diff --git a/app/alembic/versions/379fce54fb08_rename_base_cn_to_cc.py b/app/alembic/versions/379fce54fb08_rename_base_cn_to_cc.py new file mode 100644 index 000000000..6d88c6d0f --- /dev/null +++ b/app/alembic/versions/379fce54fb08_rename_base_cn_to_cc.py @@ -0,0 +1,142 @@ +"""Rename base containers. + +users -> Users, groups -> Groups, computers -> Computers. + +Revision ID: 379fce54fb08 +Revises: ec45e3e8aa0f +Create Date: 2026-01-23 12:26:10.758698 + +""" + +from alembic import op +from dishka import AsyncContainer, Scope +from sqlalchemy import select +from sqlalchemy.ext.asyncio import AsyncConnection, AsyncSession + +from entities import Attribute, Directory +from repo.pg.tables import queryable_attr as qa + +# revision identifiers, used by Alembic. +revision: None | str = "379fce54fb08" +down_revision: None | str = "ec45e3e8aa0f" +branch_labels: None | list[str] = None +depends_on: None | list[str] = None + + +CONTAINER_RENAMES = { + "users": "Users", + "groups": "Groups", + "computers": "Computers", +} + + +async def _update_descendants( + session: AsyncSession, + parent_id: int, + cn_from: str, + cn_to: str, +) -> None: + """Recursively update paths of all descendants.""" + child_dirs = await session.scalars( + select(Directory).where(qa(Directory.parent_id) == parent_id), + ) + + for child_dir in child_dirs: + child_dir.path = [cn_to if p == cn_from else p for p in child_dir.path] + await session.flush() + await _update_descendants( + session, + child_dir.id, + cn_from=cn_from, + cn_to=cn_to, + ) + + +async def _update_attributes( + session: AsyncSession, + old_value: str, + new_value: str, +) -> None: + """Update attribute values containing old DN references.""" + result = await session.execute( + select(Attribute).where( + qa(Attribute.value).ilike(f"%{old_value}%"), + ), + ) + attributes = result.scalars().all() + + for attr in attributes: + if attr.value and old_value in attr.value: + attr.value = attr.value.replace(old_value, new_value) + + await session.flush() + + +async def _rename_container( + session: AsyncSession, + old_name: str, + new_name: str, +) -> None: + """Rename a single container and update all references.""" + container_dir = await session.scalar( + select(Directory).where( + qa(Directory.name) == old_name, + qa(Directory.is_system).is_(True), + ), + ) + + if not container_dir: + return + + cn_from = f"cn={old_name}" + cn_to = f"cn={new_name}" + + container_dir.name = new_name + container_dir.path = [ + cn_to if p == cn_from else p for p in container_dir.path + ] + + await session.flush() + + await _update_descendants( + session, + container_dir.id, + cn_from=cn_from, + cn_to=cn_to, + ) + + await _update_attributes(session, cn_from, cn_to) + + +def upgrade(container: AsyncContainer) -> None: + """Upgrade: Rename containers to capitalized versions.""" + + async def _rename_containers( + connection: AsyncConnection, # noqa: ARG001 + ) -> None: + async with container(scope=Scope.REQUEST) as cnt: + session = await cnt.get(AsyncSession) + + for old_name, new_name in CONTAINER_RENAMES.items(): + await _rename_container(session, old_name, new_name) + + await session.commit() + + op.run_async(_rename_containers) + + +def downgrade(container: AsyncContainer) -> None: + """Downgrade: Rename containers back to lowercase.""" + + async def _rename_containers_back( + connection: AsyncConnection, # noqa: ARG001 + ) -> None: + async with container(scope=Scope.REQUEST) as cnt: + session = await cnt.get(AsyncSession) + + for old_name, new_name in CONTAINER_RENAMES.items(): + await _rename_container(session, new_name, old_name) + + await session.commit() + + op.run_async(_rename_containers_back) diff --git a/app/alembic/versions/71e642808369_add_directory_is_system.py b/app/alembic/versions/71e642808369_add_directory_is_system.py index 48ece1bc4..398d6f6df 100644 --- a/app/alembic/versions/71e642808369_add_directory_is_system.py +++ b/app/alembic/versions/71e642808369_add_directory_is_system.py @@ -14,13 +14,10 @@ from sqlalchemy.orm import Session from constants import ( - COMPUTERS_CONTAINER_NAME, DOMAIN_ADMIN_GROUP_NAME, DOMAIN_COMPUTERS_GROUP_NAME, DOMAIN_USERS_GROUP_NAME, - GROUPS_CONTAINER_NAME, READ_ONLY_GROUP_NAME, - USERS_CONTAINER_NAME, ) from entities import Directory from ldap_protocol.utils.queries import get_base_directories @@ -72,13 +69,13 @@ async def _indicate_system_directories( qa(Directory.is_system).is_(False), qa(Directory.name).in_( ( - GROUPS_CONTAINER_NAME, + "groups", DOMAIN_ADMIN_GROUP_NAME, DOMAIN_USERS_GROUP_NAME, READ_ONLY_GROUP_NAME, DOMAIN_COMPUTERS_GROUP_NAME, - COMPUTERS_CONTAINER_NAME, - USERS_CONTAINER_NAME, + "computers", + "users", "services", "krbadmin", "kerberos", diff --git a/app/alembic/versions/8164b4a9e1f1_add_ou_computers.py b/app/alembic/versions/8164b4a9e1f1_add_ou_computers.py index 5f8608a4a..49a5d86a9 100644 --- a/app/alembic/versions/8164b4a9e1f1_add_ou_computers.py +++ b/app/alembic/versions/8164b4a9e1f1_add_ou_computers.py @@ -12,7 +12,6 @@ from sqlalchemy import delete, exists, select from sqlalchemy.ext.asyncio import AsyncConnection, AsyncSession -from constants import COMPUTERS_CONTAINER_NAME from entities import Directory from extra.alembic_utils import temporary_stub_column from ldap_protocol.roles.role_use_case import RoleUseCase @@ -26,6 +25,7 @@ depends_on: None = None +COMPUTERS_CONTAINER_NAME = "computers" _OU_COMPUTERS_DATA = { "name": COMPUTERS_CONTAINER_NAME, "object_class": "organizationalUnit", diff --git a/app/constants.py b/app/constants.py index f54d78a35..902a79f59 100644 --- a/app/constants.py +++ b/app/constants.py @@ -8,9 +8,9 @@ from enums import EntityTypeNames -GROUPS_CONTAINER_NAME = "groups" -COMPUTERS_CONTAINER_NAME = "computers" -USERS_CONTAINER_NAME = "users" +GROUPS_CONTAINER_NAME = "Groups" +COMPUTERS_CONTAINER_NAME = "Computers" +USERS_CONTAINER_NAME = "Users" READ_ONLY_GROUP_NAME = "read-only" diff --git a/app/enums.py b/app/enums.py index f482b928e..264b6c16a 100644 --- a/app/enums.py +++ b/app/enums.py @@ -105,9 +105,9 @@ class RoleConstants(StrEnum): READ_ONLY_ROLE_NAME = "Read Only Role" KERBEROS_ROLE_NAME = "Kerberos Role" - DOMAIN_ADMINS_GROUP_CN = "cn=domain admins,cn=groups," - READONLY_GROUP_CN = "cn=read-only,cn=groups," - KERBEROS_GROUP_CN = "cn=krbadmin,cn=groups," + DOMAIN_ADMINS_GROUP_CN = "cn=domain admins,cn=Groups," + READONLY_GROUP_CN = "cn=read-only,cn=Groups," + KERBEROS_GROUP_CN = "cn=krbadmin,cn=Groups," @verify(UNIQUE) diff --git a/app/ldap_protocol/kerberos/service.py b/app/ldap_protocol/kerberos/service.py index f6a0aae05..985d8cdc1 100644 --- a/app/ldap_protocol/kerberos/service.py +++ b/app/ldap_protocol/kerberos/service.py @@ -145,9 +145,9 @@ def _build_kerberos_admin_dns(self, base_dn: str) -> KerberosAdminDnGroup: :return KerberosAdminDnGroup: dataclass with DN for krbadmin, services_container, krbadmin_group. """ - krbadmin = f"cn=krbadmin,cn=users,{base_dn}" + krbadmin = f"cn=krbadmin,cn=Users,{base_dn}" services_container = get_system_container_dn(base_dn) - krbgroup = f"cn=krbadmin,cn=groups,{base_dn}" + krbgroup = f"cn=krbadmin,cn=Groups,{base_dn}" return KerberosAdminDnGroup( krbadmin_dn=krbadmin, services_container_dn=services_container, diff --git a/app/ldap_protocol/ldap_requests/modify_dn.py b/app/ldap_protocol/ldap_requests/modify_dn.py index 7c315eadd..cdf03ab7b 100644 --- a/app/ldap_protocol/ldap_requests/modify_dn.py +++ b/app/ldap_protocol/ldap_requests/modify_dn.py @@ -62,9 +62,9 @@ class ModifyDNRequest(BaseRequest): entry='cn=main,dc=multifactor,dc=dev' newrdn='cn=main2' deleteoldrdn=true - new_superior='cn=users,dc=multifactor,dc=dev' + new_superior='cn=Users,dc=multifactor,dc=dev' - >>> cn = main2, cn = users, dc = multifactor, dc = dev + >>> cn = main2, cn = Users, dc = multifactor, dc = dev """ PROTOCOL_OP: ClassVar[int] = ProtocolRequests.MODIFY_DN diff --git a/app/ldap_protocol/utils/cte.py b/app/ldap_protocol/utils/cte.py index e2cbe75ee..7b4628254 100644 --- a/app/ldap_protocol/utils/cte.py +++ b/app/ldap_protocol/utils/cte.py @@ -63,7 +63,7 @@ def find_members_recursive_cte( FROM "Directory" JOIN "Groups" ON "Directory".id = "Groups"."directoryId" WHERE "Directory"."path" = - '{dc=test,dc=md,cn=groups,"cn=domain admins"}' + '{dc=test,dc=md,cn=Groups,"cn=domain admins"}' UNION ALL @@ -129,7 +129,7 @@ def find_root_group_recursive_cte(dn_list: list) -> CTE: FROM "Directory" LEFT OUTER JOIN "Groups" ON "Directory".id = "Groups"."directoryId" WHERE "Directory"."path" = - '{dc=test,dc=md,cn=groups,"cn=domain admins"}' + '{dc=test,dc=md,cn=Groups,"cn=domain