From 5a6cc337a1e41ead6d241f882f6f575d1fa614c1 Mon Sep 17 00:00:00 2001 From: fe80 Date: Sat, 20 Nov 2021 16:49:31 +0100 Subject: [PATCH 1/3] fix undef variable check puppet6 --- templates/_auth_ldap.erb | 6 +++--- templates/_auth_pam.erb | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/templates/_auth_ldap.erb b/templates/_auth_ldap.erb index b9de2f746..8c377f567 100644 --- a/templates/_auth_ldap.erb +++ b/templates/_auth_ldap.erb @@ -14,13 +14,13 @@ provider_url = providerUrl="<%= provider_url %>" authenticationMethod="simple" forceBindingLogin="<%= @auth_config['ldap']['force_binding'] %>" -<%- if @auth_config['ldap']['force_binding_use_root'] != :undef -%> +<%- if !@auth_config['ldap']['force_binding_use_root'].nil? && @auth_config['ldap']['force_binding_use_root'] != :undef -%> forceBindingLoginUseRootContextForRoles="<%= @auth_config['ldap']['force_binding_use_root'] %>" <%- end -%> -<%- if @auth_config['ldap']['bind_dn'] != :undef -%> +<%- if !@auth_config['ldap']['bind_dn'].nil? && @auth_config['ldap']['bind_dn'] != :undef -%> bindDn="<%= @auth_config['ldap']['bind_dn']%>" <%- end -%> -<%- if @auth_config['ldap']['bind_password'] != :undef -%> +<%- if !@auth_config['ldap']['bind_password'].nil? && @auth_config['ldap']['bind_password'] != :undef -%> bindPassword="<%= @auth_config['ldap']['bind_password']%>" <%- end -%> userBaseDn="<%= @auth_config['ldap']['user_base_dn'] %>" diff --git a/templates/_auth_pam.erb b/templates/_auth_pam.erb index ee9f4a73a..512ec5fdc 100644 --- a/templates/_auth_pam.erb +++ b/templates/_auth_pam.erb @@ -2,16 +2,16 @@ org.rundeck.jaas.jetty.JettyPamLoginModule requisite debug="true" service="<%= @auth_config['pam']['service'] %>" supplementalRoles="<%= @auth_config['pam']['supplemental_roles'].join(',') %>" -<%- if @auth_config['pam']['clear_pass'] != :undef -%> +<%- if !@auth_config['pam']['clear_pass'].nil? && @auth_config['pam']['clear_pass'] != :undef -%> clearPass="<%= @auth_config['pam']['clear_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['try_first_pass'] != :undef -%> +<%- if !@auth_config['pam']['try_first_pass'].nil? && @auth_config['pam']['try_first_pass'] != :undef -%> tryFirstPass="<%= @auth_config['pam']['try_first_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['use_first_pass'] != :undef -%> +<%- if !@auth_config['pam']['use_first_pass'].nil? && @auth_config['pam']['use_first_pass'] != :undef -%> useFirstPass="<%= @auth_config['pam']['use_first_pass'] %>" <%- end -%> -<%- if @auth_config['pam']['use_unix_groups'] != :undef -%> +<%- if !@auth_config['pam']['use_unix_groups'] && @auth_config['pam']['use_unix_groups'] != :undef -%> useUnixGroups="<%= @auth_config['pam']['use_unix_groups'] %>" <%- end -%> storePass="<%= @auth_config['pam']['store_pass'] %>"; From 60dd95f19efeb5c9201499e2d5f9f43ffac2ac2f Mon Sep 17 00:00:00 2001 From: Alexander Fisher Date: Sun, 21 Nov 2021 11:16:50 +0000 Subject: [PATCH 2/3] Add `ldap` `force_binding_use_root` test Since _this_ parameter actually defaults to `false` and not `undef` the template doesn't need the conditional. --- spec/classes/config/global/auth_spec.rb | 27 +++++++++++++++++++++++++ templates/_auth_ldap.erb | 2 -- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/spec/classes/config/global/auth_spec.rb b/spec/classes/config/global/auth_spec.rb index 76e774ae4..6d91069d5 100644 --- a/spec/classes/config/global/auth_spec.rb +++ b/spec/classes/config/global/auth_spec.rb @@ -136,6 +136,33 @@ end end + describe 'ldap force_binding_use_root' do + context 'by default' do + let(:params) do + { + auth_types: %w[ldap], + } + end + + it { is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content(%r{forceBindingLoginUseRootContextForRoles="false"}) } + end + + context 'when set' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { + 'ldap' => { + 'force_binding_use_root' => true, + } + } + } + end + + it { is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content(%r{forceBindingLoginUseRootContextForRoles="true"}) } + end + end + describe 'with multiauth active_directory and file auth users array' do let(:params) do { diff --git a/templates/_auth_ldap.erb b/templates/_auth_ldap.erb index 8c377f567..049c78103 100644 --- a/templates/_auth_ldap.erb +++ b/templates/_auth_ldap.erb @@ -14,9 +14,7 @@ provider_url = providerUrl="<%= provider_url %>" authenticationMethod="simple" forceBindingLogin="<%= @auth_config['ldap']['force_binding'] %>" -<%- if !@auth_config['ldap']['force_binding_use_root'].nil? && @auth_config['ldap']['force_binding_use_root'] != :undef -%> forceBindingLoginUseRootContextForRoles="<%= @auth_config['ldap']['force_binding_use_root'] %>" -<%- end -%> <%- if !@auth_config['ldap']['bind_dn'].nil? && @auth_config['ldap']['bind_dn'] != :undef -%> bindDn="<%= @auth_config['ldap']['bind_dn']%>" <%- end -%> From 61bc6a9821695406e5fe94125b41cd050a696595 Mon Sep 17 00:00:00 2001 From: fe80 Date: Mon, 22 Nov 2021 16:58:24 +0100 Subject: [PATCH 3/3] add more spec and fix bug --- spec/classes/config/global/auth_spec.rb | 90 +++++++++++++++++++++++++ templates/_auth_pam.erb | 2 +- 2 files changed, 91 insertions(+), 1 deletion(-) diff --git a/spec/classes/config/global/auth_spec.rb b/spec/classes/config/global/auth_spec.rb index 6d91069d5..c51e68b64 100644 --- a/spec/classes/config/global/auth_spec.rb +++ b/spec/classes/config/global/auth_spec.rb @@ -163,6 +163,96 @@ end end + describe 'when ldap and set bind_dn' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { 'ldap' => { 'bind_dn' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{bindDn="toto"} + ) + end + end + + describe 'when ldap and set bind_password' do + let(:params) do + { + auth_types: %w[ldap], + auth_config: { 'ldap' => { 'bind_password' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{bindPassword="toto"} + ) + end + end + + describe 'when pam and clear_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'clear_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{clearPass="toto"} + ) + end + end + + describe 'when pam and try_first_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'try_first_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{tryFirstPass="toto"} + ) + end + end + + describe 'when pam and use_first_pass' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'use_first_pass' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{useFirstPass="toto"} + ) + end + end + + describe 'when pam and use_unix_groups' do + let(:params) do + { + auth_types: %w[pam], + auth_config: { 'pam' => { 'use_unix_groups' => 'toto' } } + } + end + + it do + is_expected.to contain_file('/etc/rundeck/jaas-auth.conf').with_content( + %r{useUnixGroups="toto"} + ) + end + end + describe 'with multiauth active_directory and file auth users array' do let(:params) do { diff --git a/templates/_auth_pam.erb b/templates/_auth_pam.erb index 512ec5fdc..e50d4c12c 100644 --- a/templates/_auth_pam.erb +++ b/templates/_auth_pam.erb @@ -11,7 +11,7 @@ org.rundeck.jaas.jetty.JettyPamLoginModule requisite <%- if !@auth_config['pam']['use_first_pass'].nil? && @auth_config['pam']['use_first_pass'] != :undef -%> useFirstPass="<%= @auth_config['pam']['use_first_pass'] %>" <%- end -%> -<%- if !@auth_config['pam']['use_unix_groups'] && @auth_config['pam']['use_unix_groups'] != :undef -%> +<%- if !@auth_config['pam']['use_unix_groups'].nil? && @auth_config['pam']['use_unix_groups'] != :undef -%> useUnixGroups="<%= @auth_config['pam']['use_unix_groups'] %>" <%- end -%> storePass="<%= @auth_config['pam']['store_pass'] %>";