IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-15 01:53:33 -06:00
Code Issues Packages Projects Releases Wiki Activity
d4cfbd9fd3
grafana/pkg/services/ldap/api/service_test.go

668 lines
19 KiB
Go
Raw Normal View History

LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
package api
import (
Tracing: Use common traceID context value for opentracing and opentelemetry (#46411) * use common traceID context value for opentracing and opentelemetry * support sampled trace IDs as well * inject traceID into NormalResponse on errors * Finally the test passed * fix the test * fix linter * change the function parameter Co-authored-by: Ying WANG <ying.wang@grafana.com>
2022-04-14 10:54:49 -05:00
"encoding/json"
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
"errors"
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
"io"
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
"net/http"
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
"os"
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
"testing"
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
Chore: Moves common and response into separate packages (#30298) * Chore: moves common and response into separate packages * Chore: moves common and response into separate packages * Update pkg/api/utils/common.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: changes after PR comments * Chore: move wrap to routing package * Chore: move functions in common to response package * Chore: move functions in common to response package * Chore: formats imports Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-01-15 07:43:20 -06:00
"github.com/grafana/grafana/pkg/api/routing"
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
"github.com/grafana/grafana/pkg/services/accesscontrol"
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
"github.com/grafana/grafana/pkg/services/accesscontrol/acimpl"
Auth: Refactor auth package (#58920) * Auth: move interface to its own file * Auth: move to test package * Auth: move quota consts to auth file * Auth: move service to impl package * Auth: move interfaces and related models to auth package * Auth: Create sub package and type alias to avoid circular dependency
2022-11-18 02:56:06 -06:00
"github.com/grafana/grafana/pkg/services/auth/authtest"
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
"github.com/grafana/grafana/pkg/services/ldap"
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
"github.com/grafana/grafana/pkg/services/ldap/multildap"
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
"github.com/grafana/grafana/pkg/services/ldap/service"
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-27 12:36:54 -06:00
"github.com/grafana/grafana/pkg/services/login"
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
"github.com/grafana/grafana/pkg/services/login/logintest"
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
"github.com/grafana/grafana/pkg/services/org"
Chore: Move SearchOrgs to org service (#55416) * Chore: Move SearchOrgs to org service * Fix lint * Fix lint 2
2022-09-20 02:55:40 -05:00
"github.com/grafana/grafana/pkg/services/org/orgtest"
SupportBundles: Add LDAP bundle collector (#63128) * fix non-cfg fields used in ldap * fix non-cfg fields * add ldap support bundle * add note on match * add censoring and docs
2023-02-09 09:31:31 -06:00
"github.com/grafana/grafana/pkg/services/supportbundles/supportbundlestest"
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
"github.com/grafana/grafana/pkg/services/user"
"github.com/grafana/grafana/pkg/services/user/usertest"
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
"github.com/grafana/grafana/pkg/setting"
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
"github.com/grafana/grafana/pkg/web/webtest"
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
)
type LDAPMock struct {
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
Results []*login.ExternalUserInfo
UserSearchResult *login.ExternalUserInfo
UserSearchConfig ldap.ServerConfig
UserSearchError error
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
var pingResult []*multildap.ServerStatus
var pingError error
func (m *LDAPMock) Ping() ([]*multildap.ServerStatus, error) {
return pingResult, pingError
}
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-27 12:36:54 -06:00
func (m *LDAPMock) Login(query *login.LoginUserQuery) (*login.ExternalUserInfo, error) {
return &login.ExternalUserInfo{}, nil
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-27 12:36:54 -06:00
func (m *LDAPMock) Users(logins []string) ([]*login.ExternalUserInfo, error) {
s := []*login.ExternalUserInfo{}
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
return s, nil
}
chore: move user_auth models to (mostly) login service (#62269) * chore: move user_auth models to (mostly) login service
2023-01-27 12:36:54 -06:00
func (m *LDAPMock) User(login string) (*login.ExternalUserInfo, ldap.ServerConfig, error) {