admins"}' UNION ALL diff --git a/app/ldap_protocol/utils/queries.py b/app/ldap_protocol/utils/queries.py index 5b3528fa6..368af23ec 100644 --- a/app/ldap_protocol/utils/queries.py +++ b/app/ldap_protocol/utils/queries.py @@ -328,7 +328,7 @@ async def get_dn_by_id(id_: int, session: AsyncSession) -> str: """Get dn by id. >>> await get_dn_by_id(0, session) - >>> "cn=groups,dc=example,dc=com" + >>> "cn=Groups,dc=example,dc=com" """ query = select(Directory).filter_by(id=id_) retval = (await session.scalars(query)).one() @@ -353,7 +353,7 @@ async def create_group( ) -> tuple[Directory, Group]: """Create group in default groups path. - cn=name,cn=groups,dc=domain,dc=com + cn=name,cn=Groups,dc=domain,dc=com :param str name: group name :param int sid: objectSid @@ -362,7 +362,7 @@ async def create_group( base_dn_list = await get_base_directories(session) query = select(Directory).filter( - get_filter_from_path("cn=groups," + base_dn_list[0].path_dn), + get_filter_from_path("cn=Groups," + base_dn_list[0].path_dn), ) parent = (await session.scalars(query)).one() diff --git a/tests/conftest.py b/tests/conftest.py index c9ba0f8ff..a7b9b4b62 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1003,7 +1003,7 @@ async def setup_session( name="TEST ONLY LOGIN ROLE", creator_upn=None, is_system=True, - groups=["cn=admin login only,cn=groups,dc=md,dc=test"], + groups=["cn=admin login only,cn=Groups,dc=md,dc=test"], permissions=AuthorizationRules.AUTH_LOGIN, ), ) diff --git a/tests/search_request_datasets.py b/tests/search_request_datasets.py index 77557bae9..cb1e7a317 100644 --- a/tests/search_request_datasets.py +++ b/tests/search_request_datasets.py @@ -17,28 +17,28 @@ test_search_by_rule_anr_dataset = [ # with split by space - {"filter": "(anr=Joh Lenno)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 - {"filter": "(anr=Lennon John)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 - {"filter": "(anr=John Lennon)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 - {"filter": "(anr=john lennon)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 - {"filter": "(anr==Lennon John)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr=Joh Lenno)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr=Lennon John)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr=John Lennon)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr=john lennon)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr==Lennon John)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 # without split by space - {"filter": "(anr=user0)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr=user0*)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr>=user0)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr<=user0)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr~=user0)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr==user0)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr==user0*)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, # noqa: E501 - {"filter": "(aNR=user0*)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr=uSEr0*)", "objects": ["cn=user0,cn=users,dc=md,dc=test"]}, - {"filter": "(anr=domain admins)", "objects": ["cn=domain admins,cn=groups,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(anr=user0)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr=user0*)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr>=user0)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr<=user0)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr~=user0)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr==user0)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr==user0*)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, # noqa: E501 + {"filter": "(aNR=user0*)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr=uSEr0*)", "objects": ["cn=user0,cn=Users,dc=md,dc=test"]}, + {"filter": "(anr=domain admins)", "objects": ["cn=domain admins,cn=Groups,dc=md,dc=test"]}, # noqa: E501 {"filter": "(anr=user_admin_3@mail.com)", "objects": ["cn=user_admin_3,ou=test_bit_rules,dc=md,dc=test"]}, # noqa: E501 { "filter": "(anr=user_admin_*)", "objects": [ - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user_admin_for_roles,cn=users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user_admin_for_roles,cn=Users,dc=md,dc=test", "cn=user_admin_1,ou=test_bit_rules,dc=md,dc=test", "cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", "cn=user_admin_3,ou=test_bit_rules,dc=md,dc=test", @@ -50,11 +50,11 @@ { "filter": f"(useraccountcontrol:1.2.840.113556.1.4.803:={UserAccountControlFlag.NORMAL_ACCOUNT})", # noqa: E501 "objects": [ - "cn=user0,cn=users,dc=md,dc=test", - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user_admin_for_roles,cn=users,dc=md,dc=test", - "cn=user_non_admin,cn=users,dc=md,dc=test", - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user_admin_for_roles,cn=Users,dc=md,dc=test", + "cn=user_non_admin,cn=Users,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", "cn=user_admin_1,ou=test_bit_rules,dc=md,dc=test", "cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", ], @@ -83,11 +83,11 @@ { "filter": f"(!(userAccountControl:1.2.840.113556.1.4.803:={UserAccountControlFlag.ACCOUNTDISABLE}))", # noqa: E501 "objects": [ - "cn=user0,cn=users,dc=md,dc=test", - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user_admin_for_roles,cn=users,dc=md,dc=test", - "cn=user_non_admin,cn=users,dc=md,dc=test", - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user_admin_for_roles,cn=Users,dc=md,dc=test", + "cn=user_non_admin,cn=Users,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", "cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", ], }, @@ -104,14 +104,14 @@ + UserAccountControlFlag.NORMAL_ACCOUNT })", "objects": [ - "cn=user0,cn=users,dc=md,dc=test", - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user_admin_for_roles,cn=users,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user_admin_for_roles,cn=Users,dc=md,dc=test", "cn=user_admin_1,ou=test_bit_rules,dc=md,dc=test", "cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", "cn=user_admin_3,ou=test_bit_rules,dc=md,dc=test", - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", - "cn=user_non_admin,cn=users,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", + "cn=user_non_admin,cn=Users,dc=md,dc=test", ], }, { @@ -124,11 +124,11 @@ { "filter": f"(!(userAccountControl:1.2.840.113556.1.4.804:={UserAccountControlFlag.ACCOUNTDISABLE}))", # noqa: E501 "objects": [ - "cn=user0,cn=users,dc=md,dc=test", - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user_admin_for_roles,cn=users,dc=md,dc=test", - "cn=user_non_admin,cn=users,dc=md,dc=test", - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user_admin_for_roles,cn=Users,dc=md,dc=test", + "cn=user_non_admin,cn=Users,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", "cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", ], }, diff --git a/tests/test_api/test_auth/test_router.py b/tests/test_api/test_auth/test_router.py index c13c0a5a6..ffffd6ef1 100644 --- a/tests/test_api/test_auth/test_router.py +++ b/tests/test_api/test_auth/test_router.py @@ -24,7 +24,7 @@ from ldap_protocol.ldap_codes import LDAPCodes from ldap_protocol.ldap_requests.modify import Operation from ldap_protocol.session_storage import SessionStorage -from ldap_protocol.utils.queries import get_search_path +from ldap_protocol.utils.queries import get_filter_from_path from password_utils import PasswordUtils from repo.pg.tables import queryable_attr as qa from tests.conftest import TestCreds @@ -114,7 +114,7 @@ async def test_first_setup_and_oauth( assert result["user_principal_name"] == "test" assert result["mail"] == "test@md.example-345.ru" assert result["display_name"] == "test" - assert result["dn"] == "cn=test,cn=users,dc=md,dc=test-localhost" + assert result["dn"] == "cn=test,cn=Users,dc=md,dc=test-localhost" result = await session.scalars( select(Directory) @@ -123,9 +123,9 @@ async def test_first_setup_and_oauth( .selectinload(qa(Group.roles)) .selectinload(qa(Role.access_control_entries)), ) - .filter_by( - path=get_search_path( - "cn=read-only,cn=groups,dc=md,dc=test-localhost", + .filter( + get_filter_from_path( + "cn=read-only,cn=Groups,dc=md,dc=test-localhost", ), ), ) @@ -222,7 +222,7 @@ async def test_first_setup_with_invalid_domain( @pytest.mark.usefixtures("session") async def test_update_password_and_check_uac(http_client: AsyncClient) -> None: """Update password and check userAccountControl attr.""" - user_dn = "cn=user0,cn=users,dc=md,dc=test" + user_dn = "cn=user0,cn=Users,dc=md,dc=test" response = await http_client.patch( "entry/update", @@ -468,7 +468,7 @@ async def test_auth_disabled_user( response = await http_client.patch( "entry/update", json={ - "object": "cn=user_admin,cn=users,dc=md,dc=test", + "object": "cn=user_admin,cn=Users,dc=md,dc=test", "changes": [ { "operation": Operation.REPLACE, @@ -507,7 +507,7 @@ async def test_lock_and_unlock_user( storage: SessionStorage, ) -> None: """Block user and verify nsAccountLock and shadowExpires attributes.""" - user_dn = "cn=user_non_admin,cn=users,dc=md,dc=test" + user_dn = "cn=user_non_admin,cn=Users,dc=md,dc=test" dir_ = await session.scalar( select(Directory) .options(joinedload(qa(Directory.user))) diff --git a/tests/test_api/test_auth/test_sessions.py b/tests/test_api/test_auth/test_sessions.py index 59b11208c..e2c6d3fd9 100644 --- a/tests/test_api/test_auth/test_sessions.py +++ b/tests/test_api/test_auth/test_sessions.py @@ -217,7 +217,7 @@ async def test_block_ldap_user_without_session( storage: SessionStorage, ) -> None: """Test blocking ldap user without active session.""" - user_dn = "cn=user_non_admin,cn=users,dc=md,dc=test" + user_dn = "cn=user_non_admin,cn=Users,dc=md,dc=test" un = "user_non_admin" user = await get_user(session, un) @@ -253,7 +253,7 @@ async def test_block_ldap_user_with_active_session( storage: SessionStorage, ) -> None: """Test blocking ldap user with active session.""" - user_dn = "cn=user_non_admin,cn=users,dc=md,dc=test" + user_dn = "cn=user_non_admin,cn=Users,dc=md,dc=test" un = "user_non_admin" pw = "password" diff --git a/tests/test_api/test_main/conftest.py b/tests/test_api/test_main/conftest.py index 8f1b58dea..3094ac1db 100644 --- a/tests/test_api/test_main/conftest.py +++ b/tests/test_api/test_main/conftest.py @@ -106,7 +106,7 @@ async def adding_test_user( "operation": Operation.ADD, "modification": { "type": "memberOf", - "vals": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "vals": ["cn=domain admins,cn=Groups,dc=md,dc=test"], }, }, { diff --git a/tests/test_api/test_main/test_kadmin.py b/tests/test_api/test_main/test_kadmin.py index 0ffbd6ebe..b96d6c6c5 100644 --- a/tests/test_api/test_main/test_kadmin.py +++ b/tests/test_api/test_main/test_kadmin.py @@ -95,7 +95,7 @@ async def test_tree_creation( bind = MutePolicyBindRequest( version=0, - name="cn=krbadmin,cn=users,dc=md,dc=test", + name="cn=krbadmin,cn=Users,dc=md,dc=test", AuthenticationChoice=SimpleAuthentication(password=krbadmin_pw), ) @@ -162,7 +162,7 @@ async def test_setup_call( assert kadmin.setup.call_args.kwargs == { "domain": "md.test", - "admin_dn": "cn=user0,cn=users,dc=md,dc=test", + "admin_dn": "cn=user0,cn=Users,dc=md,dc=test", "services_dn": "ou=System,dc=md,dc=test", "krbadmin_dn": "cn=krbadmin,cn=users,dc=md,dc=test", "krbadmin_password": "Password123", @@ -362,7 +362,7 @@ async def test_extended_pw_change_call( kadmin: AbstractKadmin, ) -> None: """Test anonymous pwd change.""" - user_dn = "cn=user0,cn=users,dc=md,dc=test" + user_dn = "cn=user0,cn=Users,dc=md,dc=test" password = creds.pw new_test_password = "Password123" # noqa await anonymous_ldap_client.bind(user_dn, password) diff --git a/tests/test_api/test_main/test_router/test_add.py b/tests/test_api/test_main/test_router/test_add.py index 3050bedec..ddaf7e218 100644 --- a/tests/test_api/test_main/test_router/test_add.py +++ b/tests/test_api/test_main/test_router/test_add.py @@ -28,7 +28,7 @@ async def test_api_correct_add(http_client: AsyncClient) -> None: {"type": "objectClass", "vals": ["organization", "top"]}, { "type": "memberOf", - "vals": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "vals": ["cn=domain admins,cn=Groups,dc=md,dc=test"], }, ], }, @@ -59,7 +59,7 @@ async def test_api_add_incorrect_computer_name( {"type": "objectClass", "vals": ["computer", "top"]}, { "type": "memberOf", - "vals": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "vals": ["cn=domain admins,cn=Groups,dc=md,dc=test"], }, ], }, @@ -186,7 +186,7 @@ async def test_api_correct_add_double_member_of( user = "cn=test0,dc=md,dc=test" un = "test0" groups = [ - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", new_group, ] @@ -307,7 +307,7 @@ async def test_api_correct_add_double_member_of( assert data.get("resultCode") == LDAPCodes.SUCCESS assert data["search_result"][0]["object_name"] == user - created_groups = groups + ["cn=domain users,cn=groups,dc=md,dc=test"] + created_groups = groups + ["cn=domain users,cn=Groups,dc=md,dc=test"] for attr in data["search_result"][0]["partial_attributes"]: if attr["type"] == "memberOf": @@ -528,7 +528,7 @@ async def test_api_double_add(http_client: AsyncClient) -> None: { "type": "memberOf", "vals": [ - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ], }, ], @@ -568,7 +568,7 @@ async def test_api_add_double_case_insensetive( { "type": "memberOf", "vals": [ - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ], }, ], @@ -597,7 +597,7 @@ async def test_api_add_double_case_insensetive( { "type": "memberOf", "vals": [ - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ], }, ], diff --git a/tests/test_api/test_main/test_router/test_modify.py b/tests/test_api/test_main/test_router/test_modify.py index 3e46e879d..82bf7248a 100644 --- a/tests/test_api/test_main/test_router/test_modify.py +++ b/tests/test_api/test_main/test_router/test_modify.py @@ -262,8 +262,8 @@ async def test_api_correct_modify_replace_memberof( http_client: AsyncClient, ) -> None: """Test API for modify object attribute.""" - user = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" - new_group = "cn=domain admins,cn=groups,dc=md,dc=test" + user = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" + new_group = "cn=domain admins,cn=Groups,dc=md,dc=test" response = await http_client.patch( "/entry/update", json={ @@ -320,13 +320,13 @@ async def test_api_modify_add_loop_detect_member( response = await http_client.patch( "/entry/update", json={ - "object": "cn=developers,cn=groups,dc=md,dc=test", + "object": "cn=developers,cn=Groups,dc=md,dc=test", "changes": [ { "operation": Operation.ADD, "modification": { "type": "member", - "vals": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "vals": ["cn=domain admins,cn=Groups,dc=md,dc=test"], }, }, ], @@ -347,13 +347,13 @@ async def test_api_modify_add_loop_detect_memberof( response = await http_client.patch( "/entry/update", json={ - "object": "cn=domain admins,cn=groups,dc=md,dc=test", + "object": "cn=domain admins,cn=Groups,dc=md,dc=test", "changes": [ { "operation": Operation.ADD, "modification": { "type": "memberOf", - "vals": ["cn=developers,cn=groups,dc=md,dc=test"], + "vals": ["cn=developers,cn=Groups,dc=md,dc=test"], }, }, ], @@ -374,15 +374,15 @@ async def test_api_modify_replace_loop_detect_member( response = await http_client.patch( "/entry/update", json={ - "object": "cn=developers,cn=groups,dc=md,dc=test", + "object": "cn=developers,cn=Groups,dc=md,dc=test", "changes": [ { "operation": Operation.REPLACE, "modification": { "type": "member", "vals": [ - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ], }, }, @@ -404,15 +404,15 @@ async def test_api_modify_replace_loop_detect_memberof( response = await http_client.patch( "/entry/update", json={ - "object": "cn=domain admins,cn=groups,dc=md,dc=test", + "object": "cn=domain admins,cn=Groups,dc=md,dc=test", "changes": [ { "operation": Operation.REPLACE, "modification": { "type": "memberOf", "vals": [ - "cn=domain computers,cn=groups,dc=md,dc=test", - "cn=developers,cn=groups,dc=md,dc=test", + "cn=domain computers,cn=Groups,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", ], }, }, @@ -431,7 +431,7 @@ async def test_api_modify_incorrect_uac(http_client: AsyncClient) -> None: response = await http_client.patch( "/entry/update", json={ - "object": "cn=user0,cn=users,dc=md,dc=test", + "object": "cn=user0,cn=Users,dc=md,dc=test", "changes": [ { "operation": Operation.REPLACE, @@ -455,7 +455,7 @@ async def test_qpi_modify_primary_object_classes( http_client: AsyncClient, ) -> None: """Test deleting primary object class.""" - entry_dn = "cn=user0,cn=users,dc=md,dc=test" + entry_dn = "cn=user0,cn=Users,dc=md,dc=test" response = await http_client.patch( "/entry/update", json={ @@ -487,7 +487,7 @@ async def test_api_set_primary_group( ) -> None: """Test API for setting primary group.""" user_dn = "cn=test,dc=md,dc=test" - group_dn = "cn=domain admins,cn=groups,dc=md,dc=test" + group_dn = "cn=domain admins,cn=Groups,dc=md,dc=test" response = await http_client.post( "/entry/set_primary_group", diff --git a/tests/test_api/test_main/test_router/test_modify_dn.py