sources/ldap: use openldap tests for entire sync

This commit is contained in:
Jens Langhammer 2021-02-05 14:29:22 +01:00
parent 9c1ade59e9
commit 478d3430eb
4 changed files with 104 additions and 35 deletions

View File

@ -24,31 +24,32 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
group_count = 0 group_count = 0
for group in groups: for group in groups:
attributes = group.get("attributes", {}) attributes = group.get("attributes", {})
group_dn = self._flatten(group.get("entryDN", ""))
if self._source.object_uniqueness_field not in attributes: if self._source.object_uniqueness_field not in attributes:
self._logger.warning( self._logger.warning(
"Cannot find uniqueness Field in attributes", "Cannot find uniqueness Field in attributes",
attributes=attributes.keys(), attributes=attributes.keys(),
dn=attributes.get(LDAP_DISTINGUISHED_NAME, ""), dn=group_dn,
) )
continue continue
uniq = attributes[self._source.object_uniqueness_field] uniq = attributes[self._source.object_uniqueness_field]
# TODO: Use Property Mappings
name = self._flatten(attributes.get("name", ""))
_, created = Group.objects.update_or_create( _, created = Group.objects.update_or_create(
**{ **{
f"attributes__{LDAP_UNIQUENESS}": uniq, f"attributes__{LDAP_UNIQUENESS}": uniq,
"parent": self._source.sync_parent_group, "parent": self._source.sync_parent_group,
"defaults": { "defaults": {
"name": attributes.get("name", ""), "name": name,
"attributes": { "attributes": {
LDAP_UNIQUENESS: uniq, LDAP_UNIQUENESS: uniq,
LDAP_DISTINGUISHED_NAME: attributes.get( LDAP_DISTINGUISHED_NAME: group_dn,
"distinguishedName"
),
}, },
}, },
} }
) )
self._logger.debug( self._logger.debug(
"Synced group", group=attributes.get("name", ""), created=created "Synced group", group=name, created=created
) )
group_count += 1 group_count += 1
return group_count return group_count

View File

@ -28,7 +28,7 @@ def mock_slapd_connection(password: str) -> Connection:
{ {
"name": "test-group", "name": "test-group",
"uid": "unique-test-group", "uid": "unique-test-group",
"objectClass": "group", "objectClass": "groupOfNames",
"member": ["cn=user0,ou=users,dc=goauthentik,dc=io"], "member": ["cn=user0,ou=users,dc=goauthentik,dc=io"],
}, },
) )
@ -37,7 +37,7 @@ def mock_slapd_connection(password: str) -> Connection:
"cn=group2,ou=groups,dc=goauthentik,dc=io", "cn=group2,ou=groups,dc=goauthentik,dc=io",
{ {
"name": "test-group", "name": "test-group",
"objectClass": "group", "objectClass": "groupOfNames",
}, },
) )
connection.strategy.add_entry( connection.strategy.add_entry(

View File

@ -37,12 +37,6 @@ class LDAPSyncTests(TestCase):
| Q(name__startswith="authentik default Active Directory Mapping") | Q(name__startswith="authentik default Active Directory Mapping")
) )
) )
print(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default Active Directory Mapping")
)
)
self.source.save() self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD)) connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection): with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):

