Hello community,
here is the log from the commit of package velum for openSUSE:Factory checked in at 2018-07-13 10:21:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/velum (Old)
and /work/SRC/openSUSE:Factory/.velum.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "velum"
Fri Jul 13 10:21:38 2018 rev:39 rq:622263 version:4.0.0+dev+git_r857_d2c6971de32315a433620d76da0a757677fa0594
Changes:
--------
--- /work/SRC/openSUSE:Factory/velum/velum.changes 2018-07-03 23:35:54.624274893 +0200
+++ /work/SRC/openSUSE:Factory/.velum.new/velum.changes 2018-07-13 10:21:42.714481344 +0200
@@ -1,0 +2,46 @@
+Fri Jul 6 17:05:41 UTC 2018 - containers-bugowner@suse.de
+
+- Commit 52e869d by Maximilian Meister mmeister@suse.de
+ rename migration file
+
+ it needs to match the schema revision
+
+ feature#external-ldap
+
+ Signed-off-by: Maximilian Meister
+
+ Commit 9a9393c by David Helkowski dhelkowski@suse.com
+ Add dex connector ldap table, models, and pillar output
+
+ Added a new table "dex_connectors_ldap" and migration file to the db schema
+ and migrate files. Altered pillar controller to output this new data. Added a
+ basic/empty app model for the new table so that the data can be fetched
+ through it. Updated pillar rspec to test newly output connectors as well as
+ to allow the empty connectors in the other pillar tests.
+
+
+-------------------------------------------------------------------
+Thu Jul 5 10:03:35 UTC 2018 - containers-bugowner@suse.de
+
+- Commit cd431fe by Florian Bergmann fbergmann@suse.de
+ Fix bsc#1097754: Verify the a certificate is a valid X509 certificate.
+
+ Commit 0ef31b8 by Florian Bergmann fbergmann@suse.de
+ Backport Rails 5 file_fixture method to access a fixture in a test.
+
+
+-------------------------------------------------------------------
+Thu Jul 5 07:49:01 UTC 2018 - containers-bugowner@suse.de
+
+- Commit b18c46e by Vítor Avelino vavelino@suse.com
+ ui: renamed new nodes -> unassigned nodes
+
+ On the cluster status summary we decided to rename "new" by "unassigned" to
+ avoid mixing terms that may confuse the user.
+
+ bsc#1100113
+
+ Signed-off-by: Vítor Avelino
+
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ velum.spec ++++++
--- /var/tmp/diff_new_pack.LmRJa0/_old 2018-07-13 10:21:43.122481833 +0200
+++ /var/tmp/diff_new_pack.LmRJa0/_new 2018-07-13 10:21:43.126481838 +0200
@@ -23,7 +23,7 @@
# Version: 1.0.0
# %%define branch 1.0.0
-Version: 4.0.0+dev+git_r849_5a47921acc39abe81892cc5a47bd8f921ae52fb5
+Version: 4.0.0+dev+git_r857_d2c6971de32315a433620d76da0a757677fa0594
Release: 0
%define branch master
Summary: Dashboard for CaasP
@@ -93,7 +93,7 @@
%description
velum is the dashboard for CaasP to manage and deploy kubernetes clusters on top of MicroOS
-This package has been built with commit 5a47921acc39abe81892cc5a47bd8f921ae52fb5 from branch master on date Mon, 02 Jul 2018 09:15:41 +0000
+This package has been built with commit d2c6971de32315a433620d76da0a757677fa0594 from branch master on date Fri, 06 Jul 2018 17:05:03 +0000
%prep
%setup -q -n velum-%{branch}
++++++ 0_set_default_salt_events_alter_time_column_value.rpm.patch ++++++
--- /var/tmp/diff_new_pack.LmRJa0/_old 2018-07-13 10:21:43.134481847 +0200
+++ /var/tmp/diff_new_pack.LmRJa0/_new 2018-07-13 10:21:43.134481847 +0200
@@ -1,8 +1,8 @@
diff --git a/db/schema.rb b/db/schema.rb
-index 1ea41ec..4d401d5 100644
+index d37f481..ec3219f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
-@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do
+@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do
create_table "salt_events", force: :cascade do |t|
t.string "tag", limit: 255, null: false
t.text "data", limit: 16777215, null: false
@@ -11,7 +11,7 @@
t.string "master_id", limit: 255, null: false
t.datetime "taken_at"
t.datetime "processed_at"
-@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do
+@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do
t.string "id", limit: 255, null: false
t.string "success", limit: 10, null: false
t.text "full_ret", limit: 16777215, null: false
++++++ master.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/stylesheets/pages/nodes_list.scss new/velum-master/app/assets/stylesheets/pages/nodes_list.scss
--- old/velum-master/app/assets/stylesheets/pages/nodes_list.scss 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/app/assets/stylesheets/pages/nodes_list.scss 2018-07-06 19:07:10.000000000 +0200
@@ -70,7 +70,7 @@
}
.left-column dd {
- margin-left: 107px;
+ margin-left: 122px;
}
.right-column dd {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb
--- old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-07-06 19:07:10.000000000 +0200
@@ -1,3 +1,5 @@
+require "velum/dex/ldap"
+
# Serve the pillar information
# rubocop:disable Metrics/ClassLength
class InternalApi::V1::PillarsController < InternalApiController
@@ -12,6 +14,8 @@
kubelet_contents
).merge(
system_certificate_contents
+ ).deep_merge(
+ dex_connectors_as_pillar
)
end
@@ -166,5 +170,11 @@
}
}
end
+
+ def dex_connectors_as_pillar
+ connectors = []
+ connectors.concat(Velum::Dex.ldap_connectors_as_pillar)
+ { dex: { connectors: connectors } }
+ end
end
# rubocop:enable Metrics/ClassLength
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/certificate.rb new/velum-master/app/models/certificate.rb
--- old/velum-master/app/models/certificate.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/app/models/certificate.rb 2018-07-06 19:07:10.000000000 +0200
@@ -2,5 +2,5 @@
class Certificate < ActiveRecord::Base
has_many :certificate_services, dependent: :destroy
- validates :certificate, presence: true
+ validates :certificate, presence: true, x509_certificate: true
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/dex_connector_ldap.rb new/velum-master/app/models/dex_connector_ldap.rb
--- old/velum-master/app/models/dex_connector_ldap.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/app/models/dex_connector_ldap.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,6 @@
+# Model that represents a dex authentication connector for LDAP
+class DexConnectorLdap < ActiveRecord::Base
+ has_one :certificate_service, as: :service, dependent: :destroy
+ has_one :certificate, through: :certificate_service
+ self.table_name = "dex_connectors_ldap"
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/validators/x509_certificate_validator.rb new/velum-master/app/validators/x509_certificate_validator.rb
--- old/velum-master/app/validators/x509_certificate_validator.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/app/validators/x509_certificate_validator.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,10 @@
+require "openssl"
+
+# Verifies that an attribute is a valid X509 certificate
+class X509CertificateValidator < ActiveModel::EachValidator
+ def validate_each(record, attribute, value)
+ OpenSSL::X509::Certificate.new(value) if value.present?
