif.ldif', test_user_ldif) | ||
|
|
||
| # Create test users from ldif | ||
| on(ldap_server, "ldapadd -D cn=LDAPAdmin,ou=People,#{base_dn} -H ldap://#{ldap_server} -w suP3rP@ssw0r! -x -Z -f /root/user_ldif.ldif") | ||
|
|
||
| result = on(ldap_server, "ldapsearch -LLL -Z -D cn=LDAPAdmin,ou=People,#{base_dn} -H ldap://#{ldap_server_fqdn} -w suP3rP@ssw0r! -x cn=radius") | ||
| expect(result.stdout).to include("dn: cn=radius,ou=Group,#{base_dn}") | ||
| result2 = on(ldap_server, "ldapsearch -LLL -Z -D cn=LDAPAdmin,ou=People,#{base_dn} -H ldap://#{ldap_server_fqdn} -w suP3rP@ssw0r! -x cn=radius1") | ||
| expect(result2.stdout).to include("dn: uid=radius1,ou=People,#{base_dn}") | ||
| end | ||
|
|
||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| require 'spec_helper_acceptance' | ||
|
|
||
| test_name 'freeradius class' | ||
|
|
||
| describe 'freeradius class' do | ||
|
|
||
| servers = hosts_with_role(hosts, 'server') | ||
| ldapserver = find_at_most_one_host_with_role(hosts,'389ds') # There can only be one. | ||
|
|
||
| let(:ldap_server_fqdn) {fact_on(ldapserver, 'fqdn')} | ||
| let(:ldap_type) {'389ds'} | ||
| let(:base_dn) { fact_on(ldapserver, 'domain').split('.').map{ |d| "DC=#{d}" }.join(',') } | ||
| let(:results_base_dn) { fact_on(ldapserver, 'domain').split('.').map{ |d| "dc=#{d}" }.join(',') } | ||
|
|
||
| let(:radiusserver_useldap_only_manifest) { | ||
| <<-EOR | ||
| # This class will set up the simp default site which allows only ldap | ||
| # authentication. Note: the ldap module is set up because | ||
| # freeradius::ldap = true. (see hieradata) | ||
| include 'freeradius' | ||
| include 'simp_openldap::client' | ||
| include 'freeradius::v3::modules::ldap' | ||
| include 'freeradius::v3::sites::ldap' | ||
| Class['simp_openldap::client'] -> Class['freeradius'] | ||
| Class['freeradius'] -> [Class['freeradius::v3::sites::ldap'],Class['freeradius::v3::modules::ldap']] | ||
| #setup a test user, localclient and remote client" | ||
| $_testuser = @("EOTU"/L) | ||
| Cleartext-Password := "password" | ||
| Reply-Message := "Hello World" | ||
| | EOTU | ||
| freeradius::v3::conf::user { 'testuser': | ||
| content => $_testuser | ||
| } | ||
| freeradius::v3::client { 'localhost': | ||
| ipaddr => '127.0.0.1', | ||
| secret => 'testing123', | ||
| require_message_authenticator => false, | ||
| nas_type => 'other', | ||
| } | ||
| EOR | ||
| } | ||
|
|
||
|
|
||
| let(:the_hieradata) { ERB.new(File.read(File.expand_path('files/common_hieradata.yaml.erb', File.dirname(__FILE__)))).result(binding) } | ||
|
|
||
| context 'set up radius server to use ldap only' do | ||
|
|
||
| servers.each do |server| | ||
| it 'should configure the radius server' do | ||
| set_hieradata_on(server, the_hieradata ) | ||
| apply_manifest_on(server,radiusserver_useldap_only_manifest, :catch_failures => true) | ||
| apply_manifest_on(server,radiusserver_useldap_only_manifest, :catch_failures => true) | ||
| apply_manifest_on(server,radiusserver_useldap_only_manifest, :catch_changes => true) | ||
| end | ||
|
|
||
| it 'should not authenticate testuser' do | ||
| result = on(server, "radtest testuser password localhost 0 testing123", :accept_all_exit_codes => true ) | ||
| expect(result.stdout).to include("Received Access-Reject") | ||
| end | ||
| it 'should authenticate ldap user' do | ||
| resultldap = on(server,"radtest radius1 suP3rP@ssw0r! localhost 0 testing123") | ||
| expect(resultldap.stdout).to include("Received Access-Accept") | ||
| end | ||
|
|
||
| end | ||
| end | ||
|
|
||
| end |
33 changes: 33 additions & 0 deletions
33
spec/acceptance/suites/default/files/389ds/add_testuser.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # ------------------------------------- | ||
| # Create Radius and not radius groups | ||
|
|
||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" posixgroup create --cn radius --gidNumber 10000 | ||
|
|
||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" posixgroup create --cn notradius --gidNumber 11000 | ||
|
|
||
| # ------------------------------------- | ||
| # Create radius user and add to radius group | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user create --cn radius1 --uid radius1 --displayName "Test User 1" --uidNumber 10000 --gidNumber 100 --homeDirectory /home/radius1 | ||
|
|
||
| #suP3rP@ssw0r! | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user modify radius1 add:userPassword:{SSHA}r2GaizHFWY8pcHpIClU0ye7vsO4uHv/y | ||
|
|
||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" posixgroup modify radius add:member:uid=radius1,ou=People,<%= base_dn %> | ||
|
|
||
| # ------------------------------------- | ||
| # Create radius user 2 and add to radius group | ||
|
|
||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user create --cn radius2 --uid radius2 --displayName "Test User 2" --uidNumber 10001 --gidNumber 100 --homeDirectory /home/radius2 | ||
|
|
||
| #suP3rP@ssw0r! | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user modify radius2 add:userPassword:{SSHA}r2GaizHFWY8pcHpIClU0ye7vsO4uHv/y | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" posixgroup modify radius add:member:uid=radius2,ou=People,<%= base_dn %> | ||
|
|
||
|
|
||
| # ------------------------------------- | ||
| # Create notradius user and add to notradius group | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user create --cn notradius --uid notradius --displayName "Non Radius Users" --uidNumber 11000 --gidNumber 11000 --homeDirectory /home/notradius | ||
|
|
||
| #suP3rP@ssw0r! | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" user modify notradius add:userPassword:{SSHA}r2GaizHFWY8pcHpIClU0ye7vsO4uHv/y | ||
| dsidm "<%= ds_root_name %>" -b "<%= base_dn %>" posixgroup modify notradius add:member:uid=notradius,ou=People,<%= base_dn %> |
1 change: 1 addition & 0 deletions
1
spec/acceptance/suites/default/files/389ds/server_hieradata.yaml.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| simp_ds389::instances::accounts::root_pw: <%= root_pw %> |
Oops, something went wrong.