Hello community, here is the log from the commit of package velum for openSUSE:Factory checked in at 2018-07-13 10:21:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/velum (Old) and /work/SRC/openSUSE:Factory/.velum.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "velum" Fri Jul 13 10:21:38 2018 rev:39 rq:622263 version:4.0.0+dev+git_r857_d2c6971de32315a433620d76da0a757677fa0594 Changes: -------- --- /work/SRC/openSUSE:Factory/velum/velum.changes 2018-07-03 23:35:54.624274893 +0200 +++ /work/SRC/openSUSE:Factory/.velum.new/velum.changes 2018-07-13 10:21:42.714481344 +0200 @@ -1,0 +2,46 @@ +Fri Jul 6 17:05:41 UTC 2018 - containers-bugow...@suse.de + +- Commit 52e869d by Maximilian Meister mmeis...@suse.de + rename migration file + + it needs to match the schema revision + + feature#external-ldap + + Signed-off-by: Maximilian Meister <mmeis...@suse.de> + + Commit 9a9393c by David Helkowski dhelkow...@suse.com + Add dex connector ldap table, models, and pillar output + + Added a new table "dex_connectors_ldap" and migration file to the db schema + and migrate files. Altered pillar controller to output this new data. Added a + basic/empty app model for the new table so that the data can be fetched + through it. Updated pillar rspec to test newly output connectors as well as + to allow the empty connectors in the other pillar tests. + + +------------------------------------------------------------------- +Thu Jul 5 10:03:35 UTC 2018 - containers-bugow...@suse.de + +- Commit cd431fe by Florian Bergmann fbergm...@suse.de + Fix bsc#1097754: Verify the a certificate is a valid X509 certificate. + + Commit 0ef31b8 by Florian Bergmann fbergm...@suse.de + Backport Rails 5 file_fixture method to access a fixture in a test. + + +------------------------------------------------------------------- +Thu Jul 5 07:49:01 UTC 2018 - containers-bugow...@suse.de + +- Commit b18c46e by Vítor Avelino vavel...@suse.com + ui: renamed new nodes -> unassigned nodes + + On the cluster status summary we decided to rename "new" by "unassigned" to + avoid mixing terms that may confuse the user. + + bsc#1100113 + + Signed-off-by: Vítor Avelino <vavel...@suse.com> + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ velum.spec ++++++ --- /var/tmp/diff_new_pack.LmRJa0/_old 2018-07-13 10:21:43.122481833 +0200 +++ /var/tmp/diff_new_pack.LmRJa0/_new 2018-07-13 10:21:43.126481838 +0200 @@ -23,7 +23,7 @@ # Version: 1.0.0 # %%define branch 1.0.0 -Version: 4.0.0+dev+git_r849_5a47921acc39abe81892cc5a47bd8f921ae52fb5 +Version: 4.0.0+dev+git_r857_d2c6971de32315a433620d76da0a757677fa0594 Release: 0 %define branch master Summary: Dashboard for CaasP @@ -93,7 +93,7 @@ %description velum is the dashboard for CaasP to manage and deploy kubernetes clusters on top of MicroOS -This package has been built with commit 5a47921acc39abe81892cc5a47bd8f921ae52fb5 from branch master on date Mon, 02 Jul 2018 09:15:41 +0000 +This package has been built with commit d2c6971de32315a433620d76da0a757677fa0594 from branch master on date Fri, 06 Jul 2018 17:05:03 +0000 %prep %setup -q -n velum-%{branch} ++++++ 0_set_default_salt_events_alter_time_column_value.rpm.patch ++++++ --- /var/tmp/diff_new_pack.LmRJa0/_old 2018-07-13 10:21:43.134481847 +0200 +++ /var/tmp/diff_new_pack.LmRJa0/_new 2018-07-13 10:21:43.134481847 +0200 @@ -1,8 +1,8 @@ diff --git a/db/schema.rb b/db/schema.rb -index 1ea41ec..4d401d5 100644 +index d37f481..ec3219f 100644 --- a/db/schema.rb +++ b/db/schema.rb -@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do +@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do create_table "salt_events", force: :cascade do |t| t.string "tag", limit: 255, null: false t.text "data", limit: 16777215, null: false @@ -11,7 +11,7 @@ t.string "master_id", limit: 255, null: false t.datetime "taken_at" t.datetime "processed_at" -@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do +@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do t.string "id", limit: 255, null: false t.string "success", limit: 10, null: false t.text "full_ret", limit: 16777215, null: false ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/assets/stylesheets/pages/nodes_list.scss new/velum-master/app/assets/stylesheets/pages/nodes_list.scss --- old/velum-master/app/assets/stylesheets/pages/nodes_list.scss 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/app/assets/stylesheets/pages/nodes_list.scss 2018-07-06 19:07:10.000000000 +0200 @@ -70,7 +70,7 @@ } .left-column dd { - margin-left: 107px; + margin-left: 122px; } .right-column dd { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb --- old/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/app/controllers/internal_api/v1/pillars_controller.rb 2018-07-06 19:07:10.000000000 +0200 @@ -1,3 +1,5 @@ +require "velum/dex/ldap" + # Serve the pillar information # rubocop:disable Metrics/ClassLength class InternalApi::V1::PillarsController < InternalApiController @@ -12,6 +14,8 @@ kubelet_contents ).merge( system_certificate_contents + ).deep_merge( + dex_connectors_as_pillar ) end @@ -166,5 +170,11 @@ } } end + + def dex_connectors_as_pillar + connectors = [] + connectors.concat(Velum::Dex.ldap_connectors_as_pillar) + { dex: { connectors: connectors } } + end end # rubocop:enable Metrics/ClassLength diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/certificate.rb new/velum-master/app/models/certificate.rb --- old/velum-master/app/models/certificate.