Skip to content

Commit d45e20e

Browse files
mehdimaaref7clement-dufaure
mehdimaaref7
authored and
clement-dufaure
committed
[ENH] ✨ LIST_GROUP of GenericLdapMapper should take ASI_GROUPS
Signed-off-by: Mehdi Maaref <mehdimaaref@live.fr>
1 parent c1daa2b commit d45e20e

6 files changed

Lines changed: 626 additions & 71 deletions

File tree

docs/configuration.md

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -92,28 +92,28 @@ Sugoi-api implements springdoc with full customization allowed
9292

9393
Sugoi-api implements spring security with full customization allowed
9494

95-
| Properties | Description | Default value | example |
96-
| ---------------------------------------------------------- | :---------: | ------------: | ------: |
97-
| fr.insee.sugoi.cors.allowed-origins | | | |
98-
| fr.insee.sugoi.cors.allowed-methods | | | |
99-
| fr.insee.sugoi.security.basic-authentication-enabled | | | |
100-
| fr.insee.sugoi.security.ldap-account-managment-enabled | | | |
101-
| fr.insee.sugoi.security.ldap-account-managment-url | | | |
102-
| fr.insee.sugoi.security.ldap-account-managment-user-base | | | |
103-
| fr.insee.sugoi.security.ldap-account-managment-groupe-base | | | |
104-
| fr.insee.sugoi.security.bearer-authentication-enabled | | | |
105-
| spring.security.oauth2.resourceserver.jwt.jwk-set-uri | | | |
106-
| fr.insee.sugoi.api.old.regexp.role.consultant | | | |
107-
| fr.insee.sugoi.api.old.regexp.role.gestionnaire | | | |
108-
| fr.insee.sugoi.api.old.regexp.role.admin | | | |
109-
| fr.insee.sugoi.api.old.enable.preauthorize | | | |
110-
| fr.insee.sugoi.api.regexp.role.reader | | | |
111-
| fr.insee.sugoi.api.regexp.role.writer | | | |
112-
| fr.insee.sugoi.api.regexp.role.admin | | | |
113-
| fr.insee.sugoi.api.regexp.role.app.manager | | | |
114-
| fr.insee.sugoi.api.regexp.role.password.manager | | | |
115-
| fr.insee.sugoi.api.enable.preauthorize | | | |
116-
| fr.insee.sugoi.security.default-roles-for-users | default role to add to each connected user | | |
95+
| Properties | Description | Default value | example |
96+
| ---------------------------------------------------------- |:----------------------------------------------------------------------------------------------------------------------:| ------------: | ------: |
97+
| fr.insee.sugoi.cors.allowed-origins | | | |
98+
| fr.insee.sugoi.cors.allowed-methods | | | |
99+
| fr.insee.sugoi.security.basic-authentication-enabled | | | |
100+
| fr.insee.sugoi.security.ldap-account-managment-enabled | | | |
101+
| fr.insee.sugoi.security.ldap-account-managment-url | | | |
102+
| fr.insee.sugoi.security.ldap-account-managment-user-base | | | |
103+
| fr.insee.sugoi.security.ldap-account-managment-groupe-base | | | |
104+
| fr.insee.sugoi.security.bearer-authentication-enabled | | | |
105+
| spring.security.oauth2.resourceserver.jwt.jwk-set-uri | | | |
106+
| fr.insee.sugoi.api.old.regexp.role.consultant | | | |
107+
| fr.insee.sugoi.api.old.regexp.role.gestionnaire | | | |
108+
| fr.insee.sugoi.api.old.regexp.role.admin | | | |
109+
| fr.insee.sugoi.api.old.enable.preauthorize | | | |
110+
| fr.insee.sugoi.api.regexp.role.reader | | | |
111+
| fr.insee.sugoi.api.regexp.role.writer | | | |
112+
| fr.insee.sugoi.api.regexp.role.admin | | | |
113+
| fr.insee.sugoi.ldap.default.group_manager_source_pattern | Default pattern to use when searching manager group for application. Application name should be passed via {appliname} | | |
114+
| fr.insee.sugoi.api.regexp.role.password.manager | | | |
115+
| fr.insee.sugoi.api.enable.preauthorize | | | |
116+
| fr.insee.sugoi.security.default-roles-for-users | default role to add to each connected user | | |
117117
#### Password configuration
118118

119119
Passwords follows rules when there are passed by a user or randomly generated by Sugoi. A default for these rules which will apply to all realm that do not have its own configuration can be set by properties. For configuration at the realm level see [Realm configuration properties on password](realm-configuration.md#realm-configuration-properties-on-password).

docs/realm-configuration.md

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ A list of custom key/values can be added at the end.
9191
| groupsMaxOutputSize | 100 | yes | fr.insee.sugoi.groups.maxoutputsize | The maximum number of grouos outputs allowed |
9292
| applicationsMaxOutputSize | 100 | yes | fr.insee.sugoi.applications.maxoutputsize | The maximum number of applications outputs allowed |
9393
| organizationsMaxOutputSize | 100 | yes | fr.insee.sugoi.organizations.maxoutputsize | The maximum number of organizations outputs allowed |
94+
| group_manager_source_pattern | "uid=ASI\_$(appliname),ou=Applications,o=insee,c=fr" | | the default can be set via the instance property : fr.insee.sugoi.ldap.default.group_manager_source_pattern | Describe where the group manager of the application {appliname} should be fetch. Users belonging to this group can create, delete, add or remove users from ${appliname}'s groups. |
9495

