add test for krb5

tests/ceo_common/krb5/test_krb5.py

@@ -0,0 +1,43 @@
+import os
+import subprocess
+from subprocess import DEVNULL
+import tempfile
+
+import ldap3
+
+from ceo_common.krb5.utils import get_fwd_tgt, store_fwd_tgt_creds
+
+
+def test_fwd_tgt(cfg):
+    realm = cfg.get('ldap_sasl_realm')
+    ldap_server = cfg.get('ldap_server_url')
+    old_krb5ccname = os.environ['KRB5CCNAME']
+    f1 = tempfile.NamedTemporaryFile()
+    d2 = tempfile.TemporaryDirectory()
+
+    try:
+        subprocess.run(
+            ['kinit', '-c', 'FILE:' + f1.name, 'regular1'],
+            text=True, input='krb5', check=True, stdout=DEVNULL)
+        subprocess.run(
+            ['kinit', '-c', 'DIR:' + d2.name, 'ctdalek'],
+            text=True, input='krb5', check=True, stdout=DEVNULL)
+        os.environ['KRB5CCNAME'] = 'FILE:' + f1.name
+        b = get_fwd_tgt('phosphoric-acid')
+        os.environ['KRB5CCNAME'] = 'DIR:' + d2.name
+        # make sure that we can import the creds from regular1 into the
+        # cache collection
+        with store_fwd_tgt_creds(b) as name:
+            assert name == 'regular1@' + realm
+
+            kwargs = {
+                'server': ldap_server, 'auto_bind': True,
+                'authentication': ldap3.SASL, 'sasl_mechanism': ldap3.KERBEROS,
+            }
+            conn = ldap3.Connection(**kwargs, user='regular1')
+            assert conn.extend.standard.who_am_i().startswith('dn:uid=regular1,')
+            conn.unbind()
+    finally:
+        os.environ['KRB5CCNAME'] = old_krb5ccname
+        f1.close()
+        d2.cleanup()