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
return m.UserSearchResult, m.UserSearchConfig, m.UserSearchError
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
func setupAPITest(t *testing.T, opts ...func(a *Service)) (*Service, *webtest.Server) {
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
t.Helper()
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
router := routing.NewRouteRegister()
cfg := setting.NewCfg()
SupportBundles: Add LDAP bundle collector (#63128) * fix non-cfg fields used in ldap * fix non-cfg fields * add ldap support bundle * add note on match * add censoring and docs
2023-02-09 09:31:31 -06:00
cfg.LDAPEnabled = true
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
a := ProvideService(cfg,
router,
acimpl.ProvideAccessControl(cfg),
usertest.NewUserServiceFake(),
&logintest.AuthInfoServiceFake{},
ldap.ProvideGroupsService(),
&logintest.LoginServiceFake{},
&orgtest.FakeOrgService{},
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
service.NewLDAPFakeService(),
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
authtest.NewFakeUserAuthTokenService(),
SupportBundles: Add LDAP bundle collector (#63128) * fix non-cfg fields used in ldap * fix non-cfg fields * add ldap support bundle * add note on match * add censoring and docs
2023-02-09 09:31:31 -06:00
supportbundlestest.NewFakeBundleService(),
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
)
for _, o := range opts {
o(a)
}
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
server := webtest.NewServer(t, router)
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
return a, server
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 02:52:38 -06:00
func TestGetUserFromLDAPAPIEndpoint_UserNotFound(t *testing.T) {
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.orgService = &orgtest.FakeOrgService{
ExpectedOrgs: []*org.OrgDTO{},
}
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{
UserSearchResult: nil,
},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
req := server.NewGetRequest("/api/admin/ldap/user-that-does-not-exist")
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:read": {"*"}}},
})
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, "{\"message\":\"No user was found in the LDAP server(s) with that username\"}", string(bodyBytes))
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 02:52:38 -06:00
func TestGetUserFromLDAPAPIEndpoint_OrgNotfound(t *testing.T) {
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
isAdmin := true
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchResult := &login.ExternalUserInfo{
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
Name: "John Doe",
Email: "john.doe@example.com",
Login: "johndoe",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
Groups: []string{"cn=admins,ou=groups,dc=grafana,dc=org"},
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRoles: map[int64]org.RoleType{1: org.RoleAdmin, 2: org.RoleViewer},
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
IsGrafanaAdmin: &isAdmin,
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchConfig := ldap.ServerConfig{
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
Attr: ldap.AttributeMap{
Name: "ldap-name",
Surname: "ldap-surname",
Email: "ldap-email",
Username: "ldap-username",
},
Groups: []*ldap.GroupToOrgRole{
{
GroupDN: "cn=admins,ou=groups,dc=grafana,dc=org",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
OrgId: 1,
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRole: org.RoleAdmin,
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
},
{
LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * LDAP Debug: No longer shows incorrectly matching groups based on role Org Role was used as a shortcut to figure out what groups were matching and which weren't. That lead to too all groups matching a specific role to show up for a user if that user got that role. * LDAP Debug: Fixes ordering of matches The order of groups in the ldap.toml file is important, only the first match for an organisation will be used. This means we have to iterate based on the config and stop matching when a match is found. We might want to think about showing further matches as potential matches that are shadowed by the first match. That would possibly make it easier to understand why one match is used instead of another one. * LDAP Debug: never display more than one match for the same LDAP group/mapping. * LDAP Debug: show all matches, even if they aren't used * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com> * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com>
2019-11-01 09:42:22 -05:00
GroupDN: "cn=admins,ou=groups,dc=grafana,dc=org",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
OrgId: 2,
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRole: org.RoleViewer,
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
