kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 23:08:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb66fb2978680be0741bfdbcb69cbd26667ab757
computer-playbook/tests/unit/roles/svc-db-openldap/test_build_ldap_role_entries.py
Kevin Veen-Birkenbach cb66fb2978 Refactor LDAP variable schema to use top-level constant LDAP and nested ALL-CAPS keys. 
- Converted group_vars/all/13_ldap.yml from lower-case to ALL-CAPS nested keys.
- Updated all roles, tasks, templates, and filter_plugins to reference LDAP.* instead of ldap.*.
- Fixed Keycloak JSON templates to properly quote Jinja variables.
- Adjusted svc-db-openldap filter plugins and unit tests to handle new LDAP structure.
- Updated integration test to only check uniqueness of TOP-LEVEL ALL-CAPS constants, ignoring nested keys.

See: https://chatgpt.com/share/68b01017-efe0-800f-a508-7d7e2f1c8c8d
2025-08-28 10:15:48 +02:00

99 lines
3.4 KiB
Python
Raw Blame History

import unittest
import sys
import os
import importlib.util
# Dynamisch den Filter-Plugin Pfad hinzufügen
current_dir = os.path.dirname(__file__)
filter_plugin_path = os.path.abspath(os.path.join(current_dir, "../../../../roles/svc-db-openldap/filter_plugins"))
# Modul dynamisch laden
spec = importlib.util.spec_from_file_location("build_ldap_role_entries", os.path.join(filter_plugin_path, "build_ldap_role_entries.py"))
ble_module = importlib.util.module_from_spec(spec)
spec.loader.exec_module(ble_module)
build_ldap_role_entries = ble_module.build_ldap_role_entries
class TestBuildLdapRoleEntries(unittest.TestCase):
def setUp(self):
self.applications = {
"app1": {
"group_id": 10000,
"rbac": {
"roles": {
"editor": {"description": "Can edit content"},
"viewer": {"description": "Can view content"}
}
}
}
}
self.users = {
"alice": {
"roles": ["editor", "administrator"]
},
"bob": {
"roles": ["viewer"]
},
"carol": {
"roles": []
}
}
self.ldap = {
"DN": {
"OU": {
"USERS": "ou=users,dc=example,dc=org",
"ROLES": "ou=roles,dc=example,dc=org"
}
},
"USER":{
"ATTRIBUTES": {
"ID": "uid"
}
},
"RBAC": {
"FLAVORS": ["posixGroup", "groupOfNames"]
}
}
def test_entries_structure(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
expected_dns = {
"cn=app1-editor,ou=roles,dc=example,dc=org",
"cn=app1-viewer,ou=roles,dc=example,dc=org",
"cn=app1-administrator,ou=roles,dc=example,dc=org"
}
self.assertEqual(set(entries.keys()), expected_dns)
def test_posix_group_members(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
editor = entries["cn=app1-editor,ou=roles,dc=example,dc=org"]
self.assertEqual(editor["gidNumber"], 10000)
self.assertIn("memberUid", editor)
self.assertIn("alice", editor["memberUid"])
def test_group_of_names_members(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
viewer = entries["cn=app1-viewer,ou=roles,dc=example,dc=org"]
expected_dn = "uid=bob,ou=users,dc=example,dc=org"
self.assertIn("member", viewer)
self.assertIn(expected_dn, viewer["member"])
def test_administrator_auto_included(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
admin = entries["cn=app1-administrator,ou=roles,dc=example,dc=org"]
self.assertEqual(admin["description"], "Has full administrative access: manage themes, plugins, settings, and users")
self.assertIn("alice", admin.get("memberUid", []))
def test_empty_roles_are_skipped(self):
entries = build_ldap_role_entries(self.applications, self.users, self.ldap)
for entry in entries.values():
if entry["cn"].endswith("-viewer"):
self.assertNotIn("carol", entry.get("memberUid", []))
if __name__ == "__main__":
unittest.main()
Reference in New Issue View Git Blame Copy Permalink