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/app/models/certificate.rb 2018-07-06 19:07:10.000000000 +0200 @@ -2,5 +2,5 @@ class Certificate < ActiveRecord::Base has_many :certificate_services, dependent: :destroy - validates :certificate, presence: true + validates :certificate, presence: true, x509_certificate: true end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/models/dex_connector_ldap.rb new/velum-master/app/models/dex_connector_ldap.rb --- old/velum-master/app/models/dex_connector_ldap.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/models/dex_connector_ldap.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,6 @@ +# Model that represents a dex authentication connector for LDAP +class DexConnectorLdap < ActiveRecord::Base + has_one :certificate_service, as: :service, dependent: :destroy + has_one :certificate, through: :certificate_service + self.table_name = "dex_connectors_ldap" +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/validators/x509_certificate_validator.rb new/velum-master/app/validators/x509_certificate_validator.rb --- old/velum-master/app/validators/x509_certificate_validator.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/app/validators/x509_certificate_validator.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,10 @@ +require "openssl" + +# Verifies that an attribute is a valid X509 certificate +class X509CertificateValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + OpenSSL::X509::Certificate.new(value) if value.present? + rescue OpenSSL::X509::CertificateError + record.errors[attribute] << "Invalid X509 certificate." + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/app/views/dashboard/index.html.slim new/velum-master/app/views/dashboard/index.html.slim --- old/velum-master/app/views/dashboard/index.html.slim 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/app/views/dashboard/index.html.slim 2018-07-06 19:07:10.000000000 +0200 @@ -23,9 +23,7 @@ dd.assigned-count dt Master nodes dd.master-count - dt - | New nodes - i.fa.fw.fa-info-circle title="Available but have not been added to the cluster yet" + dt Unassigned nodes dd.unassigned-count data-url=assign_nodes_url .col-md-6.right-column dl.side-by-side diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb new/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb --- old/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/db/migrate/20181708070234_create_dex_connectors_ldap.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,26 @@ +class CreateDexConnectorsLdap < ActiveRecord::Migration + def change + create_table :dex_connectors_ldap do |t| + t.timestamps + t.string :name, limit: 255 + t.string :host, limit: 255 + t.integer :port, limit: 2, default: 636 + t.boolean :start_tls, default: false, null: false + t.boolean :bind_anon, default: false, null: false # bind_dn and bind_pw ignored if true + t.string :bind_dn, limit: 255, default: "uid=someuid,cn=users,dc=somedomain,dc=com" + t.string :bind_pw, limit: 255 + t.string :username_prompt, limit: 255, default: "Username" + t.string :user_base_dn, limit: 255, default: "cn=users,dc=somedomain,dc=com" + t.string :user_filter, limit: 255, default: "(objectClass=person)" + t.string :user_attr_username, limit: 255, default: "uid" + t.string :user_attr_id, limit: 255, default: "uid" + t.string :user_attr_email, limit: 255, default: "mail", null: false + t.string :user_attr_name, limit: 255, default: "name" + t.string :group_base_dn, limit: 255, default: "cn=groups,dc=somedomain,dc=com" + t.string :group_filter, limit: 255, default: "(objectClass=group)" + t.string :group_attr_user, limit: 255, default: "uid" + t.string :group_attr_group, limit: 255, default: "member" + t.string :group_attr_name, limit: 255, default: "name" + end + end +end \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/db/schema.rb new/velum-master/db/schema.rb --- old/velum-master/db/schema.