},
},
}
Chore: Move SearchOrgs to org service (#55416) * Chore: Move SearchOrgs to org service * Fix lint * Fix lint 2
2022-09-20 02:55:40 -05:00
mockOrgSearchResult := []*org.OrgDTO{
{ID: 1, Name: "Main Org."},
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.orgService = &orgtest.FakeOrgService{
ExpectedOrgs: mockOrgSearchResult,
}
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{
UserSearchResult: userSearchResult,
UserSearchConfig: userSearchConfig,
},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
req := server.NewGetRequest("/api/admin/ldap/johndoe")
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:read": {"*"}}},
})
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, http.StatusBadRequest, res.StatusCode)
bodyBytes, _ := io.ReadAll(res.Body)
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
var resMap map[string]interface{}
err = json.Unmarshal(bodyBytes, &resMap)
Tracing: Use common traceID context value for opentracing and opentelemetry (#46411) * use common traceID context value for opentracing and opentelemetry * support sampled trace IDs as well * inject traceID into NormalResponse on errors * Finally the test passed * fix the test * fix linter * change the function parameter Co-authored-by: Ying WANG <ying.wang@grafana.com>
2022-04-14 10:54:49 -05:00
assert.NoError(t, err)
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, "unable to find organization with ID '2'", resMap["error"])
assert.Equal(t, "An organization was not found - Please verify your LDAP configuration", resMap["message"])
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 02:52:38 -06:00
func TestGetUserFromLDAPAPIEndpoint(t *testing.T) {
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
isAdmin := true
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchResult := &login.ExternalUserInfo{
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
Name: "John Doe",
Email: "john.doe@example.com",
Login: "johndoe",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
Groups: []string{"cn=admins,ou=groups,dc=grafana,dc=org", "another-group-not-matched"},
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRoles: map[int64]org.RoleType{1: org.RoleAdmin},
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
IsGrafanaAdmin: &isAdmin,
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchConfig := ldap.ServerConfig{
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
Attr: ldap.AttributeMap{
Name: "ldap-name",
Surname: "ldap-surname",
Email: "ldap-email",
Username: "ldap-username",
},
Groups: []*ldap.GroupToOrgRole{
{
GroupDN: "cn=admins,ou=groups,dc=grafana,dc=org",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
OrgId: 1,
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRole: org.RoleAdmin,
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
},
LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * LDAP Debug: No longer shows incorrectly matching groups based on role Org Role was used as a shortcut to figure out what groups were matching and which weren't. That lead to too all groups matching a specific role to show up for a user if that user got that role. * LDAP Debug: Fixes ordering of matches The order of groups in the ldap.toml file is important, only the first match for an organisation will be used. This means we have to iterate based on the config and stop matching when a match is found. We might want to think about showing further matches as potential matches that are shadowed by the first match. That would possibly make it easier to understand why one match is used instead of another one. * LDAP Debug: never display more than one match for the same LDAP group/mapping. * LDAP Debug: show all matches, even if they aren't used * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com> * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com>
2019-11-01 09:42:22 -05:00
{
GroupDN: "cn=admins2,ou=groups,dc=grafana,dc=org",
OrgId: 1,
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRole: org.RoleAdmin,
LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * LDAP Debug: No longer shows incorrectly matching groups based on role Org Role was used as a shortcut to figure out what groups were matching and which weren't. That lead to too all groups matching a specific role to show up for a user if that user got that role. * LDAP Debug: Fixes ordering of matches The order of groups in the ldap.toml file is important, only the first match for an organisation will be used. This means we have to iterate based on the config and stop matching when a match is found. We might want to think about showing further matches as potential matches that are shadowed by the first match. That would possibly make it easier to understand why one match is used instead of another one. * LDAP Debug: never display more than one match for the same LDAP group/mapping. * LDAP Debug: show all matches, even if they aren't used * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com> * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com>
