From d9b7aaa92d7165ca2361d541c3dbea88adaf6983 Mon Sep 17 00:00:00 2001 From: Keith Wessel Date: Fri, 5 Dec 2025 16:44:17 -0600 Subject: [PATCH 1/2] Add LDAP Dockerfile for tests Closes #261 --- docker-compose.yml => compose.yml | 10 ++----- src/idp/Dockerfile | 2 +- src/ldap/Dockerfile | 7 +++++ src/ldap/slapd.conf | 18 +++++++++++++ src/ldap/users.ldif | 45 +++++++++++++++++++++++++++++++ 5 files changed, 73 insertions(+), 9 deletions(-) rename docker-compose.yml => compose.yml (50%) create mode 100644 src/ldap/Dockerfile create mode 100644 src/ldap/slapd.conf create mode 100644 src/ldap/users.ldif diff --git a/docker-compose.yml b/compose.yml similarity index 50% rename from docker-compose.yml rename to compose.yml index dd532cfe..df7eedba 100755 --- a/docker-compose.yml +++ b/compose.yml @@ -1,13 +1,7 @@ -version: "3.3" - services: ldap: - # https://github.com/bitnami/containers/tree/main/bitnami/openldap#readme - image: bitnami/openldap:latest - platform: linux - environment: - - LDAP_USERS=user01,user02,nobody - - LDAP_PASSWORDS=password,password,password + image: test-ldap:latest + build: src/ldap logging: options: tag: "ldap" diff --git a/src/idp/Dockerfile b/src/idp/Dockerfile index 8544cd92..0aa7af9e 100644 --- a/src/idp/Dockerfile +++ b/src/idp/Dockerfile @@ -1,3 +1,3 @@ -FROM tier/shib-idp:latest +FROM i2incommon/shib-idp:latest RUN sed -i 's/SAML2\.ECP/SAML2\.ECP\.MDDriven/' /opt/shibboleth-idp/conf/relying-party.xml COPY ./idp-configs/ /opt/shibboleth-idp/ diff --git a/src/ldap/Dockerfile b/src/ldap/Dockerfile new file mode 100644 index 00000000..494b795e --- /dev/null +++ b/src/ldap/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:latest +RUN apk add --no-cache openldap openldap-back-mdb +COPY ./slapd.conf /etc/openldap/slapd.conf +COPY ./users.ldif / +RUN slapadd -l /users.ldif +EXPOSE 1389 +ENTRYPOINT ["slapd", "-d256", "-h", "ldap://0.0.0.0:1389"] diff --git a/src/ldap/slapd.conf b/src/ldap/slapd.conf new file mode 100644 index 00000000..734d0333 --- /dev/null +++ b/src/ldap/slapd.conf @@ -0,0 +1,18 @@ +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/nis.schema + +modulepath /usr/lib/openldap +moduleload back_mdb.so + +database config +database mdb +maxsize 1073741824 +suffix "dc=example,dc=org" +rootdn "cn=Manager,dc=example,dc=org" +rootpw secret +directory /var/lib/openldap/openldap-data +index objectClass eq + +database monitor diff --git a/src/ldap/users.ldif b/src/ldap/users.ldif new file mode 100644 index 00000000..678adb2d --- /dev/null +++ b/src/ldap/users.ldif @@ -0,0 +1,45 @@ +dn: dc=example,dc=org +objectClass: top +objectClass: domain +dc: example + +dn: ou=users,dc=example,dc=org +objectClass: organizationalUnit +ou: users + +dn: cn=user01,ou=users,dc=example,dc=org +cn: User +sn: 01 +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +userPassword: password +uid: user01 +uidNumber: 1001 +gidNumber: 1001 +homeDirectory: /home/user01 + +dn: cn=user02,ou=users,dc=example,dc=org +cn: User +sn: 02 +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +userPassword: password +uid: user02 +uidNumber: 1002 +gidNumber: 1002 +homeDirectory: /home/user02 + +dn: cn=nobody,ou=users,dc=example,dc=org +cn: Nobody +sn: Inparticular +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +userPassword: password +uid: nobody +uidNumber: 1003 +gidNumber: 1003 +homeDirectory: /home/nobody + From 0c83db2a64d27233e2f417bc68ae413a5ebaf108 Mon Sep 17 00:00:00 2001 From: "David D. Riddle" Date: Tue, 16 Dec 2025 13:49:26 -0600 Subject: [PATCH 2/2] FIXUP --- src/integration_tests/tests/configure.bats | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/integration_tests/tests/configure.bats b/src/integration_tests/tests/configure.bats index d789c5a4..92002e70 100644 --- a/src/integration_tests/tests/configure.bats +++ b/src/integration_tests/tests/configure.bats @@ -10,9 +10,17 @@ load 'clean' assert_not_exists "$AWS_SHARED_CREDENTIALS_FILE" assert_not_exists "$AWSCLI_LOGIN_ROOT/.awscli-login/config" + export AWS_REGION=us-east-1 + export AWS_ENDPOINT_URL="http://127.0.0.1:8888" # Avoid bothering AWS + run aws login assert_failure - assert_line --partial "aws: error: argument command: Invalid choice" + if [ -v AWSCLI_TEST_V2 ]; then + # New behavior: SSO always attempted in V2 with invalid credentials. + assert_line --partial "Attempting to open your default browser." + else + assert_line --partial "aws: error: argument command: Invalid choice" + fi } @test "Enable plugin in ~/.aws/config" {