Skip to content
Snippets Groups Projects
Commit b52ceefe authored by Brian Major's avatar Brian Major
Browse files

s1890 - moved admin tests that connection to ldap to ac_ws

parent 80013b44
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cadcAccessControl-Admin/test/LdapConfig.properties deleted 100644 → 0
+ 0
48
View file @ 80013b44
###############################################################
#
# LDAP Connection and Pool Configuration
#
#
###############################################################
# Read-only connection pool
readOnly.servers = proc5-03.cadc.dao.nrc.ca
readOnly.poolInitSize = 1
readOnly.poolMaxSize = 2
readOnly.poolPolicy = roundRobin
readOnly.maxWait = 30000
readOnly.createIfNeeded = false
# Read-write connection pool
readWrite.servers = proc5-03.cadc.dao.nrc.ca
readWrite.poolInitSize = 1
readWrite.poolMaxSize = 2
readWrite.poolPolicy = roundRobin
readWrite.maxWait = 30000
readWrite.createIfNeeded = false
# Unbound-Read-only connection pool
unboundReadOnly.servers = proc5-03.cadc.dao.nrc.ca
unboundReadOnly.poolInitSize = 1
unboundReadOnly.poolMaxSize = 2
unboundReadOnly.poolPolicy = roundRobin
unboundReadOnly.maxWait = 30000
unboundReadOnly.createIfNeeded = false
# server configuration -- applies to all servers
dbrcHost = devLdap
port = 636
proxyUser = uid=webproxy,ou=SpecialUsers,dc=canfar,dc=net
usersDN = ou=Users,ou=ds,dc=canfar,dc=net
userRequestsDN = ou=userRequests,ou=ds,dc=canfar,dc=net
groupsDN = ou=Groups,ou=ds,dc=canfar,dc=net
adminGroupsDN = ou=adminGroups,ou=ds,dc=canfar,dc=net
# tree without aci's
#dbrcHost = devLdap
#port = 389
#proxyUser = uid=testproxy,ou=SpecialUsers,dc=testcanfar
#usersDN = ou=Users,ou=ds,dc=testcanfar
#userRequestsDN = ou=UserRequests,ou=ds,dc=testcanfar
#groupsDN = ou=Groups,ou=ds,dc=testcanfar
#adminGroupsDN = ou=adminGroups,ou=ds,dc=testcanfar
cadcAccessControl-Admin/test/src/ca/nrc/cadc/ac/admin/CommandRunnerTest.java deleted 100644 → 0
+ 0
207
View file @ 80013b44
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2015. (c) 2015.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
*
************************************************************************
*/
package ca.nrc.cadc.ac.admin;
import static org.easymock.EasyMock.createMock;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.expectLastCall;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.util.PropertiesReader;
@SuppressWarnings("unchecked")
public class CommandRunnerTest
{
final CmdLineParser mockParser = createMock(CmdLineParser.class);
final UserPersistence mockUserPersistence =
createMock(UserPersistence.class);
public CommandRunnerTest()
{
// Set the necessary JNDI system property for lookups.
System.setProperty("java.naming.factory.initial", ContextFactoryImpl.class.getName());
System.setProperty(PropertiesReader.class.getName() + ".dir", "./test/");
}
@Test
public void listUsers() throws Exception
{
final CommandRunner testSubject =
new CommandRunner(mockParser, mockUserPersistence);
final List<User> userData = new ArrayList<>();
final Principal p = new HttpPrincipal("TEST USER");
User u = new User();
u.getIdentities().add(p);
userData.add(u);
expect(mockParser.getCommand()).andReturn(new ListActiveUsers());
expect(mockUserPersistence.getUsers()).andReturn(userData).once();
replay(mockParser, mockUserPersistence);
testSubject.run();
verify(mockParser, mockUserPersistence);
}
@Test
public void listPendingUsers() throws Exception
{
final CommandRunner testSubject =
new CommandRunner(mockParser, mockUserPersistence);
final List<User> userData = new ArrayList<>();
User u = new User();
u.getIdentities().add(new HttpPrincipal("PENDING USER"));
userData.add(u);
expect(mockParser.getCommand()).andReturn(new ListPendingUsers());
expect(mockUserPersistence.getPendingUsers()).andReturn(userData).once();
replay(mockParser, mockUserPersistence);
testSubject.run();
verify(mockParser, mockUserPersistence);
}
@Test
public void viewUser() throws Exception
{
final CommandRunner testSubject =
new CommandRunner(mockParser, mockUserPersistence);
final HttpPrincipal principalData = new HttpPrincipal("TESTUSER");
final User userData = new User();
userData.getIdentities().add(principalData);
expect(mockParser.getCommand()).andReturn(new ViewUser("TESTUSER"));
expect(mockUserPersistence.getUser(principalData)).