+ rescue OpenSSL::X509::CertificateError
+ record.errors[attribute] << "Invalid X509 certificate."
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/dashboard/index.html.slim new/velum-master/app/views/dashboard/index.html.slim
--- old/velum-master/app/views/dashboard/index.html.slim 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/app/views/dashboard/index.html.slim 2018-07-06 19:07:10.000000000 +0200
@@ -23,9 +23,7 @@
dd.assigned-count
dt Master nodes
dd.master-count
- dt
- | New nodes
- i.fa.fw.fa-info-circle title="Available but have not been added to the cluster yet"
+ dt Unassigned nodes
dd.unassigned-count data-url=assign_nodes_url
.col-md-6.right-column
dl.side-by-side
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb new/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb
--- old/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,26 @@
+class CreateDexConnectorsLdap < ActiveRecord::Migration
+ def change
+ create_table :dex_connectors_ldap do |t|
+ t.timestamps
+ t.string :name, limit: 255
+ t.string :host, limit: 255
+ t.integer :port, limit: 2, default: 636
+ t.boolean :start_tls, default: false, null: false
+ t.boolean :bind_anon, default: false, null: false # bind_dn and bind_pw ignored if true
+ t.string :bind_dn, limit: 255, default: "uid=someuid,cn=users,dc=somedomain,dc=com"
+ t.string :bind_pw, limit: 255
+ t.string :username_prompt, limit: 255, default: "Username"
+ t.string :user_base_dn, limit: 255, default: "cn=users,dc=somedomain,dc=com"
+ t.string :user_filter, limit: 255, default: "(objectClass=person)"
+ t.string :user_attr_username, limit: 255, default: "uid"
+ t.string :user_attr_id, limit: 255, default: "uid"
+ t.string :user_attr_email, limit: 255, default: "mail", null: false
+ t.string :user_attr_name, limit: 255, default: "name"
+ t.string :group_base_dn, limit: 255, default: "cn=groups,dc=somedomain,dc=com"
+ t.string :group_filter, limit: 255, default: "(objectClass=group)"
+ t.string :group_attr_user, limit: 255, default: "uid"
+ t.string :group_attr_group, limit: 255, default: "member"
+ t.string :group_attr_name, limit: 255, default: "name"
+ end
+ end
+end
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/schema.rb new/velum-master/db/schema.rb
--- old/velum-master/db/schema.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/db/schema.rb 2018-07-06 19:07:10.000000000 +0200
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20181708070233) do
+ActiveRecord::Schema.define(version: 20181708070234) do
create_table "certificate_services", force: :cascade do |t|
t.integer "certificate_id", limit: 4
@@ -168,4 +168,29 @@
add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree
add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree
+ create_table "dex_connectors_ldap", force: :cascade do |t|
+ t.datetime "created_at"
+ t.datetime "updated_at"
+ t.string "name", limit: 255
+ t.string "host", limit: 255
+ t.integer "port", limit: 2, default: 636
+ t.boolean "start_tls", default: false, null: false
+ t.boolean "bind_anon", default: false, null: false
+ t.string "bind_dn", limit: 255, default: "uid=someuid,cn=users,dc=somedomain,dc=com"
+ t.string "bind_pw", limit: 255
+ t.string "username_prompt", limit: 255, default: "Username"
+ t.string "user_base_dn", limit: 255, default: "cn=users,dc=somedomain,dc=com"
+ t.string "user_filter", limit: 255, default: "(objectClass=person)"
+ t.string "user_attr_username", limit: 255, default: "uid"
+ t.string "user_attr_id", limit: 255, default: "uid"
+ t.string "user_attr_email", limit: 255, default: "mail", null: false
+ t.string "user_attr_name", limit: 255, default: "name"
+ t.string "group_base_dn", limit: 255, default: "cn=groups,dc=somedomain,dc=com"
+ t.string "group_filter", limit: 255, default: "(objectClass=group)"
+ t.string "group_attr_user", limit: 255, default: "uid"
+ t.string "group_attr_group", limit: 255, default: "member"
+ t.string "group_attr_name", limit: 255, default: "name"
+ end
+
+ add_index "dex_connectors_ldap", ["id"], name: "index_dex_connectors_ldap_on_id", unique: true, using: :btree
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/lib/velum/dex/ldap.rb new/velum-master/lib/velum/dex/ldap.rb
--- old/velum-master/lib/velum/dex/ldap.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/lib/velum/dex/ldap.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,68 @@
+require "base64"
+
+module Velum
+ # This class offers the integration between ruby and the Saltstack API.
