github
/
github-ldap
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Remove Detect meta-strategy, inline config/detection

This commit is contained in:
Matt Todd 2014-12-05 14:57:49 -08:00
Родитель 0e04583da5
Коммит cb8f4918b3
6 изменённых файлов: 57 добавлений и 207 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

72
lib/github/ldap.rb
Просмотреть файл

@ -18,6 +18,10 @@ module GitHub
extend Forwardable
# Internal: The capability required to use ActiveDirectory features.
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
# Utility method to get the last operation result with a human friendly message.
#
# Returns an OpenStruct with `code` and `message`.
@ -92,11 +96,8 @@ module GitHub
# when a base is not explicitly provided.
@search_domains = Array(options[:search_domains])
# configure which strategy should be used to validate user membership
configure_membership_validation_strategy(options[:membership_validator])
# configure which strategy should be used for member search
configure_member_search_strategy(options[:member_search_strategy])
# configure both the membership validator and the member search strategies
configure_search_strategy(options[:search_strategy])
# enables instrumenting queries
@instrumentation_service = options[:instrumentation_service]
@ -243,6 +244,19 @@ module GitHub
end
end
# Internal: Configure the member search and membership validation strategies.
#
# TODO: Inline the logic in these two methods here.
#
# Returns nothing.
def configure_search_strategy(strategy = nil)
# configure which strategy should be used to validate user membership
configure_membership_validation_strategy(strategy)
# configure which strategy should be used for member search
configure_member_search_strategy(strategy)
end
# Internal: Configure the membership validation strategy.
#
# Used by GitHub::Ldap::MembershipValidators::Detect to force a specific
@ -251,14 +265,23 @@ module GitHub
# If `strategy` is not provided, or doesn't match a known strategy,
# defaults to `:detect`. Otherwise the configured strategy is selected.
#
# Returns the selected membership validator strategy Symbol.
# Returns the membership validator strategy Class.
def configure_membership_validation_strategy(strategy = nil)
@membership_validator =
case strategy.to_s
when "classic", "recursive", "active_directory"
strategy.to_sym
when "classic"
GitHub::Ldap::MembershipValidators::Classic
when "recursive"
GitHub::Ldap::MembershipValidators::Recursive
when "active_directory"
GitHub::Ldap::MembershipValidators::ActiveDirectory
else
:detect
# fallback to detection, defaulting to recursive strategy
if active_directory_capability?
GitHub::Ldap::MembershipValidators::ActiveDirectory
else
GitHub::Ldap::MembershipValidators::Recursive
end
end
end
@ -273,12 +296,31 @@ module GitHub
# Returns the selected strategy Symbol.
def configure_member_search_strategy(strategy = nil)
@member_search_strategy =
case strategy.to_s
when "classic", "recursive"
strategy.to_sym
else
:detect
end
case strategy.to_s
when "classic"
GitHub::Ldap::MemberSearch::Classic
when "recursive"
GitHub::Ldap::MemberSearch::Recursive
when "active_directory"
GitHub::Ldap::MemberSearch::ActiveDirectory
else
# fallback to detection, defaulting to recursive strategy
if active_directory_capability?
GitHub::Ldap::MemberSearch::ActiveDirectory
else
GitHub::Ldap::MemberSearch::Recursive
end
end
end
# Internal: Detect whether the LDAP host is an ActiveDirectory server.
#
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
#
# Returns true if the host is an ActiveDirectory server, false otherwise.
def active_directory_capability?
capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
end
private :active_directory_capability?
end
end

24
lib/github/ldap/capabilities.rb
Просмотреть файл

@ -1,24 +0,0 @@
module GitHub
class Ldap
module Capabilities
# Internal: The capability required to use the ActiveDirectory strategy.
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
ACTIVE_DIRECTORY_V61_R2_OID = "1.2.840.113556.1.4.2080".freeze
# Internal: Detect whether the LDAP host is an ActiveDirectory server.
#
# See: http://msdn.microsoft.com/en-us/library/cc223359.aspx.
#
# Returns true if the host is an ActiveDirectory server, false otherwise.
def active_directory_capability?
capabilities[:supportedcapabilities].include?(ACTIVE_DIRECTORY_V61_R2_OID)
end
# Internal: Returns the Net::LDAP::Entry object describing the LDAP
# host's capabilities (via the Root DSE).
def capabilities
ldap.capabilities
end
end
end
end

22
lib/github/ldap/member_search.rb
Просмотреть файл

@ -1,26 +1,4 @@
require 'github/ldap/member_search/base'
require 'github/ldap/member_search/detect'
require 'github/ldap/member_search/classic'
require 'github/ldap/member_search/recursive'
require 'github/ldap/member_search/active_directory'
module GitHub
class Ldap
# Provides various strategies for member lookup.
#
# For example:
#
# group = domain.groups(%w(Engineering)).first
# strategy = GitHub::Ldap::MemberSearch::Recursive.new(ldap)
# strategy.perform(group) #=> [#<Net::LDAP::Entry>]
#
module MemberSearch
# Internal: Mapping of strategy name to class.
STRATEGIES = {
:classic => GitHub::Ldap::MemberSearch::Classic,
:recursive => GitHub::Ldap::MemberSearch::Recursive,
:active_directory => GitHub::Ldap::MemberSearch::ActiveDirectory
}
end
end
end