andReturn(userData).once();
replay(mockParser, mockUserPersistence);
testSubject.run();
verify(mockParser, mockUserPersistence);
}
@Test
public void approveUser() throws Exception
{
final CommandRunner testSubject =
new CommandRunner(mockParser, mockUserPersistence);
final HttpPrincipal principalData = new HttpPrincipal("PENDINGUSER");
final User userData = new User();
userData.getIdentities().add(principalData);
expect(mockParser.getCommand()).andReturn(new ApproveUser("PENDINGUSER", "CN=DN"));
expect(mockUserPersistence.approvePendingUser(principalData)).andReturn(userData).once();
expect(mockUserPersistence.getUser(principalData)).andReturn(userData).once();
expect(mockUserPersistence.modifyUser(userData)).andReturn(null).once();
replay(mockParser, mockUserPersistence);
testSubject.run();
verify(mockParser, mockUserPersistence);
}
@Test
public void rejectUser() throws Exception
{
final CommandRunner testSubject =
new CommandRunner(mockParser, mockUserPersistence);
final HttpPrincipal principalData = new HttpPrincipal("PENDINGUSER");
expect(mockParser.getCommand()).andReturn(
new RejectUser("PENDINGUSER"));
mockUserPersistence.deletePendingUser(principalData);
expectLastCall().once();
replay(mockParser, mockUserPersistence);
testSubject.run();
verify(mockParser, mockUserPersistence);
}
}
cadcAccessControl-Admin/test/src/ca/nrc/cadc/ac/admin/UserAdminTest.java deleted 100644 → 0
+ 0
419
View file @ 80013b44
/*
************************************************************************
******************* CANADIAN ASTRONOMY DATA CENTRE *******************
************** CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES **************
*
* (c) 2014. (c) 2014.
* Government of Canada Gouvernement du Canada
* National Research Council Conseil national de recherches
* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
* All rights reserved Tous droits réservés
*
* NRC disclaims any warranties, Le CNRC dénie toute garantie
* expressed, implied, or énoncée, implicite ou légale,
* statutory, of any kind with de quelque nature que ce
* respect to the software, soit, concernant le logiciel,
* including without limitation y compris sans restriction
* any warranty of merchantability toute garantie de valeur
* or fitness for a particular marchande ou de pertinence
* purpose. NRC shall not be pour un usage particulier.
* liable in any event for any Le CNRC ne pourra en aucun cas
* damages, whether direct or être tenu responsable de tout
* indirect, special or general, dommage, direct ou indirect,
* consequential or incidental, particulier ou général,
* arising from the use of the accessoire ou fortuit, résultant
* software. Neither the name de l'utilisation du logiciel. Ni
* of the National Research le nom du Conseil National de
* Council of Canada nor the Recherches du Canada ni les noms
* names of its contributors may de ses participants ne peuvent
* be used to endorse or promote être utilisés pour approuver ou
* products derived from this promouvoir les produits dérivés
* software without specific prior de ce logiciel sans autorisation
* written permission. préalable et particulière
* par écrit.
*
* This file is part of the Ce fichier fait partie du projet
* OpenCADC project. OpenCADC.
*
* OpenCADC is free software: OpenCADC est un logiciel libre ;
* you can redistribute it and/or vous pouvez le redistribuer ou le
* modify it under the terms of modifier suivant les termes de
* the GNU Affero General Public la “GNU Affero General Public
* License as published by the License” telle que publiée
* Free Software Foundation, par la Free Software Foundation
* either version 3 of the : soit la version 3 de cette
* License, or (at your option) licence, soit (à votre gré)
* any later version. toute version ultérieure.
*
* OpenCADC is distributed in the OpenCADC est distribué
* hope that it will be useful, dans l’espoir qu’il vous
* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
* without even the implied GARANTIE : sans même la garantie
* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
* General Public License for Générale Publique GNU Affero
* more details. pour plus de détails.
