Fix smoke + pedant tests to work with external LDAP

[snapp]

The external OpenLDAP terraform scenario added in PR #1812 (issue #1797) currently fail smoke and pedant tests.

Smoke Failures

Pedant Failures

[marcparadise]

I think this is fixable by adding ldap configuration to pedant_config.rb - the authenticate API tests will behave differently once that's updated.

ldap_testing true
ldap( 
  account_name: "username in the ldap system",
  account_password: "the ldap account password" 
  # see keys note, below
)

There are additional keys defined in authenticate_user_spec.

Once the ldap config is in place for pedant, that should take care of the remaining failures.

[snapp]

Thanks @marcparadise for the point in the right direction!

Unfortunately, I've been unable to get the tests to pass after adding the following to /var/opt/opscode/oc-chef-pedant/etc/pedant_config.rb:

ldap_testing true

ldap(
"account_name": "user1",
"account_password": "password",
"status": "unlinked",
"first_name": "User",
"last_name": "One",
"display_name": "User One",
"email": "[email protected]",
"username": "user1",
"city": "unknown",
"country": "unknown",
"external_authentication_uid": "user1",
"recovery_authentication_enabled": false)

This configuration fails with the following error:

Failures:

  1) authenticate_user POST /authenticate_user with correct credentials superuser user returns 200 ("OK")
     Failure/Error:
       post(request_url, superuser, :payload => body).should look_like({
           :status => 200,
           :body_exact => response_body
         })
     
       Expected a full match of the result
     
         {"status"=>"unlinked",
        "user"=>
         {"display_name"=>"User One",
          "first_name"=>"User",
          "last_name"=>"One",
          "common_name"=>"User One",
          "country"=>"unknown",
          "city"=>"unknown",
          "email"=>"[email protected]",
          "username"=>"user1",
          "external_authentication_uid"=>"user1",
          "recovery_authentication_enabled"=>false}}
     
     
       to the spec
     
         {"status"=>"linked",
        "user"=>
         {"first_name"=>"pedant_user_ip-10-0-21-205_19932",
          "last_name"=>"pedant_user_ip-10-0-21-205_19932",
          "display_name"=>"pedant_user_ip-10-0-21-205_19932",
          "email"=>"[email protected]",
          "username"=>"pedant_user_ip-10-0-21-205_19932"}}
     
     
       to succeed, but it didn't!
     # ./spec/api/authenticate_user_spec.rb:129:in `block (4 levels) in <top (required)>'

  2) authenticate_user POST /authenticate_user with invalid username superuser returns 401 ("Unauthorized")
     Failure/Error: /^Failed to authenticate: Could not locate a record with distinguished name/.should match(JSON.parse(response)["error"])
     
     TypeError:
       no implicit conversion of Array into String
     # ./spec/api/authenticate_user_spec.rb:217:in `block (4 levels) in <top (required)>'

  3) users /users/<name> endpoint PUT /users/<name> superuser authenticating after updates when password is unchanged can authenticate as the modified user when password has not been changed.
     Failure/Error:
       post(auth_url, superuser, :payload => { 'username' => username,
                                               'password' => password }).should look_like({
           :status => 200
       })
     
       Response should have HTTP status code 200 ('OK'), but it was actually 401 ('Unauthorized')
         Reponse Body: {"error":["Failed to authenticate: Username and password incorrect"]}
     # ./spec/api/user_spec.rb:1041:in `block (7 levels) in <top (required)>'

To my untrained eye, these failures seem to indicate that the conditional check of platform.ldap_testing doesn't seem to be working here:

chef-server/oc-chef-pedant/spec/api/authenticate_user_spec.rb

Line 25 in b52e6bc

if platform.ldap_testing

I'll look into this further later to see if I'm just missing something or if the spec is currently broken for external ldap testing.