diff --git a/spec/classes/config/global/auth_spec.rb b/spec/classes/config/global/auth_spec.rb index 76e774ae4..c51e68b64 100644 --- a/spec/classes/config/global/auth_spec.rb +++ b/spec/classes/config/global/auth_spec.rb @@ -136,6 +136,123 @@ end end + describe 'ldap force_binding_use_root' do + context 'by default' do + let(:params) do + { + auth_types: %w[ldap], + } + end + + it { is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content(%r{forceBindingLoginUseRootContextForRoles="false"}) } + end + + context 'when set' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { + 'ldap' => { + 'force_binding_use_root' => true, + } + } + } + end + + it { is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content(%r{forceBindingLoginUseRootContextForRoles="true"}) } + end + end + + describe 'when ldap and set bind_dn' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { 'ldap' => { 'bind_dn' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{bindDn="toto"} + ) + end + end + + describe 'when ldap and set bind_password' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { 'ldap' => { 'bind_password' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{bindPassword="toto"} + ) + end + end + + describe 'when pam and clear_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'clear_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{clearPass="toto"} + ) + end + end + + describe 'when pam and try_first_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'try_first_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{tryFirstPass="toto"} + ) + end + end + + describe 'when pam and use_first_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'use_first_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{useFirstPass="toto"} + ) + end + end + + describe 'when pam and use_unix_groups' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'use_unix_groups' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{useUnixGroups="toto"} + ) + end + end + describe 'with multiauth active_directory and file auth users array' do let(:params) do { diff --git a/templates/_auth_ldap.erb b/templates/_auth_ldap.erb index b9de2f746..049c78103 100644 --- a/templates/_auth_ldap.erb +++ b/templates/_auth_ldap.erb @@ -14,13 +14,11 @@ provider_url = providerUrl="<%= provider_url %>" authenticationMethod="simple" forceBindingLogin="<%= @auth_config['ldap']['force_binding'] %>" -<%- if @auth_config['ldap']['force_binding_use_root'] != :undef -%> forceBindingLoginUseRootContextForRoles="<%= @auth_config['ldap']['force_binding_use_root'] %>" -<%- end -%> -<%- if @auth_config['ldap']['bind_dn'] != :undef -%> +<%- if !@auth_config['ldap']['bind_dn'].nil? && @auth_config['ldap']['bind_dn'] != :undef -%> bindDn="<%= @auth_config['ldap']['bind_dn']%>" <%- end -%> -<%- if @auth_config['ldap']['bind_password'] != :undef -%> +<%- if !@auth_config['ldap']['bind_password'].nil? && @auth_config['ldap']['bind_password'] != :undef -%> bindPassword="<%= @auth_config['ldap']['bind_password']%>" <%- end -%> userBaseDn="<%= @auth_config['ldap']['user_base_dn'] %>" diff --git a/templates/_auth_pam.erb b/templates/_auth_pam.erb index ee9f4a73a..e50d4c12c 100644 --- a/templates/_auth_pam.erb +++ b/templates/_auth_pam.erb @@ -2,16 +2,16 @@ org.rundeck.jaas.jetty.JettyPamLoginModule requisite debug="true" service="<%= @auth_config['pam']['service'] %>" supplementalRoles="<%= @auth_config['pam']['supplemental_roles'].join(',') %>" -<%- if @auth_config['pam']['clear_pass'] != :undef -%> +<%- if !@auth_config['pam']['clear_pass'].nil? && @auth_config['pam']['clear_pass'] != :undef -%> clearPass="<%= @auth_config['pam']['clear_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['try_first_pass'] != :undef -%> +<%- if !@auth_config['pam']['try_first_pass'].nil? && @auth_config['pam']['try_first_pass'] != :undef -%> tryFirstPass="<%= @auth_config['pam']['try_first_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['use_first_pass'] != :undef -%> +<%- if !@auth_config['pam']['use_first_pass'].nil? && @auth_config['pam']['use_first_pass'] != :undef -%> useFirstPass="<%= @auth_config['pam']['use_first_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['use_unix_groups'] != :undef -%> +<%- if !@auth_config['pam']['use_unix_groups'].nil? && @auth_config['pam']['use_unix_groups'] != :undef -%> useUnixGroups="<%= @auth_config['pam']['use_unix_groups'] %>" <%- end -%> storePass="<%= @auth_config['pam']['store_pass'] %>";