2019-11-01 09:42:22 -05:00
},
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
},
}
Chore: Move SearchOrgs to org service (#55416) * Chore: Move SearchOrgs to org service * Fix lint * Fix lint 2
2022-09-20 02:55:40 -05:00
mockOrgSearchResult := []*org.OrgDTO{
{ID: 1, Name: "Main Org."},
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.orgService = &orgtest.FakeOrgService{
ExpectedOrgs: mockOrgSearchResult,
}
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{
UserSearchResult: userSearchResult,
UserSearchConfig: userSearchConfig,
},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
req := server.NewGetRequest("/api/admin/ldap/johndoe")
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:read": {"*"}}},
})
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
expected := `
{
"name": {
"cfgAttrValue": "ldap-name", "ldapValue": "John"
},
"surname": {
"cfgAttrValue": "ldap-surname", "ldapValue": "Doe"
},
"email": {
"cfgAttrValue": "ldap-email", "ldapValue": "john.doe@example.com"
},
"login": {
"cfgAttrValue": "ldap-username", "ldapValue": "johndoe"
},
"isGrafanaAdmin": true,
"isDisabled": false,
"roles": [
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
{ "orgId": 1, "orgRole": "Admin", "orgName": "Main Org.", "groupDN": "cn=admins,ou=groups,dc=grafana,dc=org" },
{ "orgId": 0, "orgRole": "", "orgName": "", "groupDN": "another-group-not-matched" }
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
],
"teams": null
}
`
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
}
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 02:52:38 -06:00
func TestGetUserFromLDAPAPIEndpoint_WithTeamHandler(t *testing.T) {
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
isAdmin := true
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchResult := &login.ExternalUserInfo{
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
Name: "John Doe",
Email: "john.doe@example.com",
Login: "johndoe",
LDAP Debug: No longer shows incorrectly matching groups based on role (#20018) * LDAP Debug: No longer shows incorrectly matching groups based on role Org Role was used as a shortcut to figure out what groups were matching and which weren't. That lead to too all groups matching a specific role to show up for a user if that user got that role. * LDAP Debug: Fixes ordering of matches The order of groups in the ldap.toml file is important, only the first match for an organisation will be used. This means we have to iterate based on the config and stop matching when a match is found. We might want to think about showing further matches as potential matches that are shadowed by the first match. That would possibly make it easier to understand why one match is used instead of another one. * LDAP Debug: never display more than one match for the same LDAP group/mapping. * LDAP Debug: show all matches, even if they aren't used * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com> * Update public/app/features/admin/ldap/LdapUserGroups.tsx Co-Authored-By: gotjosh <josue.abreu@gmail.com>
2019-11-01 09:42:22 -05:00
Groups: []string{"cn=admins,ou=groups,dc=grafana,dc=org"},
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRoles: map[int64]org.RoleType{1: org.RoleAdmin},
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
IsGrafanaAdmin: &isAdmin,
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
userSearchConfig := ldap.ServerConfig{
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
Attr: ldap.AttributeMap{
Name: "ldap-name",
Surname: "ldap-surname",
Email: "ldap-email",
Username: "ldap-username",
},
Groups: []*ldap.GroupToOrgRole{
{
GroupDN: "cn=admins,ou=groups,dc=grafana,dc=org",
LDAP: Show non-matched groups returned from LDAP (#19208) * LDAP: Show all LDAP groups * Use the returned LDAP groups as the reference when debugging LDAP We need to use the LDAP groups returned as the main reference for assuming what we were able to match and what wasn't. Before, we were using the configured groups in LDAP TOML configuration file. * s/User name/Username * Add a title to for the LDAP mapping results * LDAP: UI Updates to debug view * LDAP: Make it explicit when we weren't able to match teams
2019-09-19 10:13:38 -05:00
OrgId: 1,
Move SignedInUser to user service and RoleType and Roles to org (#53445) * Move SignedInUser to user service and RoleType and Roles to org * Use go naming convention for roles * Fix some imports and leftovers * Fix ldap debug test * Fix lint * Fix lint 2 * Fix lint 3 * Fix type and not needed conversion * Clean up messages in api tests * Clean up api tests 2
2022-08-10 04:56:48 -05:00
OrgRole: org.RoleAdmin,
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
},
},
}
Chore: Move SearchOrgs to org service (#55416) * Chore: Move SearchOrgs to org service * Fix lint * Fix lint 2