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/db/schema.rb 2018-07-06 19:07:10.000000000 +0200 @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20181708070233) do +ActiveRecord::Schema.define(version: 20181708070234) do create_table "certificate_services", force: :cascade do |t| t.integer "certificate_id", limit: 4 @@ -168,4 +168,29 @@ add_index "users", ["email"], name: "index_users_on_email", unique: true, using: :btree add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true, using: :btree + create_table "dex_connectors_ldap", force: :cascade do |t| + t.datetime "created_at" + t.datetime "updated_at" + t.string "name", limit: 255 + t.string "host", limit: 255 + t.integer "port", limit: 2, default: 636 + t.boolean "start_tls", default: false, null: false + t.boolean "bind_anon", default: false, null: false + t.string "bind_dn", limit: 255, default: "uid=someuid,cn=users,dc=somedomain,dc=com" + t.string "bind_pw", limit: 255 + t.string "username_prompt", limit: 255, default: "Username" + t.string "user_base_dn", limit: 255, default: "cn=users,dc=somedomain,dc=com" + t.string "user_filter", limit: 255, default: "(objectClass=person)" + t.string "user_attr_username", limit: 255, default: "uid" + t.string "user_attr_id", limit: 255, default: "uid" + t.string "user_attr_email", limit: 255, default: "mail", null: false + t.string "user_attr_name", limit: 255, default: "name" + t.string "group_base_dn", limit: 255, default: "cn=groups,dc=somedomain,dc=com" + t.string "group_filter", limit: 255, default: "(objectClass=group)" + t.string "group_attr_user", limit: 255, default: "uid" + t.string "group_attr_group", limit: 255, default: "member" + t.string "group_attr_name", limit: 255, default: "name" + end + + add_index "dex_connectors_ldap", ["id"], name: "index_dex_connectors_ldap_on_id", unique: true, using: :btree end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/lib/velum/dex/ldap.rb new/velum-master/lib/velum/dex/ldap.rb --- old/velum-master/lib/velum/dex/ldap.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/lib/velum/dex/ldap.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,68 @@ +require "base64" + +module Velum + # This class offers the integration between ruby and the Saltstack API. + module Dex + class << self + def ldap_connectors_as_pillar + ldap_connectors = DexConnectorLdap.all.map do |con| + { + type: "ldap", + id: con.id, + name: con.name, + + # Combine host and port since they ultimately + # feed into a single line of config for dex + server: "#{con.host}:#{con.port}", + start_tls: con.start_tls, + root_ca_data: Base64.encode64(con.certificate.try(:certificate) || ""), + bind: generate_bind_block(con), # Place basic bind information together + user: generate_user_block(con), # Place user stuff together + group: generate_group_block(con), # Place group stuff together + username_prompt: con.username_prompt + } + end + ldap_connectors + end + + private + + def generate_user_block(con) + { + base_dn: con.user_base_dn, + filter: con.user_filter, + attr_map: { + username: con.user_attr_username, + id: con.user_attr_id, + email: con.user_attr_email, + name: con.user_attr_name + } + } + end + + def generate_bind_block(con) + bind = {} + if con.bind_anon + bind[:anonymous] = true + else + bind[:anonymous] = false + bind[:dn] = con.bind_dn + bind[:pw] = con.bind_pw + end + bind + end + + def generate_group_block(con) + { + base_dn: con.group_base_dn, + filter: con.group_filter, + attr_map: { + user: con.group_attr_user, + group: con.group_attr_group, + name: con.group_attr_group + } + } + end + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch --- old/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/packaging/suse/patches/0_set_default_salt_events_alter_time_column_value.rpm.patch 2018-07-06 19:07:10.000000000 +0200 @@ -1,8 +1,8 @@ diff --git a/db/schema.rb b/db/schema.rb -index 1ea41ec..4d401d5 100644 +index d37f481..ec3219f 100644 --- a/db/schema.rb +++ b/db/schema.rb -@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do +@@ -107,7 +107,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do create_table "salt_events", force: :cascade do |t| t.string "tag", limit: 255, null: false t.text "data", limit: 16777215, null: false @@ -11,7 +11,7 @@ t.string "master_id", limit: 255, null: false t.datetime "taken_at" t.datetime "processed_at" -@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070233) do +@@ -136,7 +136,7 @@ ActiveRecord::Schema.define(version: 20181708070234) do t.string "id", limit: 255, null: false t.string "success", limit: 10, null: false t.text "full_ret", limit: 16777215, null: false diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb --- old/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/controllers/internal_api/v1/pillars_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -15,6 +15,9 @@ url: Registry::SUSE_REGISTRY_URL, cert: nil ], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -72,6 +75,9 @@ ] } ], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -108,6 +114,9 @@ { system_certificates: [], registries: [], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => { kube: { @@ -136,6 +145,9 @@ { registries: [], system_certificates: [], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -201,6 +213,9 @@ { system_certificates: [], registries: [], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -291,6 +306,9 @@ { system_certificates: [], registries: [], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -338,8 +356,11 @@ registries: [], system_certificates: [ name: "sca1", - cert: "cert" + cert: certificate.certificate ], + dex: { + connectors: [] + }, kubelet: { :"compute-resources" => {}, :"eviction-hard" => "" @@ -348,7 +369,6 @@ end before do - certificate = Certificate.create(certificate: "cert") system_certificate = SystemCertificate.create(name: "sca1") CertificateService.create(service: system_certificate, certificate: certificate) end @@ -358,4 +378,98 @@ expect(json).to eq(expected_response) end end + + def expected_dex_json(num, certificate) + { + id: num, + name: "LDAP Server #{num}", + root_ca_data: Base64.encode64(certificate.certificate), + bind: { + anonymous: false, + dn: "cn=admin,dc=ldap_host_#{num},dc=com", + pw: nil + }, + username_prompt: "Username", + user: { + base_dn: "cn=users,dc=ldap_host_#{num},dc=com", + filter: "(objectClass=person)", + attr_map: { + username: "uid", + id: "uid", + email: "mail", + name: "name" + } + }, + group: { + base_dn: "cn=groups,dc=ldap_host_#{num},dc=com", + filter: "(objectClass=group)", + attr_map: { + user: "uid", + group: "member", + name: "name" + } + } + } + end + + # rubocop:disable RSpec/ExampleLength + context "with dex LDAP connectors tls" do + it "has dex LDAP connectors" do + dex_connector_ldap = create(:dex_connector_ldap, :tls, :regular_admin) + CertificateService.create(service: dex_connector_ldap, certificate: certificate) + + expected_json = { + registries: [], + kubelet: { + :"compute-resources" => {}, + :"eviction-hard" => "" + }, + system_certificates: [], + dex: { + connectors: [ + expected_dex_json(dex_connector_ldap.id, certificate).merge( + server: "ldap_host_#{dex_connector_ldap.id}.com:636", + start_tls: false + ) + ] + } + } + get :show do + expect(json).to eq(expected_json) + delete(dex_connector_ldap) + end + end + end + + context "with dex LDAP connectors starttls" do + it "has dex LDAP connectors" do + dex_connector_ldap = create(:dex_connector_ldap, :starttls, :anon_admin) + CertificateService.create(service: dex_connector_ldap, certificate: certificate) + + expected_json = { + registries: [], + kubelet: { + :"compute-resources" => {}, + :"eviction-hard" => "" + }, + system_certificates: [], + dex: { + connectors: [ + expected_dex_json(dex_connector_ldap.id, certificate).merge( + server: "ldap_host_#{dex_connector_ldap.id}.com:389", + start_tls: true, + bind: { + anonymous: true + } + ) + ] + } + } + get :show do + expect(json).to eq(expected_json) + delete(dex_connector_ldap) + end + end + end + # rubocop:enable RSpec/ExampleLength end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registries_controller_spec.rb new/velum-master/spec/controllers/settings/registries_controller_spec.rb --- old/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/controllers/settings/registries_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -2,6 +2,8 @@ RSpec.describe Settings::RegistriesController, type: :controller do let(:user) { create(:user) } + let(:admin_cert_text) { file_fixture("admin.crt").read.strip } + let(:pem_cert) { create(:certificate) } before do setup_done @@ -53,7 +55,7 @@ end describe "GET #edit" do - let!(:certificate) { create(:certificate, certificate: "Cert") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:registry) { create(:registry) } let!(:registry_with_cert) { create(:registry) } @@ -111,15 +113,16 @@ context "with certificate" do it "saves the new registry in the database" do - post :create, registry: { name: "r1", url: "http://local.lan", certificate: "cert" } + post :create, registry: { name: "r1", url: "http://local.lan", + certificate: admin_cert_text } registry = Registry.find_by(name: "r1") expect(registry.name).to eq("r1") - expect(registry.certificate.certificate).to eq("cert") + expect(registry.certificate.certificate).to eq(admin_cert_text) end it "does not save in db and return unprocessable entity status when invalid" do expect do - post :create, registry: { name: "", url: "invalid", certificate: "cert" } + post :create, registry: { name: "", url: "invalid", certificate: admin_cert_text } end.not_to change(Registry, :count) expect(response).to have_http_status(:unprocessable_entity) end @@ -127,7 +130,7 @@ end describe "PATCH #update" do - let!(:certificate) { create(:certificate, certificate: "C1") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:registry) { create(:registry) } let!(:registry_with_cert) { create(:registry) } @@ -142,9 +145,9 @@ end it "creates a new certificate" do - registry_params = { name: registry.name, url: registry.url, certificate: "cert" } + registry_params = { name: registry.name, url: registry.url, certificate: admin_cert_text } put :update, id: registry.id, registry: registry_params - expect(registry.certificate.certificate).to eq("cert") + expect(registry.certificate.certificate).to eq(admin_cert_text) end # rubocop:disable RSpec/ExampleLength @@ -152,11 +155,12 @@ registry_params = { name: registry_with_cert.name, url: registry_with_cert.url, - certificate: "cert" + certificate: pem_cert.certificate } put :update, id: registry_with_cert.id, registry: registry_params - expect(registry_with_cert.reload.certificate.certificate).to eq("cert") + expect(registry_with_cert.reload.certificate.certificate.strip) + .to eq(pem_cert.certificate.strip) end # rubocop:enable RSpec/ExampleLength diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb --- old/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/controllers/settings/registry_mirrors_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -3,6 +3,8 @@ # rubocop:disable RSpec/ExampleLength RSpec.describe Settings::RegistryMirrorsController, type: :controller do let(:user) { create(:user) } + let(:admin_cert_text) { file_fixture("admin.crt").read.strip } + let(:pem_cert) { create(:certificate) } before do setup_done @@ -33,7 +35,7 @@ end describe "GET #edit" do - let!