kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 23:08:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
tests/unit/roles/service-openldap/__init__.py Normal file
View File

98
tests/unit/roles/service-openldap/test_build_ldap_role_entries.py Normal file
View File

@@ -0,0 +1,98 @@
import unittest
import sys
import os
import importlib.util
# Dynamisch den Filter-Plugin Pfad hinzufügen
current_dir = os.path.dirname(__file__)
filter_plugin_path = os.path.abspath(os.path.join(current_dir, "../../../../roles/service-openldap/filter_plugins"))
# Modul dynamisch laden
spec = importlib.util.spec_from_file_location("build_ldap_role_entries", os.path.join(filter_plugin_path, "build_ldap_role_entries.py"))
ble_module = importlib.util.module_from_spec(spec)
spec.loader.exec_module(ble_module)
build_ldap_role_entries = ble_module.build_ldap_role_entries
class TestBuildLdapRoleEntries(unittest.TestCase):
def setUp(self):
self.applications = {
"app1": {
"group_id": 10000,
"rbac": {
"roles": {
"editor": {"description": "Can edit content"},
"viewer": {"description": "Can view content"}
}
}
}
}
self.users = {
"alice": {
"roles": ["editor", "administrator"]
},
"bob": {
"roles": ["viewer"]
},
"carol": {
"roles": []
}
}
self.ldap = {
"dn": {
"ou": {
"users": "ou=users,dc=example,dc=org",
"roles": "ou=roles,dc=example,dc=org"
}
},
"user":{
"attributes": {
"id": "uid"
}
},
"rbac": {
"flavors": ["posixGroup", "groupOfNames"]
}
}
def test_entries_structure(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
expected_dns = {
"cn=app1-editor,ou=roles,dc=example,dc=org",
"cn=app1-viewer,ou=roles,dc=example,dc=org",
"cn=app1-administrator,ou=roles,dc=example,dc=org"
}
self.assertEqual(set(entries.keys()), expected_dns)
def test_posix_group_members(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
editor = entries["cn=app1-editor,ou=roles,dc=example,dc=org"]
self.assertEqual(editor["gidNumber"], 10000)
self.assertIn("memberUid", editor)
self.assertIn("alice", editor["memberUid"])
def test_group_of_names_members(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
viewer = entries["cn=app1-viewer,ou=roles,dc=example,dc=org"]
expected_dn = "uid=bob,ou=users,dc=example,dc=org"
self.assertIn("member", viewer)
self.assertIn(expected_dn, viewer["member"])
def test_administrator_auto_included(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
admin = entries["cn=app1-administrator,ou=roles,dc=example,dc=org"]
self.assertEqual(admin["description"], "Has full administrative access: manage themes, plugins, settings, and users")
self.assertIn("alice", admin.get("memberUid", []))
def test_empty_roles_are_skipped(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
for entry in entries.values():
if entry["cn"].endswith("-viewer"):
self.assertNotIn("carol", entry.get("memberUid", []))
if __name__ == "__main__":
unittest.main()