+ module Dex
+ class << self
+ def ldap_connectors_as_pillar
+ ldap_connectors = DexConnectorLdap.all.map do |con|
+ {
+ type: "ldap",
+ id: con.id,
+ name: con.name,
+
+ # Combine host and port since they ultimately
+ # feed into a single line of config for dex
+ server: "#{con.host}:#{con.port}",
+ start_tls: con.start_tls,
+ root_ca_data: Base64.encode64(con.certificate.try(:certificate) || ""),
+ bind: generate_bind_block(con), # Place basic bind information together
+ user: generate_user_block(con), # Place user stuff together
+ group: generate_group_block(con), # Place group stuff together
+ username_prompt: con.username_prompt
+ }
+ end
+ ldap_connectors
+ end
+
+ private
+
+ def generate_user_block(con)
+ {
+ base_dn: con.user_base_dn,
+ filter: con.user_filter,
+ attr_map: {
+ username: con.user_attr_username,
+ id: con.user_attr_id,
+ email: con.user_attr_email,
+ name: con.user_attr_name
+ }
+ }
+ end
+
+ def generate_bind_block(con)
+ bind = {}
+ if con.bind_anon
+ bind[:anonymous] = true
+ else
+ bind[:anonymous] = false
+ bind[:dn] = con.bind_dn
+ bind[:pw] = con.bind_pw
+ end
+ bind
+ end
+
+ def generate_group_block(con)
+ {
+ base_dn: con.group_base_dn,
+ filter: con.group_filter,
+ attr_map: {
+ user: con.group_attr_user,
+ group: con.group_attr_group,
+ name: con.group_attr_group
+ }
+ }
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch
--- old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-07-06 19:07:10.000000000 +0200
@@ -1,8 +1,8 @@
diff --git a/db/schema.rb b/db/schema.rb
-index 1ea41ec..4d401d5 100644
+index d37f481..ec3219f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
-@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do
+@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do
create_table "salt_events", force: :cascade do |t|
t.string "tag", limit: 255, null: false
t.text "data", limit: 16777215, null: false
@@ -11,7 +11,7 @@
t.string "master_id", limit: 255, null: false
t.datetime "taken_at"
t.datetime "processed_at"
-@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do
+@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do
t.string "id", limit: 255, null: false
t.string "success", limit: 10, null: false
t.text "full_ret", limit: 16777215, null: false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb
--- old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -15,6 +15,9 @@
url: Registry::SUSE_REGISTRY_URL,
cert: nil
],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -72,6 +75,9 @@
]
}
],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -108,6 +114,9 @@
{
system_certificates: [],
registries: [],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {
kube: {
@@ -136,6 +145,9 @@
{
registries: [],
system_certificates: [],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -201,6 +213,9 @@
{
system_certificates: [],
registries: [],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -291,6 +306,9 @@
{
system_certificates: [],
registries: [],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -338,8 +356,11 @@
registries: [],
system_certificates: [
name: "sca1",
- cert: "cert"
+ cert: certificate.certificate
],
+ dex: {
+ connectors: []
+ },
kubelet: {
:"compute-resources" => {},
:"eviction-hard" => ""
@@ -348,7 +369,6 @@
end
before do
- certificate = Certificate.create(certificate: "cert")
system_certificate = SystemCertificate.create(name: "sca1")
CertificateService.create(service: system_certificate, certificate: certificate)
end
@@ -358,4 +378,98 @@
expect(json).to eq(expected_response)
end
end
+
+ def expected_dex_json(num, certificate)
+ {
+ id: num,
+ name: "LDAP Server #{num}",
+ root_ca_data: Base64.encode64(certificate.certificate),
+ bind: {
+ anonymous: false,
+ dn: "cn=admin,dc=ldap_host_#{num},dc=com",
+ pw: nil
+ },
+ username_prompt: "Username",
+ user: {
+ base_dn: "cn=users,dc=ldap_host_#{num},dc=com",
+ filter: "(objectClass=person)",
+ attr_map: {
+ username: "uid",
+ id: "uid",
+ email: "mail",
+ name: "name"
+ }
+ },
+ group: {
+ base_dn: "cn=groups,dc=ldap_host_#{num},dc=com",
+ filter: "(objectClass=group)",
+ attr_map: {
+ user: "uid",
+ group: "member",
+ name: "name"
+ }
+ }
+ }
+ end
+
+ # rubocop:disable RSpec/ExampleLength
+ context "with dex LDAP connectors tls" do
+ it "has dex LDAP connectors" do
+ dex_connector_ldap = create(:dex_connector_ldap, :tls, :regular_admin)
+ CertificateService.create(service: dex_connector_ldap, certificate: certificate)
+
+ expected_json = {
+ registries: [],
+ kubelet: {
+ :"compute-resources" => {},
+ :"eviction-hard" => ""
+ },
+ system_certificates: [],
+ dex: {
+ connectors: [
+ expected_dex_json(dex_connector_ldap.id, certificate).merge(
