tests unitaires

Author: alainabbas

.gitignore

@@ -163,3 +163,5 @@ cython_debug/
 /src/.ssh
 src/etc/config.conf
 /tests
+unittest/files_ad_utils/id_ed25519
+unittest/files_ad_utils/config.conf

src/bin/activation.py

@@ -18,6 +18,7 @@
     template = "disable.template"
     if args.active == "1":
         template="enable.template"
-    ad.ad_exec_script(entity, template)
+    r=ad.ad_exec_script(entity, template)
+    exit(r)
 else:
     print(u.returncode(0, "not concerned"))

src/bin/changepwd.py

@@ -15,6 +15,7 @@
 config=u.read_config('../etc/config.conf')
 ad.set_config(config)
 if u.is_backend_concerned(entity):
-  ad.ad_exec_script(entity,'changepassword.template',entity['payload']['uid']+  ' "'+ entity['payload']['oldPassword'] + '" "'+ entity['payload']['newPassword'] +'"')
+  r=ad.change_password(entity)
+  exit(r)
 else:
   print(u.returncode(0,"not concerned"))

src/bin/ping.py

@@ -7,4 +7,10 @@
 config=u.read_config('../etc/config.conf')
 ad.set_config(config)
 ## test connection
-ad.test_conn()
+exitCode=ad.test_conn()
+if exitCode == 0:
+    print(u.returncode(0, "I m alive"))
+    exit(0)
+else:
+    print(u.returncode(1, "Can't connect"))
+    exit(1)

src/bin/resetpwd.py

@@ -14,8 +14,8 @@
 entity=u.readjsoninput()
 config=u.read_config('../etc/config.conf')
 ad.set_config(config)
-ad.__DEBUG__=1
 if u.is_backend_concerned(entity):
-  ad.ad_exec_script(entity,'resetpassword.template',"-user " + entity['payload']['uid']+ " -newp " + entity['payload']['newPassword'])
+  r=ad.reset_password(entity)
+  exit(r)
 else:
   print(u.returncode(0,"not concerned"))

src/lib/ad_utils.py

@@ -6,14 +6,24 @@
 from jinja2 import FileSystemLoader,BaseLoader
 import backend_utils as u
 import jinja2
-
+__PRIVATE_KEY__ = '../.ssh/id_ed25519'
+__TEMPLATES_PS1__ = "../ps1_templates/"
 __DEBUG__=0
+def set_private_key(keyfile):
+    global __PRIVATE_KEY__
+    __PRIVATE_KEY__=keyfile
+
+def set_template_ps1_dir(dir):
+    global __TEMPLATES_PS1__
+    __TEMPLATES_PS1__=dir
 def set_config(config):
     u.__CONFIG__ = config
-
+def set_debug():
+    global __DEBUG__
+    __DEBUG__=1
 def open_ssh_conn():
     """Opening a ssh client connection with parameter in ../etc/config.conf"""
-    pkey = paramiko.Ed25519Key.from_private_key_file('../.ssh/id_ed25519')
+    pkey = paramiko.Ed25519Key.from_private_key_file(__PRIVATE_KEY__)
     client = paramiko.SSHClient()
     policy = paramiko.AutoAddPolicy()
     client.set_missing_host_key_policy(policy)
@@ -51,11 +61,17 @@ def compose_dn(entity):
     data['rdnValue']=rdnValue
     if branchAttr != '':
         branchValue=u.find_key(entity,branchAttr)
-        key_branch='branchFor' + branchValue
-        if branchValue != '':
+        if type(branchValue) is list:
+            key_branch = 'branchFor' + branchValue[0]
+        else:
+            key_branch='branchFor' + branchValue
+        if key_branch != '':
             branch=u.config(key_branch,'')
             data['branch']=branch
-            template_string = 'cn={{ rdnValue}},{{ branch }},{{ config.base }}'
+            if branch == "":
+                template_string = 'cn={{ rdnValue}},{{ config.base }}'
+            else:
+                template_string = 'cn={{ rdnValue}},{{ branch }},{{ config.base }}'
         else:
             template_string = 'cn={{ rdnValue}},{{ config.base }}'
     else:
@@ -71,7 +87,7 @@ def dn_superior(dn):
 