(:certificate) { create(:certificate, certificate: "Cert") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:registry_mirror) { create(:registry_mirror) } let!(:registry_mirror_with_cert) { create(:registry_mirror) } @@ -80,7 +82,7 @@ registry_mirror_params = { name: "r1", url: "http://local.lan", - certificate: "cert", + certificate: admin_cert_text, registry_id: registry.id } @@ -103,21 +105,21 @@ registry_mirror_params = { name: "r1", url: "http://local.lan", - certificate: "cert", + certificate: admin_cert_text, registry_id: registry.id } post :create, registry_mirror: registry_mirror_params registry_mirror = RegistryMirror.find_by(name: "r1") expect(registry_mirror.name).to eq("r1") - expect(registry_mirror.certificate.certificate).to eq("cert") + expect(registry_mirror.certificate.certificate).to eq(admin_cert_text) end it "does not save in db and return unprocessable entity status when invalid" do registry_mirror_params = { name: "r1", url: "invalid", - certificate: "cert", + certificate: admin_cert_text, registry_id: registry.id } @@ -130,7 +132,7 @@ end describe "PATCH #update" do - let!(:certificate) { create(:certificate, certificate: "Cert") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:registry_mirror) { create(:registry_mirror) } let!(:registry_mirror_with_cert) { create(:registry_mirror) } @@ -148,22 +150,23 @@ registry_mirror_params = { name: registry_mirror.name, url: registry_mirror.url, - certificate: "C2" + certificate: pem_cert.certificate } put :update, id: registry_mirror.id, registry_mirror: registry_mirror_params - expect(registry_mirror.certificate.certificate).to eq("C2") + expect(registry_mirror.certificate.certificate.strip).to eq(pem_cert.certificate.strip) end it "updates a certificate" do registry_mirror_params = { name: registry_mirror_with_cert.name, url: registry_mirror_with_cert.url, - certificate: "C4" + certificate: pem_cert.certificate } put :update, id: registry_mirror_with_cert.id, registry_mirror: registry_mirror_params - expect(registry_mirror_with_cert.reload.certificate.certificate).to eq("C4") + expect(registry_mirror_with_cert.reload.certificate.certificate.strip) + .to eq(pem_cert.certificate.strip) end it "drops a certificate" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb --- old/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/controllers/settings/system_certificates_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -2,6 +2,8 @@ RSpec.describe Settings::SystemCertificatesController, type: :controller do let(:user) { create(:user) } + let(:admin_cert_text) { file_fixture("admin.crt").read.strip } + let(:pem_cert) { create(:certificate) } before do setup_done @@ -35,7 +37,7 @@ end describe "GET #edit" do - let!(:certificate) { create(:certificate, certificate: "Cert") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:system_certificate) { create(:system_certificate) } let!(:system_certificate_with_cert) { create(:system_certificate) } @@ -78,32 +80,39 @@ describe "POST #create" do it "can not save system certificate without name" do expect do - post :create, system_certificate: { name: "", certificate: "cert" } + post :create, system_certificate: { name: "", certificate: admin_cert_text } end.not_to change(SystemCertificate, :count) expect(response).to have_http_status(:unprocessable_entity) end it "saves the system certificate in the database" do - post :create, system_certificate: { name: "sca1", certificate: "cert" } + post :create, system_certificate: { name: "sca1", certificate: admin_cert_text } system_certificate = SystemCertificate.find_by(name: "sca1") expect(system_certificate.name).to eq("sca1") - expect(system_certificate.certificate.certificate).to eq("cert") + expect(system_certificate.certificate.certificate).to eq(admin_cert_text) end end describe "PATCH #update" do - let!(:certificate) { create(:certificate, certificate: "C1") } + let!(:certificate) { create(:certificate, certificate: admin_cert_text) } let!(:system_certificate) { create(:system_certificate) } before do CertificateService.create!