+ server: "ldap_host_#{dex_connector_ldap.id}.com:636",
+ start_tls: false
+ )
+ ]
+ }
+ }
+ get :show do
+ expect(json).to eq(expected_json)
+ delete(dex_connector_ldap)
+ end
+ end
+ end
+
+ context "with dex LDAP connectors starttls" do
+ it "has dex LDAP connectors" do
+ dex_connector_ldap = create(:dex_connector_ldap, :starttls, :anon_admin)
+ CertificateService.create(service: dex_connector_ldap, certificate: certificate)
+
+ expected_json = {
+ registries: [],
+ kubelet: {
+ :"compute-resources" => {},
+ :"eviction-hard" => ""
+ },
+ system_certificates: [],
+ dex: {
+ connectors: [
+ expected_dex_json(dex_connector_ldap.id, certificate).merge(
+ server: "ldap_host_#{dex_connector_ldap.id}.com:389",
+ start_tls: true,
+ bind: {
+ anonymous: true
+ }
+ )
+ ]
+ }
+ }
+ get :show do
+ expect(json).to eq(expected_json)
+ delete(dex_connector_ldap)
+ end
+ end
+ end
+ # rubocop:enable RSpec/ExampleLength
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registries_controller_spec.rb new/velum-master/spec/controllers/settings/registries_controller_spec.rb
--- old/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -2,6 +2,8 @@
RSpec.describe Settings::RegistriesController, type: :controller do
let(:user) { create(:user) }
+ let(:admin_cert_text) { file_fixture("admin.crt").read.strip }
+ let(:pem_cert) { create(:certificate) }
before do
setup_done
@@ -53,7 +55,7 @@
end
describe "GET #edit" do
- let!(:certificate) { create(:certificate, certificate: "Cert") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:registry) { create(:registry) }
let!(:registry_with_cert) { create(:registry) }
@@ -111,15 +113,16 @@
context "with certificate" do
it "saves the new registry in the database" do
- post :create, registry: { name: "r1", url: "http://local.lan", certificate: "cert" }
+ post :create, registry: { name: "r1", url: "http://local.lan",
+ certificate: admin_cert_text }
registry = Registry.find_by(name: "r1")
expect(registry.name).to eq("r1")
- expect(registry.certificate.certificate).to eq("cert")
+ expect(registry.certificate.certificate).to eq(admin_cert_text)
end
it "does not save in db and return unprocessable entity status when invalid" do
expect do
- post :create, registry: { name: "", url: "invalid", certificate: "cert" }
+ post :create, registry: { name: "", url: "invalid", certificate: admin_cert_text }
end.not_to change(Registry, :count)
expect(response).to have_http_status(:unprocessable_entity)
end
@@ -127,7 +130,7 @@
end
describe "PATCH #update" do
- let!(:certificate) { create(:certificate, certificate: "C1") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:registry) { create(:registry) }
let!(:registry_with_cert) { create(:registry) }
@@ -142,9 +145,9 @@
end
it "creates a new certificate" do
- registry_params = { name: registry.name, url: registry.url, certificate: "cert" }
+ registry_params = { name: registry.name, url: registry.url, certificate: admin_cert_text }
put :update, id: registry.id, registry: registry_params
- expect(registry.certificate.certificate).to eq("cert")
+ expect(registry.certificate.certificate).to eq(admin_cert_text)
end
# rubocop:disable RSpec/ExampleLength
@@ -152,11 +155,12 @@
registry_params = {
name: registry_with_cert.name,
url: registry_with_cert.url,
- certificate: "cert"
+ certificate: pem_cert.certificate
}
put :update, id: registry_with_cert.id, registry: registry_params
- expect(registry_with_cert.reload.certificate.certificate).to eq("cert")
+ expect(registry_with_cert.reload.certificate.certificate.strip)
+ .to eq(pem_cert.certificate.strip)
end
# rubocop:enable RSpec/ExampleLength
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb
--- old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -3,6 +3,8 @@
# rubocop:disable RSpec/ExampleLength
RSpec.describe Settings::RegistryMirrorsController, type: :controller do
let(:user) { create(:user) }
+ let(:admin_cert_text) { file_fixture("admin.crt").read.strip }
+ let(:pem_cert) { create(:certificate) }
before do
setup_done
@@ -33,7 +35,7 @@
end
describe "GET #edit" do
- let!(:certificate) { create(:certificate, certificate: "Cert") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:registry_mirror) { create(:registry_mirror) }
let!(:registry_mirror_with_cert) { create(:registry_mirror) }
@@ -80,7 +82,7 @@
registry_mirror_params = {
name: "r1",
url: "http://local.lan",
- certificate: "cert",
+ certificate: admin_cert_text,
registry_id: registry.id
}
@@ -103,21 +105,21 @@
registry_mirror_params = {
name: "r1",
url: "http://local.lan",
- certificate: "cert",
+ certificate: admin_cert_text,
registry_id: registry.id
}
post :create, registry_mirror: registry_mirror_params
