Add CI

.github/workflows/ci.yml

@@ -0,0 +1,43 @@
+name: CI
+on:
+  push:
+  pull_request:
+
+env:
+  TEST_PASSWORD: "asd"
+  TEST_LDAP_CONNECTION_STRING: "ldap://dirsrv:3389"
+  TEST_SUFFIX: "dc=example,dc=test"
+  TEST_ACI_LDIF: "aci_tmp.txt"
+
+jobs:
+  run-tests:
+    strategy:
+      matrix:
+        dirsrv: [ '2.4', 'latest' ]
+
+    services:
+      dirsrv:
+        image: "389ds/dirsrv:${{ matrix.dirsrv }}"
+        ports:
+          - 3389:3389
+        env:
+          DS_SUFFIX_NAME: ${{env.TEST_SUFFIX}}
+          DS_DM_PASSWORD: ${{env.TEST_PASSWORD}}
+        options: >-
+          --health-cmd "dsctl localhost healthcheck --check backends:localhost:search" --health-interval 10s --health-timeout 5s --health-retries 5
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Python
+        uses: actions/setup-python@v5
+      - name: Install dependencies
+        run: |
+          cd aci && pip install -r requirements.txt
+      - name: Generate ACIs
+        run: |
+          cd aci && python make_aci.py $TEST_SUFFIX
+      - name: Run test script
+        run: |
+          cd aci && python ci_test_acis.py