(service: system_certificate, certificate: certificate) end - it "updates a system certificate" do + it "updates a system certificate's name" do system_certificate_params = { name: "new name" } put :update, id: system_certificate.id, system_certificate: system_certificate_params expect(SystemCertificate.find(system_certificate.id).name).to eq("new name") end + + it "updates a system certificate's certificate" do + system_certificate_params = { certificate: pem_cert.certificate } + put :update, id: system_certificate.id, system_certificate: system_certificate_params + certificate = SystemCertificate.find(system_certificate.id).certificate + expect(certificate.certificate.strip).to eq(pem_cert.certificate.strip) + end end describe "DELETE #destroy" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/controllers/setup_controller_spec.rb new/velum-master/spec/controllers/setup_controller_spec.rb --- old/velum-master/spec/controllers/setup_controller_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/controllers/setup_controller_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -69,7 +69,7 @@ let(:certificate_settings) do settings_params.dup.tap do |s| s["system_certificate"] = { name: "sca1", - certificate: "cert" } + certificate: certificate.certificate } end end @@ -685,7 +685,7 @@ let(:certificate_settings) do settings_params.dup.tap do |s| s["system_certificate"] = { name: "sca1", - certificate: "cert" } + certificate: certificate.certificate } end end @@ -697,7 +697,7 @@ put :configure, settings: certificate_settings system_certificate = SystemCertificate.find_by(name: "sca1") expect(system_certificate.name).to eq("sca1") - expect(system_certificate.certificate.certificate).to eq("cert") + expect(system_certificate.certificate.certificate).to eq(certificate.certificate) end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/factories/certificate_factory.rb new/velum-master/spec/factories/certificate_factory.rb --- old/velum-master/spec/factories/certificate_factory.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/factories/certificate_factory.rb 2018-07-06 19:07:10.000000000 +0200 @@ -1,126 +1,14 @@ FactoryGirl.define do factory :certificate do - certificate %( -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - e6:4d:fd:80:de:e5:5e:20 - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Validity - Not Before: Jan 15 13:04:33 2018 GMT - Not After : Feb 14 13:04:33 2018 GMT - Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (4096 bit) - Modulus: - 00:d3:f7:39:b9:c4:f6:fb:ff:bf:97:fb:38:42:f3: - 48:da:4b:fa:c6:62:92:27:44:7c:8c:72:a6:11:a8: - e6:d3:1b:d5:c2:68:d7:be:2e:91:c8:c6:67:d1:78: - f9:10:e4:73:0f:f1:43:c3:f2:da:f3:38:9e:7e:4e: - af:aa:bf:40:d6:6e:28:86:0f:f3:5e:b7:b8:09:52: - a9:03:28:b4:f8:64:3b:d2:29:0a:9f:4c:eb:6f:35: - 8a:ec:c9:4f:14:20:73:33:6d:a4:8f:18:fa:46:fd: - 4f:08:3e:42:f0:ce:69:45:b6:ca:bb:0a:82:7f:4c: - f9:c4:28:c8:28:2c:c8:a5:6c:e9:1c:ec:e9:07:84: - fa:62:35:13:11:f0:c6:b3:2f:46:82:d7:cb:7c:23: - 71:e5:8b:2d:11:32:ca:4c:1d:c5:17:57:37:1c:8f: - 76:15:7e:2c:d5:b3:79:6c:cd:c7:b6:11:dd:64:52: - 13:24:69:7f:ad:e8:a3:f6:d5:60:06:16:bd:b8:8d: - e0:4a:ab:d3:2a:e3:e1:41:cb:fa:0b:72:4d:09:f6: - 9d:8e:9e:86:7a:ea:87:1f:7f:49:1f:40:93:ad:a5: - b0:64:33:e4:3a:a6:5d:94:23:3e:9f:2a:0a:e6:97: - df:b6:dc:1b:eb:3b:d0:8b:ab:33:0d:e2:78:83:c4: - ca:f7:9d:d9:9a:dc:33:54:0c:bf:5f:48:35:b1:c3: - df:b6:0f:f2:b4:5b:b0:c3:86:ee:b4:c6:5f:8a:e4: - 8c:f8:83:44:4b:fb:da:3f:06:4c:73:8e:a2:48:fb: - 4e:60:58:d7:84:4d:5e:78:43:db:2e:3e:1d:c5:16: - 63:b1:d6:44:c0:6c:ab:35:66:de:a5:27:f1:25:48: - 43:e9:a9:75:42:ac:f4:3d:4c:f0:7e:84:0e:db:60: - 41:61:26:ca:b1:6f:e9:9e:b1:94:9e:2e:4c:42:85: - 63:9f:14:79:c4:27:78:f7:90:44:49:28:48:7d:d1: - 01:33:90:8a:91:2b:e4:f2:b0:10:b9:af:e4:e4:10: - a0:ad:71:bc:df:75:d5:45:2f:04:0f:f0:65:e5:1f: - df:18:e1:96:34:ba:c0:84:3b:7c:d9:ff:86:8d:d2: - 2e:a4:4b:e6:42:0e:82:5f:36:cd:6e:dd:f4:c6:ba: - 48:51:21:27:00:26:a6:2d:6b:61:0d:a5:43:a5:ca: - 82:0d:a5:3f:fb:b1:04:d2:0f:41:35:49:35:3b:6e: - 9d:ad:e0:2d:81:18:bb:8d:d3:18:64:c5:01:79:16: - 2d:1f:13:75:1a:d6:7d:a7:ba:fd:f4:15:5b:8b:03: - 19:25:1a:7e:49:90:69:07:0d:68:b2:46:1b:5e:ba: - 1f:a2:13 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 6C:B5:66:46:4D:CE:8A:B0:DF:7F:2D:7A:A3:C6:6B:08:37:9D:53:5B - X509v3 Authority Key Identifier: - keyid:6C:B5:66:46:4D:CE:8A:B0:DF:7F:2D:7A:A3:C6:6B:08:37:9D:53:5B - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha256WithRSAEncryption - 18:6c:28:a7:c0:2d:fa:14:0a:6f:84:73:ed:3b:a6:10:04:6d: - 88:af:dc:83:c2:8b:7c:a3:99:69:f3:35:b8:26:3c:f3:c5:7c: - 2f:c8:00:f1:83:e4:1e:42:e7:ac:0c:4d:5e:1e:22:b5:a7:9b: - 32:e6:4a:8a:63:28:50:3a:68:80:38:d3:d8:c5:82:92:95:a7: - 30:a8:6e:ba:d8:47:2c:ed:70:16:b9:a9:aa:27:99:08:65:e7: - 2d:24:7b:d6:e8:0f:7e:6b:b9:88:40:3c:18:a1:20:29:75:85: - 15:5e:d7:d7:12:2c:87:ba:17:7c:11:f5:69:40:64:96:0d:e6: - 2b:d8:5b:9d:74:a3:7b:3f:aa:15:fd:7d:b6:fd:54:23:bc:af: - 62:40:11:c9:d5:d5:1c:c7:80:9d:fb:42:ea:a9:15:cc:e2:a2: - 43:55:6d:9a:cb:95:0e:c8:11:3a:1a:e1:15:25:95:ad:e8:9c: - 00:af:04:2c:65:b0:5e:5e:73:c3:84:8a:6a:46:dc:12:c5:dc: - 2f:95:0c:17:70:f1:6b:d8:65:68:f2:a0:1a:b4:16:be:c0:99: - 64:e4:2a:8a:0b:3e:19:4b:97:3b:86:75:c3:cb:3f:90:b6:c1: - 