/
LdapIntegrationSuite.scala
221 lines (196 loc) · 8.38 KB
/
LdapIntegrationSuite.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
/*
* This file is part of ReadonlyREST.
*
* ReadonlyREST is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* ReadonlyREST is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with ReadonlyREST. If not, see http://www.gnu.org/licenses/
*/
package tech.beshu.ror.integration.suites
import org.scalatest.matchers.should.Matchers
import org.scalatest.wordspec.AnyWordSpec
import tech.beshu.ror.integration.suites.base.support.BaseSingleNodeEsClusterTest
import tech.beshu.ror.integration.utils.{ESVersionSupportForAnyWordSpecLike, SingletonLdapContainers}
import tech.beshu.ror.utils.containers.dependencies.ldap
import tech.beshu.ror.utils.containers.{DependencyDef, ElasticsearchNodeDataInitializer, EsContainerCreator}
import tech.beshu.ror.utils.elasticsearch.{DocumentManager, IndexManager}
import tech.beshu.ror.utils.httpclient.RestClient
trait LdapIntegrationSuite
extends AnyWordSpec
with BaseSingleNodeEsClusterTest
with ESVersionSupportForAnyWordSpecLike
with Matchers {
this: EsContainerCreator =>
override implicit val rorConfigFileName = "/ldap_integration/readonlyrest.yml"
override def nodeDataInitializer: Option[ElasticsearchNodeDataInitializer] = Some(LdapIntegrationSuite.nodeDataInitializer())
override def clusterDependencies: List[DependencyDef] = List(
ldap(name = "LDAP1", SingletonLdapContainers.ldap1),
ldap(name = "LDAP2", SingletonLdapContainers.ldap2)
)
private lazy val cartmanIndexManager = new IndexManager(basicAuthClient("cartman", "user2"), esVersionUsed)
private lazy val chandlerIndexManager = new IndexManager(basicAuthClient("bong", "user1"), esVersionUsed)
private lazy val morganIndexManager = new IndexManager(basicAuthClient("morgan", "user1"), esVersionUsed)
private lazy val bilboIndexManager = new IndexManager(basicAuthClient("Bìlbö Bággįnš", "user2"), esVersionUsed)
private lazy val jesusIndexManager = new IndexManager(basicAuthClient("jesus", "user1"), esVersionUsed)
private lazy val allahIndexManager = new IndexManager(basicAuthClient("allah", "user2"), esVersionUsed)
private def indexManagerWithHeader(client: RestClient, header: (String, String)) =
new IndexManager(client, esVersionUsed, additionalHeaders = Map(header))
"Test1 index" can {
"be seen" when {
"users, which belong to group1, request it" when {
"no current group is sent" in {
val cartmanResult = cartmanIndexManager.getIndex("test1")
cartmanResult.responseCode should be(200)
val chandlerResult = chandlerIndexManager.getIndex("test1")
chandlerResult.responseCode should be(200)
}
"current group is sent in ROR header" when {
"the group is group1" in {
val indexManager = indexManagerWithHeader(
basicAuthClient("cartman", "user2"),
"x-ror-current-group" -> "group1"
)
val result = indexManager.getIndex("test1")
result.responseCode should be(200)
}
"the group is group3" in {
val indexManager = indexManagerWithHeader(
basicAuthClient("cartman", "user2"),
"x-ror-current-group" -> "group3"
)
val result = indexManager.getIndex("test1")
result.responseCode should be(200)
}
}
"current group is sent in authorization header metadata" in {
val indexManager = indexManagerWithHeader(
noBasicAuthClient,
"Authorization" -> "Basic Y2FydG1hbjp1c2VyMg==, ror_metadata=eyJoZWFkZXJzIjpbIngtcm9yLWN1cnJlbnQtZ3JvdXA6Z3JvdXAxIiwgImhlYWRlcjE6eHl6Il19"
)
val result = indexManager.getIndex("test1")
result.responseCode should be(200)
}
}
}
"not be seen" when {
"users, which don't belong to group1, request it" in {
val response = bilboIndexManager.getIndex("test1")
response.responseCode should be(404)
}
"user cannot be authenticated" in {
val indexManager = new IndexManager(basicAuthClient("cartman", "wrong_password"), esVersionUsed)
val response = indexManager.getIndex("test1")
response.responseCode should be(403)
}
}
}
"Test2 index" can {
"be seen" when {
"users, which belong to group4, request it" in {
val cartmanResult = cartmanIndexManager.getIndex("test2")
cartmanResult.responseCode should be(200)
val chandlerResult = chandlerIndexManager.getIndex("test2")
chandlerResult.responseCode should be(200)
val morganResult = morganIndexManager.getIndex("test2")
morganResult.responseCode should be(200)
}
}
}
"Test3 index" can {
"be seen" when {
"users, which belong to local_group1, request it" when {
"no current group is sent" in {
val cartmanResult = cartmanIndexManager.getIndex("test3")
cartmanResult.responseCode should be(200)
val bilboResult = bilboIndexManager.getIndex("test3")
bilboResult.responseCode should be(200)
}
"current group is sent in ROR header" when {
"the group is local_group1" in {
val indexManager = indexManagerWithHeader(
basicAuthClient("cartman", "user2"),
"x-ror-current-group" -> "local_group1"
)
val result = indexManager.getIndex("test3")
result.responseCode should be(200)
}
"the group is local_group3" in {
val indexManager = indexManagerWithHeader(
basicAuthClient("cartman", "user2"),
"x-ror-current-group" -> "local_group3"
)
val result = indexManager.getIndex("test3")
result.responseCode should be(200)
}
}
}
}
"not be seen" when {
"users, which don't belong to local_group1, request it" in {
val result = chandlerIndexManager.getIndex("test3")
result.responseCode should be(404)
}
}
}
"Test4 index" can {
"be seen" when {
"users, which belong to local_group2, request it" in {
val result = morganIndexManager.getIndex("test4")
result.responseCode should be(200)
}
}
"not be seen" when {
"users, which don't belong to local_group2, request it" in {
val result = cartmanIndexManager.getIndex("test4")
result.responseCode should be(404)
}
}
}
"Test 5 index" can {
"be seen" when {
"god is worshiped in europe" in {
val result = jesusIndexManager.getIndex("test5")
result.responseCode should be(200)
}
}
"Test6 index" can {
"be seen" when {
"users, which belong to group2 AND group3, request it" in {
val result = morganIndexManager.getIndex("test6")
result.responseCode should be(200)
}
}
"not be seen" when {
"users, which don't belong to group2 AND group3, request it" in {
val result = cartmanIndexManager.getIndex("test6")
result.responseCode should be(404)
}
}
}
"not be seen" when {
"god is not worshiped in europe" in {
val result = allahIndexManager.getIndex("test5")
result.responseCode should be(403)
}
}
}
}
object LdapIntegrationSuite {
private def nodeDataInitializer(): ElasticsearchNodeDataInitializer = (esVersion, adminRestClient: RestClient) => {
val documentManager = new DocumentManager(adminRestClient, esVersion)
documentManager.createDoc("test1", 1, ujson.read("""{"hello":"world"}""")).force()
documentManager.createDoc("test2", 1, ujson.read("""{"hello":"world"}""")).force()
documentManager.createDoc("test3", 1, ujson.read("""{"hello":"world"}""")).force()
documentManager.createDoc("test4", 1, ujson.read("""{"hello":"world"}""")).force()
documentManager.createDoc("test5", 1, ujson.read("""{"hello":"world"}""")).force()
documentManager.createDoc("test6", 1, ujson.read("""{"hello":"world"}""")).force()
}
}