registry_mirror = RegistryMirror.find_by(name: "r1")
expect(registry_mirror.name).to eq("r1")
- expect(registry_mirror.certificate.certificate).to eq("cert")
+ expect(registry_mirror.certificate.certificate).to eq(admin_cert_text)
end
it "does not save in db and return unprocessable entity status when invalid" do
registry_mirror_params = {
name: "r1",
url: "invalid",
- certificate: "cert",
+ certificate: admin_cert_text,
registry_id: registry.id
}
@@ -130,7 +132,7 @@
end
describe "PATCH #update" do
- let!(:certificate) { create(:certificate, certificate: "Cert") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:registry_mirror) { create(:registry_mirror) }
let!(:registry_mirror_with_cert) { create(:registry_mirror) }
@@ -148,22 +150,23 @@
registry_mirror_params = {
name: registry_mirror.name,
url: registry_mirror.url,
- certificate: "C2"
+ certificate: pem_cert.certificate
}
put :update, id: registry_mirror.id, registry_mirror: registry_mirror_params
- expect(registry_mirror.certificate.certificate).to eq("C2")
+ expect(registry_mirror.certificate.certificate.strip).to eq(pem_cert.certificate.strip)
end
it "updates a certificate" do
registry_mirror_params = {
name: registry_mirror_with_cert.name,
url: registry_mirror_with_cert.url,
- certificate: "C4"
+ certificate: pem_cert.certificate
}
put :update, id: registry_mirror_with_cert.id, registry_mirror: registry_mirror_params
- expect(registry_mirror_with_cert.reload.certificate.certificate).to eq("C4")
+ expect(registry_mirror_with_cert.reload.certificate.certificate.strip)
+ .to eq(pem_cert.certificate.strip)
end
it "drops a certificate" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb
--- old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -2,6 +2,8 @@
RSpec.describe Settings::SystemCertificatesController, type: :controller do
let(:user) { create(:user) }
+ let(:admin_cert_text) { file_fixture("admin.crt").read.strip }
+ let(:pem_cert) { create(:certificate) }
before do
setup_done
@@ -35,7 +37,7 @@
end
describe "GET #edit" do
- let!(:certificate) { create(:certificate, certificate: "Cert") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:system_certificate) { create(:system_certificate) }
let!(:system_certificate_with_cert) { create(:system_certificate) }
@@ -78,32 +80,39 @@
describe "POST #create" do
it "can not save system certificate without name" do
expect do
- post :create, system_certificate: { name: "", certificate: "cert" }
+ post :create, system_certificate: { name: "", certificate: admin_cert_text }
end.not_to change(SystemCertificate, :count)
expect(response).to have_http_status(:unprocessable_entity)
end
it "saves the system certificate in the database" do
- post :create, system_certificate: { name: "sca1", certificate: "cert" }
+ post :create, system_certificate: { name: "sca1", certificate: admin_cert_text }
system_certificate = SystemCertificate.find_by(name: "sca1")
expect(system_certificate.name).to eq("sca1")
- expect(system_certificate.certificate.certificate).to eq("cert")
+ expect(system_certificate.certificate.certificate).to eq(admin_cert_text)
end
end
describe "PATCH #update" do
- let!(:certificate) { create(:certificate, certificate: "C1") }
+ let!(:certificate) { create(:certificate, certificate: admin_cert_text) }
let!(:system_certificate) { create(:system_certificate) }
before do
CertificateService.create!(service: system_certificate, certificate: certificate)
end
- it "updates a system certificate" do
+ it "updates a system certificate's name" do
system_certificate_params = { name: "new name" }
put :update, id: system_certificate.id, system_certificate: system_certificate_params
expect(SystemCertificate.find(system_certificate.id).name).to eq("new name")
end
+
+ it "updates a system certificate's certificate" do
+ system_certificate_params = { certificate: pem_cert.certificate }
+ put :update, id: system_certificate.id, system_certificate: system_certificate_params
+ certificate = SystemCertificate.find(system_certificate.id).certificate
+ expect(certificate.certificate.strip).to eq(pem_cert.certificate.strip)
+ end
end
describe "DELETE #destroy" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/setup_controller_spec.rb new/velum-master/spec/controllers/setup_controller_spec.rb
--- old/velum-master/spec/controllers/setup_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/controllers/setup_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -69,7 +69,7 @@
let(:certificate_settings) do
settings_params.dup.tap do |s|
s["system_certificate"] = { name: "sca1",
- certificate: "cert" }
+ certificate: certificate.certificate }
end
end
@@ -685,7 +685,7 @@
let(:certificate_settings) do
settings_params.dup.tap do |s|