2022-09-20 02:55:40 -05:00
mockOrgSearchResult := []*org.OrgDTO{
{ID: 1, Name: "Main Org."},
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.orgService = &orgtest.FakeOrgService{
ExpectedOrgs: mockOrgSearchResult,
}
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{
UserSearchResult: userSearchResult,
UserSearchConfig: userSearchConfig,
},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
req := server.NewGetRequest("/api/admin/ldap/johndoe")
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:read": {"*"}}},
})
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
expected := `
{
"name": {
"cfgAttrValue": "ldap-name", "ldapValue": "John"
},
"surname": {
"cfgAttrValue": "ldap-surname", "ldapValue": "Doe"
},
"email": {
"cfgAttrValue": "ldap-email", "ldapValue": "john.doe@example.com"
},
"login": {
"cfgAttrValue": "ldap-username", "ldapValue": "johndoe"
},
"isGrafanaAdmin": true,
"isDisabled": false,
"roles": [
{ "orgId": 1, "orgRole": "Admin", "orgName": "Main Org.", "groupDN": "cn=admins,ou=groups,dc=grafana,dc=org" }
],
LDAP: Use an interface instead of a bus to get group teams (#42165) * Remove bus for GetTeams for LDAP * Fix lint
2022-02-01 05:03:21 -06:00
"teams": null
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
}
`
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
LDAP: Fetch teams in debug view (#18951) Adds the definition of `GetTeamsForLDAPGroupCommand` which handles the lookup of team information based on LDAP groupDNs. This is an Enterprise only feature. To diferentiate,a response will contain the `team` key as `null` on OSS while on Enterprise the key will contain an empty array `[]` when no teams are found.
2019-09-08 05:48:47 -05:00
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
func TestGetLDAPStatusAPIEndpoint(t *testing.T) {
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
pingResult = []*multildap.ServerStatus{
{Host: "10.0.0.3", Port: 361, Available: true, Error: nil},
{Host: "10.0.0.3", Port: 362, Available: true, Error: nil},
{Host: "10.0.0.5", Port: 361, Available: false, Error: errors.New("something is awfully wrong")},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
req := server.NewGetRequest("/api/admin/ldap/status")
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.status:read": {}}},
})
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, http.StatusOK, res.StatusCode)
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
expected := `
[
{ "host": "10.0.0.3", "port": 361, "available": true, "error": "" },
{ "host": "10.0.0.3", "port": 362, "available": true, "error": "" },
{ "host": "10.0.0.5", "port": 361, "available": false, "error": "something is awfully wrong" }
]
`
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
}
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
func TestPostSyncUserWithLDAPAPIEndpoint_Success(t *testing.T) {
userServiceMock := usertest.NewUserServiceFake()
userServiceMock.ExpectedUser = &user.User{Login: "ldap-daniel", ID: 34}
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.userService = userServiceMock
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{UserSearchResult: &login.ExternalUserInfo{
Login: "ldap-daniel",
}},
ExpectedConfig: &ldap.Config{},
}
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
})
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
req := server.NewPostRequest("/api/admin/ldap/sync/34", nil)
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:sync": {}}},
})
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2020-11-13 02:52:38 -06:00
require.NoError(t, err)
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, http.StatusOK, res.StatusCode)
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
expected := `
{
"message": "User synced successfully"
}
`
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
func TestPostSyncUserWithLDAPAPIEndpoint_WhenUserNotFound(t *testing.T) {
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
userServiceMock := usertest.NewUserServiceFake()
userServiceMock.ExpectedError = user.ErrUserNotFound
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.userService = userServiceMock
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
req := server.NewPostRequest("/api/admin/ldap/sync/34", nil)
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:sync": {}}},
})
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
expected := `
{
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 06:07:06 -06:00
"message": "user not found"
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
`
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
func TestPostSyncUserWithLDAPAPIEndpoint_WhenGrafanaAdmin(t *testing.T) {
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
userServiceMock := usertest.NewUserServiceFake()
userServiceMock.ExpectedUser = &user.User{Login: "ldap-daniel", ID: 34}