*
* You should have received Vous devriez avoir reçu une
* a copy of the GNU Affero copie de la Licence Générale
* General Public License along Publique GNU Affero avec
* with OpenCADC. If not, see OpenCADC ; si ce n’est
* <http://www.gnu.org/licenses/>. pas le cas, consultez :
* <http://www.gnu.org/licenses/>.
*
* $Revision: 4 $
*
************************************************************************
*/
package ca.nrc.cadc.ac.admin;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.junit.BeforeClass;
import org.junit.Test;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.UserRequest;
import ca.nrc.cadc.ac.server.ldap.LdapConfig;
import ca.nrc.cadc.ac.server.ldap.LdapUserPersistence;
import ca.nrc.cadc.auth.DNPrincipal;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.util.Log4jInit;
import ca.nrc.cadc.util.PropertiesReader;
import ca.nrc.cadc.util.StringUtil;
public class UserAdminTest
{
private static final Logger log = Logger.getLogger(UserAdminTest.class);
private final OutputStream output = new ByteArrayOutputStream();
private final OutputStream error = new ByteArrayOutputStream();
static String testCert;
static LdapConfig config;
@BeforeClass
public static void setUpClass()
throws Exception
{
Log4jInit.setLevel("ca.nrc.cadc.ac", Level.INFO);
testCert = System.getProperty("user.dir")
+ "/build/test/class/cadcauthtest1.pem";
System.setProperty(PropertiesReader.class.getName() + ".dir", "./test/");
config = LdapConfig.getLdapConfig();
}
@Test
public void listUsers() throws Exception
{
String[] args = new String[] { "--list" };
doTest(args);
log.debug("number users found: " + output.toString());
assertTrue("output is empty", StringUtil.hasText(output.toString()));
}
@Test
public void listPendingUsers() throws Exception
{
String[] args = new String[] { "--list-pending" };
doTest(args);
log.debug("number pending users found: " + output.toString());
assertTrue("output is empty", StringUtil.hasText(output.toString()));
}
@Test
public void viewUser() throws Exception
{
String userID = getUserID();
boolean isPending = false;
addUser(userID, isPending);
String[] args = new String[] { "--view=" + userID };
doTest(args);
log.debug("output: " + output);
assertTrue("output is empty", StringUtil.hasText(output.toString()));
assertTrue("User ID not found in output.",
output.toString().contains(userID));
}
@Test
public void viewPendingUser() throws Exception
{
String userID = getUserID();
boolean isPending = true;
addUser(userID, isPending);
String[] args = new String[] { "--view=" + userID };
doTest(args);
log.debug("output: " + output);
assertTrue("output is empty", StringUtil.hasText(output.toString()));
assertTrue("User ID not found in output.",
output.toString().contains(userID));
}
@Test
public void viewPendingUserNotFound() throws Exception
{
String userID = "foo_" + System.currentTimeMillis();
String[] args = new String[] { "--view=" + userID };
doTest(args);
final String outputMessage = output.toString();
final String errorMessage = error.toString();
log.debug("output: " + outputMessage);
assertTrue(outputMessage.contains("not found"));
assertFalse("Should not have error (" + errorMessage + ")",
StringUtil.hasLength(errorMessage));
}
@Test
public void approvePendingUser() throws Exception
{
String userID = getUserID();
boolean isPending = true;
addUser(userID, isPending);
String[] args = new String[] { "--approve=" + userID,
"--dn=UID=" + userID + ",OU=Users,OU=ds,DC=testcanfar"};
doTest(args);
log.debug("output: " + output);
assertTrue("output is empty", StringUtil.hasText(output.toString()));
assertTrue("User not approved.",
output.toString().contains("was approved"));
// get deleted user
getUser(userID, true, false);
// get approved user
getUser(userID, false, true);
}
@Test
public void approvePendingUserNotFound() throws Exception
{
String userID = "foo_" + System.currentTimeMillis();
String[] args = new String[] { "--approve=" + userID,
"--dn=UID=" + userID + ",OU=Users,OU=ds,DC=testcanfar"};
doTest(args);
final String outputMessage = output.toString();
final String errorMessage = error.toString();
log.debug("output: " + outputMessage);
assertTrue(outputMessage.contains("not find pending user"));