39:7e:69:45:99:57:29:ef:68:3d:48:fd:06:03:aa:87:7a:2b: - 01:c5:8d:89:d6:f5:b8:b5:61:c1:03:54:3a:c4:a3:3e:59:a5: - 86:4f:ee:8c:92:55:93:5a:37:b1:3d:8f:1f:05:cc:bd:5f:0f: - cf:ab:70:0b:14:31:30:74:11:ce:a0:32:8c:10:f0:38:54:92: - 78:88:dd:ca:76:63:f3:ab:22:af:c5:7c:93:2f:b9:21:42:16: - a1:60:54:f6:39:28:e5:ff:84:ac:29:43:4e:5a:ee:d3:f2:fa: - 30:d3:79:05:a2:8d:b6:6f:9a:d6:b0:b8:1e:d6:50:6d:03:59: - 2f:55:86:21:99:c8:d8:d9:d6:24:46:2e:1b:44:9f:a2:0b:8d: - 6a:44:bb:01:96:8b:99:ac:6c:ed:4c:c8:12:e8:9a:5c:eb:1f: - 2c:0f:b7:1d:4c:b5:3f:e8:60:0c:83:a2:fd:c3:d2:02:e3:3f: - 71:72:38:9d:0e:e3:34:ca:7d:19:c6:a1:ac:a5:5e:13:ea:d7: - d4:81:d5:5e:12:2b:23:18:c1:7a:79:c9:01:41:0c:07:59:32: - b9:66:eb:ae:9f:4f:00:7a:95:66:69:d2:6a:d3:fb:05:1d:61: - 01:c6:07:5a:76:85:37:c7:54:0d:5e:bf:47:31:33:d0:dd:52: - ee:1e:8c:61:56:c6:db:9c:ed:62:a9:9f:f7:1e:1e:a8:f7:45: - 5c:f8:18:72:14:3d:5c:58 ------BEGIN CERTIFICATE----- -MIIFXTCCA0WgAwIBAgIJAOZN/YDe5V4gMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV -BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQwHhcNMTgwMTE1MTMwNDMzWhcNMTgwMjE0MTMwNDMzWjBF -MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 -ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEA0/c5ucT2+/+/l/s4QvNI2kv6xmKSJ0R8jHKmEajm0xvVwmjXvi6RyMZn -0Xj5EORzD/FDw/La8ziefk6vqr9A1m4ohg/zXre4CVKpAyi0+GQ70ikKn0zrbzWK -7MlPFCBzM22kjxj6Rv1PCD5C8M5pRbbKuwqCf0z5xCjIKCzIpWzpHOzpB4T6YjUT -EfDGsy9GgtfLfCNx5YstETLKTB3FF1c3HI92FX4s1bN5bM3HthHdZFITJGl/reij -9tVgBha9uI3gSqvTKuPhQcv6C3JNCfadjp6GeuqHH39JH0CTraWwZDPkOqZdlCM+ -nyoK5pffttwb6zvQi6szDeJ4g8TK953ZmtwzVAy/X0g1scPftg/ytFuww4butMZf -iuSM+INES/vaPwZMc46iSPtOYFjXhE1eeEPbLj4dxRZjsdZEwGyrNWbepSfxJUhD -6al1Qqz0PUzwfoQO22BBYSbKsW/pnrGUni5MQoVjnxR5xCd495BESShIfdEBM5CK -kSvk8rAQua/k5BCgrXG833XVRS8ED/Bl5R/fGOGWNLrAhDt82f+GjdIupEvmQg6C -XzbNbt30xrpIUSEnACamLWthDaVDpcqCDaU/+7EE0g9BNUk1O26dreAtgRi7jdMY -ZMUBeRYtHxN1GtZ9p7r99BVbiwMZJRp+SZBpBw1oskYbXrofohMCAwEAAaNQME4w -HQYDVR0OBBYEFGy1ZkZNzoqw338teqPGawg3nVNbMB8GA1UdIwQYMBaAFGy1ZkZN -zoqw338teqPGawg3nVNbMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB -ABhsKKfALfoUCm+Ec+07phAEbYiv3IPCi3yjmWnzNbgmPPPFfC/IAPGD5B5C56wM -TV4eIrWnmzLmSopjKFA6aIA409jFgpKVpzCobrrYRyztcBa5qaonmQhl5y0ke9bo -D35ruYhAPBihICl1hRVe19cSLIe6F3wR9WlAZJYN5ivYW510o3s/qhX9fbb9VCO8 -r2JAEcnV1RzHgJ37QuqpFcziokNVbZrLlQ7IEToa4RUlla3onACvBCxlsF5ec8OE -impG3BLF3C+VDBdw8WvYZWjyoBq0Fr7AmWTkKooLPhlLlzuGdcPLP5C2wTl+aUWZ -VynvaD1I/QYDqod6KwHFjYnW9bi1YcEDVDrEoz5ZpYZP7oySVZNaN7E9jx8FzL1f -D8+rcAsUMTB0Ec6gMowQ8DhUkniI3cp2Y/OrIq/FfJMvuSFCFqFgVPY5KOX/hKwp -Q05a7tPy+jDTeQWijbZvmtawuB7WUG0DWS9VhiGZyNjZ1iRGLhtEn6ILjWpEuwGW -i5msbO1MyBLomlzrHywPtx1MtT/oYAyDov3D0gLjP3FyOJ0O4zTKfRnGoaylXhPq -19SB1V4SKyMYwXp5yQFBDAdZMrlm666fTwB6lWZp0mrT+wUdYQHGB1p2hTfHVA1e -v0cxM9DdUu4ejGFWxtuc7WKpn/ceHqj3RVz4GHIUPVxY ------END CERTIFICATE----- -) + rsa_key = OpenSSL::PKey::RSA.new(2048) + cert = OpenSSL::X509::Certificate.new + cert.version = 2 + cert.subject = OpenSSL::X509::Name.parse "/CN=hostname" + cert.issuer = cert.subject + cert.public_key = rsa_key.public_key + cert.not_before = Time.now.utc + cert.not_after = cert.not_before + 2 * 365 * 24 * 60 * 60 # 2 years validity + cert.sign(rsa_key, OpenSSL::Digest::SHA1.new) + certificate { cert.to_pem } end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/factories/dex_connectors_ldap_factory.rb new/velum-master/spec/factories/dex_connectors_ldap_factory.rb --- old/velum-master/spec/factories/dex_connectors_ldap_factory.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/factories/dex_connectors_ldap_factory.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,46 @@ +FactoryGirl.define do + factory :dex_connector_ldap, class: DexConnectorLdap do + sequence(:name) { |n| "LDAP Server #{n}" } + sequence(:host) { |n| "ldap_host_#{n}.com" } + + # default to TLS + port 636 + start_tls false + + trait :tls do + port 636 + start_tls false + end + + trait :starttls do + port 389 + start_tls true + end + + # default to anon_admin + bind_anon true + + trait :anon_admin do + bind_anon true + end + + trait :regular_admin do + bind_anon false + bind_dn { "cn=admin,dc=#{host.chomp(".com")},dc=com" } + bind_pw nil + end + + username_prompt "Username" + user_base_dn { "cn=users,dc=#{host.chomp(".com")},dc=com" } + user_filter "(objectClass=person)" + user_attr_username "uid" + user_attr_id "uid" + user_attr_email "mail" + user_attr_name "name" + group_base_dn { "cn=groups,dc=#{host.chomp(".com")},dc=com" } + group_filter "(objectClass=group)" + group_attr_user "uid" + group_attr_group "member" + group_attr_name "name" + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/features/settings/mirrors_feature_spec.rb new/velum-master/spec/features/settings/mirrors_feature_spec.rb --- old/velum-master/spec/features/settings/mirrors_feature_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/features/settings/mirrors_feature_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -8,6 +8,7 @@ let!(:mirror) { create(:registry_mirror, registry: registry) } let!