Allow spaces in targets of olcAccess statements #357
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Since it's entirely possible to have a distinguished name of style `o=My Cool Organization` even for the root of the database, we really need to respect the proper handling of spacey arguments to olcAccess (with the relevant quotes around them).
smortex
reviewed
Aug 25, 2022
Comment on lines
+16
to
+25
|
|
||
| it 'handles target with spaces with prefix' do | ||
| access = described_class.new(name: '0 on dn.subtree="cn=Some String,dc=example,dc=com"', access: 'by dn="cn=admin,dc=example,dc=com" write by anonymous auth') | ||
| expect(access[:access]).to eq([['by dn="cn=admin,dc=example,dc=com" write', 'by anonymous auth']]) | ||
| end | ||
|
|
||
| it 'handles target with spaces without prefix' do | ||
| access = described_class.new(name: '0 on "cn=Some String,dc=example,dc=com"', access: 'by dn="cn=admin,dc=example,dc=com" write by anonymous auth') | ||
| expect(access[:access]).to eq([['by dn="cn=admin,dc=example,dc=com" write', 'by anonymous auth']]) | ||
| end |
There was a problem hiding this comment.
These tests are not related to the above change 🤨
For some reason i can't push to your branch:
spec/unit/puppet/provider/openldap_acess/olc_spec.rb
# frozen_string_literal: true
require 'spec_helper'
describe Puppet::Type.type(:openldap_access).provider(:olc) do
describe '::instances' do
context 'with Debian defaults' do
before do
expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT)
# Debian defaults
dn: olcDatabase={-1}frontend,cn=config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
dn: olcDatabase={1}mdb,cn=config
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
SLAPCAT
end
it 'parses olcAccess' do
expect(described_class.instances.size).to eq(7)
end
end
context 'with spaces' do
before do
expect(described_class).to receive(:slapcat).with('(olcAccess=*)').and_return(<<~SLAPCAT)
dn: olcDatabase={-1}frontend,cn=config
olcAccess: {0}to dn.base="cn=Sub Schema" by * read
SLAPCAT
end
it 'parses olcAccess' do
expect(described_class.instances.size).to eq(1)
end
end
end
endCan you check and add this?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request (PR) description
Since it's entirely possible to have a distinguished name of style
o=My Cool Organizationeven for the root of the database, we really need to respect the proper
handling of spacey arguments to olcAccess (with the relevant quotes
around them).
This Pull Request (PR) fixes the following issues
n/a