s["system_certificate"] = { name: "sca1",
- certificate: "cert" }
+ certificate: certificate.certificate }
end
end
@@ -697,7 +697,7 @@
put :configure, settings: certificate_settings
system_certificate = SystemCertificate.find_by(name: "sca1")
expect(system_certificate.name).to eq("sca1")
- expect(system_certificate.certificate.certificate).to eq("cert")
+ expect(system_certificate.certificate.certificate).to eq(certificate.certificate)
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/factories/certificate_factory.rb new/velum-master/spec/factories/certificate_factory.rb
--- old/velum-master/spec/factories/certificate_factory.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/factories/certificate_factory.rb 2018-07-06 19:07:10.000000000 +0200
@@ -1,126 +1,14 @@
FactoryGirl.define do
factory :certificate do
- certificate %(
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- e6:4d:fd:80:de:e5:5e:20
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
- Validity
- Not Before: Jan 15 13:04:33 2018 GMT
- Not After : Feb 14 13:04:33 2018 GMT
- Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (4096 bit)
- Modulus:
- 00:d3:f7:39:b9:c4:f6:fb:ff:bf:97:fb:38:42:f3:
- 48:da:4b:fa:c6:62:92:27:44:7c:8c:72:a6:11:a8:
- e6:d3:1b:d5:c2:68:d7:be:2e:91:c8:c6:67:d1:78:
- f9:10:e4:73:0f:f1:43:c3:f2:da:f3:38:9e:7e:4e:
- af:aa:bf:40:d6:6e:28:86:0f:f3:5e:b7:b8:09:52:
- a9:03:28:b4:f8:64:3b:d2:29:0a:9f:4c:eb:6f:35:
- 8a:ec:c9:4f:14:20:73:33:6d:a4:8f:18:fa:46:fd:
- 4f:08:3e:42:f0:ce:69:45:b6:ca:bb:0a:82:7f:4c:
- f9:c4:28:c8:28:2c:c8:a5:6c:e9:1c:ec:e9:07:84:
- fa:62:35:13:11:f0:c6:b3:2f:46:82:d7:cb:7c:23:
- 71:e5:8b:2d:11:32:ca:4c:1d:c5:17:57:37:1c:8f:
- 76:15:7e:2c:d5:b3:79:6c:cd:c7:b6:11:dd:64:52:
- 13:24:69:7f:ad:e8:a3:f6:d5:60:06:16:bd:b8:8d:
- e0:4a:ab:d3:2a:e3:e1:41:cb:fa:0b:72:4d:09:f6:
- 9d:8e:9e:86:7a:ea:87:1f:7f:49:1f:40:93:ad:a5:
- b0:64:33:e4:3a:a6:5d:94:23:3e:9f:2a:0a:e6:97:
- df:b6:dc:1b:eb:3b:d0:8b:ab:33:0d:e2:78:83:c4:
- ca:f7:9d:d9:9a:dc:33:54:0c:bf:5f:48:35:b1:c3:
- df:b6:0f:f2:b4:5b:b0:c3:86:ee:b4:c6:5f:8a:e4:
- 8c:f8:83:44:4b:fb:da:3f:06:4c:73:8e:a2:48:fb:
- 4e:60:58:d7:84:4d:5e:78:43:db:2e:3e:1d:c5:16:
- 63:b1:d6:44:c0:6c:ab:35:66:de:a5:27:f1:25:48:
- 43:e9:a9:75:42:ac:f4:3d:4c:f0:7e:84:0e:db:60:
- 41:61:26:ca:b1:6f:e9:9e:b1:94:9e:2e:4c:42:85:
- 63:9f:14:79:c4:27:78:f7:90:44:49:28:48:7d:d1:
- 01:33:90:8a:91:2b:e4:f2:b0:10:b9:af:e4:e4:10:
- a0:ad:71:bc:df:75:d5:45:2f:04:0f:f0:65:e5:1f:
- df:18:e1:96:34:ba:c0:84:3b:7c:d9:ff:86:8d:d2:
- 2e:a4:4b:e6:42:0e:82:5f:36:cd:6e:dd:f4:c6:ba:
- 48:51:21:27:00:26:a6:2d:6b:61:0d:a5:43:a5:ca:
- 82:0d:a5:3f:fb:b1:04:d2:0f:41:35:49:35:3b:6e:
- 9d:ad:e0:2d:81:18:bb:8d:d3:18:64:c5:01:79:16:
- 2d:1f:13:75:1a:d6:7d:a7:ba:fd:f4:15:5b:8b:03:
- 19:25:1a:7e:49:90:69:07:0d:68:b2:46:1b:5e:ba:
- 1f:a2:13
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 6C:B5:66:46:4D:CE:8A:B0:DF:7F:2D:7A:A3:C6:6B:08:37:9D:53:5B
- X509v3 Authority Key Identifier:
- keyid:6C:B5:66:46:4D:CE:8A:B0:DF:7F:2D:7A:A3:C6:6B:08:37:9D:53:5B
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha256WithRSAEncryption
- 18:6c:28:a7:c0:2d:fa:14:0a:6f:84:73:ed:3b:a6:10:04:6d:
- 88:af:dc:83:c2:8b:7c:a3:99:69:f3:35:b8:26:3c:f3:c5:7c:
- 2f:c8:00:f1:83:e4:1e:42:e7:ac:0c:4d:5e:1e:22:b5:a7:9b:
- 32:e6:4a:8a:63:28:50:3a:68:80:38:d3:d8:c5:82:92:95:a7:
- 30:a8:6e:ba:d8:47:2c:ed:70:16:b9:a9:aa:27:99:08:65:e7:
- 2d:24:7b:d6:e8:0f:7e:6b:b9:88:40:3c:18:a1:20:29:75:85:
- 15:5e:d7:d7:12:2c:87:ba:17:7c:11:f5:69:40:64:96:0d:e6:
- 2b:d8:5b:9d:74:a3:7b:3f:aa:15:fd:7d:b6:fd:54:23:bc:af:
- 62:40:11:c9:d5:d5:1c:c7:80:9d:fb:42:ea:a9:15:cc:e2:a2:
- 43:55:6d:9a:cb:95:0e:c8:11:3a:1a:e1:15:25:95:ad:e8:9c:
- 00:af:04:2c:65:b0:5e:5e:73:c3:84:8a:6a:46:dc:12:c5:dc:
- 2f:95:0c:17:70:f1:6b:d8:65:68:f2:a0:1a:b4:16:be:c0:99:
- 64:e4:2a:8a:0b:3e:19:4b:97:3b:86:75:c3:cb:3f:90:b6:c1:
- 39:7e:69:45:99:57:29:ef:68:3d:48:fd:06:03:aa:87:7a:2b:
- 01:c5:8d:89:d6:f5:b8:b5:61:c1:03:54:3a:c4:a3:3e:59:a5:
- 86:4f:ee:8c:92:55:93:5a:37:b1:3d:8f:1f:05:cc:bd:5f:0f:
- cf:ab:70:0b:14:31:30:74:11:ce:a0:32:8c:10:f0:38:54:92:
- 78:88:dd:ca:76:63:f3:ab:22:af:c5:7c:93:2f:b9:21:42:16:
- a1:60:54:f6:39:28:e5:ff:84:ac:29:43:4e:5a:ee:d3:f2:fa:
- 30:d3:79:05:a2:8d:b6:6f:9a:d6:b0:b8:1e:d6:50:6d:03:59:
- 2f:55:86:21:99:c8:d8:d9:d6:24:46:2e:1b:44:9f:a2:0b:8d:
- 6a:44:bb:01:96:8b:99:ac:6c:ed:4c:c8:12:e8:9a:5c:eb:1f:
- 2c:0f:b7:1d:4c:b5:3f:e8:60:0c:83:a2:fd:c3:d2:02:e3:3f:
- 71:72:38:9d:0e:e3:34:ca:7d:19:c6:a1:ac:a5:5e:13:ea:d7:
- d4:81:d5:5e:12:2b:23:18:c1:7a:79:c9:01:41:0c:07:59:32:
- b9:66:eb:ae:9f:4f:00:7a:95:66:69:d2:6a:d3:fb:05:1d:61:
- 01:c6:07:5a:76:85:37:c7:54:0d:5e:bf:47:31:33:d0:dd:52:
- ee:1e:8c:61:56:c6:db:9c:ed:62:a9:9f:f7:1e:1e:a8:f7:45:
