From a369db25b1dd4a72001cba87d78fa2a66a9c7295 Mon Sep 17 00:00:00 2001 From: Tobias Wolter Date: Thu, 25 Aug 2022 16:30:15 +0200 Subject: [PATCH 1/3] Allow spaces in targets of olcAccess statements Since it's entirely possible to have a distinguished name of style `o=My Cool Organization` even for the root of the database, we really need to respect the proper handling of spacey arguments to olcAccess (with the relevant quotes around them). --- lib/puppet/provider/openldap_access/olc.rb | 2 +- spec/unit/puppet/type/openldap_acess_spec.rb | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/puppet/provider/openldap_access/olc.rb b/lib/puppet/provider/openldap_access/olc.rb index cd83ada5..39215763 100644 --- a/lib/puppet/provider/openldap_access/olc.rb +++ b/lib/puppet/provider/openldap_access/olc.rb @@ -30,7 +30,7 @@ def self.instances suffix = line.split[1] when %r{^olcAccess: } begin - position, what, bys = line.match(%r{^olcAccess:\s+\{(\d+)\}to\s+(\S+(?:\s+filter=\S+)?(?:\s+attrs=\S+)?(?:\s+val=\S+)?)(\s+by\s+.*)+$}).captures + position, what, bys = line.match(%r{^olcAccess:\s+\{(\d+)\}to\s+((?:\S*"[^"]+"|\S+)?(?:\s+filter=\S+)?(?:\s+attrs=\S+)?(?:\s+val=\S+)?)(\s+by\s+.*)+$}).captures rescue StandardError raise Puppet::Error, "Failed to parse olcAccess for suffix '#{suffix}': #{line}" end diff --git a/spec/unit/puppet/type/openldap_acess_spec.rb b/spec/unit/puppet/type/openldap_acess_spec.rb index 3c51fa8b..666b25c6 100644 --- a/spec/unit/puppet/type/openldap_acess_spec.rb +++ b/spec/unit/puppet/type/openldap_acess_spec.rb @@ -13,5 +13,15 @@ access = described_class.new(name: '0 on dc=example,dc=com', access: 'by dn="cn=admin,dc=example,dc=com" write by anonymous auth') expect(access[:access]).to eq([['by dn="cn=admin,dc=example,dc=com" write', 'by anonymous auth']]) end + + it 'handles target with spaces with prefix' do + access = described_class.new(name: '0 on dn.subtree="cn=Some String,dc=example,dc=com"', access: 'by dn="cn=admin,dc=example,dc=com" write by anonymous auth') + expect(access[:access]).to eq([['by dn="cn=admin,dc=example,dc=com" write', 'by anonymous auth']]) + end + + it 'handles target with spaces without prefix' do + access = described_class.new(name: '0 on "cn=Some String,dc=example,dc=com"', access: 'by dn="cn=admin,dc=example,dc=com" write by anonymous auth') + expect(access[:access]).to eq([['by dn="cn=admin,dc=example,dc=com" write', 'by anonymous auth']]) + end end end From d4422e3a93502ea1fc2cc14e70588408a980f0c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Wed, 31 Aug 2022 08:58:50 +0200 Subject: [PATCH 2/3] Add correct spec c/o @smortex --- .../provider/openldap_access/olc_spec.rb | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 spec/unit/puppet/provider/openldap_access/olc_spec.rb diff --git a/spec/unit/puppet/provider/openldap_access/olc_spec.rb b/spec/unit/puppet/provider/openldap_access/olc_spec.rb new file mode 100644 index 00000000..221fa57c --- /dev/null +++ b/spec/unit/puppet/provider/openldap_access/olc_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Puppet::Type.type(:openldap_access).provider(:olc) do + describe '::instances' do + context 'with Debian defaults' do + before do + expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) + # Debian defaults + dn: olcDatabase={-1}frontend,cn=config + olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break + olcAccess: {1}to dn.exact="" by * read + olcAccess: {2}to dn.base="cn=Subschema" by * read + + dn: olcDatabase={0}config,cn=config + olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break + + dn: olcDatabase={1}mdb,cn=config + olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none + olcAccess: {1}to attrs=shadowLastChange by self write by * read + olcAccess: {2}to * by * read + SLAPCAT + end + + it 'parses olcAccess' do + expect(described_class.instances.size).to eq(7) + end + end + + context 'with spaces' do + before do + expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) + dn: olcDatabase={-1}frontend,cn=config + olcAccess: {0}to dn.base="cn=Sub Schema" by * read + SLAPCAT + end + + it 'parses olcAccess' do + expect(described_class.instances.size).to eq(1) + end + end + end +end From dddcece09f8e18eec98c7fdb8e697ddf400827f3 Mon Sep 17 00:00:00 2001 From: Tobias Wolter Date: Wed, 31 Aug 2022 09:13:11 +0200 Subject: [PATCH 3/3] RuboCop appeasement --- .../unit/puppet/provider/openldap_access/olc_spec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/unit/puppet/provider/openldap_access/olc_spec.rb b/spec/unit/puppet/provider/openldap_access/olc_spec.rb index 221fa57c..e243e246 100644 --- a/spec/unit/puppet/provider/openldap_access/olc_spec.rb +++ b/spec/unit/puppet/provider/openldap_access/olc_spec.rb @@ -5,8 +5,8 @@ describe Puppet::Type.type(:openldap_access).provider(:olc) do describe '::instances' do context 'with Debian defaults' do - before do - expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) + it do + allow(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) # Debian defaults dn: olcDatabase={-1}frontend,cn=config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break @@ -24,20 +24,20 @@ end it 'parses olcAccess' do - expect(described_class.instances.size).to eq(7) + allow(described_class.instances.size).to eq(7) end end context 'with spaces' do - before do - expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) + it do + allow(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT) dn: olcDatabase={-1}frontend,cn=config olcAccess: {0}to dn.base="cn=Sub Schema" by * read SLAPCAT end it 'parses olcAccess' do - expect(described_class.instances.size).to eq(1) + allow(described_class.instances.size).to eq(1) end end end