 
 def test_conn():
-    environment = jinja2.Environment(loader=FileSystemLoader("../ps1_templates/"))
+    environment = jinja2.Environment(loader=FileSystemLoader(__TEMPLATES_PS1__))
     template = environment.get_template('ping.template')
     content=template.render({})
     scriptName='ping.ps1'
@@ -85,12 +101,8 @@ def test_conn():
     exitCode = chan.recv_exit_status()
     content = chan.recv(4096).decode('utf-8')
     del client
-    if exitCode == 0:
-        print(u.returncode(0, content.rstrip("\n")))
-        exit(0)
-    else:
-        print(u.returncode(1, content.rstrip("\n")))
-        exit(1)
+    return exitCode
+
 
 def gen_script_from_template(entity,template):
     dataStatus = 0
@@ -108,7 +120,7 @@ def gen_script_from_template(entity,template):
         'dataStatus' : dataStatus
     }
 
-    environment = jinja2.Environment(loader=FileSystemLoader("../ps1_templates/"))
+    environment = jinja2.Environment(loader=FileSystemLoader(__TEMPLATES_PS1__))
     template = environment.get_template(template)
     content=template.render(data)
     return content
@@ -145,10 +157,52 @@ def ad_exec_script(entity,template,params=""):
         del client
         if exitCode == 0:
             print(u.returncode(0,content.rstrip("\n")))
-            exit(0)
+            return(0)
         else:
             print(u.returncode(1,content.rstrip("\n")))
-            exit(1)
+            return(1)
     else:
         print(u.returncode(0, "Backend in debug mode"))
+        return(0)
 
+def ad_exec_script_content(entity,template,params=""):
+    if u.config('debug',0) == "1":
+        __DEBUG__ = 1
+    else:
+        __DEBUG__ = 0
+    content=gen_script_from_template(entity,template)
+    client = open_ssh_conn()
+    sshfile = client.open_sftp()
+    pid=os.getpid()
+    if __DEBUG__ == 0 :
+        scriptName='sesame_script.' + str(pid) + '.ps1'
+    else:
+        scriptName = os.path.splitext(os.path.basename(sys.argv[0]))[0] + ".ps1"
+    with sshfile.open(scriptName, mode="w") as message:
+        message.write(content)
+    ##execution du script
+    chan = client.get_transport().open_session()
+    if params == '':
+        cmd=scriptName
+    else:
+        cmd=scriptName + " " + params
+    if __DEBUG__ == 0 :
+        chan.exec_command('powershell -ExecutionPolicy Bypass -NonInteractive -File ' + cmd)
+        exitCode = chan.recv_exit_status()
+        content = chan.recv(4096).decode()
+        error = chan.recv_stderr(4096).decode()
+        chan = client.get_transport().open_session()
+        ##supression du script
+        chan.exec_command('del ' + scriptName)
+        del client
+        return(content.rstrip("\n"))
+    else:
+        return("")
+def reset_password(entity):
+    x= ad_exec_script(entity, 'resetpassword.template',"-user " + entity['payload']['uid'] + " -newp " + '"' + entity['payload']['newPassword'] + '"')
+    return x
+def change_password(entity):
+    r=ad_exec_script(entity, 'changepassword.template',
+                      "-user " + entity['payload']['uid'] + ' -oldp "' + entity['payload']['oldPassword'] + '" -newp "' +
+                      entity['payload']['newPassword'] + '"')
+    return(r)

src/lib/backend_utils.py

@@ -26,6 +26,11 @@ def readjsoninput():
     input = stdin.read()
     return json.loads(input)
 