9596
Realm configuration properties can be set as:
9697

@@ -104,17 +105,16 @@ A list of custom key/values can be added at the end.
104105
A UserStorage is a logical division of a Realm.
105106
These configuration should be set for each UserStorage contained in a Realm :
106107

107-
| Field name | Example | Optional | Default | Description |
108-
| ---------------------------- | :--------------------------------------------------------------------------------: | -----------------------------------------------------------------------------------------: | -----------------------------------------------------------------------------------: | ------------------------------------------------------------------------------------------------------------------------------------------------------- |
109-
| name | "myUserStorage" | no | | Name which identifies the userstorage in the realm |
110-
| userSource | "ou=contacts,ou=clients_domaine1,o=insee,c=fr", "/realm1/users" | no | | The location of the users to read on the server. |
111-
| organizationSource |  "ou=organisations,ou=clients_domaine1,o=insee,c=fr", "/realm1/organizations" | yes | | The location of the organization to read on the server. If organizationSource is not set, then organizations cannot be managed. |
112-
| addressSource | "ou=adresses,ou=clients_domaine1,o=insee,c=fr" | Only used for ldap storage. Is needed with ldap storage for now but should become optional | | Addresses are stored as an independant resource in ldap storage. addressSource indicates the location of users and organizations address on the server. |
113-
| properties | | might be needed depending on the type of store (see next sections) | | A list of other options which can be specific to the type of Store Provider. |
114-
| readerType | "LdapReaderStore", "FileReaderStore" |  no | the default can be set via the instance property : fr.insee.sugoi.store.readerType  | Indicates wich type of store is used for reading. This attribute is read-only for now and should be set via default. |
115-
| writeType | "JMSWriterStore", "LdapWriterStore", "FileWriterStore" |  no |  the default can be set via the instance property : fr.insee.sugoi.store.writerType  | Indicates wich type of store is used for writing. This attribute is read-only for now and should be set via default. |
116-
| mappings | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | should be set when using a ldap store provider | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | Description of how to map Sugoi user and organization attributes with ldap attributes when using a ldap store provider |
117-
| group_manager_source_pattern | "uid=ASI\_$(app),ou=Applications,o=insee,c=fr" | should be set when wanted to have a kind of group of group manager for app | | Description of where to put user who can manage apps groups |
108+
| Field name | Example | Optional | Default | Description |
109+
| ---------------------------- |:----------------------------------------------------------------------------------:|---------------------------------------------------------------------------------------------------------:|-----------------------------------------------------------------------------------------------:| ------------------------------------------------------------------------------------------------------------------------------------------------------- |
110+
| name | "myUserStorage" | no | | Name which identifies the userstorage in the realm |
111+
| userSource | "ou=contacts,ou=clients_domaine1,o=insee,c=fr", "/realm1/users" | no | | The location of the users to read on the server. |
112+
| organizationSource |  "ou=organisations,ou=clients_domaine1,o=insee,c=fr", "/realm1/organizations" | yes | | The location of the organization to read on the server. If organizationSource is not set, then organizations cannot be managed. |
113+
| addressSource | "ou=adresses,ou=clients_domaine1,o=insee,c=fr" | Only used for ldap storage. Is needed with ldap storage for now but should become optional | | Addresses are stored as an independant resource in ldap storage. addressSource indicates the location of users and organizations address on the server. |
114+
| properties | | might be needed depending on the type of store (see next sections) | | A list of other options which can be specific to the type of Store Provider. |
115+
| readerType | "LdapReaderStore", "FileReaderStore" |  no | the default can be set via the instance property : fr.insee.sugoi.store.readerType  | Indicates wich type of store is used for reading. This attribute is read-only for now and should be set via default. |
116+
| writeType | "JMSWriterStore", "LdapWriterStore", "FileWriterStore" |  no |  the default can be set via the instance property : fr.insee.sugoi.store.writerType  | Indicates wich type of store is used for writing. This attribute is read-only for now and should be set via default. |
117+
| mappings | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | should be set when using a ldap store provider | see [mappings section](#realm-and-userstorage-mappings-with-a-ldap-store-provider) | Description of how to map Sugoi user and organization attributes with ldap attributes when using a ldap store provider |
118118

119119
### Generic UserStorage properties
120120

sugoi-api-ldap-store-provider/src/test/java/fr/insee/sugoi/ldap/LdapWriterStoreTest.java

Lines changed: 4 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -114,8 +114,10 @@ public Realm realm() {
114114
PostalAddress addressOrga;
115115
PostalAddress addressToto;
116116

117+
@Bean(name = "Realm")
117118
@BeforeEach
118119
public void setup() {
120+
119121
ldapWriterStore = (LdapWriterStore) context.getBean("LdapWriterStore", realm(), userStorage());
120122
ldapReaderStore = (LdapReaderStore) context.getBean("LdapReaderStore", realm(), userStorage());
121123
addressOrga = new PostalAddress();
@@ -255,11 +257,8 @@ public void testDeleteUser() {
255257
.anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
256258
assertThat(
257259
"byebye is in Utilisateurs_Applitest",
258-
!ldapReaderStore
259-
.getUsersInGroup("Applitest", "Utilisateurs_Applitest")
260-
.getResults()
261-
.stream()
262-
.anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
260+
ldapReaderStore.getUsersInGroup("Applitest", "Utilisateurs_Applitest").getResults().stream()
261+
.noneMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
263262
}
264263

265264
@Test

0 commit comments

Comments
 (0)