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.userService = userServiceMock
a.cfg.AdminUser = "ldap-daniel"
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{UserSearchError: multildap.ErrDidNotFindUser},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
req := server.NewPostRequest("/api/admin/ldap/sync/34", nil)
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:sync": {}}},
})
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, http.StatusBadRequest, res.StatusCode)
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
var resMap map[string]interface{}
err = json.Unmarshal(bodyBytes, &resMap)
Tracing: Use common traceID context value for opentracing and opentelemetry (#46411) * use common traceID context value for opentracing and opentelemetry * support sampled trace IDs as well * inject traceID into NormalResponse on errors * Finally the test passed * fix the test * fix linter * change the function parameter Co-authored-by: Ying WANG <ying.wang@grafana.com>
2022-04-14 10:54:49 -05:00
assert.NoError(t, err)
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
assert.Equal(t, "did not find a user", resMap["error"])
assert.Equal(t, "Refusing to sync grafana super admin \"ldap-daniel\" - it would be disabled", resMap["message"])
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
func TestPostSyncUserWithLDAPAPIEndpoint_WhenUserNotInLDAP(t *testing.T) {
Chore: Split get user by ID (#52442) * Remove user from preferences, stars, orguser, team member * Fix lint * Add Delete user from org and dashboard acl * Delete user from user auth * Add DeleteUser to quota * Add test files and adjust user auth store * Rename package in wire for user auth * Import Quota Service interface in other services * do the same in tests * fix lint tests * Fix tests * Add some tests * Rename InsertUser and DeleteUser to InsertOrgUser and DeleteOrgUser * Rename DeleteUser to DeleteByUser in quota * changing a method name in few additional places * Fix in other places * Fix lint * Fix tests * Chore: Split Delete User method * Add fakes for userauth * Add mock for access control Delete User permossion, use interface * Use interface for ream guardian * Add simple fake for dashboard acl * Add go routines, clean up, use interfaces * fix lint * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Update pkg/services/user/userimpl/user_test.go Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Split get user by ID * Use new method in api * Add tests * Aplly emthod in auth info service * Fix lint and some tests * Fix get user by ID * Fix lint Remove unused fakes * Use split get user id in admin users * Use GetbyID in cli commands * Clean up after merge * Remove commented out code * Clena up imports * add back ) * Fix wire generation for runner after merge with main Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
2022-08-02 09:58:05 -05:00
userServiceMock := usertest.NewUserServiceFake()
userServiceMock.ExpectedUser = &user.User{Login: "ldap-daniel", ID: 34}
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.userService = userServiceMock
a.authInfoService = &logintest.AuthInfoServiceFake{ExpectedExternalUser: &login.ExternalUserInfo{IsDisabled: true, UserId: 34}}
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{UserSearchError: multildap.ErrDidNotFindUser},
ExpectedConfig: &ldap.Config{},
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
})
req := server.NewPostRequest("/api/admin/ldap/sync/34", nil)
webtest.RequestWithSignedInUser(req, &user.SignedInUser{
OrgID: 1,
Permissions: map[int64]map[string][]string{
1: {"ldap.user:sync": {}}},
})
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(req)
defer func() { require.NoError(t, res.Body.Close()) }()
require.NoError(t, err)
assert.Equal(t, http.StatusBadRequest, res.StatusCode)
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
expected := `
{
LDAP: Fixing sync issues (#19446) The arching goal of this commit is to enable single user synchronisation with LDAP. Also, it included minor fixes of style, error messages and minor bug fixing. The changes are: - bug: The `multildap` package has its own errors when the user is not found. We fixed the conditional branch on this error by asserting on the `multildap` errors as opposed to the `ldap` one - bug: The previous interface usage of `RevokeAllUserTokens` did not work as expected. This replaces the manual injection of the service by leveraging the service injected as part of the `server` struct. - chore: Better error messages around not finding the user in LDAP. - fix: Enable the single sync button and disable it when we receive an error from LDAP. Please note, that you can enable it by dispatching the error. This allows you to try again without having to reload the page. - fix: Move the sync info to the top, then move the sync button above that information and clearfix to have more harmony with the UI.