- 5c:f8:18:72:14:3d:5c:58
------BEGIN CERTIFICATE-----
-MIIFXTCCA0WgAwIBAgIJAOZN/YDe5V4gMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQwHhcNMTgwMTE1MTMwNDMzWhcNMTgwMjE0MTMwNDMzWjBF
-MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEA0/c5ucT2+/+/l/s4QvNI2kv6xmKSJ0R8jHKmEajm0xvVwmjXvi6RyMZn
-0Xj5EORzD/FDw/La8ziefk6vqr9A1m4ohg/zXre4CVKpAyi0+GQ70ikKn0zrbzWK
-7MlPFCBzM22kjxj6Rv1PCD5C8M5pRbbKuwqCf0z5xCjIKCzIpWzpHOzpB4T6YjUT
-EfDGsy9GgtfLfCNx5YstETLKTB3FF1c3HI92FX4s1bN5bM3HthHdZFITJGl/reij
-9tVgBha9uI3gSqvTKuPhQcv6C3JNCfadjp6GeuqHH39JH0CTraWwZDPkOqZdlCM+
-nyoK5pffttwb6zvQi6szDeJ4g8TK953ZmtwzVAy/X0g1scPftg/ytFuww4butMZf
-iuSM+INES/vaPwZMc46iSPtOYFjXhE1eeEPbLj4dxRZjsdZEwGyrNWbepSfxJUhD
-6al1Qqz0PUzwfoQO22BBYSbKsW/pnrGUni5MQoVjnxR5xCd495BESShIfdEBM5CK
-kSvk8rAQua/k5BCgrXG833XVRS8ED/Bl5R/fGOGWNLrAhDt82f+GjdIupEvmQg6C
-XzbNbt30xrpIUSEnACamLWthDaVDpcqCDaU/+7EE0g9BNUk1O26dreAtgRi7jdMY
-ZMUBeRYtHxN1GtZ9p7r99BVbiwMZJRp+SZBpBw1oskYbXrofohMCAwEAAaNQME4w
-HQYDVR0OBBYEFGy1ZkZNzoqw338teqPGawg3nVNbMB8GA1UdIwQYMBaAFGy1ZkZN
-zoqw338teqPGawg3nVNbMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
-ABhsKKfALfoUCm+Ec+07phAEbYiv3IPCi3yjmWnzNbgmPPPFfC/IAPGD5B5C56wM
-TV4eIrWnmzLmSopjKFA6aIA409jFgpKVpzCobrrYRyztcBa5qaonmQhl5y0ke9bo
-D35ruYhAPBihICl1hRVe19cSLIe6F3wR9WlAZJYN5ivYW510o3s/qhX9fbb9VCO8
-r2JAEcnV1RzHgJ37QuqpFcziokNVbZrLlQ7IEToa4RUlla3onACvBCxlsF5ec8OE
-impG3BLF3C+VDBdw8WvYZWjyoBq0Fr7AmWTkKooLPhlLlzuGdcPLP5C2wTl+aUWZ
-VynvaD1I/QYDqod6KwHFjYnW9bi1YcEDVDrEoz5ZpYZP7oySVZNaN7E9jx8FzL1f
-D8+rcAsUMTB0Ec6gMowQ8DhUkniI3cp2Y/OrIq/FfJMvuSFCFqFgVPY5KOX/hKwp
-Q05a7tPy+jDTeQWijbZvmtawuB7WUG0DWS9VhiGZyNjZ1iRGLhtEn6ILjWpEuwGW
-i5msbO1MyBLomlzrHywPtx1MtT/oYAyDov3D0gLjP3FyOJ0O4zTKfRnGoaylXhPq
-19SB1V4SKyMYwXp5yQFBDAdZMrlm666fTwB6lWZp0mrT+wUdYQHGB1p2hTfHVA1e
-v0cxM9DdUu4ejGFWxtuc7WKpn/ceHqj3RVz4GHIUPVxY
------END CERTIFICATE-----
-)
+ rsa_key = OpenSSL::PKey::RSA.new(2048)
+ cert = OpenSSL::X509::Certificate.new
+ cert.version = 2
+ cert.subject = OpenSSL::X509::Name.parse "/CN=hostname"
+ cert.issuer = cert.subject
+ cert.public_key = rsa_key.public_key
+ cert.not_before = Time.now.utc
+ cert.not_after = cert.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity
+ cert.sign(rsa_key, OpenSSL::Digest::SHA1.new)
+ certificate { cert.to_pem }
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/factories/dex_connectors_ldap_factory.rb new/velum-master/spec/factories/dex_connectors_ldap_factory.rb
--- old/velum-master/spec/factories/dex_connectors_ldap_factory.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/spec/factories/dex_connectors_ldap_factory.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,46 @@
+FactoryGirl.define do
+ factory :dex_connector_ldap, class: DexConnectorLdap do
+ sequence(:name) { |n| "LDAP Server #{n}" }
+ sequence(:host) { |n| "ldap_host_#{n}.com" }
+
+ # default to TLS
+ port 636
+ start_tls false
+
+ trait :tls do
+ port 636
+ start_tls false
+ end
+
+ trait :starttls do
+ port 389
+ start_tls true
+ end
+
+ # default to anon_admin
+ bind_anon true
+
+ trait :anon_admin do
+ bind_anon true
+ end
+
+ trait :regular_admin do
+ bind_anon false
+ bind_dn { "cn=admin,dc=#{host.chomp(".com")},dc=com" }
+ bind_pw nil
+ end
+
+ username_prompt "Username"
+ user_base_dn { "cn=users,dc=#{host.chomp(".com")},dc=com" }
+ user_filter "(objectClass=person)"
+ user_attr_username "uid"
+ user_attr_id "uid"
+ user_attr_email "mail"
+ user_attr_name "name"
+ group_base_dn { "cn=groups,dc=#{host.chomp(".com")},dc=com" }
+ group_filter "(objectClass=group)"
+ group_attr_user "uid"
+ group_attr_group "member"
+ group_attr_name "name"
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/features/settings/mirrors_feature_spec.rb new/velum-master/spec/features/settings/mirrors_feature_spec.rb
--- old/velum-master/spec/features/settings/mirrors_feature_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/features/settings/mirrors_feature_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -8,6 +8,7 @@
let!(:mirror) { create(:registry_mirror, registry: registry) }
let!(:mirror2) { create(:registry_mirror, registry: registry) }
let!(:mirror3) { create(:registry_mirror, registry: registry2) }
+ let(:admin_cert_text) { file_fixture("admin.crt").read.strip }
before do
setup_done
@@ -75,11 +76,11 @@
select registry.name
fill_in "Name", with: "Mirror"
fill_in "URL", with: "https://google.com"
- fill_in "Certificate", with: "Certificate"
+ fill_in "Certificate", with: admin_cert_text
click_button("Save")
last_mirror = RegistryMirror.last
- expect(page).to have_content("Certificate")
+ expect(page).to have_content(admin_cert_text)
expect(page).to have_content("Mirror was successfully created.")