b/tests/test_api/test_main/test_router/test_modify_dn.py index 950e1801c..8313049f5 100644 --- a/tests/test_api/test_main/test_router/test_modify_dn.py +++ b/tests/test_api/test_main/test_router/test_modify_dn.py @@ -219,13 +219,13 @@ async def test_api_modify_dn_with_level_up( @pytest.mark.usefixtures("session") async def test_api_correct_update_dn(http_client: AsyncClient) -> None: """Test API for update DN.""" - old_user_dn = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + old_user_dn = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" newrdn_user = "cn=new_test2" - old_group_dn = "cn=developers,cn=groups,dc=md,dc=test" - new_group_dn = "cn=new_developers,cn=groups,dc=md,dc=test" + old_group_dn = "cn=developers,cn=Groups,dc=md,dc=test" + new_group_dn = "cn=new_developers,cn=Groups,dc=md,dc=test" newrdn_group = "cn=new_developers" - new_superior_group = "cn=groups,dc=md,dc=test" + new_superior_group = "cn=Groups,dc=md,dc=test" new_user_dn = ",".join((newrdn_user, new_superior_group)) @@ -338,8 +338,8 @@ async def test_api_correct_update_dn(http_client: AsyncClient) -> None: @pytest.mark.usefixtures("session") async def test_api_update_dn_with_parent(http_client: AsyncClient) -> None: """Test API for update DN.""" - old_user_dn = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" - new_user_dn = "cn=new_test2,cn=users,dc=md,dc=test" + old_user_dn = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" + new_user_dn = "cn=new_test2,cn=Users,dc=md,dc=test" groups_user = None newrdn_user, new_superior = new_user_dn.split(",", maxsplit=1) diff --git a/tests/test_api/test_main/test_router/test_search.py b/tests/test_api/test_main/test_router/test_search.py index 34a9377aa..01fbb59c2 100644 --- a/tests/test_api/test_main/test_router/test_search.py +++ b/tests/test_api/test_main/test_router/test_search.py @@ -96,8 +96,8 @@ async def test_api_search(http_client: AsyncClient) -> None: assert response["resultCode"] == LDAPCodes.SUCCESS sub_dirs = { - "cn=groups,dc=md,dc=test", - "cn=users,dc=md,dc=test", + "cn=Groups,dc=md,dc=test", + "cn=Users,dc=md,dc=test", "ou=testModifyDn1,dc=md,dc=test", "ou=testModifyDn3,dc=md,dc=test", "ou=test_bit_rules,dc=md,dc=test", @@ -111,7 +111,7 @@ async def test_api_search(http_client: AsyncClient) -> None: @pytest.mark.usefixtures("session") async def test_api_search_filter_memberof(http_client: AsyncClient) -> None: """Test api search.""" - member = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + member = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" raw_response = await http_client.post( "entry/search", json={ @@ -121,7 +121,7 @@ async def test_api_search_filter_memberof(http_client: AsyncClient) -> None: "size_limit": 1000, "time_limit": 10, "types_only": True, - "filter": "(memberOf=cn=developers,cn=groups,dc=md,dc=test)", + "filter": "(memberOf=cn=developers,cn=Groups,dc=md,dc=test)", "attributes": [], "page_number": 1, }, @@ -137,8 +137,8 @@ async def test_api_search_filter_memberof(http_client: AsyncClient) -> None: @pytest.mark.usefixtures("session") async def test_api_search_filter_member(http_client: AsyncClient) -> None: """Test api search.""" - member = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" - group = "cn=developers,cn=groups,dc=md,dc=test" + member = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" + group = "cn=developers,cn=Groups,dc=md,dc=test" raw_response = await http_client.post( "entry/search", json={ @@ -241,11 +241,11 @@ async def test_api_search_filter_account_expires( @pytest.mark.usefixtures("session") async def test_api_search_complex_filter(http_client: AsyncClient) -> None: """Test api search.""" - user = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + user = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" raw_response = await http_client.post( "entry/search", json={ - "base_object": "cn=users,dc=md,dc=test", + "base_object": "cn=Users,dc=md,dc=test", "scope": 2, "deref_aliases": 0, "size_limit": 1000, @@ -278,12 +278,12 @@ async def test_api_search_complex_filter(http_client: AsyncClient) -> None: @pytest.mark.usefixtures("session") async def test_api_search_recursive_memberof(http_client: AsyncClient) -> None: """Test api search.""" - group = "cn=domain admins,cn=groups,dc=md,dc=test" + group = "cn=domain admins,cn=Groups,dc=md,dc=test" members = [ - "cn=developers,cn=groups,dc=md,dc=test", - "cn=user0,cn=users,dc=md,dc=test", - "cn=user_admin,cn=users,dc=md,dc=test", - "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", + "cn=user_admin,cn=Users,dc=md,dc=test", + "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", ] response = await http_client.post( "entry/search", @@ -406,7 +406,7 @@ async def test_api_bytes_to_hex(http_client: AsyncClient) -> None: raw_response = await http_client.post( "entry/search", json={ - "base_object": "cn=user0,cn=users,dc=md,dc=test", + "base_object": "cn=user0,cn=Users,dc=md,dc=test", "scope": 0, "deref_aliases": 0, "size_limit": 1000, diff --git a/tests/test_api/test_network/test_router.py b/tests/test_api/test_network/test_router.py index 9155ff65d..70e7f38e6 100644 --- a/tests/test_api/test_network/test_router.py +++ b/tests/test_api/test_network/test_router.py @@ -68,7 +68,7 @@ async def test_add_policy(http_client: AsyncClient) -> None: "name": "local seriveses", "netmasks": raw_netmasks, "priority": 2, - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "is_http": True, "is_ldap": True, "is_kerberos": True, @@ -108,7 +108,7 @@ async def test_add_policy(http_client: AsyncClient) -> None: "name": "local seriveses", "netmasks": compare_netmasks, "raw": raw_netmasks, - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "priority": 2, "mfa_groups": [], "mfa_status": 0, @@ -153,7 +153,7 @@ async def test_update_policy(http_client: AsyncClient) -> None: "/policy", json={ "id": pol_id, - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "name": "Default open policy 2", }, ) @@ -168,7 +168,7 @@ async def test_update_policy(http_client: AsyncClient) -> None: "name": "Default open policy 2", "netmasks": ["0.0.0.0/0"], "raw": ["0.0.0.0/0"], - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "mfa_groups": [], "mfa_status": 0, "priority": 1, @@ -194,7 +194,7 @@ async def test_update_policy(http_client: AsyncClient) -> None: "mfa_groups": [], "mfa_status": 0, "priority": 1, - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "is_http": True, "is_ldap": True, "is_kerberos": True, @@ -363,7 +363,7 @@ async def test_swap(http_client: AsyncClient) -> None: "172.8.4.0/24", ], "priority": 2, - "groups": ["cn=domain admins,cn=groups,dc=md,dc=test"], + "groups": ["cn=domain admins,cn=Groups,dc=md,dc=test"], "is_http": True, "is_ldap": True, "is_kerberos": True, @@ -399,7 +399,7 @@ async def test_swap(http_client: AsyncClient) -> None: assert response[0]["priority"] == 1 assert response[0]["groups"] == [ - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ] assert response[1]["priority"] == 2 assert response[1]["name"] == "Default open policy" diff --git a/tests/test_api/test_password_policy/test_password_policy_router.py b/tests/test_api/test_password_policy/test_password_policy_router.py index 0e3dbba8c..01ff38c44 100644 --- a/tests/test_api/test_password_policy/test_password_policy_router.py +++ b/tests/test_api/test_password_policy/test_password_policy_router.py @@ -77,7 +77,7 @@ async def test_get_password_policy_by_dir_path_dn_with_error( password_use_cases: Mock, ) -> None: """Test get one Password Policy endpoint.""" - path = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + path = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" response = await http_client_with_login_perm.get( f"/password-policy/by_dir_path_dn/{path}", ) @@ -94,7 +94,7 @@ async def test_get_password_policy_by_dir_path_dn( password_use_cases: Mock, ) -> None: """Test get Password Policy by directory path endpoint.""" - path = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + path = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" response = await http_client.get( f"/password-policy/by_dir_path_dn/{path}", ) diff --git a/tests/test_api/test_shadow/conftest.py b/tests/test_api/test_shadow/conftest.py index ab3cb4df8..661b3a307 100644 --- a/tests/test_api/test_shadow/conftest.py +++ b/tests/test_api/test_shadow/conftest.py @@ -50,7 +50,7 @@ async def adding_mfa_user_and_group( response = await http_client.post( "/entry/add", json={ - "entry": "cn=mfa_group,cn=groups,dc=md,dc=test", + "entry": "cn=mfa_group,cn=Groups,dc=md,dc=test", "password": None, "attributes": [ { @@ -111,8 +111,8 @@ async def adding_mfa_user_and_group( { "type": "memberOf", "vals": [ - "cn=mfa_group,cn=groups,dc=md,dc=test", - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=mfa_group,cn=Groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", ], }, { diff --git a/tests/test_ldap/policies/test_network/test_pool_client_handler.py b/tests/test_ldap/policies/test_network/test_pool_client_handler.py index 9f212986c..0d2b4c800 100644 --- a/tests/test_ldap/policies/test_network/test_pool_client_handler.py +++ b/tests/test_ldap/policies/test_network/test_pool_client_handler.py @@ -78,7 +78,7 @@ async def test_check_policy_group( assert await network_policy_validator.is_user_group_valid(user, policy) group = await get_group( - dn="cn=domain admins,cn=groups,dc=md,dc=test", + dn="cn=domain admins,cn=Groups,dc=md,dc=test", session=session, ) diff --git a/tests/test_ldap/policies/test_password/datasets.py b/tests/test_ldap/policies/test_password/datasets.py index ea22dea5a..5aad7bf27 100644 --- a/tests/test_ldap/policies/test_password/datasets.py +++ b/tests/test_ldap/policies/test_password/datasets.py @@ -11,7 +11,7 @@ PasswordPolicyDTO[None, int]( id=None, priority=1, - group_paths=["cn=developers,cn=groups,dc=md,dc=test"], + group_paths=["cn=developers,cn=Groups,dc=md,dc=test"], name="Test Password Policy", language="Latin", is_exact_match=True, @@ -36,7 +36,7 @@ PasswordPolicyDTO[None, int]( id=None, priority=1, - group_paths=["cn=developers,cn=groups,dc=md,dc=test"], + group_paths=["cn=developers,cn=Groups,dc=md,dc=test"], name="Test Password Policy2", language="Latin", is_exact_match=True, @@ -61,7 +61,7 @@ PasswordPolicyDTO[None, int]( id=None, priority=1, - group_paths=["cn=developers,cn=groups,dc=md,dc=test"], + group_paths=["cn=developers,cn=Groups,dc=md,dc=test"], name="Test Password Policy3", language="Latin", is_exact_match=True, diff --git a/tests/test_ldap/policies/test_password/test_use_cases.py b/tests/test_ldap/policies/test_password/test_use_cases.py index a518df2e5..2b03dfd1d 100644 --- a/tests/test_ldap/policies/test_password/test_use_cases.py +++ b/tests/test_ldap/policies/test_password/test_use_cases.py @@ -48,7 +48,7 @@ async def test_get_password_policy_by_dir_path_dn( dto = PasswordPolicyDTO[None, int]( id=None, priority=1, - group_paths=["cn=developers,cn=groups,dc=md,dc=test"], + group_paths=["cn=developers,cn=Groups,dc=md,dc=test"], name="Test Password Policy", language="Latin", is_exact_match=True, @@ -75,7 +75,7 @@ async def test_get_password_policy_by_dir_path_dn( policies = await password_use_cases.get_all() assert any(policy.name == "Test Password Policy" for policy in policies) - path_dn = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + path_dn = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" policy = await password_use_cases.get_password_policy_by_dir_path_dn( path_dn, ) @@ -100,7 +100,7 @@ async def test_get_password_policy_by_dir_path_dn_extended( policies = await password_use_cases.get_all() assert any(policy.name == "Test Password Policy" for policy in policies) - path_dn = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + path_dn = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" policy = await password_use_cases.get_password_policy_by_dir_path_dn( path_dn, ) diff --git a/tests/test_ldap/test_bind.py b/tests/test_ldap/test_bind.py index e31353880..d43776644 100644 --- a/tests/test_ldap/test_bind.py +++ b/tests/test_ldap/test_bind.py @@ -287,7 +287,7 @@ async def test_bind_invalid_password_or_user( directory = Directory( name="user0", object_class="", - path=["cn=user0", "cn=users", "dc=md", "dc=test"], + path=["cn=user0", "cn=Users", "dc=md", "dc=test"], rdname="cn", ) session.add(directory) @@ -415,7 +415,7 @@ async def test_bind_disabled_user( directory = Directory( name="user0", object_class="", - path=["cn=user0", "cn=users", "dc=md", "dc=test"], + path=["cn=user0", "cn=Users", "dc=md", "dc=test"], rdname="cn", ) session.add(directory) diff --git a/tests/test_ldap/test_container_restrictions/test_container_subcontainers.py b/tests/test_ldap/test_container_restrictions/test_container_subcontainers.py index 4e1ee2de3..08eca190e 100644 --- a/tests/test_ldap/test_container_restrictions/test_container_subcontainers.py +++ b/tests/test_ldap/test_container_restrictions/test_container_subcontainers.py @@ -20,31 +20,31 @@ ("dn", "rdn_attr", "rdn_value", "object_classes"), [ ( - "cn=testcontainer,cn=users,dc=md,dc=test", + "cn=testcontainer,cn=Users,dc=md,dc=test", "cn", "testcontainer", ["container"], ), ( - "ou=testou,cn=users,dc=md,dc=test", + "ou=testou,cn=Users,dc=md,dc=test", "ou", "testou", ["organizationalUnit"], ), ( - "cn=testuser,cn=users,dc=md,dc=test", + "cn=testuser,cn=Users,dc=md,dc=test", "cn", "testuser", ["user", "organizationalPerson"], ), ( - "cn=testgroup,cn=groups,dc=md,dc=test", + "cn=testgroup,cn=Groups,dc=md,dc=test", "cn", "testgroup", ["group", "posixGroup"], ), ( - "cn=testcomputer,cn=computers,dc=md,dc=test", + "cn=testcomputer,cn=Computers,dc=md,dc=test", "cn", "testcomputer", ["computer", "organizationalPerson"], diff --git a/tests/test_ldap/test_ldap3_lib.py b/tests/test_ldap/test_ldap3_lib.py index aae675e15..756f2d142 100644 --- a/tests/test_ldap/test_ldap3_lib.py +++ b/tests/test_ldap/test_ldap3_lib.py @@ -27,11 +27,11 @@ async def test_ldap3_search(ldap_client: LDAPConnection) -> None: @pytest.mark.usefixtures("session") async def test_ldap3_search_memberof(ldap_client: LDAPConnection) -> None: """Test ldap3 search memberof.""" - member = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + member = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" result = await ldap_client.search( "dc=md,dc=test", - "(memberOf=cn=developers,cn=groups,dc=md,dc=test)", + "(memberOf=cn=developers,cn=Groups,dc=md,dc=test)", ) assert result diff --git a/tests/test_ldap/test_passwd_change.py b/tests/test_ldap/test_passwd_change.py index cbf503b08..f01a93e7a 100644 --- a/tests/test_ldap/test_passwd_change.py +++ b/tests/test_ldap/test_passwd_change.py @@ -23,7 +23,7 @@ async def test_anonymous_pwd_change( password_utils: PasswordUtils, ) -> None: """Test anonymous pwd change.""" - user_dn = "cn=user0,cn=users,dc=md,dc=test" + user_dn = "cn=user0,cn=Users,dc=md,dc=test" password = creds.pw new_test_password = "Password123" # noqa await anonymous_ldap_client.modify_password( @@ -49,7 +49,7 @@ async def test_bind_pwd_change( password_utils: PasswordUtils, ) -> None: """Test anonymous pwd change.""" - user_dn = "cn=user0,cn=users,dc=md,dc=test" + user_dn = "cn=user0,cn=Users,dc=md,dc=test" password = creds.pw new_test_password = "Password123" # noqa await ldap_client.bind(user_dn, password) diff --git a/tests/test_ldap/test_roles/conftest.py b/tests/test_ldap/test_roles/conftest.py index e82c70526..2d5959e27 100644 --- a/tests/test_ldap/test_roles/conftest.py +++ b/tests/test_ldap/test_roles/conftest.py @@ -24,7 +24,7 @@ async def custom_role(role_dao: RoleDAO) -> RoleDTO: name="Custom Role", creator_upn=None, is_system=False, - groups=["cn=domain users,cn=groups,dc=md,dc=test"], + groups=["cn=domain users,cn=Groups,dc=md,dc=test"], ), ) return await role_dao.get(role_dao.get_last_id()) diff --git a/tests/test_ldap/test_roles/test_multiple_access.py b/tests/test_ldap/test_roles/test_multiple_access.py index da8cc17bc..4691ba0fb 100644 --- a/tests/test_ldap/test_roles/test_multiple_access.py +++ b/tests/test_ldap/test_roles/test_multiple_access.py @@ -18,7 +18,7 @@ from ldap_protocol.ldap_schema.entity_type_dao import EntityTypeDAO from ldap_protocol.roles.ace_dao import AccessControlEntryDAO from ldap_protocol.roles.dataclasses import AccessControlEntryDTO, RoleDTO -from ldap_protocol.utils.queries import get_search_path +from ldap_protocol.utils.queries import get_filter_from_path from repo.pg.tables import queryable_attr as qa from tests.conftest import TestCreds @@ -56,7 +56,7 @@ async def test_multiple_access( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=russia,cn=users,dc=md,dc=test", + base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, attribute_type_id=user_account_control_attr.id, is_allow=True, @@ -65,7 +65,7 @@ async def test_multiple_access( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=russia,cn=users,dc=md,dc=test", + base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, attribute_type_id=user_principal_name.id, is_allow=True, @@ -74,7 +74,7 @@ async def