2019-11-07 07:31:44 -06:00
"message": "User not found in LDAP. Disabled the user without updating information"
LDAP: Allow an user to be synchronised against LDAP (#18976) * LDAP: Allow an user to be synchronised against LDAP This PR introduces the /ldap/sync/:id endpoint. It allows a user to be synchronized against LDAP on demand. A few things to note are: LDAP needs to be enabled for the sync to work It only works against users that originally authenticated against LDAP If the user is the Grafana admin and it needs to be disabled - it will not sync the information Includes a tiny refactor that favours the JSONEq assertion helper instead of manually parsing JSON strings.
2019-09-13 10:26:25 -05:00
}
`
LDAP: Add API endpoint to query the LDAP server(s) status (#18868) * LDAP: Add API endpoint to query the LDAP server(s) status| This endpoint returns the current status(es) of the configured LDAP server(s). The status of each server is verified by dialling and if no error is returned we assume the server is operational. This is the last piece I'll produce as an API before moving into #18759 and see the view come to life.
2019-09-04 09:29:14 -05:00
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.JSONEq(t, expected, string(bodyBytes))
LDAP: Add API endpoint to debug user mapping from LDAP (#18833) * Move the ReloadLDAPCfg function to the debug file Appears to be a better suite place for this. * LDAP: Return the server information when we find a specific user We allow you to specify multiple LDAP servers as part of LDAP authentication integration. As part of searching for specific users, we need to understand from which server they come from. Returning the server configuration as part of the search will help us do two things: - Understand in which server we found the user - Have access the groups specified as part of the server configuration * LDAP: Adds the /api/admin/ldap/:username endpoint This endpoint returns a user found within the configured LDAP server(s). Moreso, it provides the mapping information for the user to help administrators understand how the users would be created within Grafana based on the current configuration. No changes are executed or saved to the database, this is all an in-memory representation of how the final result would look like.
2019-09-03 12:34:44 -05:00
}
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
func TestLDAP_AccessControl(t *testing.T) {
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
f, errC := os.CreateTemp("", "ldap.toml")
require.NoError(t, errC)
_, errF := f.WriteString(
`[[servers]]
host = "127.0.0.1"
port = 389
search_filter = "(cn=%s)"
search_base_dns = ["dc=grafana,dc=org"]`)
require.NoError(t, errF)
SupportBundles: Add LDAP bundle collector (#63128) * fix non-cfg fields used in ldap * fix non-cfg fields * add ldap support bundle * add note on match * add censoring and docs
2023-02-09 09:31:31 -06:00
ldapConfigFile := f.Name()
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
errF = f.Close()
require.NoError(t, errF)
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
type testCase struct {
desc string
method string
url string
expectedCode int
permissions []accesscontrol.Permission
}
tests := []testCase{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{
url: "/api/admin/ldap/reload",
method: http.MethodPost,
desc: "ReloadLDAPCfg should return 200 for user with correct permissions",
expectedCode: http.StatusOK,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: accesscontrol.ActionLDAPConfigReload},
},
},
{
url: "/api/admin/ldap/reload",
method: http.MethodPost,
desc: "ReloadLDAPCfg should return 403 for user without required permissions",
expectedCode: http.StatusForbidden,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: "wrong"},
},
},
{
url: "/api/admin/ldap/status",
method: http.MethodGet,
desc: "GetLDAPStatus should return 200 for user without required permissions",
expectedCode: http.StatusOK,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: accesscontrol.ActionLDAPStatusRead},
},
},
{
url: "/api/admin/ldap/status",
method: http.MethodGet,
desc: "GetLDAPStatus should return 200 for user without required permissions",
expectedCode: http.StatusForbidden,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: "wrong"},
},
},
{
url: "/api/admin/ldap/test",
method: http.MethodGet,