.gitignore

@@ -1,2 +1,4 @@
 .idea/
 venv/
+aci_tmp.ldif
+__pycache__/

README.md

@@ -44,11 +44,18 @@ The workflow for making ACIs and testing should be something like this:
 cd aci
 python3 -m venv venv
 source venv/bin/activate
-pip install
+pip install -r requirements.txt
 # For Ansible, past the output into the playbook:
 ./make_acis.py -y -s "{{ dirsrv_suffix }}"
 # Alternatively, as a LDIF file (replace with real suffix):
-./make_acis.py -l -s "dc=example,dc=com"
+./make_acis.py -l -s "dc=example,dc=test"
+# Create LDIF file with ACIs for tests:
+./make_acis.py -l -s "dc=example,dc=test" > aci_tmp.txt
+# Required env variables for the tests
+export TEST_PASSWORD="secret1"
+export TEST_LDAP_CONNECTION_STRING="ldap://ldap1.sso.local:389"
+export TEST_SUFFIX="dc=example,dc=test"
+export TEST_ACI_LDIF="aci_tmp.txt"
 ./test_acis.py
 # Watch test output
 ```

aci/everything.ldif

@@ -1,21 +1,21 @@
 version: 1
 
-#dn: ou=Groups,dc=sso,dc=local
+#dn: ou=Groups,dc=example,dc=test
 #objectClass: organizationalunit
 #objectClass: top
 #ou: Groups
 
-#dn: ou=People,dc=sso,dc=local
+#dn: ou=People,dc=example,dc=test
 #objectClass: organizationalunit
 #objectClass: top
 #ou: People
 
-#dn: ou=Services,dc=sso,dc=local
+#dn: ou=Services,dc=example,dc=test
 #objectClass: organizationalunit
 #objectClass: top
 #ou: Services
 
-dn: cn=Keycloak,ou=Services,dc=sso,dc=local
+dn: cn=Keycloak,ou=Services,dc=example,dc=test
 objectClass: simpleSecurityObject
 objectClass: top
 objectClass: device
@@ -29,7 +29,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: cn=Crauto,ou=Services,dc=sso,dc=local
+dn: cn=Crauto,ou=Services,dc=example,dc=test
 objectClass: simpleSecurityObject
 objectClass: top
 objectClass: device
@@ -42,7 +42,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: cn=Test,ou=Services,dc=sso,dc=local
+dn: cn=Test,ou=Services,dc=example,dc=test
 objectClass: simpleSecurityObject
 objectClass: top
 objectClass: device
@@ -55,7 +55,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: cn=Nextcloud,ou=Services,dc=sso,dc=local
+dn: cn=Nextcloud,ou=Services,dc=example,dc=test
 objectClass: simpleSecurityObject
 objectClass: top
 objectClass: device
@@ -68,7 +68,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: uid=asd,ou=People,dc=sso,dc=local
+dn: uid=asd,ou=People,dc=example,dc=test
 objectClass: telegramAccount
 objectClass: schacPersonalCharacteristics
 objectClass: schacLinkageIdentifiers
@@ -91,7 +91,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: uid=test.user,ou=People,dc=sso,dc=local
+dn: uid=test.user,ou=People,dc=example,dc=test
 objectClass: telegramAccount
 objectClass: schacPersonalCharacteristics
 objectClass: schacLinkageIdentifiers
@@ -115,7 +115,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: uid=test2.user2,ou=People,dc=sso,dc=local
+dn: uid=test2.user2,ou=People,dc=example,dc=test
 objectClass: telegramAccount
 objectClass: schacPersonalCharacteristics
 objectClass: schacLinkageIdentifiers
@@ -137,7 +137,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: uid=test.hr,ou=People,dc=sso,dc=local
+dn: uid=test.hr,ou=People,dc=example,dc=test
 objectClass: telegramAccount
 objectClass: schacPersonalCharacteristics
 objectClass: schacLinkageIdentifiers
@@ -159,7 +159,7 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
  OCVGvpr2xZEvIy0xOXTAF6UW5Acos1a8jtKBJf4zmlsfKGByXQPNj38bd6CyVdKie1R6OT+YtPN
  EkmrcSJCNc
 
-dn: uid=wso2admin,ou=People,dc=sso,dc=local
+dn: uid=wso2admin,ou=People,dc=example,dc=test
 objectClass: telegramAccount
 objectClass: schacPersonalCharacteristics
 objectClass: schacLinkageIdentifiers
@@ -181,30 +181,30 @@ userPassword: {PBKDF2_SHA256}AAAnENBOg9Pr7VfWGJEKpYaCNCvCTpe8xZAeCkcneca7Gir
 
 # The MemberOf plugin will add the memberOf attribute automatically, if these are added after users
 
-dn: cn=Testers,ou=Groups,dc=sso,dc=local
+dn: cn=Testers,ou=Groups,dc=example,dc=test
 objectClass: groupOfNames
 objectClass: top
 cn: Testers
 description: People who can test this thing from their test group
-member: uid=test.user,ou=People,dc=sso,dc=local
-member: uid=test2.user2,ou=People,dc=sso,dc=local
+member: uid=test.user,ou=People,dc=example,dc=test
+member: uid=test2.user2,ou=People,dc=example,dc=test
 
-dn: cn=ExampleGroup,ou=Groups,dc=sso,dc=local
+dn: cn=ExampleGroup,ou=Groups,dc=example,dc=test
 objectClass: groupOfNames
 objectClass: top
 cn: ExampleGroup
 description: Example
 
-dn: cn=WSO2_Admin,ou=Groups,dc=sso,dc=local
+dn: cn=WSO2_Admin,ou=Groups,dc=example,dc=test
 objectClass: groupOfNames
 objectClass: top
 cn: WSO2_Admin
 description: WSO2 admin special group
-member: uid=wso2admin,ou=People,dc=sso,dc=local
+member: uid=wso2admin,ou=People,dc=example,dc=test
 
-dn: cn=HR,ou=Groups,dc=sso,dc=local
+dn: cn=HR,ou=Groups,dc=example,dc=test
 objectClass: groupOfNames
 objectClass: top
 cn: HR
 description: People who can manage HR entries
-member: uid=test.hr,ou=People,dc=sso,dc=local
+member: uid=test.hr,ou=People,dc=example,dc=test

aci/requirements.txt

@@ -1,11 +1,7 @@
-attrs==20.3.0
-iniconfig==1.1.1
-packaging==20.9
-pluggy==0.13.1
-py==1.10.0
-pyasn1==0.4.8
-pyasn1-modules==0.2.8
-pyparsing==2.4.7
-pytest==6.2.3
-python-ldap==3.4.0
-toml==0.10.2
+iniconfig==2.0.0
+packaging==24.0
+pluggy==1.4.0
+pyasn1==0.6.0
+pyasn1_modules==0.4.0
+pytest==8.1.1
+python-ldap==3.4.4

aci/test_acis.py

@@ -1,12 +1,30 @@
 #!/usr/bin/env python3
+import os
 
 import ldap
 import ldif
 from ldap.modlist import addModlist
 import pytest
 
+import sys
 
-SUFFIX = 'dc=sso,dc=local'
+LDAP_CONNECTION_STRING = os.getenv('TEST_LDAP_CONNECTION_STRING')
+PASSWORD = os.getenv('TEST_PASSWORD')
+SUFFIX = os.getenv('TEST_SUFFIX')
+ACI_LDIF = os.getenv('TEST_ACI_LDIF')
+
+if len(LDAP_CONNECTION_STRING) <= 0:
+	print("Set the env variable TEST_LDAP_CONNECTION_STRING")
+	exit(1)
+if len(PASSWORD) <= 0:
+	print("Set the env variable TEST_PASSWORD")
+	exit(1)
+if len(SUFFIX) <= 0:
+	print("Set the env variable TEST_SUFFIX")
+	exit(1)
+if len(ACI_LDIF) <= 0:
+	print("Set the env variable TEST_ACI_LDIF")
+	exit(1)
 
 
 class MyLDIFWriter(ldif.LDIFParser):
@@ -40,7 +58,7 @@ def save_acis(conn: ldap.ldapobject.SimpleLDAPObject, base_dn: str):
 
 @pytest.fixture(autouse=True)
 def reset_database():
-	with LdapConnection("cn=Directory Manager", "secret1") as conn:
+	with LdapConnection("cn=Directory Manager", PASSWORD) as conn:
 		things = (
 			f'ou=Groups,{SUFFIX}',
 			f'ou=People,{SUFFIX}',
@@ -59,6 +77,10 @@ def reset_database():
 			parser = MyLDIFWriter(f, conn)
 			parser.parse()
 
+		with open(ACI_LDIF, 'rb') as f:
+			parser = MyLDIFWriter(f, conn)
+			parser.parse()
+
 		# for dn, values in zip(things, acis):
 		# 	conn.modify_s(dn, ldap.modlist.modifyModlist({}, values))
 
@@ -111,7 +133,7 @@ def __init__(self, bind_dn, password):
 		self.password = password
 
 	def __enter__(self):
-		self.conn = ldap.initialize('ldap://ldap1.sso.local:389')
+		self.conn = ldap.initialize(LDAP_CONNECTION_STRING)
 
 		self.conn.protocol_version = ldap.VERSION3
 		# l.set_option(ldap.OPT_X_TLS, 1)