expect(page).to have_current_path(settings_registry_mirror_path(last_mirror))
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/features/settings/registries_feature_spec.rb new/velum-master/spec/features/settings/registries_feature_spec.rb
--- old/velum-master/spec/features/settings/registries_feature_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/features/settings/registries_feature_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -8,6 +8,7 @@
let!(:registry3) { create(:registry) }
let!(:mirror) { create(:registry_mirror, registry: registry) }
let!(:mirror2) { create(:registry_mirror, registry: registry) }
+ let(:admin_cert_text) { file_fixture("admin.crt").read.strip }
before do
setup_done
@@ -73,11 +74,11 @@
it "allows an user to create a registry (w/ certificate)" do
fill_in "Name", with: "Registry"
fill_in "URL", with: "https://google.com"
- fill_in "Certificate", with: "Certificate"
+ fill_in "Certificate", with: admin_cert_text
click_button("Save")
last_registry = Registry.last
- expect(page).to have_content("Certificate")
+ expect(page).to have_content(admin_cert_text)
expect(page).to have_content("Registry was successfully created.")
expect(page).to have_current_path(settings_registry_path(last_registry))
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/models/certificate_spec.rb new/velum-master/spec/models/certificate_spec.rb
--- old/velum-master/spec/models/certificate_spec.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/models/certificate_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -1,6 +1,25 @@
require "rails_helper"
-describe Certificate do
+RSpec.describe Certificate do
it { is_expected.to have_many(:certificate_services) }
it { is_expected.to validate_presence_of(:certificate) }
+
+ context "when a certificate was passed" do
+ it "accepts a PEM formatted certificate" do
+ x509_cert = OpenSSL::X509::Certificate.new(create(:certificate).certificate)
+ cert = described_class.new(certificate: x509_cert.to_pem)
+ expect(cert.valid?).to eq(true)
+ end
+
+ it "accepts a PER formatted certificate" do
+ x509_cert = OpenSSL::X509::Certificate.new(create(:certificate).certificate)
+ cert = described_class.new(certificate: x509_cert.to_der)
+ expect(cert.valid?).to eq(true)
+ end
+
+ it "errors when the text is not a X509 certificate" do
+ cert = described_class.new(certificate: "No certificate")
+ expect(cert.valid?).to eq(false)
+ end
+ end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/models/dex_connector_ldap_spec.rb new/velum-master/spec/models/dex_connector_ldap_spec.rb
--- old/velum-master/spec/models/dex_connector_ldap_spec.rb 1970-01-01 01:00:00.000000000 +0100
+++ new/velum-master/spec/models/dex_connector_ldap_spec.rb 2018-07-06 19:07:10.000000000 +0200
@@ -0,0 +1,21 @@
+require "rails_helper"
+
+describe DexConnectorLdap, type: :model do
+ describe "#configure_dex_ldap_connector" do
+ let(:dex_connector_ldap) { create(:dex_connector_ldap) }
+ let(:certificate) { create(:certificate) }
+
+ before do
+ CertificateService.create(service: dex_connector_ldap, certificate: certificate)
+ end
+
+ after do
+ CertificateService.destroy_all
+ end
+
+ it "creates a valid looking certificate" do
+ expect(Certificate.find_by(certificate: certificate.certificate).certificate)
+ .to include("BEGIN CERTIFICATE")
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/rails_helper.rb new/velum-master/spec/rails_helper.rb
--- old/velum-master/spec/rails_helper.rb 2018-07-02 11:17:08.000000000 +0200
+++ new/velum-master/spec/rails_helper.rb 2018-07-06 19:07:10.000000000 +0200
@@ -17,6 +17,7 @@
RSpec.configure do |config|
# If we want Capybara + DatabaseCleaner + Poltergeist to work correctly, we
# have to just set this to false.
+ config.fixture_path = File.expand_path("../fixtures/", __FILE__)
config.use_transactional_fixtures = false
config.include JsonSpecHelper, type: :controller
@@ -25,3 +26,16 @@
config.include FactoryGirl::Syntax::Methods
config.infer_base_class_for_anonymous_controllers = true
end
+
+# Backport of Rails5 file fixture
+def file_fixture(fixture_name)
+ file_fixture_path = RSpec.configuration.fixture_path
+ path = Pathname.new(File.join(file_fixture_path, fixture_name))
+
+ if path.exist?
+ path
+ else
+ msg = "the directory '#{file_fixture_path}' does not contain a file named '#{fixture_name}'"
+ raise ArgumentError, msg
+ end
+end