desc: "GetUserFromLDAP should return 200 for user with required permissions",
expectedCode: http.StatusOK,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: accesscontrol.ActionLDAPUsersRead},
},
},
{
url: "/api/admin/ldap/test",
method: http.MethodGet,
desc: "GetUserFromLDAP should return 403 for user without required permissions",
expectedCode: http.StatusForbidden,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: "wrong"},
},
},
{
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-14 10:55:57 -06:00
url: "/api/admin/ldap/sync/1",
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
method: http.MethodPost,
desc: "PostSyncUserWithLDAP should return 200 for user without required permissions",
expectedCode: http.StatusOK,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: accesscontrol.ActionLDAPUsersSync},
},
},
{
Remove Macaron ParamsInt64 function from code base (#43810) * draft commit * change all calls * Compilation errors
2022-01-14 10:55:57 -06:00
url: "/api/admin/ldap/sync/1",
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
method: http.MethodPost,
desc: "PostSyncUserWithLDAP should return 200 for user without required permissions",
expectedCode: http.StatusForbidden,
RBAC: Refactor GetUserPermissions to use []accesscontrol.Permission (#50683) * Return slice of permissions instead of slice of pointers for permissions
2022-06-14 03:17:48 -05:00
permissions: []accesscontrol.Permission{
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
{Action: "wrong"},
},
},
}
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
for _, tt := range tests {
t.Run(tt.desc, func(t *testing.T) {
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
_, server := setupAPITest(t, func(a *Service) {
a.userService = &usertest.FakeUserService{ExpectedUser: &user.User{Login: "ldap-daniel", ID: 1}}
SupportBundles: Add LDAP bundle collector (#63128) * fix non-cfg fields used in ldap * fix non-cfg fields * add ldap support bundle * add note on match * add censoring and docs
2023-02-09 09:31:31 -06:00
a.cfg.LDAPConfigFilePath = ldapConfigFile
LDAP: Move LDAP globals to Config (#63255) * structure dtos and private methods * add basic LDAP service * use LDAP service in ldap debug API * lower non fatal error * remove unused globals * wip * remove final globals * fix tests to use cfg enabled * restructure errors * remove logger from globals * use ldap service in authn * use ldap service in context handler * fix failed tests * fix ldap middleware provides * fix provides in auth_test.go
2023-02-10 12:01:55 -06:00
a.ldapService = &service.LDAPFakeService{
ExpectedClient: &LDAPMock{UserSearchResult: &login.ExternalUserInfo{
Login: "ldap-daniel",
}},
ExpectedConfig: &ldap.Config{},
}
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
})
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
// Add minimal setup to pass handler
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
res, err := server.Send(
webtest.RequestWithSignedInUser(server.NewRequest(tt.method, tt.url, nil),
userWithPermissions(1, tt.permissions)))
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
require.NoError(t, err)
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
bodyBytes, _ := io.ReadAll(res.Body)
assert.Equal(t, tt.expectedCode, res.StatusCode, string(bodyBytes))
RBAC: Rewrite ldap rbac tests (#61743)
2023-01-19 04:09:26 -06:00
require.NoError(t, res.Body.Close())
Access Control: Add fine-grained access control to ldap handlers (#35525) * Add new accesscontrol action for ldap config reload * Update ldapAdminEditRole with new ldap config reload permission * wrap /ldap/reload with accesscontrol authorize middleware * document new action and update fixed:ldap:admin:edit with said action * add fake accesscontrol implementation for tests * Add accesscontrol tests for ldap handlers Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2021-06-11 08:58:18 -05:00
})
}
}
LDAP: Move to single package cluster (#63035) * move multildap to ldap package * move LDAP api and tests to ldap package * register background service * lint
2023-02-08 02:32:59 -06:00
func userWithPermissions(orgID int64, permissions []accesscontrol.Permission) *user.SignedInUser {
return &user.SignedInUser{OrgID: orgID, OrgRole: org.RoleViewer, Permissions: map[int64]map[string][]string{orgID: accesscontrol.GroupScopesByAction(permissions)}}
}
Reference in New Issue Copy Permalink