(:mirror2) { create(:registry_mirror, registry: registry) } let!(:mirror3) { create(:registry_mirror, registry: registry2) } + let(:admin_cert_text) { file_fixture("admin.crt").read.strip } before do setup_done @@ -75,11 +76,11 @@ select registry.name fill_in "Name", with: "Mirror" fill_in "URL", with: "https://google.com" - fill_in "Certificate", with: "Certificate" + fill_in "Certificate", with: admin_cert_text click_button("Save") last_mirror = RegistryMirror.last - expect(page).to have_content("Certificate") + expect(page).to have_content(admin_cert_text) expect(page).to have_content("Mirror was successfully created.") expect(page).to have_current_path(settings_registry_mirror_path(last_mirror)) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/features/settings/registries_feature_spec.rb new/velum-master/spec/features/settings/registries_feature_spec.rb --- old/velum-master/spec/features/settings/registries_feature_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/features/settings/registries_feature_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -8,6 +8,7 @@ let!(:registry3) { create(:registry) } let!(:mirror) { create(:registry_mirror, registry: registry) } let!(:mirror2) { create(:registry_mirror, registry: registry) } + let(:admin_cert_text) { file_fixture("admin.crt").read.strip } before do setup_done @@ -73,11 +74,11 @@ it "allows an user to create a registry (w/ certificate)" do fill_in "Name", with: "Registry" fill_in "URL", with: "https://google.com" - fill_in "Certificate", with: "Certificate" + fill_in "Certificate", with: admin_cert_text click_button("Save") last_registry = Registry.last - expect(page).to have_content("Certificate") + expect(page).to have_content(admin_cert_text) expect(page).to have_content("Registry was successfully created.") expect(page).to have_current_path(settings_registry_path(last_registry)) end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/models/certificate_spec.rb new/velum-master/spec/models/certificate_spec.rb --- old/velum-master/spec/models/certificate_spec.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/models/certificate_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -1,6 +1,25 @@ require "rails_helper" -describe Certificate do +RSpec.describe Certificate do it { is_expected.to have_many(:certificate_services) } it { is_expected.to validate_presence_of(:certificate) } + + context "when a certificate was passed" do + it "accepts a PEM formatted certificate" do + x509_cert = OpenSSL::X509::Certificate.new(create(:certificate).certificate) + cert = described_class.new(certificate: x509_cert.to_pem) + expect(cert.valid?).to eq(true) + end + + it "accepts a PER formatted certificate" do + x509_cert = OpenSSL::X509::Certificate.new(create(:certificate).certificate) + cert = described_class.new(certificate: x509_cert.to_der) + expect(cert.valid?).to eq(true) + end + + it "errors when the text is not a X509 certificate" do + cert = described_class.new(certificate: "No certificate") + expect(cert.valid?).to eq(false) + end + end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/models/dex_connector_ldap_spec.rb new/velum-master/spec/models/dex_connector_ldap_spec.rb --- old/velum-master/spec/models/dex_connector_ldap_spec.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/velum-master/spec/models/dex_connector_ldap_spec.rb 2018-07-06 19:07:10.000000000 +0200 @@ -0,0 +1,21 @@ +require "rails_helper" + +describe DexConnectorLdap, type: :model do + describe "#configure_dex_ldap_connector" do + let(:dex_connector_ldap) { create(:dex_connector_ldap) } + let(:certificate) { create(:certificate) } + + before do + CertificateService.create(service: dex_connector_ldap, certificate: certificate) + end + + after do + CertificateService.destroy_all + end + + it "creates a valid looking certificate" do + expect(Certificate.find_by(certificate: certificate.certificate).certificate) + .to include("BEGIN CERTIFICATE") + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/velum-master/spec/rails_helper.rb new/velum-master/spec/rails_helper.rb --- old/velum-master/spec/rails_helper.rb 2018-07-02 11:17:08.000000000 +0200 +++ new/velum-master/spec/rails_helper.rb 2018-07-06 19:07:10.000000000 +0200 @@ -17,6 +17,7 @@ RSpec.configure do |config| # If we want Capybara + DatabaseCleaner + Poltergeist to work correctly, we # have to just set this to false. + config.fixture_path = File.expand_path("../fixtures/", __FILE__) config.use_transactional_fixtures = false config.include JsonSpecHelper, type: :controller @@ -25,3 +26,16 @@ config.include FactoryGirl::Syntax::Methods config.infer_base_class_for_anonymous_controllers = true end + +# Backport of Rails5 file fixture +def file_fixture(fixture_name) + file_fixture_path = RSpec.configuration.fixture_path + path = Pathname.new(File.join(file_fixture_path, fixture_name)) + + if path.exist? + path + else + msg = "the directory '#{file_fixture_path}' does not contain a file named '#{fixture_name}'" + raise ArgumentError, msg + end +end