add rdn test cases

cognifloyd · cognifloyd · commit edb6a795f168 · 2024-10-22T11:44:22.000-05:00
diff --git a/tests/unit/test_backend.py b/tests/unit/test_backend.py
@@ -21,6 +21,8 @@
 import mock
 import unittest
 
+import pytest
+
 from st2auth_ldap import ldap_backend
 
 
@@ -30,6 +32,10 @@
 LDAP_BIND_DN = 'cn=Administrator,cn=users,dc=stackstorm,dc=net'
 LDAP_BIND_PASSWORD = uuid.uuid4().hex
 LDAP_GROUP_DNS = ['cn=testers,dc=stackstorm,dc=net']
+LDAP_GROUP_DNS_CASES = (
+    pytest.param(LDAP_GROUP_DNS, id="group_fqdn"),
+    pytest.param(['cn=testers'], id="group_rdn"),
+)
 LDAP_CACERT = '../fixtures/certs/cacert.pem'
 LDAP_CACERT_REAL_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), LDAP_CACERT)
 LDAP_BASE_OU = 'dc=stackstorm,dc=net'
@@ -102,12 +108,13 @@ def test_instantaite_no_group_dns_provided(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_authenticate(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -121,12 +128,13 @@ def test_authenticate(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_authenticate_with_multiple_ldap_hosts(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate_with_multiple_ldap_hosts(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_MULTIPLE_HOSTS,
             id_attr=LDAP_ID_ATTR
         )
@@ -140,12 +148,13 @@ def test_authenticate_with_multiple_ldap_hosts(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_authenticate_without_password(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate_without_password(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -156,12 +165,13 @@ def test_authenticate_without_password(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'simple_bind_s',
         mock.MagicMock(side_effect=Exception()))
-    def test_authenticate_failure_bad_bind_cred(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate_failure_bad_bind_cred(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -175,12 +185,13 @@ def test_authenticate_failure_bad_bind_cred(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_authenticate_failure_bad_user_password(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate_failure_bad_user_password(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -194,13 +205,14 @@ def test_authenticate_failure_bad_user_password(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, []]))
-    def test_authenticate_failure_non_group_member_no_groups(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticate_failure_non_group_member_no_groups(self, required_group_dns):
         # User is not member of any of the required group
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR,
             group_dns_check='and'
@@ -213,7 +225,7 @@ def test_authenticate_failure_non_group_member_no_groups(self):
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR,
             group_dns_check='or'
@@ -229,13 +241,14 @@ def test_authenticate_failure_non_group_member_no_groups(self):
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT,
                        [('cn=group1,dc=stackstorm,dc=net', ())]]))
-    def test_authenticatefailure_non_group_member_non_required_group(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_authenticatefailure_non_group_member_non_required_group(self, required_group_dns):
         # User is member of a group which is not required
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR,
             group_dns_check='and'
@@ -248,7 +261,7 @@ def test_authenticatefailure_non_group_member_non_required_group(self):
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR,
             group_dns_check='or'
@@ -576,12 +589,13 @@ def test_authenticate_or_behavior_success_member_of_multiple_groups_3b(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_ssl_authenticate(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_ssl_authenticate(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             port=LDAPS_PORT,
             use_ssl=True,
@@ -597,12 +611,13 @@ def test_ssl_authenticate(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_ssl_authenticate_failure(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_ssl_authenticate_failure(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             port=LDAPS_PORT,
             use_ssl=True,
@@ -618,12 +633,13 @@ def test_ssl_authenticate_failure(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_ssl_authenticate_validate_cert(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_ssl_authenticate_validate_cert(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             port=LDAPS_PORT,
             use_ssl=True,
@@ -643,12 +659,13 @@ def test_ssl_authenticate_validate_cert(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_tls_authenticate(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_tls_authenticate(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             use_tls=True,
             id_attr=LDAP_ID_ATTR
@@ -666,12 +683,13 @@ def test_tls_authenticate(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_tls_authenticate_failure(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_tls_authenticate_failure(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             use_tls=True,
             id_attr=LDAP_ID_ATTR
@@ -689,12 +707,13 @@ def test_tls_authenticate_failure(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_tls_authenticate_validate_cert(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_tls_authenticate_validate_cert(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             use_tls=True,
             cacert=LDAP_CACERT_REAL_PATH,
@@ -710,13 +729,14 @@ def test_tls_authenticate_validate_cert(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, []]))
-    def test_special_characters_in_username_are_escaped(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_special_characters_in_username_are_escaped(self, required_group_dns):
         # User is not member of any of the required group
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -753,12 +773,13 @@ def test_special_characters_in_username_are_escaped(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_get_user(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_get_user(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -775,12 +796,13 @@ def test_get_user(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[2 * LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_get_user_multiple_results(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_get_user_multiple_results(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
@@ -794,12 +816,13 @@ def test_get_user_multiple_results(self):
     @mock.patch.object(
         ldap.ldapobject.SimpleLDAPObject, 'search_s',
         mock.MagicMock(side_effect=[LDAP_USER_SEARCH_RESULT, LDAP_GROUP_SEARCH_RESULT]))
-    def test_get_user_groups(self):
+    @pytest.mark.parametrize("required_group_dns", LDAP_GROUP_DNS_CASES)
+    def test_get_user_groups(self, required_group_dns):
         backend = ldap_backend.LDAPAuthenticationBackend(
             LDAP_BIND_DN,
             LDAP_BIND_PASSWORD,
             LDAP_BASE_OU,
-            LDAP_GROUP_DNS,
+            required_group_dns,
             LDAP_HOST,
             id_attr=LDAP_ID_ATTR
         )