test_multiple_access( role_id=custom_role.get_id(), ace_type=AceType.WRITE, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=russia,cn=users,dc=md,dc=test", + base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, attribute_type_id=posix_email_attr.id, is_allow=True, @@ -83,7 +83,7 @@ async def test_multiple_access( role_id=custom_role.get_id(), ace_type=AceType.DELETE, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=russia,cn=users,dc=md,dc=test", + base_dn="cn=russia,cn=Users,dc=md,dc=test", entity_type_id=user_entity_type.id, attribute_type_id=posix_email_attr.id, is_allow=True, @@ -95,9 +95,9 @@ async def test_multiple_access( await perform_ldap_search_and_validate( settings=settings, creds=creds, - search_base="cn=russia,cn=users,dc=md,dc=test", + search_base="cn=russia,cn=Users,dc=md,dc=test", expected_dn=[ - "dn: cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", + "dn: cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", ], expected_attrs_present=[ "userAccountControl: 512", @@ -106,7 +106,7 @@ async def test_multiple_access( expected_attrs_absent=["posixEmail: user1@mail.com"], ) - user_dn = "cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" + user_dn = "cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" query = ( select(Directory) @@ -114,7 +114,7 @@ async def test_multiple_access( subqueryload(qa(Directory.attributes)), joinedload(qa(Directory.user)), ) - .filter_by(path=get_search_path(user_dn)) + .filter(get_filter_from_path(user_dn)) ) directory = (await session.scalars(query)).one() diff --git a/tests/test_ldap/test_roles/test_search.py b/tests/test_ldap/test_roles/test_search.py index a20e8f0dd..0795be89b 100644 --- a/tests/test_ldap/test_roles/test_search.py +++ b/tests/test_ldap/test_roles/test_search.py @@ -30,7 +30,7 @@ async def test_role_search_1(settings: Settings, creds: TestCreds) -> None: settings=settings, creds=creds, search_base=BASE_DN, - expected_dn=["dn: cn=user_non_admin,cn=users,dc=md,dc=test"], + expected_dn=["dn: cn=user_non_admin,cn=Users,dc=md,dc=test"], expected_attrs_present=[], expected_attrs_absent=[], ) @@ -52,7 +52,7 @@ async def test_role_search_2( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=groups,dc=md,dc=test", + base_dn="cn=Groups,dc=md,dc=test", attribute_type_id=None, entity_type_id=None, is_allow=True, @@ -65,8 +65,8 @@ async def test_role_search_2( creds=creds, search_base=BASE_DN, expected_dn=[ - "dn: cn=groups,dc=md,dc=test", - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", + "dn: cn=Groups,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", ], expected_attrs_present=[], expected_attrs_absent=[], @@ -102,9 +102,9 @@ async def test_role_search_3( creds=creds, search_base=BASE_DN, expected_dn=[ - "dn: cn=groups,dc=md,dc=test", - "dn: cn=users,dc=md,dc=test", - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", + "dn: cn=Groups,dc=md,dc=test", + "dn: cn=Users,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", "dn: ou=test_bit_rules,dc=md,dc=test", "dn: ou=testModifyDn1,dc=md,dc=test", "dn: ou=testModifyDn3,dc=md,dc=test", @@ -130,7 +130,7 @@ async def test_role_search_4( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=groups,dc=md,dc=test", + base_dn="cn=Groups,dc=md,dc=test", attribute_type_id=None, entity_type_id=None, is_allow=True, @@ -143,13 +143,13 @@ async def test_role_search_4( creds=creds, search_base=BASE_DN, expected_dn=[ - "dn: cn=admin login only,cn=groups,dc=md,dc=test", - "dn: cn=groups,dc=md,dc=test", - "dn: cn=domain admins,cn=groups,dc=md,dc=test", - "dn: cn=domain computers,cn=groups,dc=md,dc=test", - "dn: cn=developers,cn=groups,dc=md,dc=test", - "dn: cn=domain users,cn=groups,dc=md,dc=test", - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", + "dn: cn=admin login only,cn=Groups,dc=md,dc=test", + "dn: cn=Groups,dc=md,dc=test", + "dn: cn=domain admins,cn=Groups,dc=md,dc=test", + "dn: cn=domain computers,cn=Groups,dc=md,dc=test", + "dn: cn=developers,cn=Groups,dc=md,dc=test", + "dn: cn=domain users,cn=Groups,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", ], expected_attrs_present=[], expected_attrs_absent=[], @@ -189,11 +189,11 @@ async def test_role_search_5( creds=creds, search_base=BASE_DN, expected_dn=[ - "dn: cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test", - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", - "dn: cn=user_admin_for_roles,cn=users,dc=md,dc=test", - "dn: cn=user_admin,cn=users,dc=md,dc=test", - "dn: cn=user0,cn=users,dc=md,dc=test", + "dn: cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", + "dn: cn=user_admin_for_roles,cn=Users,dc=md,dc=test", + "dn: cn=user_admin,cn=Users,dc=md,dc=test", + "dn: cn=user0,cn=Users,dc=md,dc=test", "dn: cn=user_admin_1,ou=test_bit_rules,dc=md,dc=test", "dn: cn=user_admin_2,ou=test_bit_rules,dc=md,dc=test", "dn: cn=user_admin_3,ou=test_bit_rules,dc=md,dc=test", @@ -231,7 +231,7 @@ async def test_role_search_6( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=posix_email_attr.id, entity_type_id=user_entity_type.id, is_allow=True, @@ -242,9 +242,9 @@ async def test_role_search_6( await perform_ldap_search_and_validate( settings=settings, creds=creds, - search_base="cn=user0,cn=users,dc=md,dc=test", + search_base="cn=user0,cn=Users,dc=md,dc=test", expected_dn=[ - "dn: cn=user0,cn=users,dc=md,dc=test", + "dn: cn=user0,cn=Users,dc=md,dc=test", ], expected_attrs_present=[ "posixEmail: abctest@mail.com", @@ -281,7 +281,7 @@ async def test_role_search_7( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=None, entity_type_id=user_entity_type.id, is_allow=True, @@ -290,7 +290,7 @@ async def test_role_search_7( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=description_attr.id, entity_type_id=user_entity_type.id, is_allow=False, @@ -302,9 +302,9 @@ async def test_role_search_7( await perform_ldap_search_and_validate( settings=settings, creds=creds, - search_base="cn=user0,cn=users,dc=md,dc=test", + search_base="cn=user0,cn=Users,dc=md,dc=test", expected_dn=[ - "dn: cn=user0,cn=users,dc=md,dc=test", + "dn: cn=user0,cn=Users,dc=md,dc=test", ], expected_attrs_present=[ "posixEmail: abctest@mail.com", @@ -350,7 +350,7 @@ async def test_role_search_8( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=description_attr.id, entity_type_id=user_entity_type.id, is_allow=True, @@ -362,9 +362,9 @@ async def test_role_search_8( await perform_ldap_search_and_validate( settings=settings, creds=creds, - search_base="cn=user0,cn=users,dc=md,dc=test", + search_base="cn=user0,cn=Users,dc=md,dc=test", expected_dn=[ - "dn: cn=user0,cn=users,dc=md,dc=test", + "dn: cn=user0,cn=Users,dc=md,dc=test", ], expected_attrs_present=[ "description: 123 desc", @@ -404,7 +404,7 @@ async def test_role_search_9( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=posix_email_attr.id, entity_type_id=user_entity_type.id, is_allow=True, @@ -413,7 +413,7 @@ async def test_role_search_9( role_id=custom_role.get_id(), ace_type=AceType.READ, scope=RoleScope.BASE_OBJECT, - base_dn="cn=user0,cn=users,dc=md,dc=test", + base_dn="cn=user0,cn=Users,dc=md,dc=test", attribute_type_id=description_attr.id, entity_type_id=user_entity_type.id, is_allow=False, @@ -425,9 +425,9 @@ async def test_role_search_9( await perform_ldap_search_and_validate( settings=settings, creds=creds, - search_base="cn=user0,cn=users,dc=md,dc=test", + search_base="cn=user0,cn=Users,dc=md,dc=test", expected_dn=[ - "dn: cn=user0,cn=users,dc=md,dc=test", + "dn: cn=user0,cn=Users,dc=md,dc=test", ], expected_attrs_present=[ "posixEmail: abctest@mail.com", diff --git a/tests/test_ldap/test_util/test_add.py b/tests/test_ldap/test_util/test_add.py index eef7d047b..b0312bc98 100644 --- a/tests/test_ldap/test_util/test_add.py +++ b/tests/test_ldap/test_util/test_add.py @@ -23,7 +23,7 @@ from ldap_protocol.roles.ace_dao import AccessControlEntryDAO from ldap_protocol.roles.dataclasses import AccessControlEntryDTO, RoleDTO from ldap_protocol.roles.role_dao import RoleDAO -from ldap_protocol.utils.queries import get_search_path +from ldap_protocol.utils.queries import get_filter_from_path from repo.pg.tables import queryable_attr as qa from tests.conftest import TestCreds @@ -37,7 +37,6 @@ async def test_ldap_root_add( ) -> None: """Test ldapadd on server.""" dn = "cn=test,dc=md,dc=test" - search_path = get_search_path(dn) with tempfile.NamedTemporaryFile("w") as file: file.write( ( @@ -46,7 +45,7 @@ async def test_ldap_root_add( "cn: test\n" "objectClass: organization\n" "objectClass: top\n" - "memberOf: cn=domain admins,cn=groups,dc=md,dc=test\n" + "memberOf: cn=domain admins,cn=Groups,dc=md,dc=test\n" ), ) file.seek(0) @@ -73,7 +72,7 @@ async def test_ldap_root_add( new_dir_query = ( select(Directory) .options(subqueryload(qa(Directory.attributes))) - .filter_by(path=search_path) + .filter(get_filter_from_path(dn)) ) new_dir = (await session.scalars(new_dir_query)).one() @@ -96,8 +95,8 @@ async def test_ldap_user_add_with_group( ) -> None: """Test ldapadd on server.""" user_dn = "cn=test,dc=md,dc=test" - user_search_path = get_search_path(user_dn) - group_dn = "cn=domain admins,cn=groups,dc=md,dc=test" + + group_dn = "cn=domain admins,cn=Groups,dc=md,dc=test" with tempfile.NamedTemporaryFile("w") as file: file.write( @@ -144,7 +143,7 @@ async def test_ldap_user_add_with_group( new_dir_query = ( select(Directory) .options(subqueryload(qa(Directory.attributes)), membership) - .filter_by(path=user_search_path) + .filter(get_filter_from_path(user_dn)) ) new_dir = (await session.scalars(new_dir_query)).one() @@ -163,8 +162,7 @@ async def test_ldap_user_add_group_with_group( user: dict, ) -> None: """Test ldapadd on server.""" - child_group_dn = "cn=twisted,cn=groups,dc=md,dc=test" - child_group_search_path = get_search_path(child_group_dn) + child_group_dn = "cn=twisted,cn=Groups,dc=md,dc=test" group_dn = "cn=domain admins,cn=groups,dc=md,dc=test" with tempfile.NamedTemporaryFile("w") as file: @@ -208,13 +206,16 @@ async def test_ldap_user_add_group_with_group( new_dir_query = ( select(Directory) .options(membership) - .filter_by(path=child_group_search_path) + .filter(get_filter_from_path(child_group_dn)) ) new_dir = (await session.scalars(new_dir_query)).one() assert new_dir.name == "twisted" - groups = [group.directory.path_dn for group in new_dir.group.parent_groups] + groups = [ + group.directory.path_dn.lower() + for group in new_dir.group.parent_groups + ] assert group_dn in groups @@ -287,7 +288,7 @@ async def try_add() -> int: name="Add Role", creator_upn=None, is_system=False, - groups=["cn=domain users,cn=groups," + base_dn], + groups=["cn=domain users,cn=Groups," + base_dn], ), ) @@ -355,7 +356,7 @@ async def test_ldap_user_add_with_duplicate_groups( ) -> None: """Duplicate memberOf yields single membership.""" user_dn = "cn=dup,dc=md,dc=test" - group_dn = "cn=domain admins,cn=groups,dc=md,dc=test" + group_dn = "cn=domain admins,cn=Groups,dc=md,dc=test" with tempfile.NamedTemporaryFile("w") as file: ldif = [ @@ -394,11 +395,10 @@ async def test_ldap_user_add_with_duplicate_groups( assert result == 0 - user_search_path = get_search_path(user_dn) user_row = await session.scalar( select(User) .join(qa(User.directory)) - .filter_by(path=user_search_path) + .filter(get_filter_from_path(user_dn)) .options( selectinload(qa(User.groups)).selectinload(qa(Group.directory)), ), diff --git a/tests/test_ldap/test_util/test_delete.py b/tests/test_ldap/test_util/test_delete.py index f93d1eed9..bff5011c2 100644 --- a/tests/test_ldap/test_util/test_delete.py +++ b/tests/test_ldap/test_util/test_delete.py @@ -39,7 +39,7 @@ async def test_ldap_delete( "cn: test\n" "objectClass: organization\n" "objectClass: top\n" - "memberOf: cn=domain admins,cn=groups,dc=md,dc=test\n" + "memberOf: cn=domain admins,cn=Groups,dc=md,dc=test\n" ), ) file.seek(0) @@ -94,7 +94,7 @@ async def test_ldap_delete( "-x", "-w", user["password"], - "cn=user0,cn=users,dc=md,dc=test", + "cn=user0,cn=Users,dc=md,dc=test", stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE, ) @@ -171,7 +171,7 @@ async def try_delete() -> int: name="Delete Role", creator_upn=None, is_system=False, - groups=["cn=domain users,cn=groups," + base_dn], + groups=["cn=domain users,cn=Groups," + base_dn], ), ) @@ -223,7 +223,7 @@ async def test_ldap_delete_primary_object_classes( user: dict, ) -> None: """Test deleting primary object class.""" - entry_dn = "cn=user0,cn=users,dc=md,dc=test" + entry_dn = "cn=user0,cn=Users,dc=md,dc=test" with tempfile.NamedTemporaryFile("w") as file: file.write( ( diff --git a/tests/test_ldap/test_util/test_modify.py b/tests/test_ldap/test_util/test_modify.py index 02b174b4b..eda4c1fe0 100644 --- a/tests/test_ldap/test_util/test_modify.py +++ b/tests/test_ldap/test_util/test_modify.py @@ -25,7 +25,7 @@ from ldap_protocol.roles.ace_dao import AccessControlEntryDAO from ldap_protocol.roles.dataclasses import AccessControlEntryDTO, RoleDTO from ldap_protocol.roles.role_dao import RoleDAO -from ldap_protocol.utils.queries import get_search_path +from ldap_protocol.utils.queries import get_filter_from_path from repo.pg.tables import Attribute, directory_table, queryable_attr as qa from tests.conftest import TestCreds @@ -38,14 +38,14 @@ async def test_ldap_base_modify( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user0,cn=users,dc=md,dc=test" + dn = "cn=user0,cn=Users,dc=md,dc=test" query = ( select(Directory) .options( subqueryload(qa(Directory.attributes)), joinedload(qa(Directory.user)), ) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = (await session.scalars(query)).one() @@ -139,11 +139,11 @@ async def test_ldap_membersip_user_delete( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user_admin,cn=users,dc=md,dc=test" + dn = "cn=user_admin,cn=Users,dc=md,dc=test" query = ( select(Directory) .options(selectinload(qa(Directory.groups))) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = (await session.scalars(query)).one() @@ -187,11 +187,11 @@ async def test_ldap_membersip_self_delete_admin_domain( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user0,cn=users,dc=md,dc=test" + dn = "cn=user0,cn=Users,dc=md,dc=test" query = ( select(Directory) .options(selectinload(qa(Directory.groups))) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = (await session.scalars(query)).one() @@ -201,7 +201,7 @@ async def test_ldap_membersip_self_delete_admin_domain( with tempfile.NamedTemporaryFile("w") as file: file.write( f"dn: {dn}\nchangetype: modify\ndelete: memberOf\n" - "memberOf: cn=domain admins,cn=groups,dc=md,dc=test\n", + "memberOf: cn=domain admins,cn=Groups,dc=md,dc=test\n", ) file.seek(0) proc = await asyncio.create_subprocess_exec( @@ -250,7 +250,7 @@ async def test_self_disable( response = await http_client.patch( "entry/update", json={ - "object": "cn=user0,cn=users,dc=md,dc=test", + "object": "cn=user0,cn=Users,dc=md,dc=test", "changes": [ { "operation": Operation.REPLACE, @@ -288,7 +288,7 @@ async def test_ldap_membersip_user_add( creds: TestCreds, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user_non_admin,cn=users,dc=md,dc=test" + dn = "cn=user_non_admin,cn=Users,dc=md,dc=test" query = ( select(Directory) .options( @@ -296,7 +296,7 @@ async def test_ldap_membersip_user_add( qa(Group.directory), ), ) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = (await session.scalars(query)).one() @@ -312,7 +312,7 @@ async def test_ldap_membersip_user_add( f"dn: {dn}\n" "changetype: modify\n" "add: memberOf\n" - "memberOf: cn=domain admins,cn=groups,dc=md,dc=test\n" + "memberOf: cn=domain admins,cn=Groups,dc=md,dc=test\n" "-\n" ), ) @@ -351,17 +351,17 @@ async def test_ldap_membersip_user_replace( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user_admin,cn=users,dc=md,dc=test" + dn = "cn=user_admin,cn=Users,dc=md,dc=test" query = ( select(Directory) .options(selectinload(qa(Directory.groups))) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = (await session.scalars(query)).one() assert directory.groups - new_group_dn = "cn=twisted,cn=groups,dc=md,dc=test\n" + new_group_dn = "cn=twisted,cn=Groups,dc=md,dc=test\n" # add new group with tempfile.NamedTemporaryFile("w") as file: @@ -372,7 +372,7 @@ async def test_ldap_membersip_user_replace( "cn: twisted\n" "objectClass: group\n" "objectClass: top\n" - "memberOf: cn=domain admins,cn=groups,dc=md,dc=test\n" + "memberOf: cn=domain admins,cn=Groups,dc=md,dc=test\n" ), ) file.seek(0) @@ -403,7 +403,7 @@ async def test_ldap_membersip_user_replace( f"dn: {dn}\n" "changetype: modify\n" "replace: memberOf\n" - "memberOf: cn=twisted,cn=groups,dc=md,dc=test\n" + "memberOf: cn=twisted,cn=Groups,dc=md,dc=test\n" "-\n" ), ) @@ -442,7 +442,7 @@ async def test_ldap_membersip_grp_replace( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=domain admins,cn=groups,dc=md,dc=test" + dn = "cn=domain admins,cn=Groups,dc=md,dc=test" query = ( select(Directory) @@ -451,7 +451,7 @@ async def test_ldap_membersip_grp_replace( .selectinload(qa(Group.parent_groups)) .selectinload(qa(Group.directory)), ) - .filter_by(path=get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) directory = await session.scalar(query) @@ -463,7 +463,7 @@ async def test_ldap_membersip_grp_replace( with tempfile.NamedTemporaryFile("w") as file: file.write( ( - "dn: cn=twisted1,cn=groups,dc=md,dc=test\n" + "dn: cn=twisted1,cn=Groups,dc=md,dc=test\n" "name: twisted\n" "cn: twisted\n" "objectClass: group\n" @@ -498,7 +498,7 @@ async def test_ldap_membersip_grp_replace( f"dn: {dn}\n" "changetype: modify\n" "replace: memberOf\n" - "memberOf: cn=twisted1,cn=groups,dc=md,dc=test\n" + "memberOf: cn=twisted1,cn=Groups,dc=md,dc=test\n" "-\n" ), ) @@ -537,7 +537,7 @@ async def test_ldap_modify_dn( user: dict, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user0,cn=users,dc=md,dc=test" + dn = "cn=user0,cn=Users,dc=md,dc=test" with tempfile.NamedTemporaryFile("w") as file: file.write( @@ -546,7 +546,7 @@ async def test_ldap_modify_dn( "changetype: modrdn\n" "newrdn: cn=user2\n" "deleteoldrdn: 1\n" - "newsuperior: cn=users,dc=md,dc=test\n" + "newsuperior: cn=Users,dc=md,dc=test\n" ), ) file.seek(0) @@ -574,7 +574,7 @@ async def test_ldap_modify_dn( select(Directory) .filter( directory_table.c.path - == ["dc=test", "dc=md", "cn=users", "cn=user2"], + == ["dc=test", "dc=md", "cn=Users", "cn=user2"], directory_table.c.entity_type_id.isnot(None), ), ) # fmt: skip @@ -588,7 +588,7 @@ async def test_ldap_modify_password_change( creds: TestCreds, ) -> None: """Test ldapmodify on server.""" - dn = "cn=user0,cn=users,dc=md,dc=test" + dn = "cn=user0,cn=Users,dc=md,dc=test" new_password = "Password12345" # noqa with tempfile.NamedTemporaryFile("w") as file: @@ -655,9 +655,8 @@ async def test_ldap_modify_with_ap( access_control_entry_dao: AccessControlEntryDAO, ) -> None: """Test ldapmodify on server.""" - dn = "cn=users,dc=md,dc=test" + dn = "cn=Users,dc=md,dc=test" base_dn = "dc=md,dc=test" - search_path = get_search_path(dn) query = ( select(Directory) @@ -665,7 +664,7 @@ async def test_ldap_modify_with_ap( subqueryload(qa(Directory.attributes)), joinedload(qa(Directory.user)), ) - .filter_by(path=search_path) + .filter(get_filter_from_path(dn)) ) directory = await session.scalar(query) @@ -719,7 +718,7 @@ async def try_modify() -> int: name="Modify Role", creator_upn=None, is_system=False, - groups=["cn=domain users,cn=groups," + base_dn], + groups=["cn=domain users,cn=Groups," + base_dn], ), ) @@ -831,7 +830,7 @@ async def fetch_directory_by_dn(session: AsyncSession, dn: str) -> Directory: selectinload(qa(Directory.attributes)), joinedload(qa(Directory.group)), ) - .filter(qa(Directory.path) == get_search_path(dn)) + .filter(get_filter_from_path(dn)) ) return (await session.scalars(query)).one() @@ -843,25 +842,25 @@ async def fetch_directory_by_dn(session: AsyncSession, dn: str) -> Directory: [ ( "add", - "cn=developers,cn=groups,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", {"domain admins", "developers"}, True, ), ( "add", - "cn=domain admins,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", {"domain admins"}, True, ), ( "delete", - "cn=developers,cn=groups,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", {"domain admins", "developers"}, False, ), ( "replace", - "cn=developers,cn=groups,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", {"domain admins", "developers"}, True, ), @@ -877,7 +876,7 @@ async def test_ldap_modify_primary_group_id_scenarios( creds: TestCreds, ) -> None: """Test ldapmodify request with primaryGroupID for various scenarios.""" - user_dn = "cn=user_admin,cn=users,dc=md,dc=test" + user_dn = "cn=user_admin,cn=Users,dc=md,dc=test" user_dir = await fetch_directory_by_dn(session, user_dn) group_dir = await fetch_directory_by_dn(session, group_dn) @@ -932,22 +931,22 @@ async def test_ldap_modify_primary_group_id_scenarios( ("values", "include_dev_group", "expected_result", "expected_groups"), [ ( - ["cn=domain admins,cn=groups,dc=md,dc=test"], + ["cn=domain admins,cn=Groups,dc=md,dc=test"], True, 1, {"domain admins", "developers"}, ), ( - ["cn=domain admins,cn=groups,dc=md,dc=test"], + ["cn=domain admins,cn=Groups,dc=md,dc=test"], False, 0, {"domain admins"}, ), ( [ - "cn=domain admins,cn=groups,dc=md,dc=test", - "cn=developers,cn=groups,dc=md,dc=test", - "cn=domain computers,cn=groups,dc=md,dc=test", + "cn=domain admins,cn=Groups,dc=md,dc=test", + "cn=developers,cn=Groups,dc=md,dc=test", + "cn=domain computers,cn=Groups,dc=md,dc=test", ], True, 0, @@ -965,8 +964,8 @@ async def test_ldap_modify_replace_memberof_primary_group_various( creds: TestCreds, ) -> None: """Test ldapmodify request replace memberOf attribute.""" - user_dn = "cn=user_admin,cn=users,dc=md,dc=test" - dev_group_dn = "cn=developers,cn=groups,dc=md,dc=test" + user_dn = "cn=user_admin,cn=Users,dc=md,dc=test" + dev_group_dn = "cn=developers,cn=Groups,dc=md,dc=test" user_dir = await fetch_directory_by_dn(session, user_dn) dev_group_dir = await fetch_directory_by_dn(session, dev_group_dn) diff --git a/tests/test_ldap/test_util/test_search.py b/tests/test_ldap/test_util/test_search.py index 903fb2598..338822a62 100644 --- a/tests/test_ldap/test_util/test_search.py +++ b/tests/test_ldap/test_util/test_search.py @@ -62,9 +62,9 @@ async def test_ldap_search(settings: Settings, creds: TestCreds) -> None: result = await proc.wait() assert result == 0 - assert "dn: cn=groups,dc=md,dc=test" in data - assert "dn: cn=users,dc=md,dc=test" in data - assert "dn: cn=user0,cn=users,dc=md,dc=test" in data + assert "dn: cn=Groups,dc=md,dc=test" in data + assert "dn: cn=Users,dc=md,dc=test" in data + assert "dn: cn=user0,cn=Users,dc=md,dc=test" in data @pytest.mark.asyncio @@ -89,7 +89,7 @@ async def test_ldap_search_filter( "dc=md,dc=test", "(&" "(objectClass=user)" - "(memberOf:1.2.840.113556.1.4.1941:=cn=domain admins,cn=groups,dc=md,\ + "(memberOf:1.2.840.113556.1.4.1941:=cn=domain admins,cn=Groups,dc=md,\ dc=test)" ")", stdout=asyncio.subprocess.PIPE, @@ -101,8 +101,8 @@ async def test_ldap_search_filter( result = await proc.wait() assert result == 0 - assert "dn: cn=user0,cn=users,dc=md,dc=test" in data - assert "dn: cn=user1,cn=moscow,cn=russia,cn=users,dc=md,dc=test" in data + assert "dn: cn=user0,cn=Users,dc=md,dc=test" in data + assert "dn: cn=user1,cn=moscow,cn=russia,cn=Users,dc=md,dc=test" in data @pytest.mark.asyncio @@ -298,7 +298,7 @@ async def test_ldap_search_filter_prefix( result = await proc.wait() assert result == 0 - assert "dn: cn=user0,cn=users,dc=md,dc=test" in data + assert "dn: cn=user0,cn=Users,dc=md,dc=test" in data @pytest.mark.asyncio @@ -317,7 +317,7 @@ async def test_bind_policy( assert policy group = await get_group( - dn="cn=domain admins,cn=groups,dc=md,dc=test", + dn="cn=domain admins,cn=Groups,dc=md,dc=test", session=session, ) policy.groups.append(group) @@ -368,7 +368,7 @@ async def test_bind_policy_missing_group( user = (await session.scalars(user_query)).one() policy.groups = await get_groups( - ["cn=domain admins,cn=groups,dc=md,dc=test"], + ["cn=domain admins,cn=Groups,dc=md,dc=test"], session, ) user.groups.clear() @@ -432,7 +432,7 @@ async def test_bvalue_in_search_request( ) -> None: """Test SearchRequest with bytes data.""" request = SearchRequest( - base_object="cn=user0,cn=users,dc=md,dc=test", + base_object="cn=user0,cn=Users,dc=md,dc=test", scope=0, deref_aliases=0, size_limit=0, @@ -525,7 +525,7 @@ async def test_ldap_search_access_control_denied( assert result == 0 assert dn_list == [ - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", ] await session.commit() @@ -535,7 +535,7 @@ async def test_ldap_search_access_control_denied( name="Groups Read Role", creator_upn=None, is_system=False, - groups=["cn=domain users,cn=groups,dc=md,dc=test"], + groups=["cn=domain users,cn=Groups,dc=md,dc=test"], ), ) @@ -543,7 +543,7 @@ async def test_ldap_search_access_control_denied( role_id=role_dao.get_last_id(), ace_type=AceType.READ, scope=RoleScope.WHOLE_SUBTREE, - base_dn="cn=groups,dc=md,dc=test", + base_dn="cn=Groups,dc=md,dc=test", attribute_type_id=None, entity_type_id=None, is_allow=True, @@ -577,12 +577,12 @@ async def test_ldap_search_access_control_denied( assert result == 0 assert sorted(dn_list) == sorted( [ - "dn: cn=groups,dc=md,dc=test", - "dn: cn=domain admins,cn=groups,dc=md,dc=test", - "dn: cn=admin login only,cn=groups,dc=md,dc=test", - "dn: cn=developers,cn=groups,dc=md,dc=test", - "dn: cn=domain computers,cn=groups,dc=md,dc=test", - "dn: cn=domain users,cn=groups,dc=md,dc=test", - "dn: cn=user_non_admin,cn=users,dc=md,dc=test", + "dn: cn=Groups,dc=md,dc=test", + "dn: cn=domain admins,cn=Groups,dc=md,dc=test", + "dn: cn=admin login only,cn=Groups,dc=md,dc=test", + "dn: cn=developers,cn=Groups,dc=md,dc=test", + "dn: cn=domain computers,cn=Groups,dc=md,dc=test", + "dn: cn=domain users,cn=Groups,dc=md,dc=test", + "dn: cn=user_non_admin,cn=Users,dc=md,dc=test", ], )