71
lib/github/ldap/member_search/detect.rb
Просмотреть файл

@ -1,71 +0,0 @@
module GitHub
class Ldap
module MemberSearch
# Detects the LDAP host's capabilities and determines the appropriate
# member search strategy at runtime.
#
# Currently detects for ActiveDirectory in-chain membership validation.
#
# An explicit strategy can also be defined via
# `GitHub::Ldap#member_search_strategy=`.
#
# See also `GitHub::Ldap#configure_member_search_strategy`.
class Detect
# Defines `active_directory_capability?` and necessary helpers.
include GitHub::Ldap::Capabilities
# Internal: The GitHub::Ldap object to search domains with.
attr_reader :ldap
# Internal: The Hash of options to pass through to the strategy.
attr_reader :options
# Public: Instantiate a meta strategy to detect the right strategy
# to use for the search, and call that strategy, at runtime.
#
# - ldap: GitHub::Ldap object
# - options: Hash of options (passed through)
def initialize(ldap, options = {})
@ldap = ldap
@options = options
end
# Public: Performs search for group members via the appropriate search
# strategy detected/configured.
#
# Returns Array of Net::LDAP::Entry objects.
def perform(entry)
strategy.perform(entry)
end
# Internal: Returns the member search strategy object.
def strategy
@strategy ||= begin
strategy = detect_strategy
strategy.new(ldap, options)
end
end
# Internal: Find the most appropriate search strategy, either by
# configuration or by detecting the host's capabilities.
#
# Returns the strategy class.
def detect_strategy
case
when GitHub::Ldap::MemberSearch::STRATEGIES.key?(strategy_config)
GitHub::Ldap::MemberSearch::STRATEGIES[strategy_config]
when active_directory_capability?
GitHub::Ldap::MemberSearch::STRATEGIES[:active_directory]
else
GitHub::Ldap::MemberSearch::STRATEGIES[:recursive]
end
end
# Internal: Returns the configured member search strategy Symbol.
def strategy_config
ldap.member_search_strategy
end
end
end
end
end

22
lib/github/ldap/membership_validators.rb
Просмотреть файл

@ -1,26 +1,4 @@
require 'github/ldap/membership_validators/base'
require 'github/ldap/membership_validators/detect'
require 'github/ldap/membership_validators/classic'
require 'github/ldap/membership_validators/recursive'
require 'github/ldap/membership_validators/active_directory'
module GitHub
class Ldap
# Provides various strategies for validating membership.
#
# For example:
#
# groups = domain.groups(%w(Engineering))
# validator = GitHub::Ldap::MembershipValidators::Classic.new(ldap, groups)
# validator.perform(entry) #=> true
#
module MembershipValidators
# Internal: Mapping of strategy name to class.
STRATEGIES = {
:classic => GitHub::Ldap::MembershipValidators::Classic,
:recursive => GitHub::Ldap::MembershipValidators::Recursive,
:active_directory => GitHub::Ldap::MembershipValidators::ActiveDirectory
}
end
end
end

53
lib/github/ldap/membership_validators/detect.rb
Просмотреть файл

@ -1,53 +0,0 @@
module GitHub
class Ldap
module MembershipValidators
# Detects the LDAP host's capabilities and determines the appropriate
# membership validation strategy at runtime. Currently detects for
# ActiveDirectory in-chain membership validation. An explicit strategy can
# also be defined via `GitHub::Ldap#membership_validator=`. See also
# `GitHub::Ldap#configure_membership_validation_strategy`.
class Detect < Base
# Defines `active_directory_capability?` and necessary helpers.
include GitHub::Ldap::Capabilities
def perform(entry)
# short circuit validation if there are no groups to check against
return true if groups.empty?
strategy.perform(entry)
end
# Internal: Returns the membership validation strategy object.
def strategy
@strategy ||= begin
strategy = detect_strategy
strategy.new(ldap, groups)
end
end
# Internal: Detects LDAP host's capabilities and chooses the best
# strategy for the host.
#
# If the strategy has been set explicitly, skips detection and uses the
# configured strategy instead.
#
# Returns the strategy class.
def detect_strategy
case
when GitHub::Ldap::MembershipValidators::STRATEGIES.key?(strategy_config)
GitHub::Ldap::MembershipValidators::STRATEGIES[strategy_config]
when active_directory_capability?
GitHub::Ldap::MembershipValidators::STRATEGIES[:active_directory]
else
GitHub::Ldap::MembershipValidators::STRATEGIES[:recursive]
end
end
# Internal: Returns the configured membership validator strategy Symbol.
def strategy_config
ldap.membership_validator
end
end
end
end
end