+def readjsonfile(file):
+    fic=open(file,"r")
+    content=fic.read()
+    fic.close()
+    return json.loads(content)
 
 def returncode(code,message):
     '''
@@ -44,24 +49,29 @@ def is_backend_concerned(entity):
     else:
         # il n y a pas de branchAttr dans le fichier de config on traitre tout
         return True
-    listBackend=config('backendFor')
-    c=type(peopleType)
+    x=config('backendFor')
+    if config('backendFor','') == '':
+        return True
+    listBackend=config('backendFor').split(',')
     if type(peopleType) is list:
         for v in peopleType:
-          peopleType=v
-          if (listBackend.find(peopleType) == -1):
-             return False
+          if v in listBackend :
+             return True
     else:
-        if (listBackend.find(peopleType) == -1):
-            return False
+        if peopleType in listBackend:
+            return True
 
-    return True
+    return False
 
 def find_key(element, key):
     '''
     Check if *keys (nested) exists in `element` (dict).
     '''
-    return _finditem(element,key)
+    r=_finditem(element,key)
+    if r is None:
+        return ""
+    else:
+        return r
 
 def _finditem(obj, key):
     if key in obj: return obj[key]
@@ -70,7 +80,7 @@ def _finditem(obj, key):
             item = _finditem(v, key)
             if item is not None:
                 return item
-    return ""
+
 def make_entry_array(entity):
     data = {}
     if "identity" in entity['payload']:

src/ps1_templates/changepassword.template

@@ -14,12 +14,12 @@ Function Test-ADAuthentication {
 {% if dataStatus == -2 %}
  Set-ADUser -Identity $user -Enabled $True
 {% endif %}
-$userFound=get-aduser -Filter "SamAccountName -eq $user -and Enabled -eq '$True' -and PasswordExpired -eq '$False'"
+$userFound=get-aduser -Filter "SamAccountName -eq '$user' -and Enabled -eq '$True' -and PasswordExpired -eq '$False'"
 if ( ! $userFound ){
     Write-Host 'user not active or not found or password expired'
     exit 1
 }
-if (Test-ADAuthentication -username "$user" -password "$oldp"){
+if (Test-ADAuthentication -username $user -password $oldp){
     Write-Host "password ok"
     try{
         Set-ADUser -Identity $user -CannotChangePassword $false

src/ps1_templates/resetpassword.template

@@ -2,11 +2,15 @@ param (
     [string]$user,
     [string]$newp
 )
+{% if dataStatus == -3 %}
+    Write-Host "User Disabled"
+    exit 1
+{% endif %}
 try{
-    Set-ADUser -Identity $user -CannotChangePassword $false -Enabled $true
+    Unlock-ADAccount -Identity $user
     Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -Reset
     Set-ADAccountPassword -Identity $user -NewPassword (ConvertTo-SecureString -AsPlainText $newp -Force) -Reset
-    Set-ADUser -Identity $user -CannotChangePassword $true
+    Set-ADUser -Identity $user -CannotChangePassword $true -Enabled $true
 }catch{
    Write-Host $_
     exit 1

src/ps1_templates/upsertidentity.template

@@ -10,6 +10,17 @@ try{
             exit 1
 	    }
 	}
+	# Name changed ?
+	$name=$tab['Name']
+	if ($name -ne "{{ e.cn}}"){
+	    try{
+	        Set-ADUser -Identity "{{ e.uid }}" -PassThru | Rename-ADObject -NewName "{{ e.cn}}"
+	    }catch{
+	        Write-Host $_
+            exit 1
+	    }
+	}
+
 	$UserExists = $true
 }
 catch{
@@ -39,6 +50,8 @@ if ($UserExists -eq $false){
     }
 }else{
     try{
+        ## cas ou le DN à changé nous relisons l entree
+        $tab=Get-ADUser -Filter 'employeeNumber -eq "{{ e.employeeNumber }}" -and employeeType -eq "{{ e.employeeType }}"' -Properties "DistinguishedName"
         $dn=$tab["DistinguishedName"]
         $UserPrincipalName = "{{ e.uid }}" + '@' + "{{ domain }}"
         set-adUser -Identity "$dn" -SamAccountName "{{ e.uid }}" -DisplayName "{{e.displayName}}" -GivenName "{{ e.givenName }}" -EmailAddress "{{ e.mail }}" -UserPrincipalName "$UserPrincipalName"