add test for krb5
This commit is contained in:
parent
12a83ce4c0
commit
2273ffa241
|
@ -0,0 +1,43 @@
|
||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
from subprocess import DEVNULL
|
||||||
|
import tempfile
|
||||||
|
|
||||||
|
import ldap3
|
||||||
|
|
||||||
|
from ceo_common.krb5.utils import get_fwd_tgt, store_fwd_tgt_creds
|
||||||
|
|
||||||
|
|
||||||
|
def test_fwd_tgt(cfg):
|
||||||
|
realm = cfg.get('ldap_sasl_realm')
|
||||||
|
ldap_server = cfg.get('ldap_server_url')
|
||||||
|
old_krb5ccname = os.environ['KRB5CCNAME']
|
||||||
|
f1 = tempfile.NamedTemporaryFile()
|
||||||
|
d2 = tempfile.TemporaryDirectory()
|
||||||
|
|
||||||
|
try:
|
||||||
|
subprocess.run(
|
||||||
|
['kinit', '-c', 'FILE:' + f1.name, 'regular1'],
|
||||||
|
text=True, input='krb5', check=True, stdout=DEVNULL)
|
||||||
|
subprocess.run(
|
||||||
|
['kinit', '-c', 'DIR:' + d2.name, 'ctdalek'],
|
||||||
|
text=True, input='krb5', check=True, stdout=DEVNULL)
|
||||||
|
os.environ['KRB5CCNAME'] = 'FILE:' + f1.name
|
||||||
|
b = get_fwd_tgt('phosphoric-acid')
|
||||||
|
os.environ['KRB5CCNAME'] = 'DIR:' + d2.name
|
||||||
|
# make sure that we can import the creds from regular1 into the
|
||||||
|
# cache collection
|
||||||
|
with store_fwd_tgt_creds(b) as name:
|
||||||
|
assert name == 'regular1@' + realm
|
||||||
|
|
||||||
|
kwargs = {
|
||||||
|
'server': ldap_server, 'auto_bind': True,
|
||||||
|
'authentication': ldap3.SASL, 'sasl_mechanism': ldap3.KERBEROS,
|
||||||
|
}
|
||||||
|
conn = ldap3.Connection(**kwargs, user='regular1')
|
||||||
|
assert conn.extend.standard.who_am_i().startswith('dn:uid=regular1,')
|
||||||
|
conn.unbind()
|
||||||
|
finally:
|
||||||
|
os.environ['KRB5CCNAME'] = old_krb5ccname
|
||||||
|
f1.close()
|
||||||
|
d2.cleanup()
|
Loading…
Reference in New Issue