View File

@ -1,6 +1,8 @@
"""LDAP Source tests""" """LDAP Source tests"""
from authentik.sources.ldap.tests.mock_slapd import mock_slapd_connection
from unittest.mock import PropertyMock, patch from unittest.mock import PropertyMock, patch
from django.db.models import Q
from django.test import TestCase from django.test import TestCase
from authentik.core.models import Group, User from authentik.core.models import Group, User
@ -14,8 +16,6 @@ from authentik.sources.ldap.tasks import ldap_sync_all
from authentik.sources.ldap.tests.mock_ad import mock_ad_connection from authentik.sources.ldap.tests.mock_ad import mock_ad_connection
LDAP_PASSWORD = generate_client_secret() LDAP_PASSWORD = generate_client_secret()
LDAP_CONNECTION_PATCH = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
class LDAPSyncTests(TestCase): class LDAPSyncTests(TestCase):
"""LDAP Sync tests""" """LDAP Sync tests"""
@ -29,28 +29,102 @@ class LDAPSyncTests(TestCase):
additional_user_dn="ou=users", additional_user_dn="ou=users",
additional_group_dn="ou=groups", additional_group_dn="ou=groups",
) )
self.source.property_mappings.set(LDAPPropertyMapping.objects.all())
self.source.save()
@patch("authentik.sources.ldap.models.LDAPSource.connection", LDAP_CONNECTION_PATCH) def test_sync_users_ad(self):
def test_sync_users(self):
"""Test user sync""" """Test user sync"""
user_sync = UserLDAPSynchronizer(self.source) self.source.property_mappings.set(
user_sync.sync() LDAPPropertyMapping.objects.filter(
self.assertTrue(User.objects.filter(username="user0_sn").exists()) Q(name__startswith="authentik default LDAP Mapping")
self.assertFalse(User.objects.filter(username="user1_sn").exists()) | Q(name__startswith="authentik default Active Directory Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
self.assertTrue(User.objects.filter(username="user0_sn").exists())
self.assertFalse(User.objects.filter(username="user1_sn").exists())
@patch("authentik.sources.ldap.models.LDAPSource.connection", LDAP_CONNECTION_PATCH) def test_sync_users_openldap(self):
def test_sync_groups(self): """Test user sync"""
self.source.object_uniqueness_field = "uid"
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default OpenLDAP Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_slapd_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
user_sync = UserLDAPSynchronizer(self.source)
user_sync.sync()
self.assertTrue(User.objects.filter(username="user0_sn").exists())
self.assertFalse(User.objects.filter(username="user1_sn").exists())
def test_sync_groups_ad(self):
"""Test group sync""" """Test group sync"""
group_sync = GroupLDAPSynchronizer(self.source) self.source.property_mappings.set(
group_sync.sync() LDAPPropertyMapping.objects.filter(
membership_sync = MembershipLDAPSynchronizer(self.source) Q(name__startswith="authentik default LDAP Mapping")
membership_sync.sync() | Q(name__startswith="authentik default Active Directory Mapping")
group = Group.objects.filter(name="test-group") )
self.assertTrue(group.exists()) )
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
group_sync = GroupLDAPSynchronizer(self.source)
group_sync.sync()
membership_sync = MembershipLDAPSynchronizer(self.source)
membership_sync.sync()
group = Group.objects.filter(name="test-group")
self.assertTrue(group.exists())
@patch("authentik.sources.ldap.models.LDAPSource.connection", LDAP_CONNECTION_PATCH) def test_sync_groups_openldap(self):
def test_tasks(self): """Test group sync"""
self.source.object_uniqueness_field = "uid"
self.source.group_object_filter = "(objectClass=groupOfNames)"
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default OpenLDAP Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_slapd_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
group_sync = GroupLDAPSynchronizer(self.source)
group_sync.sync()
membership_sync = MembershipLDAPSynchronizer(self.source)
membership_sync.sync()
group = Group.objects.filter(name="test-group")
self.assertTrue(group.exists())
def test_tasks_ad(self):
"""Test Scheduled tasks""" """Test Scheduled tasks"""
ldap_sync_all.delay().get() self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default Active Directory Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_ad_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
ldap_sync_all.delay().get()
def test_tasks_openldap(self):
"""Test Scheduled tasks"""
self.source.object_uniqueness_field = "uid"
self.source.group_object_filter = "(objectClass=groupOfNames)"
self.source.property_mappings.set(
LDAPPropertyMapping.objects.filter(
Q(name__startswith="authentik default LDAP Mapping")
| Q(name__startswith="authentik default OpenLDAP Mapping")
)
)
self.source.save()
connection = PropertyMock(return_value=mock_slapd_connection(LDAP_PASSWORD))
with patch("authentik.sources.ldap.models.LDAPSource.connection", connection):
ldap_sync_all.delay().get()