assertFalse("Should not have error (" + errorMessage + ")",
StringUtil.hasLength(errorMessage));
}
@Test
public void rejectPendingUser() throws Exception
{
String userID = getUserID();
boolean isPending = true;
addUser(userID, isPending);
String[] args = new String[] { "--reject=" + userID };
doTest(args);
final String outputMessage = output.toString();
final String errorMessage = error.toString();
log.debug("output: " + outputMessage);
assertTrue("Should contain was rejected.",
outputMessage.contains("was rejected"));
assertFalse("Should not have error (" + errorMessage + ")",
StringUtil.hasLength(errorMessage));
getUser(userID, isPending, false);
}
@Test
public void rejectPendingUserNotFound() throws Exception
{
String userID = "foo_" + System.currentTimeMillis();
String[] args = new String[] { "--reject=" + userID };
doTest(args);
final String outputMessage = output.toString();
final String errorMessage = error.toString();
log.debug("output: " + outputMessage);
assertTrue(outputMessage.contains("not found"));
assertFalse("Should not have error (" + errorMessage + ")",
StringUtil.hasLength(errorMessage));
}
String getUserID()
{
return "CadcAdminIntTestUser-" + System.currentTimeMillis();
}
void doTest(String[] args) throws Exception
{
final String[] programArgs = new String[args.length + 1];
System.arraycopy(args, 0, programArgs, 0, args.length);
programArgs[programArgs.length - 1] = "--cert=" + testCert;
final Main testSubject = new Main(new PrintStream(output),
new PrintStream(error));
testSubject.execute(programArgs);
}
void addUser(final String username, final boolean isPending)
throws UserAlreadyExistsException, TransientException,
PrivilegedActionException
{
final HttpPrincipal userID = new HttpPrincipal(username);
String dn = "uid=" + username + "," + config.getUsersDN();
X500Principal x500Principal = new X500Principal(dn);
final User expected = new User();
expected.getIdentities().add(userID);
expected.getIdentities().add(userID);
expected.getIdentities().add(x500Principal);
PersonalDetails pd = new PersonalDetails("foo", "bar");
pd.email = username + "@canada.ca";
expected.personalDetails = pd;
final UserRequest userRequest =
new UserRequest(expected, "123456".toCharArray());
Subject subject = new Subject();
subject.getPrincipals().add(userID);
subject.getPrincipals().add(getDNPrincipal(username, isPending));
PrivilegedExceptionAction<Object> action =
new PrivilegedExceptionAction<Object>()
{
public Object run()
throws Exception
{
try
{
final LdapUserPersistence userDAO = getUserPersistence();
if (isPending)
{
userDAO.addPendingUser(userRequest);
log.debug("added pending user: " + username);
}
else
{
userDAO.addUser(userRequest);
log.debug("added user: " + username);
}
return null;
}
catch (Exception e)
{
log.error("Exception adding user: " + e.getMessage());
throw new Exception("Problems", e);
}
}
};
Subject.doAs(subject, action);
}
User getUser(final String username, final boolean isPending,
final boolean expectedFound)
throws PrivilegedActionException
{
final HttpPrincipal userID = new HttpPrincipal(username);
Subject subject = new Subject();
subject.getPrincipals().add(userID);
subject.getPrincipals().add(getDNPrincipal(username, isPending));
PrivilegedExceptionAction<User> action =
new PrivilegedExceptionAction<User>()
{
public User run()
throws Exception
{
try
{
final LdapUserPersistence userDAO = getUserPersistence();
if (isPending)
{
return userDAO.getPendingUser(userID);
}
else
{
return userDAO.getUser(userID);
}
}
catch (UserNotFoundException e)
{
if (expectedFound)
{
throw e;
}
}
return null;
}
};
return Subject.doAs(subject, action);
}
<T extends Principal> LdapUserPersistence getUserPersistence()
{
System.setProperty("java.naming.factory.initial", ContextFactoryImpl.class.getName());
return new LdapUserPersistence();
}
DNPrincipal getDNPrincipal(final String username, final boolean isPending)
{
String entryDN = "uid=" + username + ",";
if (isPending)
{
entryDN = entryDN + config.getUserRequestsDN();
}
else
{
entryDN = entryDN + config.getUsersDN();
}
return new DNPrincipal(entryDN);
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment