├── .github
    ├── dependabot.yml
    └── workflows
    │   ├── acceptance.yml
    │   ├── build.yml
    │   ├── codeql-analysis.yml
    │   ├── gem.yml
    │   ├── lint.yml
    │   └── test.yml
├── .gitignore
├── .rubocop.yml
├── .ruby-version
├── Gemfile
├── Gemfile.lock
├── LICENSE
├── README.md
├── bin
    └── .keep
├── entitlements-gitrepo-auditor-plugin.gemspec
├── lib
    ├── .keep
    ├── entitlements
    │   ├── .keep
    │   ├── auditor
    │   │   ├── .keep
    │   │   └── gitrepo.rb
    │   └── util
    │   │   └── gitrepo.rb
    └── version.rb
├── script
    ├── bootstrap
    ├── cibuild
    ├── cibuild-entitlements-gitrepo-auditor-plugin-acceptance
    ├── lib
    │   └── fold.sh
    └── test
├── spec
    ├── acceptance
    │   ├── Dockerfile.entitlements-gitrepo-auditor-plugin
    │   ├── ca
    │   │   ├── README.md
    │   │   ├── certs
    │   │   │   └── ca.cert.pem
    │   │   ├── index.txt
    │   │   ├── index.txt.attr
    │   │   ├── index.txt.old
    │   │   ├── intermediate
    │   │   │   ├── certs
    │   │   │   │   ├── ca-chain.cert.pem
    │   │   │   │   ├── github.fake.cert.pem
    │   │   │   │   ├── intermediate.cert.pem
    │   │   │   │   └── ldap-server.fake.cert.pem
    │   │   │   ├── crlnumber
    │   │   │   ├── csr
    │   │   │   │   ├── github.fake.csr.pem
    │   │   │   │   ├── intermediate.csr.pem
    │   │   │   │   └── ldap-server.fake.csr.pem
    │   │   │   ├── index.txt
    │   │   │   ├── index.txt.attr
    │   │   │   ├── index.txt.attr.old
    │   │   │   ├── index.txt.old
    │   │   │   ├── newcerts
    │   │   │   │   ├── 1000.pem
    │   │   │   │   └── 1001.pem
    │   │   │   ├── openssl.cnf
    │   │   │   ├── private
    │   │   │   │   ├── intermediate.key.pem
    │   │   │   │   ├── ldap-server.fake.key.pem
    │   │   │   │   └── ldap-server.fake.key.pem.with-password
    │   │   │   ├── serial
    │   │   │   └── serial.old
    │   │   ├── newcerts
    │   │   │   └── 1000.pem
    │   │   ├── openssl.cnf
    │   │   ├── private
    │   │   │   └── ca.key.pem
    │   │   ├── serial
    │   │   └── serial.old
    │   ├── docker-compose.yml
    │   ├── fixtures
    │   │   ├── .gitkeep
    │   │   ├── auditor_changes
    │   │   │   ├── config.yaml
    │   │   │   └── ldap-config
    │   │   │   │   ├── entitlements
    │   │   │   │       ├── empty.txt
    │   │   │   │       ├── expired.txt
    │   │   │   │       ├── full.txt
    │   │   │   │       ├── new.txt
    │   │   │   │       └── wildcard.txt
    │   │   │   │   └── pizza_teams
    │   │   │   │       ├── expired.txt
    │   │   │   │       ├── partial.txt
    │   │   │   │       └── valid.txt
    │   │   ├── auditor_setup
    │   │   │   ├── config.yaml
    │   │   │   └── ldap-config
    │   │   │   │   ├── entitlements
    │   │   │   │       ├── empty.txt
    │   │   │   │       ├── expired.txt
    │   │   │   │       ├── full.txt
    │   │   │   │       ├── partial.txt
    │   │   │   │       └── wildcard.txt
    │   │   │   │   └── pizza_teams
    │   │   │   │       ├── expired.txt
    │   │   │   │       ├── partial.txt
    │   │   │   │       └── valid.txt
    │   │   ├── common
    │   │   │   ├── internal
    │   │   │   │   ├── contractors.txt
    │   │   │   │   └── pre-hires.txt
    │   │   │   └── manager-map.yaml
    │   │   └── initial_run
    │   │   │   ├── config.yaml
    │   │   │   └── ldap-config
    │   │   │       ├── dummy-ou-special
    │   │   │           └── bacon.txt
    │   │   │       ├── dummy-ou
    │   │   │           ├── ragamuffin.txt
    │   │   │           └── tony.txt
    │   │   │       ├── entitlements
    │   │   │           ├── app-aws-primary-admins.yaml
    │   │   │           ├── empty-but-ok-2.txt
    │   │   │           ├── empty-but-ok-3.txt
    │   │   │           ├── empty-but-ok.txt
    │   │   │           ├── expire-later.yaml
    │   │   │           ├── expired-empty-entitlement.txt
    │   │   │           ├── expired-entitlement.txt
    │   │   │           ├── foo-bar-app
    │   │   │           │   └── baz.txt
    │   │   │           └── groupofnames
    │   │   │           │   ├── baz.txt
    │   │   │           │   └── sparkles.txt
    │   │   │       ├── github-org
    │   │   │           ├── admin.txt
    │   │   │           └── member.txt
    │   │   │       ├── github
    │   │   │           ├── colonel-meow.txt
    │   │   │           ├── employees.txt
    │   │   │           └── grumpy-cat.txt
    │   │   │       └── pizza_teams
    │   │   │           ├── colonel-meow.yaml
    │   │   │           ├── empty-but-ok-2.txt
    │   │   │           ├── empty-but-ok.txt
    │   │   │           ├── grumpy-cat.rb
    │   │   │           └── keyboard-cat.txt
    │   ├── git-server
    │   │   ├── README.md
    │   │   ├── keys
    │   │   │   └── id_rsa.pub
    │   │   ├── private
    │   │   │   └── id_rsa.base64
    │   │   └── run-server.sh
    │   ├── ldap-server
    │   │   ├── env
    │   │   │   ├── default.startup.yaml
    │   │   │   └── default.yaml
    │   │   ├── ldif
    │   │   │   ├── .gitkeep
    │   │   │   ├── bootstrap
    │   │   │   │   └── 03-ldapi.ldif
    │   │   │   └── data
    │   │   │   │   ├── .gitkeep
    │   │   │   │   ├── 01-config
    │   │   │   │       └── bump-sizelimit.ldif
    │   │   │   │   ├── 05-ou
    │   │   │   │       ├── .gitkeep
    │   │   │   │       ├── alumni-ou.ldif
    │   │   │   │       ├── groups-ou.ldif
    │   │   │   │       └── people-ou.ldif
    │   │   │   │   ├── 10-ou-custom
    │   │   │   │       ├── .gitkeep
    │   │   │   │       ├── groups-entitlements-ou.ldif
    │   │   │   │       └── groups-pizza_teams-ou.ldif
    │   │   │   │   ├── 20-groups
    │   │   │   │       ├── .gitkeep
    │   │   │   │       ├── cn=colonel-meow,ou=Staff_Account,ou=Groups,dc=github,dc=net.ldif
    │   │   │   │       ├── cn=garfield,ou=Staff_Account,ou=Groups,dc=github,dc=net.ldif
    │   │   │   │       └── cn=lockout,ou=Groups,dc=github,dc=net.ldif
    │   │   │   │   ├── 20-people
    │   │   │   │       ├── .gitkeep
    │   │   │   │       ├── person01.ldif
    │   │   │   │       ├── person02.ldif
    │   │   │   │       ├── person03.ldif
    │   │   │   │       ├── person04.ldif
    │   │   │   │       ├── person05.ldif
    │   │   │   │       ├── person06.ldif
    │   │   │   │       ├── person07.ldif
    │   │   │   │       ├── person08.ldif
    │   │   │   │       ├── person09.ldif
    │   │   │   │       ├── person10.ldif
    │   │   │   │       ├── person11.ldif
    │   │   │   │       ├── person12.ldif
    │   │   │   │       ├── person13.ldif
    │   │   │   │       ├── person14.ldif
    │   │   │   │       ├── person15.ldif
    │   │   │   │       ├── person16.ldif
    │   │   │   │       ├── person17.ldif
    │   │   │   │       ├── person18.ldif
    │   │   │   │       ├── person19.ldif
    │   │   │   │       ├── person20.ldif
    │   │   │   │       ├── person21.ldif
    │   │   │   │       ├── person22.ldif
    │   │   │   │       ├── person23.ldif
    │   │   │   │       ├── person24.ldif
    │   │   │   │       ├── person25.ldif
    │   │   │   │       ├── person26.ldif
    │   │   │   │       └── person27.ldif
    │   │   │   │   └── 99-bind-account
    │   │   │   │       └── emmy.ldif
    │   │   ├── run-server.sh
    │   │   ├── schema
    │   │   │   ├── README
    │   │   │   ├── collective.ldif
    │   │   │   ├── corba.ldif
    │   │   │   ├── core.ldif
    │   │   │   ├── cosine.ldif
    │   │   │   ├── dhcp.ldif
    │   │   │   ├── dnszone.ldif
    │   │   │   ├── duaconf.ldif
    │   │   │   ├── dyngroup.ldif
    │   │   │   ├── githubiam.ldif
    │   │   │   ├── inetorgperson.ldif
    │   │   │   ├── java.ldif
    │   │   │   ├── misc.ldif
    │   │   │   ├── nis.ldif
    │   │   │   ├── nssldap.ldif
    │   │   │   ├── openldap.ldif
    │   │   │   ├── pmi.ldif
    │   │   │   ├── postfix.ldif
    │   │   │   ├── ppolicy.ldif
    │   │   │   ├── puppet.ldif
    │   │   │   ├── sshaccount.ldif
    │   │   │   └── sudoers.ldif
    │   │   └── tls
    │   │   │   └── dhparam.pem
    │   ├── support
    │   │   └── run-app.sh
    │   └── tests
    │   │   ├── 10_initial_noop_spec.rb
    │   │   ├── 11_initial_run_spec.rb
    │   │   ├── 20_auditor_setup_spec.rb
    │   │   ├── 30_auditor_changes_spec.rb
    │   │   ├── 40_auditor_idempotent_run_spec.rb
    │   │   └── spec_helper.rb
    └── unit
    │   ├── entitlements
    │       ├── auditor
    │       │   └── gitrepo_spec.rb
    │       └── util
    │       │   └── gitrepo_spec.rb
    │   ├── entitlements_spec.rb
    │   ├── fixtures
    │       ├── config-files
    │       │   ├── backend-and-type.yaml
    │       │   ├── backend-missing-type.yaml
    │       │   ├── backend-missing.yaml
    │       │   ├── backend-valid.yaml
    │       │   ├── class-order.yaml
    │       │   ├── config-ldap-ou.yaml
    │       │   ├── config-lockout.yaml
    │       │   ├── config-memberof.yaml
    │       │   ├── config-mirror-target-does-not-exist.yaml
    │       │   ├── config-mirror-target-is-also-a-mirror.yaml
    │       │   ├── config-mirror-valid.yaml
    │       │   ├── entitlements-execute.yaml
    │       │   ├── group-invalid-type.yaml
    │       │   ├── group-no-type.yaml
    │       │   ├── prefetch-people-invalid.yaml
    │       │   ├── prefetch-people-valid.yaml
    │       │   ├── required-attribute-missing.yaml
    │       │   ├── required-attribute-wrong-datatype.yaml
    │       │   └── valid.yaml
    │       ├── config.yaml
    │       ├── config_with_erb.yaml
    │       ├── git-repo-audit-dir
    │       │   └── dc=net
    │       │   │   └── dc=kittens
    │       │   │       ├── ou=Groups
    │       │   │           ├── cn=group1
    │       │   │           ├── cn=group2
    │       │   │           ├── cn=group3
    │       │   │           └── cn=group4
    │       │   │       └── ou=extra
    │       │   │           └── cn=extragroup
    │       └── people.yaml
    │   └── spec_helper.rb
└── vendor
    └── cache
        ├── activesupport-7.1.3.3.gem
        ├── addressable-2.8.7.gem
        ├── ast-2.4.2.gem
        ├── base64-0.2.0.gem
        ├── bigdecimal-3.1.8.gem
        ├── concurrent-ruby-1.3.4.gem
        ├── connection_pool-2.4.1.gem
        ├── contracts-0.17.2.gem
        ├── crack-1.0.0.gem
        ├── debug-1.9.2.gem
        ├── diff-lcs-1.5.1.gem
        ├── docile-1.4.0.gem
        ├── drb-2.2.1.gem
        ├── entitlements-app-1.1.0.gem
        ├── faraday-2.12.1.gem
        ├── faraday-net_http-3.4.0.gem
        ├── hashdiff-1.1.0.gem
        ├── i18n-1.14.5.gem
        ├── io-console-0.7.2.gem
        ├── irb-1.13.1.gem
        ├── json-2.7.2.gem
        ├── language_server-protocol-3.17.0.3.gem
        ├── logger-1.6.2.gem
        ├── minitest-5.23.1.gem
        ├── mutex_m-0.2.0.gem
        ├── net-http-0.6.0.gem
        ├── net-ldap-0.19.0.gem
        ├── octokit-4.25.1.gem
        ├── optimist-3.2.0.gem
        ├── ostruct-0.6.1.gem
        ├── parallel-1.25.1.gem
        ├── parser-3.3.4.0.gem
        ├── psych-5.1.2.gem
        ├── public_suffix-6.0.1.gem
        ├── racc-1.8.0.gem
        ├── rack-3.0.14.gem
        ├── rainbow-3.1.1.gem
        ├── rake-13.2.1.gem
        ├── rdoc-6.7.0.gem
        ├── regexp_parser-2.9.2.gem
        ├── reline-0.5.8.gem
        ├── rexml-3.3.9.gem
        ├── rspec-3.13.0.gem
        ├── rspec-core-3.13.0.gem
        ├── rspec-expectations-3.13.0.gem
        ├── rspec-mocks-3.13.1.gem
        ├── rspec-support-3.13.1.gem
        ├── rubocop-1.65.0.gem
        ├── rubocop-ast-1.31.3.gem
        ├── rubocop-github-0.20.0.gem
        ├── rubocop-performance-1.21.1.gem
        ├── rubocop-rails-2.25.0.gem
        ├── ruby-progressbar-1.13.0.gem
        ├── rugged-1.7.2.gem
        ├── sawyer-0.9.2.gem
        ├── simplecov-0.22.0.gem
        ├── simplecov-erb-1.0.1.gem
        ├── simplecov-html-0.12.3.gem
        ├── simplecov_json_formatter-0.1.4.gem
        ├── stringio-3.1.0.gem
        ├── tzinfo-2.0.6.gem
        ├── unicode-display_width-2.5.0.gem
        ├── uri-1.0.3.gem
        ├── vcr-6.2.0.gem
        └── webmock-3.23.1.gem


/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | version: 2
 3 | 
 4 | registries:
 5 |   ghcr:
 6 |     type: "docker-registry"
 7 |     url: "ghcr.io"
 8 |     username: "PAT"
 9 |     password: "${{secrets.CONTAINER_BUILDER_TOKEN}}"
10 |   rubygems-github-packages:
11 |     type: "rubygems-server"
12 |     url: "rubygems.pkg.github.com/github"
13 |     token: "${{secrets.CONTAINER_BUILDER_TOKEN}}"
14 | 
15 | updates:
16 |   - package-ecosystem: "bundler"
17 |     vendor: true
18 |     directory: "/"
19 |     registries: ["rubygems-github-packages"]
20 |     groups:
21 |       ruby-gems-production:
22 |         dependency-type: "production"
23 |         patterns: ["*"]
24 |       dev-ruby-development:
25 |         dependency-type: "development"
26 |         patterns: ["*"]
27 |     schedule:
28 |       interval: "weekly"
29 |     reviewers: ["github/sae-reviewers"]
30 | 
31 |   - package-ecosystem: "docker"
32 |     directory: "/"
33 |     registries: ["ghcr"]
34 |     groups:
35 |       container-images:
36 |         patterns: ["*"]
37 |     schedule:
38 |       interval: "weekly"
39 |     reviewers: ["github/sae-reviewers"]
40 | 
41 |   - package-ecosystem: "github-actions"
42 |     directory: "/"
43 |     groups:
44 |       github-actions:
45 |         patterns: ["*"]
46 |     ignore:
47 |       - dependency-name: "github/internal-actions"
48 |     schedule:
49 |       interval: "weekly"
50 |     reviewers: ["github/sae-reviewers"]
51 | 
52 |   - package-ecosystem: "pip"
53 |     directory: "/"
54 |     schedule:
55 |       interval: "weekly"
56 |     groups:
57 |       python-packages:
58 |         patterns: ["*"]
59 |     reviewers: ["github/sae-reviewers"]
60 | 
61 |   - package-ecosystem: "gomod"
62 |     directory: "/"
63 |     schedule:
64 |       interval: "weekly"
65 |     groups:
66 |       go-packages:
67 |         patterns: ["*"]
68 |     reviewers: ["github/sae-reviewers"]
69 | 


--------------------------------------------------------------------------------
/.github/workflows/acceptance.yml:
--------------------------------------------------------------------------------
 1 | name: acceptance
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |   pull_request:
 8 | 
 9 | jobs:
10 |   # Detects changes to any of the source files for entitlements-gitrepo-auditor-plugin
11 |   changes:
12 |     runs-on: ubuntu-latest
13 |     permissions:
14 |       contents: read
15 | 
16 |     outputs:
17 |       has_change: ${{ steps.diff.outputs.has_change}}
18 | 
19 |     steps:
20 |       - uses: actions/checkout@v4
21 | 
22 |       - id: fetch-base
23 |         if: github.event_name == 'pull_request'
24 |         name: fetch the latest commit in the base branch to diff against
25 |         run: git fetch --no-tags --prune --depth=1 origin '+refs/heads/${{ github.base_ref }}:refs/remotes/origin/${{ github.base_ref }}'
26 | 
27 |       - id: diff
28 |         if: github.event_name == 'pull_request'
29 |         name: diff against the base branch latest commit for specific paths
30 |         run: |
31 |           git diff \
32 |             origin/${{ github.base_ref }} \
33 |             HEAD \
34 |             -- \
35 |               'bin/**' \
36 |               'lib/**' \
37 |               'script/**' \
38 |               'spec/**' \
39 |               'vendor/**' \
40 |               '.ruby-version' \
41 |               'entitlements-gitrepo-auditor-plugin.gemspec' \
42 |               'Gemfile' \
43 |               'Gemfile.lock' \
44 |             > diff.txt
45 | 
46 |             # If the diff file is not empty, it has changes.
47 |             [ -s diff.txt ] && echo "::set-output name=has_change::true" || echo "::set-output name=has_change::false"
48 | 
49 |       - name: set has_change to true for push to main/master
50 |         if: github.event_name == 'push'
51 |         run: echo "::set-output name=has_change::true"
52 | 
53 |   acceptance:
54 |     needs: changes
55 |     runs-on: ubuntu-latest-xl
56 |     name: acceptance
57 |     permissions:
58 |       contents: read
59 | 
60 |     steps:
61 | 
62 |       # If source files were not changed, we don't need the acceptance test suite
63 |       - name: bypass
64 |         if: ${{ needs.changes.outputs.has_change != 'true' }}
65 |         run: |
66 |           echo "✅ Bypassing acceptance tests - they are not required for this change"
67 | 
68 |       - name: checkout
69 |         if: ${{ needs.changes.outputs.has_change == 'true' }}
70 |         uses: actions/checkout@v4
71 | 
72 |       # Use Docker layer caching for 'docker build' and 'docker-compose build' commands.
73 |       # https://github.com/satackey/action-docker-layer-caching/releases/tag/v0.0.11
74 |       - uses: satackey/action-docker-layer-caching@46d2c640b1d8ef50d185452ad6fb324e6bd1d052 # pin@46d2c640b1d8ef50d185452ad6fb324e6bd1d052
75 |         if: ${{ needs.changes.outputs.has_change == 'true' }}
76 |         continue-on-error: true
77 | 
78 |       - name: acceptance tests
79 |         if: ${{ needs.changes.outputs.has_change == 'true' }}
80 |         run: script/cibuild-entitlements-gitrepo-auditor-plugin-acceptance
81 | 
82 |       - name: acceptance tests passed
83 |         run: echo "✅ The acceptance test suite has passed"
84 | 


--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
 1 | name: build
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |   pull_request:
 8 |     branches:
 9 |       - main
10 |   workflow_call:
11 | 
12 | permissions:
13 |   contents: read
14 | 
15 | jobs:
16 |   build:
17 |     name: build
18 | 
19 |     strategy:
20 |       matrix:
21 |         os: [ubuntu-latest, macos-latest]
22 |     runs-on: ${{ matrix.os }}
23 | 
24 |     steps:
25 |       - name: checkout
26 |         uses: actions/checkout@v4
27 | 
28 |       - uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # pin@v1.235.0
29 |         with:
30 |           bundler-cache: true
31 | 
32 |       - name: bootstrap
33 |         run: script/bootstrap
34 | 
35 |       - name: build
36 |         run: |
37 |           GEM_NAME=$(ls | grep gemspec | cut -d. -f1)
38 |           echo "Attempting to build gem $GEM_NAME..."
39 |           gem build $GEM_NAME
40 |           if [ $? -eq 0 ]; then
41 |             echo "Gem built successfully!"
42 |           else
43 |             echo "Gem build failed!"
44 |             exit 1
45 |           fi
46 | 


--------------------------------------------------------------------------------
/.github/workflows/codeql-analysis.yml:
--------------------------------------------------------------------------------
 1 | name: CodeQL
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main ]
 6 |   pull_request:
 7 |     # The branches below must be a subset of the branches above
 8 |     branches: [ main ]
 9 |   schedule:
10 |     - cron: '25 4 * * 5'
11 | 
12 | jobs:
13 |   analyze:
14 |     name: Analyze
15 |     runs-on: ubuntu-latest
16 |     permissions:
17 |       actions: read
18 |       contents: read
19 |       security-events: write
20 | 
21 |     strategy:
22 |       fail-fast: false
23 |       matrix:
24 |         language: [ 'ruby' ]
25 | 
26 |     steps:
27 |       - name: Checkout repository
28 |         uses: actions/checkout@v4
29 | 
30 |       # Initializes the CodeQL tools for scanning.
31 |       - name: Initialize CodeQL
32 |         uses: github/codeql-action/init@v3
33 |         with:
34 |           languages: ${{ matrix.language }}
35 | 
36 |       - name: Autobuild
37 |         uses: github/codeql-action/autobuild@v3
38 | 
39 |       - name: Perform CodeQL Analysis
40 |         uses: github/codeql-action/analyze@v3
41 | 


--------------------------------------------------------------------------------
/.github/workflows/gem.yml:
--------------------------------------------------------------------------------
 1 | name: release
 2 | 
 3 | on:
 4 |   workflow_dispatch:
 5 |   push:
 6 |     branches:
 7 |       - main
 8 |     paths:
 9 |       - lib/version.rb
10 | 
11 | permissions:
12 |   contents: write
13 |   packages: write
14 | 
15 | jobs:
16 |   release:
17 |     runs-on: ubuntu-latest
18 | 
19 |     steps:
20 |       - name: checkout
21 |         uses: actions/checkout@v4
22 | 
23 |       - uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # pin@v1.235.0
24 |         with:
25 |           bundler-cache: true
26 | 
27 |       - name: bootstrap
28 |         run: script/bootstrap
29 | 
30 |       - name: lint
31 |         run: bundle exec rubocop -c .rubocop.yml lib/ spec/
32 | 
33 |       - name: test
34 |         run: script/test -d -k
35 | 
36 |       - name: set GEM_NAME from gemspec
37 |         run: echo "GEM_NAME=$(ls | grep gemspec | cut -d. -f1)" >> $GITHUB_ENV
38 | 
39 |         # builds the gem and saves the version to GITHUB_ENV
40 |       - name: build
41 |         run: echo "GEM_VERSION=$(gem build ${{ env.GEM_NAME }}.gemspec 2>&1 | grep Version | cut -d':' -f 2 | tr -d " \t\n\r")" >> $GITHUB_ENV
42 | 
43 |       - name: publish to GitHub packages
44 |         run: |
45 |           export OWNER=$( echo ${{ github.repository }} | cut -d "/" -f 1 )
46 |           GEM_HOST_API_KEY=${{ secrets.GITHUB_TOKEN }} gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
47 | 
48 |       - name: release
49 |         uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # pin@v1.16.0
50 |         with:
51 |           artifacts: "${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem"
52 |           tag: "v${{ env.GEM_VERSION }}"
53 |           generateReleaseNotes: true
54 |       
55 |       - name: Publish to RubyGems
56 |         run: |
57 |           mkdir -p ~/.gem
58 |           echo -e "---\n:rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}" > ~/.gem/credentials
59 |           chmod 0600 ~/.gem/credentials
60 |           gem push ${{ env.GEM_NAME }}-${{ env.GEM_VERSION }}.gem
61 |           rm ~/.gem/credentials
62 | 


--------------------------------------------------------------------------------
/.github/workflows/lint.yml:
--------------------------------------------------------------------------------
 1 | name: lint
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |   pull_request:
 8 | 
 9 | permissions:
10 |   contents: read
11 | 
12 | jobs:
13 |   lint:
14 |     name: lint
15 |     runs-on: ubuntu-latest
16 | 
17 |     steps:
18 |       - name: checkout
19 |         uses: actions/checkout@v4
20 | 
21 |       - uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # pin@v1.235.0
22 |         with:
23 |           bundler-cache: true
24 | 
25 |       - name: bootstrap
26 |         run: script/bootstrap
27 | 
28 |       - name: rubocop
29 |         run: bundle exec rubocop -c .rubocop.yml lib/ spec/
30 | 


--------------------------------------------------------------------------------
/.github/workflows/test.yml:
--------------------------------------------------------------------------------
 1 | name: test
 2 | 
 3 | on:
 4 |   push:
 5 |     branches:
 6 |       - main
 7 |   pull_request:
 8 | 
 9 | permissions:
10 |   contents: read
11 | 
12 | jobs:
13 |   test:
14 |     name: test
15 |     runs-on: ubuntu-latest
16 | 
17 |     strategy:
18 |       matrix:
19 |         ruby: [ '3.1.2', '3.1.4', '3.2.2', '3.2.3', '3.3.0', '3.3.1' ]
20 | 
21 |     steps:
22 |       - name: checkout
23 |         uses: actions/checkout@v4
24 | 
25 |       - uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # pin@v1.235.0
26 |         with:
27 |           bundler-cache: true
28 |           ruby-version: ${{ matrix.ruby }}
29 | 
30 |       - name: bootstrap
31 |         run: script/bootstrap
32 | 
33 |       - name: rspec tests
34 |         run: script/test -d -k
35 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | /.bundle
 2 | /vendor/gems
 3 | 
 4 | # Ignore binstubs
 5 | bin/*
 6 | !bin/.keep
 7 | 
 8 | # There's a place for local caching of container gems to make local builds faster.
 9 | # Keep the .keep file but not the gems themselves
10 | vendor/container-gems/*
11 | !vendor/container-gems/.keep
12 | 
13 | # Coverage reports
14 | coverage/*
15 | 
16 | .*.swp
17 | 
18 | # Ignore JetBrains IDEs
19 | .idea
20 | 


--------------------------------------------------------------------------------
/.rubocop.yml:
--------------------------------------------------------------------------------
 1 | inherit_gem:
 2 |   rubocop-github:
 3 |     - config/default.yml
 4 | 
 5 | AllCops:
 6 |   NewCops: disable
 7 |   SuggestExtensions: false
 8 |   DisplayCopNames: true
 9 |   TargetRubyVersion: 3.3.1
10 |   Exclude:
11 |     - 'bin/*'
12 |     - 'spec/acceptance/fixtures/**/*'
13 |     - 'spec/unit/fixtures/**/*'
14 |     - 'vendor/gems/**/*'
15 | 


--------------------------------------------------------------------------------
/.ruby-version:
--------------------------------------------------------------------------------
1 | 3.3.1
2 | 


--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 | 
3 | source "https://rubygems.org"
4 | 
5 | gemspec
6 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2022 GitHub
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/bin/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/bin/.keep


--------------------------------------------------------------------------------
/entitlements-gitrepo-auditor-plugin.gemspec:
--------------------------------------------------------------------------------
 1 | # frozen_string_literal: true
 2 | 
 3 | require_relative "lib/version"
 4 | 
 5 | Gem::Specification.new do |s|
 6 |   s.name = "entitlements-gitrepo-auditor-plugin"
 7 |   s.version = Entitlements::Version::VERSION
 8 |   s.summary = "Entitlements GitRepo Auditor"
 9 |   s.description = "Entitlements plugin for a robust audit log"
10 |   s.authors = ["GitHub, Inc. Security Ops"]
11 |   s.email = "opensource+entitlements-app@github.com"
12 |   s.license = "MIT"
13 |   s.files = Dir.glob("lib/**/*")
14 |   s.homepage = "https://github.com/github/entitlements-gitrepo-auditor-plugin"
15 |   s.executables = %w[]
16 | 
17 |   s.add_dependency "contracts", "~> 0.17"
18 |   s.add_dependency "entitlements-app", "~> 1.0"
19 | 
20 |   s.add_development_dependency "debug", "<= 1.10.0"
21 |   s.add_development_dependency "rake", "~> 13.2", ">= 13.2.1"
22 |   s.add_development_dependency "rspec", "= 3.13.0"
23 |   s.add_development_dependency "rubocop", "~> 1.64"
24 |   s.add_development_dependency "rubocop-github", "~> 0.20"
25 |   s.add_development_dependency "rubocop-performance", "~> 1.21"
26 |   s.add_development_dependency "rugged", "~> 1.7", ">= 1.7.2"
27 |   s.add_development_dependency "simplecov", "~> 0.22.0"
28 |   s.add_development_dependency "simplecov-erb", "~> 1.0", ">= 1.0.1"
29 |   s.add_development_dependency "vcr", "~> 6.2"
30 |   s.add_development_dependency "webmock", "~> 3.23", ">= 3.23.1"
31 | end
32 | 


--------------------------------------------------------------------------------
/lib/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/lib/.keep


--------------------------------------------------------------------------------
/lib/entitlements/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/lib/entitlements/.keep


--------------------------------------------------------------------------------
/lib/entitlements/auditor/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/lib/entitlements/auditor/.keep


--------------------------------------------------------------------------------
/lib/version.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 | 
3 | module Entitlements
4 |   module Version
5 |     VERSION = "1.0.0"
6 |   end
7 | end
8 | 


--------------------------------------------------------------------------------
/script/bootstrap:
--------------------------------------------------------------------------------
 1 | #! /usr/bin/env bash
 2 | 
 3 | # COLORS
 4 | OFF='\033[0m'
 5 | RED='\033[0;31m'
 6 | GREEN='\033[0;32m'
 7 | BLUE='\033[0;34m'
 8 | PURPLE='\033[0;35m'
 9 | 
10 | set -e # Prevent any kind of script failures
11 | 
12 | # if any of the following env vars are set, use them for the APP_ENV value
13 | if [ -n "$APP_ENV" ]; then
14 |   export APP_ENV="$APP_ENV"
15 | elif [ -n "$ENV" ]; then
16 |   export APP_ENV="$ENV"
17 | elif [ -n "$ENVIRONMENT" ]; then
18 |   export APP_ENV="$ENVIRONMENT"
19 | elif [ -n "$RAILS_ENV" ]; then
20 |   export APP_ENV="$RAILS_ENV"
21 | elif [ -n "$RACK_ENV" ]; then
22 |   export APP_ENV="$RACK_ENV"
23 | fi
24 | 
25 | # set the working directory to the root of the project
26 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
27 | 
28 | # set the ruby version to the one specified in the .ruby-version file
29 | [ -z "$RBENV_VERSION" ] && export RBENV_VERSION=$(cat "$DIR/.ruby-version")
30 | 
31 | # set the app environment to development if it's not set
32 | [ -z "$APP_ENV" ] && export APP_ENV="development"
33 | 
34 | # set the path to include the rbenv shims if they exist
35 | [ -d "/usr/share/rbenv/shims" ] && export PATH=/usr/share/rbenv/shims:$PATH
36 | 
37 | TRASHDIR=$(mktemp -d /tmp/bootstrap.XXXXXXXXXXXXXXXXX)
38 | cleanup() {
39 |   rm -rf "$TRASHDIR"
40 |   # Remove empty directory
41 |   rmdir "$DIR/vendor/cache" 2>/dev/null || true
42 | }
43 | trap cleanup EXIT
44 | 
45 | # Bootstrap gem dependencies.
46 | if [ "$APP_ENV" == "production" ]; then
47 |   echo -e "💎 ${BLUE}Installing Gems for ${GREEN}production${BLUE}...${OFF}"
48 |   BUNDLE_WITHOUT=development bundle install --local
49 |   BUNDLE_WITHOUT=development bundle binstubs --all
50 | else
51 |   echo -e "💎 ${BLUE}Installing Gems for ${PURPLE}development${BLUE}...${OFF}"
52 |   bundle install --local
53 |   bundle binstubs --all
54 | fi
55 | 


--------------------------------------------------------------------------------
/script/cibuild:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | 
4 | cd "$(dirname "$0")/.."
5 | echo "Heres some output"
6 | docker build -t entitlements-gitrepo-auditor-plugin -f spec/acceptance/Dockerfile.entitlements-gitrepo-auditor-plugin .
7 | docker run -w "/data/entitlements" entitlements-gitrepo-auditor-plugin bash -c "script/test"
8 | 


--------------------------------------------------------------------------------
/script/cibuild-entitlements-gitrepo-auditor-plugin-acceptance:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | export DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
 4 | export APP_NAME="entitlements-gitrepo-auditor-plugin"
 5 | export GIT_SERVER_NAME="git-server"
 6 | export LDAP_SERVER_NAME="ldap-server"
 7 | 
 8 | if [ ! -f "${DIR}/spec/acceptance/Dockerfile.${APP_NAME}" ]; then
 9 |   echo "No Dockerfile.${APP_NAME} was found"
10 |   exit 255
11 | fi
12 | 
13 | begin_fold() {
14 |   local tag="$1"
15 |   echo "%%%FOLD {${tag}}%%%" 1>&2
16 |   set -x
17 | }
18 | 
19 | end_fold() {
20 |   set +x
21 |   echo "%%%END FOLD%%%" 1>&2
22 | }
23 | 
24 | docker_compose() {
25 |   cd "$DIR" && docker compose -f "$DIR/spec/acceptance/docker-compose.yml" "$@"
26 | }
27 | 
28 | unset DOCKER_COMPOSE_NEEDS_SHUTDOWN
29 | 
30 | cleanup() {
31 |   if [ -n "$DOCKER_COMPOSE_NEEDS_SHUTDOWN" ]; then
32 |     begin_fold "Logs from ${GIT_SERVER_NAME} container"
33 |     docker_compose logs --no-color "$GIT_SERVER_NAME" 1>&2
34 |     end_fold
35 | 
36 |     begin_fold "Logs from ${LDAP_SERVER_NAME} container"
37 |     docker_compose logs --no-color "$LDAP_SERVER_NAME" 1>&2
38 |     end_fold
39 | 
40 |     begin_fold "Shutting down docker-compose"
41 |     docker_compose down 1>&2
42 |     end_fold
43 |   fi
44 |   unset DOCKER_COMPOSE_NEEDS_SHUTDOWN
45 | }
46 | trap cleanup EXIT
47 | 
48 | set -e
49 | 
50 | begin_fold "Building/updating ${APP_NAME} container"
51 | docker_compose build "${APP_NAME}"
52 | end_fold
53 | 
54 | export DOCKER_COMPOSE_NEEDS_SHUTDOWN="true"
55 | 
56 | begin_fold "Starting ${LDAP_SERVER_NAME} container"
57 | docker_compose up --force-recreate -d "${LDAP_SERVER_NAME}"
58 | end_fold
59 | 
60 | begin_fold "Starting ${GIT_SERVER_NAME} container"
61 | docker_compose up --force-recreate -d "${GIT_SERVER_NAME}"
62 | end_fold
63 | 
64 | # This is where the tests actually run
65 | echo "Starting ${APP_NAME} acceptance test container" 1>&2
66 | docker_compose run "${APP_NAME}" "/acceptance/support/run-app.sh" && exitcode=$? || exitcode=$?
67 | 
68 | # Display logs from containers and shut down docker-compose.
69 | cleanup
70 | 
71 | # We're done!
72 | echo ""
73 | echo "*****************************************************************"
74 | echo "${APP_NAME} acceptance exit status = ${exitcode}"
75 | echo "*****************************************************************"
76 | echo ""
77 | 
78 | exit $exitcode
79 | 


--------------------------------------------------------------------------------
/script/lib/fold.sh:
--------------------------------------------------------------------------------
 1 | begin_fold() {
 2 |   local tag="$1"
 3 |   echo "%%%FOLD {${tag}}%%%" 1>&2
 4 |   set -x
 5 | }
 6 | 
 7 | end_fold() {
 8 |   set +x
 9 |   echo "%%%END FOLD%%%" 1>&2
10 | }
11 | 


--------------------------------------------------------------------------------
/script/test:
--------------------------------------------------------------------------------
  1 | #! /usr/bin/env bash
  2 | 
  3 | # run script/test -h for help
  4 | 
  5 | # COLORS
  6 | OFF='\033[0m'
  7 | RED='\033[0;31m'
  8 | GREEN='\033[0;32m'
  9 | BLUE='\033[0;34m'
 10 | 
 11 | set -e
 12 | 
 13 | function usage()
 14 | {
 15 |     echo -e "\t ================== script/test usage =================="
 16 |     echo -e "\t-h --help               : displays help message"
 17 |     echo -e "\t-k --no-linter          : disables linting tests"
 18 |     echo -e "\t-d --disable-bootstrap  : disables bootstrap"
 19 |     echo -e "\n\t Suggested flags for development: script/test -d -s"
 20 | }
 21 | 
 22 | while [ "$1" != "" ]; do
 23 |     PARAM=`echo $1 | awk -F= '{print $1}'`
 24 |     VALUE=`echo $1 | awk -F= '{print $2}'`
 25 |     case $PARAM in
 26 |       -h | --help)
 27 |         usage
 28 |         exit
 29 |         ;;
 30 |       -k | --no-linter)
 31 |         no_linter=1
 32 |         ;;
 33 |       -d | --disable-bootstrap)
 34 |         no_bootstrap=1
 35 |         ;;
 36 |       *)
 37 |       echo "ERROR: unknown parameter \"$PARAM\""
 38 |       usage
 39 |       exit 1
 40 |       ;;
 41 |     esac
 42 |     shift
 43 | done
 44 | 
 45 | # setup
 46 | export DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd )"
 47 | [ -z "$RBENV_VERSION" ] && export RBENV_VERSION=$(cat "$DIR/.ruby-version")
 48 | 
 49 | if [[ -z $no_bootstrap ]]; then
 50 |   # bootstrap
 51 |   echo -e "\n🥾 ${BLUE}Bootstrapping: $(date "+%H:%M:%S")${OFF}\n"
 52 |   echo "%%%FOLD {bootstrap}%%%"
 53 |   cd "$DIR"
 54 |   script/bootstrap
 55 |   echo "%%%END FOLD%%%"
 56 | else
 57 |   echo -e "\n⏩ ${BLUE}Skipping Bootstrap${OFF}"
 58 | fi
 59 | 
 60 | # Run Rubocop
 61 | if [[ -z $no_linter ]]; then
 62 |   echo -e "\n🤖 ${BLUE}Running Rubocop: $(date "+%H:%M:%S")${OFF}\n"
 63 |   bundle exec bin/rubocop
 64 | else
 65 |   echo -e "\n⏩ ${BLUE}Skipping Rubocop${OFF}"
 66 | fi
 67 | 
 68 | # run tests
 69 | echo -e "\n🧪 ${BLUE}Running tests: $(date "+%H:%M:%S")${OFF}\n"
 70 | cd "$(dirname $0)/.."
 71 | 
 72 | bundle exec bin/rspec spec/unit && rspec_exit=$? || rspec_exit=$?
 73 | 
 74 | total_coverage=$(cat "$DIR/coverage/total-coverage.txt")
 75 | 
 76 | if grep -q "100.0" "$DIR/coverage/total-coverage.txt"; then
 77 |   cov_exit=0
 78 |   echo -e "\n✅ Total Coverage: ${GREEN}$total_coverage${OFF}"
 79 | else
 80 |   cov_exit=1
 81 |   echo -e "\n❌ Total Coverage: ${RED}$total_coverage${OFF}"
 82 | fi
 83 | 
 84 | echo ""
 85 | echo "---------------------------------------"
 86 | echo "📊 Summary Results"
 87 | echo "---------------------------------------"
 88 | echo ""
 89 | 
 90 | if [[ $rspec_exit == 0 ]]; then
 91 |   echo -e "✅ ${GREEN}rspec:    exitcode=${rspec_exit}${OFF}"
 92 | else
 93 |   echo -e "❌ ${RED}rspec:    exitcode=${rspec_exit}${OFF}"
 94 | fi
 95 | 
 96 | if [[ $cov_exit == 0 ]]; then
 97 |   echo -e "✅ \033[0;32mcoverage: exitcode=${cov_exit}\033[0m"
 98 | else
 99 |   echo -e "❌ \033[0;31mcoverage: exitcode=${cov_exit}\033[0m"
100 | fi
101 | 
102 | [ $rspec_exit -gt 0 ] && exit 1
103 | [ $cov_exit -gt 0 ] && exit 1
104 | 
105 | exit 0
106 | 


--------------------------------------------------------------------------------
/spec/acceptance/Dockerfile.entitlements-gitrepo-auditor-plugin:
--------------------------------------------------------------------------------
 1 | FROM ruby:3.3.1-slim
 2 | LABEL maintainer="GitHub Security Ops <opensource+entitlements-app@github.com>"
 3 | ENV HOME /root
 4 | ENV RELEASE=buster
 5 | ENV container docker
 6 | WORKDIR /data/entitlements
 7 | 
 8 | # Install dependency packages for bootstrapping and running...
 9 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
10 |     build-essential \
11 |     cmake \
12 |     gcc \
13 |     git \
14 |     ldap-utils \
15 |     make \
16 |     iputils-ping \
17 |     pkg-config
18 | 
19 | # Install bundler
20 | RUN gem install bundler -v 2.5.3
21 | 
22 | # Bootstrap files and caching for speed
23 | COPY "vendor/cache/" "/data/entitlements/vendor/cache/"
24 | COPY "script/" "/data/entitlements/script/"
25 | COPY [".rubocop.yml", ".ruby-version", "entitlements-gitrepo-auditor-plugin.gemspec", "Gemfile", "Gemfile.lock", "/data/entitlements/"]
26 | COPY "lib/version.rb" "/data/entitlements/lib/version.rb"
27 | RUN ./script/bootstrap
28 | 
29 | # Source Files
30 | COPY "bin/" "/data/entitlements/bin/"
31 | COPY "lib/" "/data/entitlements/lib/"
32 | COPY "spec/" "/data/entitlements/spec/"
33 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/README.md:
--------------------------------------------------------------------------------
1 | # CA for acceptance
2 | 
3 | Password for every key: `kittens` (what else? :smile_cat:)
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/certs/ca.cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGJDCCBAygAwIBAgIJAKHrJtknH6gDMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
 3 | VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
 4 | aXNjbzEVMBMGA1UECgwMR2l0SHViLCBJbmMuMSwwKgYDVQQLDCNlbnRpdGxlbWVu
 5 | dHMgYXBwIGFjY2VwdGFuY2UgdGVzdCBDQTEdMBsGA1UEAwwUYWNjZXB0YW5jZS1j
 6 | YS5naXRodWIwHhcNMTgwMzAxMjE0MDAzWhcNMzgwMjI0MjE0MDAzWjCBnjELMAkG
 7 | A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu
 8 | Y2lzY28xFTATBgNVBAoMDEdpdEh1YiwgSW5jLjEsMCoGA1UECwwjZW50aXRsZW1l
 9 | bnRzIGFwcCBhY2NlcHRhbmNlIHRlc3QgQ0ExHTAbBgNVBAMMFGFjY2VwdGFuY2Ut
10 | Y2EuZ2l0aHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA55O7ULc/
11 | WQySiMxs9Y8EZVr6hGSJZEUUm7gk42dUSejvj/gCE52AhYUUR5ZQGAd5hZLKNvqH
12 | qunLlRzFqziVo9uQ+EBnEalepO58ohhpzVlzSl4hxlPs9lO6L9owN28xH52DVnsx
13 | G1GzOlZnnhI7nmxui+G9v0J0h5JVotqsYq7PKniovgP7XIg42EvrqYjhaCw53k7y
14 | cgQL1OCxQF+ytiFFNnFrYlHqIZthOLAEP/OHGYZAidZuFzNJso6wEdCe0sYUZtHt
15 | 8aX1mWC6CqnaWoAAzyj7h4rwqXo/SqF25G1EKG3AjVUAl33Ai4J1PSJVdETYCV5w
16 | ARcD6gIacDFO1a2bN54nQ/Oke8Yb5nAVuNrMFe5/gNZCQ2WTKYHUm8G8FbdsKs98
17 | 8guxfrewGRblQLUg3NRZQXupPXYi5Wy+d+TEtbYTAZi/mq+S16aOW32MALM6z/85
18 | B8qCQUEM00K5GcpZAn3GnuWv1Pr79MQ2Fj5h40lJU4u3zDTKF1xNE4XOaIKldZlS
19 | YJuJ0JKGF47MYxxa2ywxIWKM1+ukFMsc7XSlWXpvecCmWXvEbq4QkUHvGs//tWMW
20 | 6+hXc7zT3I6HxtHw+dllvGvkdP2KkS/SdJ4VDI+sK33dV0PqZs/O5c1GwpiCyXeY
21 | mZpcOktXyjAe1iutVemYoNowNU4tzbqse8sCAwEAAaNjMGEwHQYDVR0OBBYEFEHP
22 | qR0y/D7SMWwxSnZ7sh60TUvqMB8GA1UdIwQYMBaAFEHPqR0y/D7SMWwxSnZ7sh60
23 | TUvqMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
24 | CwUAA4ICAQBWxFhxvqpnel7AGhiB/kk1B792TZ83WB7QIDEXjV21eylvdQTCF5tM
25 | 3U3U5DsbxsyDW7pG5TykQOc83Z1F4AGUB2YyjMmsU5702RX3aBoH9J8wJ4dVoDWn
26 | eevNXgR1WNpXsk3XOmunGIHEFSfEbZK9KAKOCAIP3CVUvKzS1rjlfpU+OS+qhrq8
27 | EIIDSH4Twz25NHKTp/1Qq7YOeDrShkWKC5EWIXi3K85NKbJ6R7ulluDsv+alfAd5
28 | 0Y4RLKkDmrDQfBnQcMFmsgZmZ4/NfZPO/1siDsyTPIm/58w0pXKEyhQBi9pd/8PM
29 | h8kzktldJFP5cPTSMz0hGMxUft5uFzHA4dAsuAUKo/zshpukjTYJW4Q8fykQ33tn
30 | bqxheuLZO45rJo4jP1Nq/7g8yVXRae5JoxoYKEeciWW+ept2ygrQb/bUmoSWabQI
31 | qX/TUzheRPB9TDBuRfQSHrxZb7EHTbB7E5GKbEEmFDsoB9vMcvg2k+OAmooNVtGO
32 | s351Irsm2EBinlRBKIbej1am2pn2F96aVw5T1UJxlFGBPc6WgEOsWXtelwN2MOOs
33 | 7dyLMwjhEa775vXdcFwN15rX4MPOA2nGK+jpNrreHexv3r5dXSnOlESOC0sxMDgu
34 | vLRJaJ2JnnuoDAvhaw6AOwzbwVGDHYl2ClUbKz7Iy5YwvF25khLswQ==
35 | -----END CERTIFICATE-----
36 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/index.txt:
--------------------------------------------------------------------------------
1 | V	371116214418Z		1000	unknown	/C=US/ST=California/O=GitHub, Inc./OU=entitlements app acceptance test CA/CN=intermediate-ca.github
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/index.txt.attr:
--------------------------------------------------------------------------------
1 | unique_subject = yes
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/index.txt.old:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ca/index.txt.old


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/certs/ca-chain.cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGCjCCA/KgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZ4xCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUw
 4 | EwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAg
 5 | YWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRhY2NlcHRhbmNlLWNhLmdpdGh1
 6 | YjAeFw0xODAzMDEyMTQ0MThaFw0zNzExMTYyMTQ0MThaMIGIMQswCQYDVQQGEwJV
 7 | UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR2l0SHViLCBJbmMuMSww
 8 | KgYDVQQLDCNlbnRpdGxlbWVudHMgYXBwIGFjY2VwdGFuY2UgdGVzdCBDQTEfMB0G
 9 | A1UEAwwWaW50ZXJtZWRpYXRlLWNhLmdpdGh1YjCCAiIwDQYJKoZIhvcNAQEBBQAD
10 | ggIPADCCAgoCggIBAJZfDROyejD2AKheJUyAonf44Li8cAtbr6vCZ4/RyvoPiYD/
11 | uJBBkV09/y3ldkQgHBt9zr7SE4BKjJI/w+X1bo26bD7RvRaC8gxUrT5ym5cJAXaf
12 | 1/QXoLiORxlK4F1TZKb8anFvNtS5nZ8Bzyxewm65cDUlyZJhMTBWTSs8qIXHSL0D
13 | PaqKytnQCmtGCQYdb0qPV/aQpmlw8oW1mkdQTiJy5getBh/eDKQcC+owdl+ZvDOd
14 | sFpcYWY5VgxdUTmnNQRRLUW55SMJJBppdxveLcMQOb43W9FBNL4pkSZ2yC+0ES/2
15 | 0FI7ydixucqeu5HPpS3eRPTkr3ATtO685LMsAAfn0AlLlnQ2fLMNZWD7bYtoNWSd
16 | uxpZrVJhsAqTFHd/bx/aSPRdYDwoS9bIYin8uEUx7LQNX9/viO7NDcS6Kor7Lpu4
17 | kqy7HvSSgoY6bDuGm/mexzOL9IljHac9ztuoeCDa/Gca57asu4pp5mWZnBgHfIu9
18 | U9fxiqadTmHHYgXgEB2SXaSM0GIwy7014L3Bpsdlp/4ywTaOpxsiJntHlZLfw5Jw
19 | LJA696xq6pQl7vkdkDm5UF2BH+dk3wuRX1MCCbim1CwGtwws4UR+NQH6A5CKfBbL
20 | VTOLO4nqe7X7/u+s7p1McI+LPuMnfM1eu5yFblmvebNggcLpKOPea+ClqIIlAgMB
21 | AAGjZjBkMB0GA1UdDgQWBBSw2FmWIrihGNPV0KKeQO6t/R9L8zAfBgNVHSMEGDAW
22 | gBRBz6kdMvw+0jFsMUp2e7IetE1L6jASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
23 | DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA3mt0BFljOxA2HuXV/vXdGBQY
24 | ErR2vGZNvS0DMBhBBZcWaILesFeBEiHxLXlDcSisvsK2LsN6s3N8AYPY9s6f6XQ1
25 | amSG9osfTouS2y/JqO3bbJSjL/pjz1/s1x/d9PwYPlEFeCniihAbwpQiYoyec0wh
26 | ihQ1vDs4wQBLD+Gj+gYhnUf35OWhBjVw+iu0/oIxjdmQEQS1Qe/zimk+CpmdGf5u
27 | rNWKDxs5TSskvCIwBdzh/hCvVuzk7fATc1pj5IaGi8I5o5070O4OJ5O2vLnKuwQw
28 | pr7AYRGvew08xaMKVXhnBa9rNyynwb6u6vOeks8C6WQF14i+0WPPk/vcyfQZv6t6
29 | lpD8kalzV94MbIM27HFY0dgboIhYFYJ31RGiC8lq1JYKdeBY2Z8eKRbmwrfvDiYU
30 | CYAVkYH2QHD3a/H5fuB0JR20Tt82+NKKsH+fZO+kCMRDRpmRzG/H7Aiahs4gwjqq
31 | 29jTFg2NGYyoBfyQELuHSM/iW7reHdg/F1WqUW7AGmoAtf0Jk1PGfIJbczRAGYqS
32 | FWh1X9nHvh51jg8arHPaRiYeLuSsjkYvnQGVhNnb+0q6M1H7tHZfKahuuUKeem4+
33 | 5l2eDeY3FlijQ6jtHOF4HsfJMlDTFLb6Adtl46Quh6zFJjkApldl6L9IuAbSffHV
34 | Kpfjbv8qMtY2qx/pYI0=
35 | -----END CERTIFICATE-----
36 | -----BEGIN CERTIFICATE-----
37 | MIIGJDCCBAygAwIBAgIJAKHrJtknH6gDMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
38 | VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
39 | aXNjbzEVMBMGA1UECgwMR2l0SHViLCBJbmMuMSwwKgYDVQQLDCNlbnRpdGxlbWVu
40 | dHMgYXBwIGFjY2VwdGFuY2UgdGVzdCBDQTEdMBsGA1UEAwwUYWNjZXB0YW5jZS1j
41 | YS5naXRodWIwHhcNMTgwMzAxMjE0MDAzWhcNMzgwMjI0MjE0MDAzWjCBnjELMAkG
42 | A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFu
43 | Y2lzY28xFTATBgNVBAoMDEdpdEh1YiwgSW5jLjEsMCoGA1UECwwjZW50aXRsZW1l
44 | bnRzIGFwcCBhY2NlcHRhbmNlIHRlc3QgQ0ExHTAbBgNVBAMMFGFjY2VwdGFuY2Ut
45 | Y2EuZ2l0aHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA55O7ULc/
46 | WQySiMxs9Y8EZVr6hGSJZEUUm7gk42dUSejvj/gCE52AhYUUR5ZQGAd5hZLKNvqH
47 | qunLlRzFqziVo9uQ+EBnEalepO58ohhpzVlzSl4hxlPs9lO6L9owN28xH52DVnsx
48 | G1GzOlZnnhI7nmxui+G9v0J0h5JVotqsYq7PKniovgP7XIg42EvrqYjhaCw53k7y
49 | cgQL1OCxQF+ytiFFNnFrYlHqIZthOLAEP/OHGYZAidZuFzNJso6wEdCe0sYUZtHt
50 | 8aX1mWC6CqnaWoAAzyj7h4rwqXo/SqF25G1EKG3AjVUAl33Ai4J1PSJVdETYCV5w
51 | ARcD6gIacDFO1a2bN54nQ/Oke8Yb5nAVuNrMFe5/gNZCQ2WTKYHUm8G8FbdsKs98
52 | 8guxfrewGRblQLUg3NRZQXupPXYi5Wy+d+TEtbYTAZi/mq+S16aOW32MALM6z/85
53 | B8qCQUEM00K5GcpZAn3GnuWv1Pr79MQ2Fj5h40lJU4u3zDTKF1xNE4XOaIKldZlS
54 | YJuJ0JKGF47MYxxa2ywxIWKM1+ukFMsc7XSlWXpvecCmWXvEbq4QkUHvGs//tWMW
55 | 6+hXc7zT3I6HxtHw+dllvGvkdP2KkS/SdJ4VDI+sK33dV0PqZs/O5c1GwpiCyXeY
56 | mZpcOktXyjAe1iutVemYoNowNU4tzbqse8sCAwEAAaNjMGEwHQYDVR0OBBYEFEHP
57 | qR0y/D7SMWwxSnZ7sh60TUvqMB8GA1UdIwQYMBaAFEHPqR0y/D7SMWwxSnZ7sh60
58 | TUvqMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
59 | CwUAA4ICAQBWxFhxvqpnel7AGhiB/kk1B792TZ83WB7QIDEXjV21eylvdQTCF5tM
60 | 3U3U5DsbxsyDW7pG5TykQOc83Z1F4AGUB2YyjMmsU5702RX3aBoH9J8wJ4dVoDWn
61 | eevNXgR1WNpXsk3XOmunGIHEFSfEbZK9KAKOCAIP3CVUvKzS1rjlfpU+OS+qhrq8
62 | EIIDSH4Twz25NHKTp/1Qq7YOeDrShkWKC5EWIXi3K85NKbJ6R7ulluDsv+alfAd5
63 | 0Y4RLKkDmrDQfBnQcMFmsgZmZ4/NfZPO/1siDsyTPIm/58w0pXKEyhQBi9pd/8PM
64 | h8kzktldJFP5cPTSMz0hGMxUft5uFzHA4dAsuAUKo/zshpukjTYJW4Q8fykQ33tn
65 | bqxheuLZO45rJo4jP1Nq/7g8yVXRae5JoxoYKEeciWW+ept2ygrQb/bUmoSWabQI
66 | qX/TUzheRPB9TDBuRfQSHrxZb7EHTbB7E5GKbEEmFDsoB9vMcvg2k+OAmooNVtGO
67 | s351Irsm2EBinlRBKIbej1am2pn2F96aVw5T1UJxlFGBPc6WgEOsWXtelwN2MOOs
68 | 7dyLMwjhEa775vXdcFwN15rX4MPOA2nGK+jpNrreHexv3r5dXSnOlESOC0sxMDgu
69 | vLRJaJ2JnnuoDAvhaw6AOwzbwVGDHYl2ClUbKz7Iy5YwvF25khLswQ==
70 | -----END CERTIFICATE-----
71 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/certs/github.fake.cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIG8zCCBNugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAq
 4 | BgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR8wHQYD
 5 | VQQDDBZpbnRlcm1lZGlhdGUtY2EuZ2l0aHViMB4XDTE4MDgwNDE2MDE1OFoXDTI4
 6 | MDgwMTE2MDE1OFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 7 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKDAtHaXRIdWIgSW5jLjEZ
 8 | MBcGA1UECwwQRW50aXRsZW1lbnRzIEFwcDEUMBIGA1UEAwwLZ2l0aHViLmZha2Uw
 9 | ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTMuTl+HsK08zKp4VuuxSN
10 | BjAl2dsBkWy0cu6hdFg6x0RHVbVaYquSUSJJQ9P/YHZ/J0E0pZqCZ1DbVpm1HIhM
11 | S4A2mFwt8URAACOMAIXU2sRcujimaqd3zlKmLa8E7g9lrgqKwnMyZfUjs+69G/ao
12 | oLVv8np3XiJCKlSxezIEDnZjVKftb98wJzZEfvIS+Qw9/wKUt3Ou4SZQuytFoN+c
13 | 5KT4ebnxP9VFoeBexyVsus/ijCKafsqoEj8XvoApEP2FN8CpBIGxyotdLW3KIKz9
14 | zg/t/IXtpIgp3gtiWp4WUpBX1bchULQ78HGxAq66/oY3ZZbKUuOhm2th0QsubgGc
15 | s63djNYTcEhKMprjEO2BbGdgqkKkRlZQzX49hAMmFN632y0renArjOY3jGaVwEdF
16 | S+eFsMzavVkwGT6XmUMn6d3e9cXTdI+gxAgqGGjZ81LLbHFtXBq2ZVkMqe4oA7Lw
17 | SH8D+7tFFVlFzes3QFF84abCzAmMSlr2C+Q1G7PsoD4FfEfu3wfFDHI2K6bNmKoo
18 | Mhwga96TYzJATmPOWA+wrAY41yiKr3k/F4xNWDGRKedX7RBORouZ3dAJKoDm/8kw
19 | DmjXU7Ry3M15O2NHz2A0uAy6AWC3KOHXd9kSbuHJsBzCtTB6Nko4Sr0Pb6dy8OUg
20 | i9DmRA7IRONenHv1jYVtMwIDAQABo4IBajCCAWYwCQYDVR0TBAIwADARBglghkgB
21 | hvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNl
22 | cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxVJuZ7xgP0URnJW1d3Vk8bGTvMw
23 | gcwGA1UdIwSBxDCBwYAUsNhZliK4oRjT1dCinkDurf0fS/OhgaSkgaEwgZ4xCzAJ
24 | BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJh
25 | bmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsMI2VudGl0bGVt
26 | ZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRhY2NlcHRhbmNl
27 | LWNhLmdpdGh1YoICEAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF
28 | BwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA1aUG7IlEcvSyM727yW/jXbhBLZSsbqRws
29 | lcrGa3QtvbxjhdERDmOuEsm5nxok8UJiix//0Ew3DDF3FmiyEiM1rKkYakntwIbP
30 | JmxLAXX2RXUqklJzvF+3CpU82XF31a34hDyoc2/DM64Ha9RiM17gSlwUfrRoOSmK
31 | REa33T6mQWid6VljcYzFabYHdTQkXDU7TiCwKOiZHgnrMPA1W+atvSIh2JWgVJdp
32 | w/dxxpOuE3dkL6WpntlWfSQHQToHbiyjDLhl918W9YHKQSRE2RHA3YoGE2gEdCz3
33 | HG/4Rrfp4WFRPUe1lscnm/5x6STQekHSLl+d56f+KBKQYl78VMUaDwbFrGaOok5u
34 | XUCyhRWsOnHVRhQWe6Y6j/ScBWuog1tKeYE18vxplREMjW9Zij6pnpuF7APaSks7
35 | KUfv3xrqSSCDpxXFU2W27DzdWeQHKTh+efunk1r22XdxgMA+b6xUyt/zMlfxuf9C
36 | HigcjjD7UFgw10bdV09ZjEZ43dwH+AhBVCcyf81gdiL3OOpGRW5QSSBwncyNxB8c
37 | n7Xo1FaF2Ao3X5Bwb5nYjdIbGHOSAfVcK4iTrltjxtVhPdvKs6aguircnol867nV
38 | WS0w/Mvt2gzbh06OCMOG2YoQvvUJuMtzKTnxLGOFNSLitcbkK5A3Y08a1gT+8bwa
39 | 9i4cSDAvaw==
40 | -----END CERTIFICATE-----
41 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/certs/intermediate.cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGCjCCA/KgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZ4xCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUw
 4 | EwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAg
 5 | YWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRhY2NlcHRhbmNlLWNhLmdpdGh1
 6 | YjAeFw0xODAzMDEyMTQ0MThaFw0zNzExMTYyMTQ0MThaMIGIMQswCQYDVQQGEwJV
 7 | UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR2l0SHViLCBJbmMuMSww
 8 | KgYDVQQLDCNlbnRpdGxlbWVudHMgYXBwIGFjY2VwdGFuY2UgdGVzdCBDQTEfMB0G
 9 | A1UEAwwWaW50ZXJtZWRpYXRlLWNhLmdpdGh1YjCCAiIwDQYJKoZIhvcNAQEBBQAD
10 | ggIPADCCAgoCggIBAJZfDROyejD2AKheJUyAonf44Li8cAtbr6vCZ4/RyvoPiYD/
11 | uJBBkV09/y3ldkQgHBt9zr7SE4BKjJI/w+X1bo26bD7RvRaC8gxUrT5ym5cJAXaf
12 | 1/QXoLiORxlK4F1TZKb8anFvNtS5nZ8Bzyxewm65cDUlyZJhMTBWTSs8qIXHSL0D
13 | PaqKytnQCmtGCQYdb0qPV/aQpmlw8oW1mkdQTiJy5getBh/eDKQcC+owdl+ZvDOd
14 | sFpcYWY5VgxdUTmnNQRRLUW55SMJJBppdxveLcMQOb43W9FBNL4pkSZ2yC+0ES/2
15 | 0FI7ydixucqeu5HPpS3eRPTkr3ATtO685LMsAAfn0AlLlnQ2fLMNZWD7bYtoNWSd
16 | uxpZrVJhsAqTFHd/bx/aSPRdYDwoS9bIYin8uEUx7LQNX9/viO7NDcS6Kor7Lpu4
17 | kqy7HvSSgoY6bDuGm/mexzOL9IljHac9ztuoeCDa/Gca57asu4pp5mWZnBgHfIu9
18 | U9fxiqadTmHHYgXgEB2SXaSM0GIwy7014L3Bpsdlp/4ywTaOpxsiJntHlZLfw5Jw
19 | LJA696xq6pQl7vkdkDm5UF2BH+dk3wuRX1MCCbim1CwGtwws4UR+NQH6A5CKfBbL
20 | VTOLO4nqe7X7/u+s7p1McI+LPuMnfM1eu5yFblmvebNggcLpKOPea+ClqIIlAgMB
21 | AAGjZjBkMB0GA1UdDgQWBBSw2FmWIrihGNPV0KKeQO6t/R9L8zAfBgNVHSMEGDAW
22 | gBRBz6kdMvw+0jFsMUp2e7IetE1L6jASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
23 | DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA3mt0BFljOxA2HuXV/vXdGBQY
24 | ErR2vGZNvS0DMBhBBZcWaILesFeBEiHxLXlDcSisvsK2LsN6s3N8AYPY9s6f6XQ1
25 | amSG9osfTouS2y/JqO3bbJSjL/pjz1/s1x/d9PwYPlEFeCniihAbwpQiYoyec0wh
26 | ihQ1vDs4wQBLD+Gj+gYhnUf35OWhBjVw+iu0/oIxjdmQEQS1Qe/zimk+CpmdGf5u
27 | rNWKDxs5TSskvCIwBdzh/hCvVuzk7fATc1pj5IaGi8I5o5070O4OJ5O2vLnKuwQw
28 | pr7AYRGvew08xaMKVXhnBa9rNyynwb6u6vOeks8C6WQF14i+0WPPk/vcyfQZv6t6
29 | lpD8kalzV94MbIM27HFY0dgboIhYFYJ31RGiC8lq1JYKdeBY2Z8eKRbmwrfvDiYU
30 | CYAVkYH2QHD3a/H5fuB0JR20Tt82+NKKsH+fZO+kCMRDRpmRzG/H7Aiahs4gwjqq
31 | 29jTFg2NGYyoBfyQELuHSM/iW7reHdg/F1WqUW7AGmoAtf0Jk1PGfIJbczRAGYqS
32 | FWh1X9nHvh51jg8arHPaRiYeLuSsjkYvnQGVhNnb+0q6M1H7tHZfKahuuUKeem4+
33 | 5l2eDeY3FlijQ6jtHOF4HsfJMlDTFLb6Adtl46Quh6zFJjkApldl6L9IuAbSffHV
34 | Kpfjbv8qMtY2qx/pYI0=
35 | -----END CERTIFICATE-----
36 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/certs/ldap-server.fake.cert.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGDDCCA/SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAq
 4 | BgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR8wHQYD
 5 | VQQDDBZpbnRlcm1lZGlhdGUtY2EuZ2l0aHViMB4XDTE4MDMwMTIxNDc0N1oXDTI4
 6 | MDIyNzIxNDc0N1owgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 7 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4x
 8 | LDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMRkw
 9 | FwYDVQQDDBBsZGFwLXNlcnZlci5mYWtlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
10 | MIIBCgKCAQEAxOfyPfi1TmXKIaeTNvK8i0HTpnt1/VTYAUVJRFLvZbKvhcz6qvO9
11 | 3XVNQej+ZacGuSxh7NOKCOUGBc5K9P//Y1xAyH+FrvdP8Q73fY8yGcAWWvCAM9Z/
12 | Hw22aPvSiiG4s1Lro4IRW2ubZcfkZAhkUTVLJCVqrXczxJ2KhqgbKdmTPa+xGhcd
13 | tTHvX6NnKQHpYqfSH3OSabLx2YM6WYsC97OMGDFUpN3vObF6/YvgdU8qDKln7cB3
14 | Q3B2FaBxAccZEhmUvV+fsYLhNjVPMs/VvIWK6xD7TLaLnE2O19tRWUAGl4woaeby
15 | lwNsyqefJP0HrodnzYxvMEVNydNDKtCcYQIDAQABo4IBajCCAWYwCQYDVR0TBAIw
16 | ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
17 | ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUuYHcULNnfwrZHwYk
18 | ImOnE0CUa5wwgcwGA1UdIwSBxDCBwYAUsNhZliK4oRjT1dCinkDurf0fS/OhgaSk
19 | gaEwgZ4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
20 | DA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsM
21 | I2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRh
22 | Y2NlcHRhbmNlLWNhLmdpdGh1YoICEAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
23 | MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBQPyaEjFKfTMYe2bSrCLt+
24 | UOrYfFdsEVxK4rtsKwLtSpHQXfD/tF/3XV0jOU/yP/bB40leQ8AzGBnZLKPbh0P2
25 | oaKqazBwd2aaCePUUXy831pM5v+NpRi2jX9gKjT1cAHLDjAYPt9Cd3D9IycWeand
26 | 8QWU5CzXCZrjDhDC8T7rplyO3bA2TwWnXt/BqsgKAIoGt/6EUR/YmQSL2K7ykU8Z
27 | UAN6Kx6P3dRNkQ/5RCXx65Tum2ogXUkE/w8GWNYB21VGWMPIp1v8i8uBESg9aHRU
28 | pQg6xOdAU1XekdFrau5JsNoYupPj125aAiKgLxvvz/xOpaQh0jQyzmlGH63i0nMv
29 | uF2c1CQRVpjEqPW5Ok5fDQLPJQ7PP49k/5Fl+uDgAEEmq3lpF0yYFmDr8gTMZ8mf
30 | sPahN6xZQCsIN3BlPkpuf0harHWhwyr1CTT1vSrcKdUGxeOxMPrjhZIYgDrpMAt8
31 | B1n7BGfLJqQJ7shjOpaqCv67qqDLWcbhMMKZYbdDgoQyhT1GjFNVcIgNFgOj9vCj
32 | 9GF6eInT0LuNQEfnXJ4V6JlswFS7A6L9Us5vAgg1HmAGqQ339Ljy6Py/nN5QwUGp
33 | cqVcWDioSZq0HSkPo753/NDTAfn/AeIS+Wn3BXHZpoXhmZplp3JL3MfP9Aww+ZnL
34 | xRYlA4mOUC6bNM9DVzw3AA==
35 | -----END CERTIFICATE-----
36 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/crlnumber:
--------------------------------------------------------------------------------
1 | 1000
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/csr/github.fake.csr.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE REQUEST-----
 2 | MIIExzCCAq8CAQAwgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 3 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKDAtHaXRIdWIgSW5jLjEZ
 4 | MBcGA1UECwwQRW50aXRsZW1lbnRzIEFwcDEUMBIGA1UEAwwLZ2l0aHViLmZha2Uw
 5 | ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTMuTl+HsK08zKp4VuuxSN
 6 | BjAl2dsBkWy0cu6hdFg6x0RHVbVaYquSUSJJQ9P/YHZ/J0E0pZqCZ1DbVpm1HIhM
 7 | S4A2mFwt8URAACOMAIXU2sRcujimaqd3zlKmLa8E7g9lrgqKwnMyZfUjs+69G/ao
 8 | oLVv8np3XiJCKlSxezIEDnZjVKftb98wJzZEfvIS+Qw9/wKUt3Ou4SZQuytFoN+c
 9 | 5KT4ebnxP9VFoeBexyVsus/ijCKafsqoEj8XvoApEP2FN8CpBIGxyotdLW3KIKz9
10 | zg/t/IXtpIgp3gtiWp4WUpBX1bchULQ78HGxAq66/oY3ZZbKUuOhm2th0QsubgGc
11 | s63djNYTcEhKMprjEO2BbGdgqkKkRlZQzX49hAMmFN632y0renArjOY3jGaVwEdF
12 | S+eFsMzavVkwGT6XmUMn6d3e9cXTdI+gxAgqGGjZ81LLbHFtXBq2ZVkMqe4oA7Lw
13 | SH8D+7tFFVlFzes3QFF84abCzAmMSlr2C+Q1G7PsoD4FfEfu3wfFDHI2K6bNmKoo
14 | Mhwga96TYzJATmPOWA+wrAY41yiKr3k/F4xNWDGRKedX7RBORouZ3dAJKoDm/8kw
15 | DmjXU7Ry3M15O2NHz2A0uAy6AWC3KOHXd9kSbuHJsBzCtTB6Nko4Sr0Pb6dy8OUg
16 | i9DmRA7IRONenHv1jYVtMwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBAGyN0ijX
17 | wCXs63bG1q9LuhAxtzE3oK9jzxoLr4ObHS2hf8Ix5Vlgw8TSPam/z/P3cQxdfItS
18 | 0U8pRbmPa+Cmuv2bx9SAz9PRMGZXUklh6RF81maHgJt/EdjXIAOdSqSTuilJvTT6
19 | jo2BDOkv0G+iInSKbBY/Q5M7a36Xy4u1WbGabd+wIkQTnNmCUPTV13DbmMkVEGhC
20 | qq5/S/oMnBs9IbfcqOYR50tyI1T2Y7vMBVq2oKIPmqNGB7qDO9unUt+rF1JJJ++E
21 | 2SoDAJpVD/VzNOkAdWv+Br7WeIlFGAQAygU1T+dYLM3bW6m6JNhI3GdxMYl1xber
22 | 1oND/5OU8amM9b2p47ziQHhR+ZbpEbYcRFqKy236/4uCzNnAsJaAFHGQDRJ5TrIk
23 | nRnZvcEdaUcID96qUeFhmkuhO/zcA6cXTbPXkr/QPP+C6YBPIk+UcOfrvGgchje7
24 | VUYRI7JZD7a9EflQVTvnms2oNPqOE7GLhsfk3pLwoxVe7rC35E07YOD6thSURS7s
25 | GligtIWNines48XQ8tDynPf2AQI4VJLHqZ8+RgSW3S45M+spBlkGTkH/LtPIjE5F
26 | O3IZJBqaafeSbSwlahDY7gCFp/ol1BsGMhGnSK4zKEF++SdP4x+tsN4j0gDSAYPg
27 | Y3zSxqShCe0+62u3hQGJH++uytshC/Guctfv
28 | -----END CERTIFICATE REQUEST-----
29 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/csr/intermediate.csr.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE REQUEST-----
 2 | MIIE5jCCAs4CAQAwgaAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 3 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4x
 4 | LDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR8w
 5 | HQYDVQQDDBZpbnRlcm1lZGlhdGUtY2EuZ2l0aHViMIICIjANBgkqhkiG9w0BAQEF
 6 | AAOCAg8AMIICCgKCAgEAll8NE7J6MPYAqF4lTICid/jguLxwC1uvq8Jnj9HK+g+J
 7 | gP+4kEGRXT3/LeV2RCAcG33OvtITgEqMkj/D5fVujbpsPtG9FoLyDFStPnKblwkB
 8 | dp/X9BeguI5HGUrgXVNkpvxqcW821LmdnwHPLF7CbrlwNSXJkmExMFZNKzyohcdI
 9 | vQM9qorK2dAKa0YJBh1vSo9X9pCmaXDyhbWaR1BOInLmB60GH94MpBwL6jB2X5m8
10 | M52wWlxhZjlWDF1ROac1BFEtRbnlIwkkGml3G94twxA5vjdb0UE0vimRJnbIL7QR
11 | L/bQUjvJ2LG5yp67kc+lLd5E9OSvcBO07rzksywAB+fQCUuWdDZ8sw1lYPtti2g1
12 | ZJ27GlmtUmGwCpMUd39vH9pI9F1gPChL1shiKfy4RTHstA1f3++I7s0NxLoqivsu
13 | m7iSrLse9JKChjpsO4ab+Z7HM4v0iWMdpz3O26h4INr8Zxrntqy7imnmZZmcGAd8
14 | i71T1/GKpp1OYcdiBeAQHZJdpIzQYjDLvTXgvcGmx2Wn/jLBNo6nGyIme0eVkt/D
15 | knAskDr3rGrqlCXu+R2QOblQXYEf52TfC5FfUwIJuKbULAa3DCzhRH41AfoDkIp8
16 | FstVM4s7iep7tfv+76zunUxwj4s+4yd8zV67nIVuWa95s2CBwuko495r4KWogiUC
17 | AwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQBPrKarbvuT7jtdlA//OgVOOxBIVuPf
18 | 99eG3khYuVtiAUdCFvDcNjfqDrxtcTyoFhlX2nj71pPVvzzt8N5K/TmXfbQ/du5v
19 | EeoTSIf8dwOB5huymV4zrl10+MZyshth5X3d27zZh/i0A1Pxgrn/nrDyTNVCxV7x
20 | OSTr4ihuehxuINut463YyoZUDrBZnQKmy78HpnPLDCg+g2cLPqKT2HgEfq/3mLRu
21 | oVvbTyVYn8E0xLiPKsoCXKSPH2+aoXAss4mLMqMDzeyXG3DmS8Nx5RjVPtGxmvBQ
22 | 2GPBdEio12pctupeFznVzhxyt60aoZ+UsjJQcFvIZQJtDJm5Fy1O6hUz+JJomZ7p
23 | 6Tg9tw7VVHNMcx3Qe1fI+4aVq0ZWpRockGpclztNYo3P7CPnMV6fjMGo7vwRhSE0
24 | +wS+hV4C0vmgTcfHVdLt6QDjYYCteH+5u68AMtpBDjGPpRhIBCnw89D91/TZijYm
25 | Hsk90SrIQ5y0IArT/+pDdRy6I/A/qAadGyNi14DjVexsNFFH4vrkVRWX3QdcGxvX
26 | vkMPLlv1OQ9BP47ROWMJgUK3Nc++o+hg2lc8GmlAYZ4o2daRX5Pt3qaH/rxRob7D
27 | ZDKJLmrKoLmtckZJtofncsbum7qOeAmFszBTNs6e/Qv37VaZrMUxHWVZeZL6SLdG
28 | 8sbc6ngSu9zUyw==
29 | -----END CERTIFICATE REQUEST-----
30 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/csr/ldap-server.fake.csr.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE REQUEST-----
 2 | MIIC4DCCAcgCAQAwgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 3 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4x
 4 | LDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMRkw
 5 | FwYDVQQDDBBsZGFwLXNlcnZlci5mYWtlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 6 | MIIBCgKCAQEAxOfyPfi1TmXKIaeTNvK8i0HTpnt1/VTYAUVJRFLvZbKvhcz6qvO9
 7 | 3XVNQej+ZacGuSxh7NOKCOUGBc5K9P//Y1xAyH+FrvdP8Q73fY8yGcAWWvCAM9Z/
 8 | Hw22aPvSiiG4s1Lro4IRW2ubZcfkZAhkUTVLJCVqrXczxJ2KhqgbKdmTPa+xGhcd
 9 | tTHvX6NnKQHpYqfSH3OSabLx2YM6WYsC97OMGDFUpN3vObF6/YvgdU8qDKln7cB3
10 | Q3B2FaBxAccZEhmUvV+fsYLhNjVPMs/VvIWK6xD7TLaLnE2O19tRWUAGl4woaeby
11 | lwNsyqefJP0HrodnzYxvMEVNydNDKtCcYQIDAQABoAAwDQYJKoZIhvcNAQELBQAD
12 | ggEBAJGIcuQvJw6PANXkpVYJoRd09A37MLUPwIW2QJUtqezjwxa6y6YO3e/Y0f+3
13 | 5ILXsH/uUIq6YGs4tjS3K0Dob3TOksDNef++oTizmbFqCJt18a2dg395p//QT1u0
14 | WAt5eNb7dNcENNu5wwON6vf4DWq2u5H494bTVCh6WiDmK9sdDwx6tufX2FQUz98s
15 | xA1SPguRAqBBwDwhfX9gGi0vAi2TXVyKjoU7Ks7kr8KxJsF4YQIPSBXDPzmfZmjO
16 | WLzdJhrIBKua2E5F1rPZdRRXIEdEw/SvOFfrC4H09sAH590hl1j2G4MSHdikITvf
17 | OxmZPzUIcr4VSWDh+UE9yEkQp0c=
18 | -----END CERTIFICATE REQUEST-----
19 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/index.txt:
--------------------------------------------------------------------------------
1 | V	280227214747Z		1000	unknown	/C=US/ST=California/L=San Francisco/O=GitHub, Inc./OU=entitlements app acceptance test CA/CN=ldap-server.fake
2 | V	280801160158Z		1001	unknown	/C=US/ST=California/L=San Francisco/O=GitHub Inc./OU=Entitlements App/CN=github.fake
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/index.txt.attr:
--------------------------------------------------------------------------------
1 | unique_subject = yes
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/index.txt.attr.old:
--------------------------------------------------------------------------------
1 | unique_subject = yes
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/index.txt.old:
--------------------------------------------------------------------------------
1 | V	280227214747Z		1000	unknown	/C=US/ST=California/L=San Francisco/O=GitHub, Inc./OU=entitlements app acceptance test CA/CN=ldap-server.fake
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/newcerts/1000.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGDDCCA/SgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAq
 4 | BgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR8wHQYD
 5 | VQQDDBZpbnRlcm1lZGlhdGUtY2EuZ2l0aHViMB4XDTE4MDMwMTIxNDc0N1oXDTI4
 6 | MDIyNzIxNDc0N1owgZoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 7 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4x
 8 | LDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMRkw
 9 | FwYDVQQDDBBsZGFwLXNlcnZlci5mYWtlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
10 | MIIBCgKCAQEAxOfyPfi1TmXKIaeTNvK8i0HTpnt1/VTYAUVJRFLvZbKvhcz6qvO9
11 | 3XVNQej+ZacGuSxh7NOKCOUGBc5K9P//Y1xAyH+FrvdP8Q73fY8yGcAWWvCAM9Z/
12 | Hw22aPvSiiG4s1Lro4IRW2ubZcfkZAhkUTVLJCVqrXczxJ2KhqgbKdmTPa+xGhcd
13 | tTHvX6NnKQHpYqfSH3OSabLx2YM6WYsC97OMGDFUpN3vObF6/YvgdU8qDKln7cB3
14 | Q3B2FaBxAccZEhmUvV+fsYLhNjVPMs/VvIWK6xD7TLaLnE2O19tRWUAGl4woaeby
15 | lwNsyqefJP0HrodnzYxvMEVNydNDKtCcYQIDAQABo4IBajCCAWYwCQYDVR0TBAIw
16 | ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
17 | ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUuYHcULNnfwrZHwYk
18 | ImOnE0CUa5wwgcwGA1UdIwSBxDCBwYAUsNhZliK4oRjT1dCinkDurf0fS/OhgaSk
19 | gaEwgZ4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
20 | DA1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsM
21 | I2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRh
22 | Y2NlcHRhbmNlLWNhLmdpdGh1YoICEAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
23 | MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQBQPyaEjFKfTMYe2bSrCLt+
24 | UOrYfFdsEVxK4rtsKwLtSpHQXfD/tF/3XV0jOU/yP/bB40leQ8AzGBnZLKPbh0P2
25 | oaKqazBwd2aaCePUUXy831pM5v+NpRi2jX9gKjT1cAHLDjAYPt9Cd3D9IycWeand
26 | 8QWU5CzXCZrjDhDC8T7rplyO3bA2TwWnXt/BqsgKAIoGt/6EUR/YmQSL2K7ykU8Z
27 | UAN6Kx6P3dRNkQ/5RCXx65Tum2ogXUkE/w8GWNYB21VGWMPIp1v8i8uBESg9aHRU
28 | pQg6xOdAU1XekdFrau5JsNoYupPj125aAiKgLxvvz/xOpaQh0jQyzmlGH63i0nMv
29 | uF2c1CQRVpjEqPW5Ok5fDQLPJQ7PP49k/5Fl+uDgAEEmq3lpF0yYFmDr8gTMZ8mf
30 | sPahN6xZQCsIN3BlPkpuf0harHWhwyr1CTT1vSrcKdUGxeOxMPrjhZIYgDrpMAt8
31 | B1n7BGfLJqQJ7shjOpaqCv67qqDLWcbhMMKZYbdDgoQyhT1GjFNVcIgNFgOj9vCj
32 | 9GF6eInT0LuNQEfnXJ4V6JlswFS7A6L9Us5vAgg1HmAGqQ339Ljy6Py/nN5QwUGp
33 | cqVcWDioSZq0HSkPo753/NDTAfn/AeIS+Wn3BXHZpoXhmZplp3JL3MfP9Aww+ZnL
34 | xRYlA4mOUC6bNM9DVzw3AA==
35 | -----END CERTIFICATE-----
36 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/newcerts/1001.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIG8zCCBNugAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAq
 4 | BgNVBAsMI2VudGl0bGVtZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR8wHQYD
 5 | VQQDDBZpbnRlcm1lZGlhdGUtY2EuZ2l0aHViMB4XDTE4MDgwNDE2MDE1OFoXDTI4
 6 | MDgwMTE2MDE1OFowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
 7 | MRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKDAtHaXRIdWIgSW5jLjEZ
 8 | MBcGA1UECwwQRW50aXRsZW1lbnRzIEFwcDEUMBIGA1UEAwwLZ2l0aHViLmZha2Uw
 9 | ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTMuTl+HsK08zKp4VuuxSN
10 | BjAl2dsBkWy0cu6hdFg6x0RHVbVaYquSUSJJQ9P/YHZ/J0E0pZqCZ1DbVpm1HIhM
11 | S4A2mFwt8URAACOMAIXU2sRcujimaqd3zlKmLa8E7g9lrgqKwnMyZfUjs+69G/ao
12 | oLVv8np3XiJCKlSxezIEDnZjVKftb98wJzZEfvIS+Qw9/wKUt3Ou4SZQuytFoN+c
13 | 5KT4ebnxP9VFoeBexyVsus/ijCKafsqoEj8XvoApEP2FN8CpBIGxyotdLW3KIKz9
14 | zg/t/IXtpIgp3gtiWp4WUpBX1bchULQ78HGxAq66/oY3ZZbKUuOhm2th0QsubgGc
15 | s63djNYTcEhKMprjEO2BbGdgqkKkRlZQzX49hAMmFN632y0renArjOY3jGaVwEdF
16 | S+eFsMzavVkwGT6XmUMn6d3e9cXTdI+gxAgqGGjZ81LLbHFtXBq2ZVkMqe4oA7Lw
17 | SH8D+7tFFVlFzes3QFF84abCzAmMSlr2C+Q1G7PsoD4FfEfu3wfFDHI2K6bNmKoo
18 | Mhwga96TYzJATmPOWA+wrAY41yiKr3k/F4xNWDGRKedX7RBORouZ3dAJKoDm/8kw
19 | DmjXU7Ry3M15O2NHz2A0uAy6AWC3KOHXd9kSbuHJsBzCtTB6Nko4Sr0Pb6dy8OUg
20 | i9DmRA7IRONenHv1jYVtMwIDAQABo4IBajCCAWYwCQYDVR0TBAIwADARBglghkgB
21 | hvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNl
22 | cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnxVJuZ7xgP0URnJW1d3Vk8bGTvMw
23 | gcwGA1UdIwSBxDCBwYAUsNhZliK4oRjT1dCinkDurf0fS/OhgaSkgaEwgZ4xCzAJ
24 | BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJh
25 | bmNpc2NvMRUwEwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsMI2VudGl0bGVt
26 | ZW50cyBhcHAgYWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRhY2NlcHRhbmNl
27 | LWNhLmdpdGh1YoICEAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUF
28 | BwMBMA0GCSqGSIb3DQEBCwUAA4ICAQA1aUG7IlEcvSyM727yW/jXbhBLZSsbqRws
29 | lcrGa3QtvbxjhdERDmOuEsm5nxok8UJiix//0Ew3DDF3FmiyEiM1rKkYakntwIbP
30 | JmxLAXX2RXUqklJzvF+3CpU82XF31a34hDyoc2/DM64Ha9RiM17gSlwUfrRoOSmK
31 | REa33T6mQWid6VljcYzFabYHdTQkXDU7TiCwKOiZHgnrMPA1W+atvSIh2JWgVJdp
32 | w/dxxpOuE3dkL6WpntlWfSQHQToHbiyjDLhl918W9YHKQSRE2RHA3YoGE2gEdCz3
33 | HG/4Rrfp4WFRPUe1lscnm/5x6STQekHSLl+d56f+KBKQYl78VMUaDwbFrGaOok5u
34 | XUCyhRWsOnHVRhQWe6Y6j/ScBWuog1tKeYE18vxplREMjW9Zij6pnpuF7APaSks7
35 | KUfv3xrqSSCDpxXFU2W27DzdWeQHKTh+efunk1r22XdxgMA+b6xUyt/zMlfxuf9C
36 | HigcjjD7UFgw10bdV09ZjEZ43dwH+AhBVCcyf81gdiL3OOpGRW5QSSBwncyNxB8c
37 | n7Xo1FaF2Ao3X5Bwb5nYjdIbGHOSAfVcK4iTrltjxtVhPdvKs6aguircnol867nV
38 | WS0w/Mvt2gzbh06OCMOG2YoQvvUJuMtzKTnxLGOFNSLitcbkK5A3Y08a1gT+8bwa
39 | 9i4cSDAvaw==
40 | -----END CERTIFICATE-----
41 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/private/intermediate.key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | Proc-Type: 4,ENCRYPTED
 3 | DEK-Info: AES-256-CBC,CFB07176D5D8B7B07E48974FEB8AD84C
 4 | 
 5 | 7sYf/zN0GLFaV7YtBxh6IrDNf/nW0VMUz1rUuiUb3/0HrQnFh4xsm6KkNlDgKjH1
 6 | Ee5sHOhNeGTuQSHT8CZdCjc5OR2XfKzNuaVaSHY0FF2D1lg529Jut/aDMNZQbXKu
 7 | tlx1qRixuEYxYrH/Da16MDyykPIU7YYGqwwuSDfhDK2/z+yu8NLYm24gf+a/n0Jb
 8 | zBP03jdAS21e1DSsoNdxzPGDXQmCxv4PXmcpKNAyQV3dSSxiwAdXFqRVKfmiAK4Q
 9 | +HT9PDrSdWxBZgUeXhsRkB8v7AmHGPbHTLX2z4fYRy59edrxhD2c6zHmXrP1fPur
10 | MIrBQzkFIcZ3fZH4v1lVnYsy2n40fx4sHi1tU3AzYtKkFnH6Z5VFMCmwUJr65IHk
11 | RRvNDWs4CWbsgacqNlAFpRThNb4Rc+aght6TSCmCwxe2snOPtPIh6FKfHT3jYXES
12 | H91/gzTx6LdCG/qmo2xxdL2Y4LXihN9DkT5MBTioPT3ruDLnJvmYv4x32y+a/dz/
13 | 1uTpUBjdDBjLkpOLk6zTUrb24yuBk4cgnb86ZSXYt+42BEr7GuYnBZMM5yR+fzEO
14 | UNf+lJ2rMpb+TmTXamQRV3ijxnt00HnHvpk32pd9Kku7vELybr8IeemIKL/oVfcE
15 | n44zxS15uKolJpjjF7KdnHPwVycW5cuagHNmmRSXXiSO7uzDhbZHh1Dg4Fyka1AJ
16 | Dacc7yP9hVnSjhRCebm8N7b5JgoUGQw5z5Hh2bB8fF2QljDNDftQ2Iyhc1gVxIzI
17 | 6LA7NmGUEzDE5irUYEFW2+E1mw8zx0OIfyQ5+K0VpgFlZWZwOFo4jIbDZxnyEmTm
18 | CrgIux7Mx96kI9e8b7fVhTl4G5YeSBLmNeQU/+DWFOCIugg17qPpj/VAvlQbRWrN
19 | lfOQkIAox69ADCH6cJLDl4ZSE54Nl0nXifgM362PJDf9ZMirpDrAUcVifLFrtr23
20 | QG8lOUKXtQ5xL+hJ9CA9xCzWrQl6jByDYc1L5BI9VrgpoRySJJk5cWRtpAZKWuzv
21 | qaEnfLgq1tW77STQPw/BFSKWbBq2mLCMrYW+LJO0CV5CoNZkSRPn+7VMRNh/UtRF
22 | 82LENqMCJIDPNp3dt8hOSIXbeK686ET5Z/9QByVbPpcpLeKOGPaXI3vzOjAiHr+q
23 | gtNh7elbGV8nNLtew1HjWmXWTqO08rUqyGYMLEoLI2n+SSH74k/nyPVIzgbxH2EP
24 | lpanO0IlTt87gg9tatbhdaIyo8juBrtNEz2ogAsTefdH9AS4aRjM1lifRsTS6FqI
25 | pFOzzNAPPUqYpzCWSU7q4Po87Zkr53UaBzvBoSlFm1AHEXaMB3dGFZkxkD6E5J9Z
26 | VM3kWH2HO93pbg3NIkL+/H2L4upN8v0LsKJ7a9YCWcYFRE4MHHjxrEc/poEhLasR
27 | dPhCDpnJwVE43QHuerKIpMuVUvkeO4Dn8vn0sQr24pvwJf9dyqaxxIM0tIBMtetu
28 | 0SRd3qvutgeg8/JR9QJ1KBJB80hXKqJ8qaCnxXA3ExMBDd8fX7TONCrM0sQgnak4
29 | fnn4u1Y6d3byuDcHS9LRh4Nwr4dIpuO6mLonIyO9Xz7PqjU8iP4wdfPWiFUiPxG9
30 | CMBh4xeSlW3MqjTCPBYtplzCQ5ZMELp3pQq0DLMl/ZAurgGff+wn8RYoXx7TaaI9
31 | PBqk63NYyerQIdRAjvJW/z5mskU4/SmtCbZKNHjxpon5F3gBDLGWZF86hymAIYkH
32 | FIRnvYTP0g246vVul31kFwY7pKgSyFyQBN/3icDHEcsP5+t0k02kIC4wxmmiaWnl
33 | FEUnL6tMZZZujpGd8/3+x3K/A2OahkoXJVDW1zL9mQsgy6qinNyiEHLeaOYXasC5
34 | Ur4dhn3VfN0oxLPvxFzsKsWUsay+JKW8qPFlpDzw5AaeuAdahPKBTuw3TgLfHVyL
35 | F09Hy7VPz/TfoprKJmoVCWvRUpAsXch2x6F+xn5Rbb/hL00QdkuCPs8Ek7JTp+qC
36 | 1mqiAITUyuyDsQFgn/pgyUdLsr43IaJeOQNqPKm+7thd0SO89fy06DvCjvXb3A0O
37 | E9A2jTRd+jwGT1QtX7mmFZUb2ZUYqQd+DIaPHrQCAtvjqr1rybBCdxnbJa6Yp4y4
38 | U6v4b/4esTyl7LdmJfbs9PLT2ctMHZsgpNtAI75sWq8iM+HIY0kwrbziL8Kfx5SB
39 | BixcDZ4qBPeUwrijWYK6MiOARdfnwzbQoY+jPhnCizss7EUq7Y9Gt6Cia9X3a1VM
40 | GxqxOjzuPO3ijaH74w+V9YtOzurnjZ/C4nCdztutTbQYpX23M2E3AD1fqMiV83pl
41 | TvrDsK+gsXdDKhF30CgndIBjmiud1t1hHKPMfesQWq/SzKLozxSyEQi/WA0HEO5n
42 | EzMcLiNjR2p7Q5/aXO0KrrALiQsvxK7MNRF7hos1nGWytPW4CJdbRJ2mfkgGdRHG
43 | /z1fik9BQv7RrQv4tKvORlZnQrLxHU9SgEEpvjnS0aDCk2B5ki97W6vBzDPIUOnQ
44 | E3/lFsWjBQGMhINVxh7no0otLNKZaq4ZH+zw2Y+ILjATLbI4UppWAhpo1t08EYHz
45 | mgkER+qN6qNLan1uh3B0hIt3aYwYCjptey8tDRp1JfyUU+DaFtqDZWOOKkKDKUtT
46 | 2ecnSarm02G92FOnp7IDn5CvaFj/c9eF9UdZQkwZolcypbMvZi7w6xgtaFpkYuGZ
47 | ND7/7VOwh5fVefWP2t4fH+54NzRrLMsVQnIkcfVtVWGxLGRL260WSnNF8X3+yQ3m
48 | cj5HhQMn5+dTzwDCA/MSu8UlU1wMogG3IhTZ5vvbjuWM9Od5wm91ViMUTU4Alt0E
49 | 5kSq04X0ilQ9745gzuyCFL6fiMSiYVkzG4bfVn9eVGeqT5KgV8gyth05ByxfaWf5
50 | SHTGOKNqKhnSeWS+eN0NCDmDn6sGWZpSOFXDjNhjztugS/EE8qHUQqXxEhl0sCNp
51 | Jz4Fgdct62o/xW7iNYuJolN51iwdNIohdzbgdoqwEGnHcliEu93lxp79YdSY0IYN
52 | /QEhmQdK0ZhSOz2x/IY60oCM5W9+QNHq+Z5O61JnlHdElaEB6aN7jyq+jZiINrDP
53 | 1mFTeBtDJVVvESfmrHFJCZJ9H+u5LHhnZuiJRyAK6wIbgFoYutT71QaQToi33ZLd
54 | -----END RSA PRIVATE KEY-----
55 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/private/ldap-server.fake.key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | MIIEpAIBAAKCAQEAxOfyPfi1TmXKIaeTNvK8i0HTpnt1/VTYAUVJRFLvZbKvhcz6
 3 | qvO93XVNQej+ZacGuSxh7NOKCOUGBc5K9P//Y1xAyH+FrvdP8Q73fY8yGcAWWvCA
 4 | M9Z/Hw22aPvSiiG4s1Lro4IRW2ubZcfkZAhkUTVLJCVqrXczxJ2KhqgbKdmTPa+x
 5 | GhcdtTHvX6NnKQHpYqfSH3OSabLx2YM6WYsC97OMGDFUpN3vObF6/YvgdU8qDKln
 6 | 7cB3Q3B2FaBxAccZEhmUvV+fsYLhNjVPMs/VvIWK6xD7TLaLnE2O19tRWUAGl4wo
 7 | aebylwNsyqefJP0HrodnzYxvMEVNydNDKtCcYQIDAQABAoIBAQC1jAnsm4hHHVDN
 8 | 0NzJ9+phFzNWt1RlW7nBCinwZes2QBbXbdPclNkE++dckr8j6GkpiENNgQkvBEKW
 9 | TcsMs4+8A83zTqhqVroNTzhfOwz9cv7pn/8ETItujU0W5MAM/eR26kg6vGzWdpOT
10 | t0bb+GTN/y4lyJ3gDBzd9kdHum05GjTxeMbj38xJmsj6mdp8j9Q4RUC4v6kaNV/n
11 | jkHwtD90B/Ke1XLl8WozSaPWrh0DxSQ2TNB9uGIikRR10a5/dQhzER7O574slaPk
12 | ybnOyoFnKzWC3aeBlibZ62Rnwy89UPr/dfzyOGkZEvQBzxtVIRUSVFnyD3uuWav4
13 | EAUKQ4gBAoGBAOmbcs4zWDRt+wxdjQIy+LAIuT6ptd3+phvLBB2cbRCNxo4FwmG/
14 | uacCTJr4kvvUp87YR/mWhpH4mMVskOBlrwl5yNKOt9Ym/9xT+lPoMf7nrH1Whp9H
15 | bvvw4AWCT7yA7qp7lH+VRmI3qAD9i7TJa9e6fJ6dA/OHu1S8Cby9eZ4hAoGBANfH
16 | 4KLFxe5CP6zjMLQiS4hqVZLLda6l/Q3boWsp5YbV3IJVOEJJ0xYBOY4CVCon5DLw
17 | A3eTCjEIAiQqMHPkobxYILCgHFq0WX1FT3ryvzkk+jb3wyRMkSVWdNoPC3Xupfbq
18 | MfrGbbxFSwDzEaqYUay72pJSuJzQrPDdkvggBLZBAoGBAOcGycItOwUW41l2R1au
19 | bA1Dg1f6ZJb4GPSRkS9rnNzrKTsZbQRYpNUKzBHS1SHiTFaexIeMGufPb96HILwb
20 | M8DuRPIfHKXYid8u2fkTQCZ0nbySzq5E6fiVXid0mUC2TdIiR1jpmuLVYfwgw4J2
21 | VIXTsxz18YttZ5FEKWkUBWuhAoGAOmR9lq7chEBrSNbmTCjntc/IvoPOoeeLVl+0
22 | C/L3iQiAtshnBBFETTUhpRteOVY4O8yVs5sX6/LV2YGNQR+C4RwcJI//fFBH002Z
23 | V5UvSECIca2UolMSCD+gOY5OtKhTQ0FXKxzdf1BlHqmogzjbCVqAqI44JT+XPUtI
24 | xVqsy8ECgYB2IHRozu2VK/N4myWe6X0MbbMiQ0WVv71sOVa/Eb/WQOqpo89o3tI8
25 | 51gunM2hJZkkcdau76+LdMXs9cyUY5VYeYPIGFz6JAjp+H9P0LuhxaI2pppPQ6t9
26 | tMorvd5QK4u3xlJVS10OLTAlRU1xsRTtRqb9KglKWw+xLAvguwTvlg==
27 | -----END RSA PRIVATE KEY-----
28 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/private/ldap-server.fake.key.pem.with-password:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | Proc-Type: 4,ENCRYPTED
 3 | DEK-Info: AES-256-CBC,B87F38A2BC95F7921446E32017040B8C
 4 | 
 5 | 7v6YRnTkFRf2xFSSiSt/MYghO6S+MtiuJ4zmYiww1N/nb+B9lj/elxAwvTy6c8vM
 6 | e0hNOhOmzwWrOruTwTfpgKiq75ZA915t6c5DrP8ZpKAy+lAKeWFCl5Tpv/DGvwYv
 7 | id15yGwWb6mmhEYKjR83uM2S8enhWQb2l2jokols+7AEMAdnTafM+fbSKs0GeXrX
 8 | 0og8tEqBC7Eax8REmVpVeg3tLwXeRB8RJl7KsLk2Y8kUsUs0RAl8WRsEazhGEuJv
 9 | rFbsd0XjcRDSXJxnGEPjrscpc5nxE3lOgbI5xWWvBNZoFn0YF+qDuzyIbpM0I6e0
10 | lYnphYiEoGas+BjHmF5cGKa7fHuF68R4phxcI81XfDJXGj4R+eNSJOqkMFG2CvuH
11 | waqQRLgqE3xhewV2YY/FXJpFwFtlYz53yrAAlLFfyM56psTEyy2/zjazzV2yOVeh
12 | 3B791tLk0sIPQ4p9W36PFlvTqP3Eu7ZNHAD7X7ElluhuRLa5yuAhP5tACqRis/qu
13 | uB7OJ0iwH2eNoQO6Mkta/KVTek51ZDTN/cW+fyovJIEGS7hqsGzTtQ2ZLksrROIq
14 | nBPaiUaHP0Do4FBBgN4ebBSmoq+xdlZGJO+rPp9O2UYZx9LeKqh/ibCCwru01Pnb
15 | c+OYEUU3pMKN6NmWRfjw32IKaimv8IM+d7q0I18w2ZoSVE2mAorPqFi7009bl2XD
16 | WUL7LO4N7cHDeXtWWDEw4K/AQzb/0hCpEjpTnMPDBPGZmFxxWza6zTIEYFAcyURa
17 | tKPD4STYXvYrRi2cIpXzAsxxDK+Mfr/+GZMaQQD4DbdO9sTgvWCRwY8mvGkdNTUp
18 | Do+xgLy3argP3iMKgAMLXDzN1tu3/obKCp/JTTrp/DEtR/Sd8kNr2+xQ7IydezZs
19 | 6yLps7l89g/M2Apo4hEGEX3K+l+2dfmogv6zCmJQHIE1llJCXkdpvtuuI6eVP8U4
20 | ZNKPHQRJ/jJJHhizI2e2gfdbuWSdizNKOygVT9/Rk0RO846EqHBoEL+pavEthzq6
21 | vMAWqD/TN8KrLcnl98Q2d1myMjeyd49eVZ7trNLregk92qu5i7Twx3WsOArhV0Ke
22 | TybvGaoGmnA53MA3xKUaW8ImqSOMCH0sOtLA/5y7HBnPZtrDRP40Xz0hzozz2XgT
23 | qHt1hsqeLnBLvSzgkZDmHfDzUu/ssWnO03SmS51/umTFeDH5Sdoivo7mAhlobL4G
24 | moT4CPk1fVIWGF+c3b7MHbWVIW1FZbi2mcUqYyziR0kElzPe8X40+3Io0xccB6Ly
25 | tHA+oVm8u96l+K472ndWDsA3ggTs5GomVX3LIbFZl0veXl/2SGTBaCId9QaPPdP0
26 | uV38w4dndSSw7ZX76gPSlcxFEi383WSWobhgv7qdMyUe1G1Q+s/2U3O/uvZQO410
27 | BzJiz1XcPxCzHuH3TN7F+ZaHliB+oIM+eKUyNxTahZtnoWxCR7zOw9epxPoGHyWt
28 | eCzjDHxLpDas24z48Yi6YJuZwGxKrOB4af0IysmsePorDv9dv10NTnZ7TQepy/6P
29 | a/F83vqymcxO0HgKBVBYwlXBsg5OXEFXcnfVpl91vMlUQidvW4Q7IpdrctrgRUAT
30 | -----END RSA PRIVATE KEY-----
31 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/serial:
--------------------------------------------------------------------------------
1 | 1002
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/intermediate/serial.old:
--------------------------------------------------------------------------------
1 | 1001
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/newcerts/1000.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN CERTIFICATE-----
 2 | MIIGCjCCA/KgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZ4xCzAJBgNVBAYTAlVT
 3 | MRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRUw
 4 | EwYDVQQKDAxHaXRIdWIsIEluYy4xLDAqBgNVBAsMI2VudGl0bGVtZW50cyBhcHAg
 5 | YWNjZXB0YW5jZSB0ZXN0IENBMR0wGwYDVQQDDBRhY2NlcHRhbmNlLWNhLmdpdGh1
 6 | YjAeFw0xODAzMDEyMTQ0MThaFw0zNzExMTYyMTQ0MThaMIGIMQswCQYDVQQGEwJV
 7 | UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR2l0SHViLCBJbmMuMSww
 8 | KgYDVQQLDCNlbnRpdGxlbWVudHMgYXBwIGFjY2VwdGFuY2UgdGVzdCBDQTEfMB0G
 9 | A1UEAwwWaW50ZXJtZWRpYXRlLWNhLmdpdGh1YjCCAiIwDQYJKoZIhvcNAQEBBQAD
10 | ggIPADCCAgoCggIBAJZfDROyejD2AKheJUyAonf44Li8cAtbr6vCZ4/RyvoPiYD/
11 | uJBBkV09/y3ldkQgHBt9zr7SE4BKjJI/w+X1bo26bD7RvRaC8gxUrT5ym5cJAXaf
12 | 1/QXoLiORxlK4F1TZKb8anFvNtS5nZ8Bzyxewm65cDUlyZJhMTBWTSs8qIXHSL0D
13 | PaqKytnQCmtGCQYdb0qPV/aQpmlw8oW1mkdQTiJy5getBh/eDKQcC+owdl+ZvDOd
14 | sFpcYWY5VgxdUTmnNQRRLUW55SMJJBppdxveLcMQOb43W9FBNL4pkSZ2yC+0ES/2
15 | 0FI7ydixucqeu5HPpS3eRPTkr3ATtO685LMsAAfn0AlLlnQ2fLMNZWD7bYtoNWSd
16 | uxpZrVJhsAqTFHd/bx/aSPRdYDwoS9bIYin8uEUx7LQNX9/viO7NDcS6Kor7Lpu4
17 | kqy7HvSSgoY6bDuGm/mexzOL9IljHac9ztuoeCDa/Gca57asu4pp5mWZnBgHfIu9
18 | U9fxiqadTmHHYgXgEB2SXaSM0GIwy7014L3Bpsdlp/4ywTaOpxsiJntHlZLfw5Jw
19 | LJA696xq6pQl7vkdkDm5UF2BH+dk3wuRX1MCCbim1CwGtwws4UR+NQH6A5CKfBbL
20 | VTOLO4nqe7X7/u+s7p1McI+LPuMnfM1eu5yFblmvebNggcLpKOPea+ClqIIlAgMB
21 | AAGjZjBkMB0GA1UdDgQWBBSw2FmWIrihGNPV0KKeQO6t/R9L8zAfBgNVHSMEGDAW
22 | gBRBz6kdMvw+0jFsMUp2e7IetE1L6jASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1Ud
23 | DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEA3mt0BFljOxA2HuXV/vXdGBQY
24 | ErR2vGZNvS0DMBhBBZcWaILesFeBEiHxLXlDcSisvsK2LsN6s3N8AYPY9s6f6XQ1
25 | amSG9osfTouS2y/JqO3bbJSjL/pjz1/s1x/d9PwYPlEFeCniihAbwpQiYoyec0wh
26 | ihQ1vDs4wQBLD+Gj+gYhnUf35OWhBjVw+iu0/oIxjdmQEQS1Qe/zimk+CpmdGf5u
27 | rNWKDxs5TSskvCIwBdzh/hCvVuzk7fATc1pj5IaGi8I5o5070O4OJ5O2vLnKuwQw
28 | pr7AYRGvew08xaMKVXhnBa9rNyynwb6u6vOeks8C6WQF14i+0WPPk/vcyfQZv6t6
29 | lpD8kalzV94MbIM27HFY0dgboIhYFYJ31RGiC8lq1JYKdeBY2Z8eKRbmwrfvDiYU
30 | CYAVkYH2QHD3a/H5fuB0JR20Tt82+NKKsH+fZO+kCMRDRpmRzG/H7Aiahs4gwjqq
31 | 29jTFg2NGYyoBfyQELuHSM/iW7reHdg/F1WqUW7AGmoAtf0Jk1PGfIJbczRAGYqS
32 | FWh1X9nHvh51jg8arHPaRiYeLuSsjkYvnQGVhNnb+0q6M1H7tHZfKahuuUKeem4+
33 | 5l2eDeY3FlijQ6jtHOF4HsfJMlDTFLb6Adtl46Quh6zFJjkApldl6L9IuAbSffHV
34 | Kpfjbv8qMtY2qx/pYI0=
35 | -----END CERTIFICATE-----
36 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/private/ca.key.pem:
--------------------------------------------------------------------------------
 1 | -----BEGIN RSA PRIVATE KEY-----
 2 | Proc-Type: 4,ENCRYPTED
 3 | DEK-Info: AES-256-CBC,E318106249072FADE86EF6CF5D191E4B
 4 | 
 5 | VIUd2hIF6GO+5pEb7FKPILDgmWSDR7HDsydf/4wKhOLNfZBfuQ8zULoHEglq+vyb
 6 | PfATA4g5fDbFHZc3bExyIYu/p8jrp+55V2UFcBdickZWW86A13ciSemweIlpL/9M
 7 | OP0pXK6zI7Tqq3r96gEtrwMmmp0UMqUQwCCm5VQvi6PwkFMUrtuQBHADHbDsU2zD
 8 | 7wDgHJcAg8v+Rrvw/QYJ6HlOwEAsxWp03ID5qLP1KaTRG7+2yfegP/cNLAqwkzO3
 9 | +gYAdPxYw+sVOUcU+hmrIAvGkvtv8LAbyLaYzMKL6PD7ItZ0L8m65QD8gnpLiHSJ
10 | a48q+O4i63sDb7Qu4lbNjdF2+LqU6+zyS9SW/1C+b66Xu4nwMtXhdLMGunnTyj/U
11 | GHmbbgmYu3sA/JsXCpZ8gIBwWB/ZWktYD2GNhbBTAyE3yfk0rJKiZ7/8E8/ckxyH
12 | fadv7oaZ6wkT/OweL1Yk07/LgEPTiodi8gCKUUEUKztgTuD0U3DBhIT62UOXAywg
13 | cBlQq6fcCt8e8joVS2BttBsFsptb3xhZxfYkHZ6PelxFhQRelIsNq4c+cPqxidZU
14 | DbDfS0J1h3S8O8W7H9H12kw83nkeyds/wRck5F5HTWVjWNZoA1sBR57b/5SXKdPY
15 | FTqr2jeYxRFP0k1AnJri/8CIggAn3vDI3k5KM7AULz4GD27Z6pOTZIeFtb+kk7c9
16 | PVhYCZ35Kl6H023cZHJ9ssq1hvpQ5l4az1wHXMHIp9DnBgyXJ8bXMysmUhlzHr9L
17 | JuEMoX7+i82a23Yzf09ao7cMgHsp+cj/kESCWl5Wn8B1hazW1CyyZnUbyqlCwy7P
18 | 0bDWERnlwbzrDKbBHYsiL2ce872wq4aCf31RgE8j/Uy29hZHLKivFgdG0kjjEhOp
19 | /3YdRDfVlZwv5cAL+wEAb+E5NQ7A4p32zz/ej0goltbLRsrU0xg0A24Fu0lvsegf
20 | 2s+NTc2REu8RGGPrnRLg+1JS2QDoQOQa8Q7addwnTRvjOoc6VebnLm/L7SoU/3u6
21 | W7kdu62PQPaXsP8mltIMAFNO16dVridHHgBShXLzCUZ4xms5x5NZijvNYdMlHBnb
22 | H9acSkYEAUBHuU3b6WCdTPxpiLGhHit3zlB2FC4An485bfj4HoYjLj2CIi6wxama
23 | FLsVnrceCctGqoUb1Bg5uiy5EgvSPqfxVtD92BHZt3yefyh6bixVc+um8zagBXRR
24 | dSIfTzgIvTF1f7+J5IDAr4cNJ59Q8vBAMfYoodioiQ3m0vB0pHopTlXWMpufG1Pp
25 | ecdSZU3L5LrA+PIjoNgNxT99NaITyB8eBlhQTw9XKv8U1IuQr+/GIqdFTLHq9dZ9
26 | AlFhJaZ2jIJXwQpiqfsKojCnZZJcQuurbQRmkwe87rDbOmWnOIcxhCxCuMYwJIyF
27 | 7KKPlzzW1mVx+z+oGfMN0OhSHrpk1jKrCfw6IgaBXNi3tOHIyI9SIclV0BNLmWnm
28 | U1wTFI2DSuXSZsTRwSFl11F7ua2f/j2co3ioizkAwT0sV8UhIU5bpbVx258tV1Ke
29 | CiH42s8EkuGH8dTLZmXCrnLrioECLEO+HoxyzR8oz5k3rL0JJ6IAXlmM87nHEo46
30 | K7sBuvs1e/X6AoTS5mtUsIZMQwFVixMLWleyKj+SjI/+lyK07M+EY4b+vZWmkLIL
31 | 4gskDdNjBbxeFs0r3x4vFPLNcnyti4uPAkh3S9cSF4ya9wn/q5pfW0AX4HPXjyHI
32 | Aie36cBmO4ape81VBIXshLdXwKURT/EQ+UWu/ob409RFdX2/QjKJbwmWjHQcy2km
33 | 1GgRAyINOTvtvurJJ9Zd17ja9GFL+6LvPfFL2ULBZ385Mr7HZSrfNL9YGGx0ZvIe
34 | /E3FZcgejq5EkFuIJ9O1vWHQfCqU+nUNRR+q4T/a8sB0eCbPxfYkj7xvlVJoVKX2
35 | /btmo3BTxPk8Eo37d7nNGkgedC6aTdc9uKNUkIuFW3FffVugVIg5/nwSB1A2B0e/
36 | ClDapMs7Lgw5Rcnb0/C0eviNRPp5k+gJr8ZEqlTCQi0OGjDTz+1cnYkqmcbIywu3
37 | bF0OXj1BUywefoC5zpgXn3na2ykZ3d0PIF65P5Bt0EG+FB0smUYJ56L1iWWm8thp
38 | 6PB8NA9+OgdTWTTLsnLuRCzJk9JD+S+1gyECpK/PfZDg3h/ZEFs8H5xQBSpWULSA
39 | qfJaXiL9jOgai3jsBhwW30iIBYZUcYCqhS/RDsUFse3P+92/D+YzCj5qND19ZHSR
40 | 3iq5wEdqiQWuqV9X161Ivk9a7Xh+x+5E8ia5Gw+1sUCnJzXgi4ZOG/BCCceCQJw8
41 | aW3WxsEz9THbCrFrRJYIn8R80Z00h9cbqgH6ehCUu3UUrdhACEjPsCoIg7RG+mUc
42 | pU9kuQtsEcIFh3KxIEOKr88v8ox5wHdI7x87+GZGoudlPoTC8uONcMEUbggThOjZ
43 | TDpYovyUZw2F0Qvg4stgANxRjJvWDK1SODkT06ynRVZLG3eL3UKGnqXm8t6OP9AY
44 | XBDlAgefrvkQfm4L6KNMs8ZwzXJCc982VDsKwO4m0iHk8Ys3zDla51XoCpaQ0V0v
45 | dU35zy+dbyjG0DzuhkzJGjM3pH+8UmyXw3fnBKOaVCjhfHwAgrbX8j8Za15Dgt7R
46 | a7Js+kshtrGtlT+pZ8C5u/pmx4kzSHUzUAE1TKNoA6DMJVLJdL2/L6L3/Mym+EML
47 | V5zHIFVp2/8sRoz4hOYDinNw3ZzW9Gd8GN/8BElzhrnj9O8ybWeVb7LFe4NLFVck
48 | +G9khwZT/2/O7KK+gk/cCf7+5zWQMXdWTQz3OQOGLP7vjVuzWjxMhQUc+66WoqJo
49 | OdKQA4cG8tyBB3fq7HS4qu5b8tuWlQp2WUYxXsgcO/qXrbGvAgMJxAYih85fnofp
50 | RZavv5LQEfH+keTW0Gvd584SyqE/N1BQOsUAzhaLYPjGVd+90pYog+JBF1qtcjo/
51 | Oru5HOdBqytNjFPMcdCek4JdjDSUta8o5bR51BpEQ6KGl3Q3Gch0VT6ACENd5sb9
52 | 9ejcbUmdDusbDJn2LEqieNeyOsQUT6naCmwJCQY3nR5D1MGj0zJ1+FCCU6XW5eDW
53 | SiaClZ8rGsXqJabtOoXC4JiDidvDUR6nxJ863yt+Pxi9m/CHAwOKxv/J8ZD6LzBm
54 | -----END RSA PRIVATE KEY-----
55 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/serial:
--------------------------------------------------------------------------------
1 | 1001
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/ca/serial.old:
--------------------------------------------------------------------------------
1 | 1000
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | networks:
 4 |   ldap-network:
 5 |     internal: true
 6 | 
 7 | services:
 8 |   entitlements-gitrepo-auditor-plugin:
 9 |     build:
10 |       context: "${DIR}"
11 |       dockerfile: "spec/acceptance/Dockerfile.entitlements-gitrepo-auditor-plugin"
12 |     networks:
13 |       ldap-network:
14 |         aliases:
15 |           - entitlements-github-plugin.fake
16 |     volumes:
17 |       - "${DIR}/spec/acceptance:/acceptance:ro"
18 |       - "${DIR}/vendor/container-gems:/data/entitlements/vendor/gems:rw"
19 |   git-server:
20 |     entrypoint: /acceptance/git-server/run-server.sh
21 |     image: jkarlos/git-server-docker
22 |     networks:
23 |       ldap-network:
24 |         aliases:
25 |           - git-server.fake
26 |     ports:
27 |       - "127.0.0.1:22:22"
28 |     volumes:
29 |       - "${DIR}/spec/acceptance:/acceptance:ro"
30 |       - "${DIR}/spec/acceptance/git-server/keys:/git-server/keys:ro"
31 |   ldap-server:
32 |     entrypoint: /acceptance/ldap-server/run-server.sh
33 |     image: osixia/openldap:1.2.2
34 |     networks:
35 |       ldap-network:
36 |         aliases:
37 |           - ldap-server.fake
38 |     ports:
39 |       - "127.0.0.1:636:636"
40 |     volumes:
41 |       - "${DIR}/spec/acceptance:/acceptance:ro"
42 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/fixtures/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/config.yaml:
--------------------------------------------------------------------------------
 1 | <%-
 2 | require "/data/entitlements/lib/entitlements/auditor/gitrepo"
 3 | require "/data/entitlements/lib/entitlements/util/gitrepo"
 4 | -%>
 5 | ---
 6 | backends:
 7 |   dockerized-ldap:
 8 |     ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
 9 |     ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
10 |     ldap_uri: <%= ENV["LDAP_URI"] %>
11 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
12 |     type: ldap
13 | configuration_path: ./ldap-config
14 | auditors:
15 |   - auditor_class: GitRepo
16 |     checkout_directory: <%= ENV["GIT_REPO_CHECKOUT_DIRECTORY"] %>
17 |     commit_message: gitrepo-auditor
18 |     github_override: git@git-server.fake:/git-server/
19 |     git_name: Entitlements Acceptance Test
20 |     git_email: entitlements-acceptance-test@noreply.github.com
21 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
22 |     repo: repos/entitlements-audit
23 |     sshkey: |
24 |       LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMzVXUmNrWHRWemd5TFJCN080Mk00b0tVT1A5STBhV0tBVkpSbXhnTmZaMDRBWk8xCmdha0c4RWlvSktldHNaUFhVdzhVZkYyTzk5cjFiQ2dZUHREejVhZ0FmeDRBSS9IOGJBTlN3Z0hpWW9tdVd5VTIKMHZEaitBQndtdlc2ZGlUTFBwS01CUTM4SmhrYVh0TFdjMzkyUmZ5WXJiOE9kSTBrSStRQ1ZXaWgwWUoxeWxlVwp0Wjl3NXYvMkJoSVRXbmRiR1ZBeEQxSkdIUTVLb21aa2JPaE1XTGRRcjRzSTg5L0lJL1dZNUlHNUtJbDRkRTlICndoUHl4aiszQjFNQzlRVGkxZjJEQWdHUForVVlxK2xoR3ZGRnUzTjQxTmh1SzJnZTlBNnh0ODNDejh1elI0cEMKZ1EyckVrOHlIUmZic3FEQ1U5UUV3bnRVK2lBa285N0F0blloRFFJREFRQUJBb0lCQURmRTIvbXYvWXFDNXVrYwpzbEJoZDJITWhtSk5Nd0d3RStOT2dESjZabXNOdXptUmVYVzFEcGtDMW9ZR0dTb3hJVVdEZm0yaS9KVlFWV1U3Ci93ZzBJSklKUE01NFVqcWxFbnh5dThMT3E0UStxWEhzcjJjZ1ZReTROMTQvcXRuclJaTC9CTlFCOEFJa3d0SWkKTHdHeUtuTThsV3pKT2piU09kQ0dBQnNEdFZGSGpQV2JnNHpmY2dYMy9TNjFvRWVwM2pXenpaZFgwWkdOakpHRApjZGhKRWZqaGJkS2JkblZ3MzhqNjlsZ3k4b0h3ZUNVZ0FNMW4xN3JyeVhFRVJwTVdTSXpzdGUySG02K0x5WnllCmJUNVdUVkI0NW5lYXl6UGp2aHJYMGFFQUlQUDR4bHhDN1Y1bnN4cWlIYllkeGhvMDI1WWU1U0ExWGlNTEhrNUgKSXpubUxLRUNnWUVBOEdpZDhXdmErUUlCUXVFczZtQTRKbnBCR0U5SVRCMTEwMEwza1RCeVNZN0tva1RIczgxUApjbFFQZW44a1ZwUWVEQVVLUnpnTjJqaVNiRUNROWlJTllWS0xWZ0E1djZQeUJLUXZDeFZVTnhLeEFiOW16SmZCCjgzdUJrczFCbWVldUsyMDhudkVHcHBLakpZMk9ZaW42Yk9tVTNlM2ZRVE9xNnkzL3J5S2dvSlVDZ1lFQTdoV2YKd2JDajlZUDJqZFNIZHRvY0NNdHd0QUUyQTgvSVdwS0lVSW43S3IwM3V2M2pQMVpXbjRzYlcrQkRSS2VTbHIxWgpqTFZzbTBZeDVmMUdzeVdyNHo4ZG9MZTIyUmk2TW9PNTNrMVlXRlJBd0ZYRnh2Nk1NSGtadmxOdHc0VVpZQjh3ClVCWndjMnAyNkhXOG5qbncvV2R6bkN3SXBTamRHQjBCNjdYTGlKa0NnWUJJWFVWRm1WQ1ZhWndWbEpBZmtJejIKVUJCdUQ5ZFVTZjNnZEtUdWlDV3VySk9rR28zK09rdXl2MGpWZDVYcGxiWWhxaGE0NzArRUkwazMyb3VIK3lJSgo3SDNTaWtqWHZiS280UDdrR0N4OFUxMENpS21aNWdoVWtSV2txYklZY0p1RnFPRDVldFdrcURrQm9jVjlHT092Cml2UHJoYUdSRDh0ZjlUMmthd2pzclFLQmdRQytrL2lwcHFmWUk2WDhxaDgxZUNud3NFaXJEajBhbC95YzQ2YlMKTVdFb09RYWZYQlBINDJpN2xUSjFQUE1ieGJlRmlsUmdXZWx4OGFLSG8xSXduUHNXa0xNNnIxUmlPM1R3Y3BrWgo1WGZPWE1Mb01zQjZKZEE2RFBZYWI5WHhLRjNEbjdPZ3FCV2pqWmxaUXNXVk1uUkJvOG5iUFRRK1lKTjZkZDNQCnZGb01JUUtCZ1FDdllUU2VNM011aEhoT3NMMzV0cGNjZWVxNDRWbWQvdXZRTkZVaHRNR05MVWJLZVJjdmZvL0QKejMrMEZuTHJrMVBqdTR4Q1M4ZkZ3aHFXRVk4M1R1UGpFeHIrZ0Ztai83VXM0T0pGZ3lyL3hRSXlRaERYd1VIVQpzTkhpZzJUT2RFNFB1Mmt1UXFaRnlVUiswWXFnaFpuTE9WMWRmVG9nQzRkWlFLOEJPdjVpTGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
25 | extras:
26 |   ldap_group: {}
27 |   orgchart:
28 |     manager_map_file: ../common/manager-map.yaml
29 | groups:
30 |   entitlements:
31 |     base: ou=Expiration,ou=Entitlements,ou=Groups,dc=kittens,dc=net
32 |     create_if_missing: true
33 |     backend: dockerized-ldap
34 |   internal:
35 |     type: dummy
36 |     dir: ../../common/internal
37 |   pizza_teams:
38 |     type: dummy
39 | people:
40 |   ldap:
41 |     type: ldap
42 |     config:
43 |       base: ou=People,dc=kittens,dc=net
44 |       ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
45 |       ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
46 |       ldap_uri: <%= ENV["LDAP_URI"] %>
47 |       person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
48 |       additional_attributes:
49 |         - shellentitlements
50 | people_data_source: ldap
51 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/entitlements/empty.txt:
--------------------------------------------------------------------------------
1 | description = Empty entitlement because sub-entitlement is all expired
2 | group = pizza_teams/expired
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/entitlements/expired.txt:
--------------------------------------------------------------------------------
1 | description = Expired top level entitlement
2 | expiration = 2001-01-01
3 | group = pizza_teams/valid
4 | group = pizza_teams/partial
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/entitlements/full.txt:
--------------------------------------------------------------------------------
1 | description = Valid top level entitlement
2 | expiration = 2040-01-01
3 | group = pizza_teams/valid
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/entitlements/new.txt:
--------------------------------------------------------------------------------
1 | description = New top level entitlement
2 | expiration = 2040-01-01
3 | group = pizza_teams/valid
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/entitlements/wildcard.txt:
--------------------------------------------------------------------------------
1 | description = Valid top level entitlement
2 | group = pizza_teams/*
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/pizza_teams/expired.txt:
--------------------------------------------------------------------------------
1 | description = Expired entitlement
2 | expiration = 2001-01-01
3 | username = germanrex
4 | username = khaomanee
5 | username = napoleon
6 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/pizza_teams/partial.txt:
--------------------------------------------------------------------------------
1 | description = Partially expired entitlement
2 | username = ragamuffin; expiration = 2040-01-01
3 | username = blackmanx; expiration = 2001-01-01
4 | username = russianblue
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_changes/ldap-config/pizza_teams/valid.txt:
--------------------------------------------------------------------------------
1 | description = Non-expired entitlement
2 | expiration = 2040-01-01
3 | username = nebelung
4 | username = balinese
5 | username = serengeti
6 | username = cheetoh
7 | username = oJosazuLEs
8 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/config.yaml:
--------------------------------------------------------------------------------
 1 | <%-
 2 | require "/data/entitlements/lib/entitlements/auditor/gitrepo"
 3 | require "/data/entitlements/lib/entitlements/util/gitrepo"
 4 | -%>
 5 | ---
 6 | backends:
 7 |   dockerized-ldap:
 8 |     ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
 9 |     ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
10 |     ldap_uri: <%= ENV["LDAP_URI"] %>
11 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
12 |     type: ldap
13 | configuration_path: ./ldap-config
14 | auditors:
15 |   - auditor_class: GitRepo
16 |     checkout_directory: <%= ENV["GIT_REPO_CHECKOUT_DIRECTORY"] %>
17 |     commit_message: gitrepo-auditor
18 |     github_override: git@git-server.fake:/git-server/
19 |     git_name: Entitlements Acceptance Test
20 |     git_email: entitlements-acceptance-test@noreply.github.com
21 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
22 |     repo: repos/entitlements-audit
23 |     sshkey: |
24 |       LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMzVXUmNrWHRWemd5TFJCN080Mk00b0tVT1A5STBhV0tBVkpSbXhnTmZaMDRBWk8xCmdha0c4RWlvSktldHNaUFhVdzhVZkYyTzk5cjFiQ2dZUHREejVhZ0FmeDRBSS9IOGJBTlN3Z0hpWW9tdVd5VTIKMHZEaitBQndtdlc2ZGlUTFBwS01CUTM4SmhrYVh0TFdjMzkyUmZ5WXJiOE9kSTBrSStRQ1ZXaWgwWUoxeWxlVwp0Wjl3NXYvMkJoSVRXbmRiR1ZBeEQxSkdIUTVLb21aa2JPaE1XTGRRcjRzSTg5L0lJL1dZNUlHNUtJbDRkRTlICndoUHl4aiszQjFNQzlRVGkxZjJEQWdHUForVVlxK2xoR3ZGRnUzTjQxTmh1SzJnZTlBNnh0ODNDejh1elI0cEMKZ1EyckVrOHlIUmZic3FEQ1U5UUV3bnRVK2lBa285N0F0blloRFFJREFRQUJBb0lCQURmRTIvbXYvWXFDNXVrYwpzbEJoZDJITWhtSk5Nd0d3RStOT2dESjZabXNOdXptUmVYVzFEcGtDMW9ZR0dTb3hJVVdEZm0yaS9KVlFWV1U3Ci93ZzBJSklKUE01NFVqcWxFbnh5dThMT3E0UStxWEhzcjJjZ1ZReTROMTQvcXRuclJaTC9CTlFCOEFJa3d0SWkKTHdHeUtuTThsV3pKT2piU09kQ0dBQnNEdFZGSGpQV2JnNHpmY2dYMy9TNjFvRWVwM2pXenpaZFgwWkdOakpHRApjZGhKRWZqaGJkS2JkblZ3MzhqNjlsZ3k4b0h3ZUNVZ0FNMW4xN3JyeVhFRVJwTVdTSXpzdGUySG02K0x5WnllCmJUNVdUVkI0NW5lYXl6UGp2aHJYMGFFQUlQUDR4bHhDN1Y1bnN4cWlIYllkeGhvMDI1WWU1U0ExWGlNTEhrNUgKSXpubUxLRUNnWUVBOEdpZDhXdmErUUlCUXVFczZtQTRKbnBCR0U5SVRCMTEwMEwza1RCeVNZN0tva1RIczgxUApjbFFQZW44a1ZwUWVEQVVLUnpnTjJqaVNiRUNROWlJTllWS0xWZ0E1djZQeUJLUXZDeFZVTnhLeEFiOW16SmZCCjgzdUJrczFCbWVldUsyMDhudkVHcHBLakpZMk9ZaW42Yk9tVTNlM2ZRVE9xNnkzL3J5S2dvSlVDZ1lFQTdoV2YKd2JDajlZUDJqZFNIZHRvY0NNdHd0QUUyQTgvSVdwS0lVSW43S3IwM3V2M2pQMVpXbjRzYlcrQkRSS2VTbHIxWgpqTFZzbTBZeDVmMUdzeVdyNHo4ZG9MZTIyUmk2TW9PNTNrMVlXRlJBd0ZYRnh2Nk1NSGtadmxOdHc0VVpZQjh3ClVCWndjMnAyNkhXOG5qbncvV2R6bkN3SXBTamRHQjBCNjdYTGlKa0NnWUJJWFVWRm1WQ1ZhWndWbEpBZmtJejIKVUJCdUQ5ZFVTZjNnZEtUdWlDV3VySk9rR28zK09rdXl2MGpWZDVYcGxiWWhxaGE0NzArRUkwazMyb3VIK3lJSgo3SDNTaWtqWHZiS280UDdrR0N4OFUxMENpS21aNWdoVWtSV2txYklZY0p1RnFPRDVldFdrcURrQm9jVjlHT092Cml2UHJoYUdSRDh0ZjlUMmthd2pzclFLQmdRQytrL2lwcHFmWUk2WDhxaDgxZUNud3NFaXJEajBhbC95YzQ2YlMKTVdFb09RYWZYQlBINDJpN2xUSjFQUE1ieGJlRmlsUmdXZWx4OGFLSG8xSXduUHNXa0xNNnIxUmlPM1R3Y3BrWgo1WGZPWE1Mb01zQjZKZEE2RFBZYWI5WHhLRjNEbjdPZ3FCV2pqWmxaUXNXVk1uUkJvOG5iUFRRK1lKTjZkZDNQCnZGb01JUUtCZ1FDdllUU2VNM011aEhoT3NMMzV0cGNjZWVxNDRWbWQvdXZRTkZVaHRNR05MVWJLZVJjdmZvL0QKejMrMEZuTHJrMVBqdTR4Q1M4ZkZ3aHFXRVk4M1R1UGpFeHIrZ0Ztai83VXM0T0pGZ3lyL3hRSXlRaERYd1VIVQpzTkhpZzJUT2RFNFB1Mmt1UXFaRnlVUiswWXFnaFpuTE9WMWRmVG9nQzRkWlFLOEJPdjVpTGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
25 | extras:
26 |   ldap_group: {}
27 |   orgchart:
28 |     manager_map_file: ../common/manager-map.yaml
29 | groups:
30 |   entitlements:
31 |     base: ou=Expiration,ou=Entitlements,ou=Groups,dc=kittens,dc=net
32 |     create_if_missing: true
33 |     backend: dockerized-ldap
34 |   internal:
35 |     type: dummy
36 |     dir: ../../common/internal
37 |   pizza_teams:
38 |     type: dummy
39 | people:
40 |   ldap:
41 |     type: ldap
42 |     config:
43 |       base: ou=People,dc=kittens,dc=net
44 |       ldap_binddn: <%= ENV["LDAP_BINDDN"] %>
45 |       ldap_bindpw: <%= ENV["LDAP_BINDPW"] %>
46 |       ldap_uri: <%= ENV["LDAP_URI"] %>
47 |       person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
48 |       additional_attributes:
49 |         - shellentitlements
50 | people_data_source: ldap
51 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/entitlements/empty.txt:
--------------------------------------------------------------------------------
1 | description = Empty entitlement because sub-entitlement is all expired
2 | group = pizza_teams/expired
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/entitlements/expired.txt:
--------------------------------------------------------------------------------
1 | description = Expired top level entitlement
2 | expiration = 2001-01-01
3 | group = pizza_teams/valid
4 | group = pizza_teams/partial
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/entitlements/full.txt:
--------------------------------------------------------------------------------
1 | description = Valid top level entitlement
2 | expiration = 2040-01-01
3 | group = pizza_teams/valid
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/entitlements/partial.txt:
--------------------------------------------------------------------------------
1 | description = Valid top level entitlement
2 | expiration = 2040-01-01
3 | group = pizza_teams/partial
4 | group = pizza_teams/expired
5 | group = pizza_teams/full; expiration = 2001-01-01
6 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/entitlements/wildcard.txt:
--------------------------------------------------------------------------------
1 | description = Valid top level entitlement
2 | group = pizza_teams/*
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/pizza_teams/expired.txt:
--------------------------------------------------------------------------------
1 | description = Expired entitlement
2 | expiration = 2001-01-01
3 | username = germanrex
4 | username = khaomanee
5 | username = napoleon
6 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/pizza_teams/partial.txt:
--------------------------------------------------------------------------------
1 | description = Partially expired entitlement
2 | username = ragamuffin; expiration = 2040-01-01
3 | username = blackmanx; expiration = 2001-01-01
4 | username = russianblue
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/auditor_setup/ldap-config/pizza_teams/valid.txt:
--------------------------------------------------------------------------------
1 | description = Non-expired entitlement
2 | expiration = 2040-01-01
3 | username = nebelung
4 | username = balinese
5 | username = serengeti
6 | username = cheetoh
7 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/common/internal/contractors.txt:
--------------------------------------------------------------------------------
1 | description = Listing of contractors
2 | username = pixiebob
3 | username = serengeti
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/common/internal/pre-hires.txt:
--------------------------------------------------------------------------------
1 | description = Listing of pre-hires
2 | username = chartreux
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/common/manager-map.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | nebelung:
  3 |   status:
  4 |   - employee
  5 |   manager: ojosazules
  6 | pixiebob:
  7 |   status:
  8 |   - contractor
  9 |   manager: balinese
 10 | balinese:
 11 |   status:
 12 |   - employee
 13 |   manager: peterbald
 14 | serengeti:
 15 |   status:
 16 |   - contractor
 17 |   manager: balinese
 18 | germanrex:
 19 |   status:
 20 |   - employee
 21 |   manager: bengal
 22 | khaomanee:
 23 |   status:
 24 |   - employee
 25 |   manager: ojosazules
 26 | napoleon:
 27 |   status:
 28 |   - employee
 29 |   manager: napoleon
 30 | blackmanx:
 31 |   status:
 32 |   - employee
 33 |   manager: mainecoon
 34 | chausie:
 35 |   status:
 36 |   - employee
 37 |   manager: ojosazules
 38 | orientallonghair:
 39 |   status:
 40 |   - employee
 41 |   manager: napoleon
 42 | korat:
 43 |   status:
 44 |   - employee
 45 |   manager: balinese
 46 | oregonrex:
 47 |   status:
 48 |   - employee
 49 |   manager: donskoy
 50 | donskoy:
 51 |   status:
 52 |   - employee
 53 |   manager: foldex
 54 | russianblue:
 55 |   status:
 56 |   - employee
 57 |   manager: mainecoon
 58 | ragamuffin:
 59 |   status:
 60 |   - employee
 61 |   manager: mainecoon
 62 | foldex:
 63 |   status:
 64 |   - employee
 65 |   manager: orientallonghair
 66 | cheetoh:
 67 |   status:
 68 |   - employee
 69 |   manager: ojosazules
 70 | peterbald:
 71 |   status:
 72 |   - employee
 73 |   manager: orientallonghair
 74 | mainecoon:
 75 |   status:
 76 |   - employee
 77 |   manager: balinese
 78 | cyprus:
 79 |   status:
 80 |   - employee
 81 |   manager: ojosazules
 82 | desertlynx:
 83 |   status:
 84 |   - employee
 85 |   manager: bengal
 86 | minskin:
 87 |   status:
 88 |   - employee
 89 |   manager: balinese
 90 | chartreux:
 91 |   status:
 92 |   - pre-hire
 93 |   manager: bengal
 94 | ojosazules:
 95 |   status:
 96 |   - employee
 97 |   manager: donskoy
 98 | bobtail:
 99 |   status:
100 |   - employee
101 |   manager: bengal
102 | bengal:
103 |   status:
104 |   - employee
105 |   manager: balinese
106 | abyssinian:
107 |   status:
108 |   - former
109 |   manager: balinese
110 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/dummy-ou-special/bacon.txt:
--------------------------------------------------------------------------------
1 | username = maiNecOON
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/dummy-ou/ragamuffin.txt:
--------------------------------------------------------------------------------
1 | username = RagaMuffin
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/dummy-ou/tony.txt:
--------------------------------------------------------------------------------
1 | username = ojosazules
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/app-aws-primary-admins.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: Admin access to primary AWS account
 3 | rules:
 4 |   or:
 5 |     - entitlements_group: pizza_teams/grumpy-cat
 6 |     - group: pizza_teams/colonel-meow
 7 |       expiration: "2050-01-01"
 8 |     - group: pizza_teams/keyboard-cat
 9 |       expiration: "2001-01-01"
10 | expiration: "2043-01-01"
11 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/empty-but-ok-2.txt:
--------------------------------------------------------------------------------
1 | description = Group for testing empty membership
2 | username = RAGAMUFFIn
3 | entitlements_group = pizza_teams/empty-but-ok
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/empty-but-ok-3.txt:
--------------------------------------------------------------------------------
1 | description = Group for testing empty membership
2 | username = RAGAMUFFIn
3 | username = BlackManx
4 | group != pizza_teams/empty-but-ok
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/empty-but-ok.txt:
--------------------------------------------------------------------------------
1 | description = Group for testing empty membership
2 | group = pizza_teams/empty-but-ok
3 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/expire-later.yaml:
--------------------------------------------------------------------------------
1 | description: Group for testing entitlement expiration
2 | expiration: 2043-01-01
3 | rules:
4 |   or:
5 |     - username: blackmanx
6 |     - username: nebelung
7 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/expired-empty-entitlement.txt:
--------------------------------------------------------------------------------
1 | description = Group for testing entitlement expiration
2 | username = blackmanx; expiration = 2001-01-01
3 | username = nebelung; expiration = 2001-01-01
4 | expiration = 2001-01-01
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/expired-entitlement.txt:
--------------------------------------------------------------------------------
1 | description = Group for testing entitlement expiration
2 | username = blackmanx
3 | username = nebelung
4 | expiration = 2001-01-01
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/foo-bar-app/baz.txt:
--------------------------------------------------------------------------------
1 | description = This is in a sub-ou
2 | username = RUssianblue; expiration = 2050-01-01
3 | username = BlackManx; expiration = 2050-01-01
4 | username = mainecoon; expiration = 2001-01-01
5 | expiration = 2043-01-01
6 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/groupofnames/baz.txt:
--------------------------------------------------------------------------------
1 | description = This is in a sub-ou
2 | username = russianblue
3 | username = BLACKMANX
4 | metadata_gid_number = 12345
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/entitlements/groupofnames/sparkles.txt:
--------------------------------------------------------------------------------
1 | description = This is in a sub-ou
2 | group = dummy-ou/ragamuffin
3 | metadata_gid_number = 23456
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/github-org/admin.txt:
--------------------------------------------------------------------------------
1 | username = blackmanx
2 | username = ragamuffin
3 | username = mainecoon
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/github-org/member.txt:
--------------------------------------------------------------------------------
1 | entitlements_group = github/*
2 | entitlements_group != github-org/admin
3 | username = donskoy
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/github/colonel-meow.txt:
--------------------------------------------------------------------------------
1 | description = Fake team on fake GitHub
2 | group = pizza_teams/colonel-meow; expiration = 2050-01-01
3 | username = russianblue; expiration = 2001-01-01
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/github/employees.txt:
--------------------------------------------------------------------------------
 1 | description = Fake team on fake GitHub
 2 | metadata_team_id = 4
 3 | username = blackmanx
 4 | username = russianblue
 5 | entitlements_group = dummy-ou-renamed/bacon
 6 | username = RagaMuffin
 7 | username = cheetoh
 8 | username = khaomanee
 9 | username = nebelung
10 | group = dummy-ou/tony
11 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/github/grumpy-cat.txt:
--------------------------------------------------------------------------------
1 | description = Fake team on fake GitHub
2 | group = pizza_teams/grumpy-cat; expiration = 2050-01-01
3 | username = foldex; expiration = 2001-01-01
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/pizza_teams/colonel-meow.yaml:
--------------------------------------------------------------------------------
 1 | # By virtue of filename this creates pizza_teams/colonel-meow
 2 | 
 3 | ---
 4 | description: Forever known as @russianblue's old team, just kidding
 5 | rules:
 6 |   management: ojosazules
 7 |   expiration: "2050-01-01"
 8 | metadata:
 9 |   foo: bar
10 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/pizza_teams/empty-but-ok-2.txt:
--------------------------------------------------------------------------------
1 | description = This group will some day be empty but that's OK
2 | username = fluffy_kitteninator
3 | metadata_no_members_ok = true
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/pizza_teams/empty-but-ok.txt:
--------------------------------------------------------------------------------
1 | description = This group will some day be empty but that's OK
2 | username = BlackManx
3 | username = fluffy_kitteninator
4 | metadata_no_members_ok = true
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/pizza_teams/grumpy-cat.rb:
--------------------------------------------------------------------------------
 1 | # frozen_string_literal: true
 2 | # By virtue of filename this creates cn=grumpy-cat,ou=pizza_teams,dc=kittens,dc=net
 3 | 
 4 | module Entitlements
 5 |   class Rule
 6 |     class PizzaTeams
 7 |       class GrumpyCat < Entitlements::Rule::Base
 8 |         description "Member of the ultra-impressive and super-awesome grumpy-cat team"
 9 | 
10 |         def members
11 |           Set.new([Entitlements.cache[:people_obj].read("BlackManx")])
12 |         end
13 | 
14 |         def metadata
15 |           { "foo" => "bar" }
16 |         end
17 |       end
18 |     end
19 |   end
20 | end
21 | 


--------------------------------------------------------------------------------
/spec/acceptance/fixtures/initial_run/ldap-config/pizza_teams/keyboard-cat.txt:
--------------------------------------------------------------------------------
1 | # Keyboard Cat team
2 | description = All of Keyboard Cat
3 | management = DONSKoy; expiration = 2050-01-01
4 | metadata_foo = bar
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/git-server/README.md:
--------------------------------------------------------------------------------
1 | # git-server
2 | 
3 | Docker hub: https://hub.docker.com/r/jkarlos/git-server-docker/
4 | GitHub: https://github.com/jkarlosb/git-server-docker
5 | 
6 | The key in this repo was generated specifically for this docker container and is only used for this acceptance test. This key has not been uploaded to GitHub and must not be used anywhere else.
7 | 


--------------------------------------------------------------------------------
/spec/acceptance/git-server/keys/id_rsa.pub:
--------------------------------------------------------------------------------
1 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDflZFyRe1XODItEHs7jYzigpQ4/0jRpYoBUlGbGA19nTgBk7WBqQbwSKgkp62xk9dTDxR8XY732vVsKBg+0PPlqAB/HgAj8fxsA1LCAeJiia5bJTbS8OP4AHCa9bp2JMs+kowFDfwmGRpe0tZzf3ZF/Jitvw50jSQj5AJVaKHRgnXKV5a1n3Dm//YGEhNad1sZUDEPUkYdDkqiZmRs6ExYt1Cviwjz38gj9ZjkgbkoiXh0T0fCE/LGP7cHUwL1BOLV/YMCAY9n5Rir6WEa8UW7c3jU2G4raB70DrG3zcLPy7NHikKBDasSTzIdF9uyoMJT1ATCe1T6ICSj3sC2diEN git-server-docker-example
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/git-server/private/id_rsa.base64:
--------------------------------------------------------------------------------
1 | LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMzVXUmNrWHRWemd5TFJCN080Mk00b0tVT1A5STBhV0tBVkpSbXhnTmZaMDRBWk8xCmdha0c4RWlvSktldHNaUFhVdzhVZkYyTzk5cjFiQ2dZUHREejVhZ0FmeDRBSS9IOGJBTlN3Z0hpWW9tdVd5VTIKMHZEaitBQndtdlc2ZGlUTFBwS01CUTM4SmhrYVh0TFdjMzkyUmZ5WXJiOE9kSTBrSStRQ1ZXaWgwWUoxeWxlVwp0Wjl3NXYvMkJoSVRXbmRiR1ZBeEQxSkdIUTVLb21aa2JPaE1XTGRRcjRzSTg5L0lJL1dZNUlHNUtJbDRkRTlICndoUHl4aiszQjFNQzlRVGkxZjJEQWdHUForVVlxK2xoR3ZGRnUzTjQxTmh1SzJnZTlBNnh0ODNDejh1elI0cEMKZ1EyckVrOHlIUmZic3FEQ1U5UUV3bnRVK2lBa285N0F0blloRFFJREFRQUJBb0lCQURmRTIvbXYvWXFDNXVrYwpzbEJoZDJITWhtSk5Nd0d3RStOT2dESjZabXNOdXptUmVYVzFEcGtDMW9ZR0dTb3hJVVdEZm0yaS9KVlFWV1U3Ci93ZzBJSklKUE01NFVqcWxFbnh5dThMT3E0UStxWEhzcjJjZ1ZReTROMTQvcXRuclJaTC9CTlFCOEFJa3d0SWkKTHdHeUtuTThsV3pKT2piU09kQ0dBQnNEdFZGSGpQV2JnNHpmY2dYMy9TNjFvRWVwM2pXenpaZFgwWkdOakpHRApjZGhKRWZqaGJkS2JkblZ3MzhqNjlsZ3k4b0h3ZUNVZ0FNMW4xN3JyeVhFRVJwTVdTSXpzdGUySG02K0x5WnllCmJUNVdUVkI0NW5lYXl6UGp2aHJYMGFFQUlQUDR4bHhDN1Y1bnN4cWlIYllkeGhvMDI1WWU1U0ExWGlNTEhrNUgKSXpubUxLRUNnWUVBOEdpZDhXdmErUUlCUXVFczZtQTRKbnBCR0U5SVRCMTEwMEwza1RCeVNZN0tva1RIczgxUApjbFFQZW44a1ZwUWVEQVVLUnpnTjJqaVNiRUNROWlJTllWS0xWZ0E1djZQeUJLUXZDeFZVTnhLeEFiOW16SmZCCjgzdUJrczFCbWVldUsyMDhudkVHcHBLakpZMk9ZaW42Yk9tVTNlM2ZRVE9xNnkzL3J5S2dvSlVDZ1lFQTdoV2YKd2JDajlZUDJqZFNIZHRvY0NNdHd0QUUyQTgvSVdwS0lVSW43S3IwM3V2M2pQMVpXbjRzYlcrQkRSS2VTbHIxWgpqTFZzbTBZeDVmMUdzeVdyNHo4ZG9MZTIyUmk2TW9PNTNrMVlXRlJBd0ZYRnh2Nk1NSGtadmxOdHc0VVpZQjh3ClVCWndjMnAyNkhXOG5qbncvV2R6bkN3SXBTamRHQjBCNjdYTGlKa0NnWUJJWFVWRm1WQ1ZhWndWbEpBZmtJejIKVUJCdUQ5ZFVTZjNnZEtUdWlDV3VySk9rR28zK09rdXl2MGpWZDVYcGxiWWhxaGE0NzArRUkwazMyb3VIK3lJSgo3SDNTaWtqWHZiS280UDdrR0N4OFUxMENpS21aNWdoVWtSV2txYklZY0p1RnFPRDVldFdrcURrQm9jVjlHT092Cml2UHJoYUdSRDh0ZjlUMmthd2pzclFLQmdRQytrL2lwcHFmWUk2WDhxaDgxZUNud3NFaXJEajBhbC95YzQ2YlMKTVdFb09RYWZYQlBINDJpN2xUSjFQUE1ieGJlRmlsUmdXZWx4OGFLSG8xSXduUHNXa0xNNnIxUmlPM1R3Y3BrWgo1WGZPWE1Mb01zQjZKZEE2RFBZYWI5WHhLRjNEbjdPZ3FCV2pqWmxaUXNXVk1uUkJvOG5iUFRRK1lKTjZkZDNQCnZGb01JUUtCZ1FDdllUU2VNM011aEhoT3NMMzV0cGNjZWVxNDRWbWQvdXZRTkZVaHRNR05MVWJLZVJjdmZvL0QKejMrMEZuTHJrMVBqdTR4Q1M4ZkZ3aHFXRVk4M1R1UGpFeHIrZ0Ztai83VXM0T0pGZ3lyL3hRSXlRaERYd1VIVQpzTkhpZzJUT2RFNFB1Mmt1UXFaRnlVUiswWXFnaFpuTE9WMWRmVG9nQzRkWlFLOEJPdjVpTGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
2 | 


--------------------------------------------------------------------------------
/spec/acceptance/git-server/run-server.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | set -e
 4 | 
 5 | # Create our fake git repo into the /git-server/repos directory.
 6 | rm -rf /git-server/repos
 7 | mkdir -p /git-server/repos/entitlements-audit
 8 | cd /git-server/repos/entitlements-audit
 9 | git config --global user.email "entitlements-acceptance-test@github.com"
10 | git config --global user.name "Hubot"
11 | git init --shared=true
12 | echo "# entitlements-audit Sample Repo" > README.md
13 | git add .
14 | git commit -m "initialize repo"
15 | cd /git-server/repos
16 | git clone --bare entitlements-audit entitlements-audit.git
17 | 
18 | # Invoke git-server's entrypoint.
19 | cd /git-server
20 | sh start.sh
21 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/env/default.startup.yaml:
--------------------------------------------------------------------------------
 1 | # This is the default image startup configuration file
 2 | # this file define environment variables used during the container **first start** in **startup files**.
 3 | 
 4 | # This file is deleted right after startup files are processed for the first time,
 5 | # after that all these values will not be available in the container environment.
 6 | # This helps to keep your container configuration secret.
 7 | # more information : https://github.com/osixia/docker-light-baseimage
 8 | 
 9 | # Required and used for new ldap server only
10 | LDAP_ORGANISATION: Kittens are Awesome, Inc.
11 | LDAP_DOMAIN: kittens.net
12 | LDAP_BASE_DN: dc=kittens,dc=net
13 | 
14 | LDAP_ADMIN_PASSWORD: admin
15 | LDAP_CONFIG_PASSWORD: config
16 | 
17 | LDAP_READONLY_USER: false
18 | LDAP_READONLY_USER_USERNAME: readonly
19 | LDAP_READONLY_USER_PASSWORD: readonly
20 | 
21 | LDAP_RFC2307BIS_SCHEMA: false
22 | 
23 | # Backend
24 | LDAP_BACKEND: hdb
25 | 
26 | # Tls
27 | LDAP_TLS: true
28 | LDAP_TLS_CRT_FILENAME: ldap.crt
29 | LDAP_TLS_KEY_FILENAME: ldap.key
30 | LDAP_TLS_CA_CRT_FILENAME: ca.crt
31 | 
32 | LDAP_TLS_ENFORCE: true
33 | LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
34 | LDAP_TLS_VERIFY_CLIENT: never
35 | 
36 | # Replication
37 | LDAP_REPLICATION: false
38 | 
39 | # Do not change the ldap config
40 | # - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
41 | #   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
42 | # - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
43 | KEEP_EXISTING_CONFIG: false
44 | 
45 | # Remove config after setup
46 | LDAP_REMOVE_CONFIG_AFTER_SETUP: true
47 | 
48 | # ssl-helper environment variables prefix
49 | LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
50 | 
51 | SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
52 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/env/default.yaml:
--------------------------------------------------------------------------------
 1 | # This is the default image configuration file
 2 | # These values will persists in container environment.
 3 | 
 4 | # All environment variables used after the container first start
 5 | # must be defined here.
 6 | # more information : https://github.com/osixia/docker-light-baseimage
 7 | 
 8 | # General container configuration
 9 | # see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels.
10 | LDAP_LOG_LEVEL: 0
11 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/bootstrap/03-ldapi.ldif:
--------------------------------------------------------------------------------
1 | dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
2 | changetype: modify
3 | delete: olcAccess
4 | -
5 | add: olcAccess
6 | olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
7 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/data/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/01-config/bump-sizelimit.ldif:
--------------------------------------------------------------------------------
1 | dn: cn=config
2 | changetype: modify
3 | replace: olcSizeLimit
4 | olcSizeLimit: 5000
5 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/05-ou/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/data/05-ou/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/05-ou/alumni-ou.ldif:
--------------------------------------------------------------------------------
1 | dn: ou=Alumni,dc=kittens,dc=net
2 | objectClass: organizationalUnit
3 | ou: alumni
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/05-ou/groups-ou.ldif:
--------------------------------------------------------------------------------
1 | dn: ou=Groups,dc=kittens,dc=net
2 | objectClass: organizationalUnit
3 | ou: groups
4 | 
5 | dn: ou=Staff_Account,ou=Groups,dc=kittens,dc=net
6 | objectClass: organizationalUnit
7 | ou: groups
8 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/05-ou/people-ou.ldif:
--------------------------------------------------------------------------------
1 | dn: ou=People,dc=kittens,dc=net
2 | objectClass: organizationalUnit
3 | ou: people
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/10-ou-custom/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/data/10-ou-custom/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/10-ou-custom/groups-entitlements-ou.ldif:
--------------------------------------------------------------------------------
1 | dn: ou=Entitlements,ou=Groups,dc=kittens,dc=net
2 | objectClass: organizationalUnit
3 | ou: groups
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/10-ou-custom/groups-pizza_teams-ou.ldif:
--------------------------------------------------------------------------------
1 | dn: ou=Pizza_Teams,ou=Groups,dc=kittens,dc=net
2 | objectClass: organizationalUnit
3 | ou: groups
4 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-groups/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/data/20-groups/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-groups/cn=colonel-meow,ou=Staff_Account,ou=Groups,dc=github,dc=net.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=colonel-meow,ou=Staff_Account,ou=Groups,dc=kittens,dc=net
 2 | cn: colonel-meow
 3 | description: Colonel Meow
 4 | objectclass: groupOfUniqueNames
 5 | owner: cn=colonel-meow,ou=Staff_Account,ou=Groups,dc=kittens,dc=net
 6 | owner: cn=org-eng-sec-it,ou=Groups,dc=kittens,dc=net
 7 | uniquemember: uid=NEBELUNg,ou=People,dc=kittens,dc=net
 8 | uniquemember: uid=khaomanee,ou=People,dc=kittens,dc=net
 9 | uniquemember: uid=russianblue,ou=People,dc=kittens,dc=net
10 | uniquemember: uid=cheetoh,ou=People,dc=kittens,dc=net
11 | uniquemember: uid=cyprus,ou=People,dc=kittens,dc=net
12 | uniquemember: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
13 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-groups/cn=garfield,ou=Staff_Account,ou=Groups,dc=github,dc=net.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=garfield,ou=Staff_Account,ou=Groups,dc=kittens,dc=net
 2 | cn: garfield
 3 | description: garfield
 4 | objectclass: groupOfUniqueNames
 5 | owner: cn=garfield,ou=Staff_Account,ou=Groups,dc=kittens,dc=net
 6 | owner: cn=org-eng-sec-it,ou=Groups,dc=kittens,dc=net
 7 | uniquemember: uid=blackmanx,ou=People,dc=kittens,dc=net
 8 | uniquemember: uid=korat,ou=People,dc=kittens,dc=net
 9 | uniquemember: uid=russianblue,ou=People,dc=kittens,dc=net
10 | uniquemember: uid=RAGAMUFFIn,ou=People,dc=kittens,dc=net
11 | uniquemember: uid=peterbald,ou=People,dc=kittens,dc=net
12 | uniquemember: uid=mainecoon,ou=People,dc=kittens,dc=net
13 | uniquemember: uid=minskin,ou=People,dc=kittens,dc=net
14 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-groups/cn=lockout,ou=Groups,dc=github,dc=net.ldif:
--------------------------------------------------------------------------------
1 | dn: cn=lockout,ou=Groups,dc=kittens,dc=net
2 | cn: lockout
3 | description: Lost devices
4 | objectclass: groupOfUniqueNames
5 | owner: cn=garfield,ou=Staff_Account,ou=Groups,dc=kittens,dc=net
6 | owner: cn=org-eng-sec-it,ou=Groups,dc=kittens,dc=net
7 | uniquemember: uid=cheetoh,ou=People,dc=kittens,dc=net
8 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/spec/acceptance/ldap-server/ldif/data/20-people/.gitkeep


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person01.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=NEBELUNg,ou=People,dc=kittens,dc=net
 2 | cn: NEBELUNg
 3 | displayname: NEBELUNg
 4 | employeenumber: 000001
 5 | gecos: NEBELUNg
 6 | gidnumber: 100
 7 | givenname: NEBELUNg
 8 | homedirectory: /home/NEBELUNg
 9 | loginshell: /bin/bash
10 | mail: NEBELUNg@kittens.net
11 | manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: NEBELUNg
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: NEBELUNg
31 | uidnumber: 20244
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person02.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=pixiebob,ou=People,dc=kittens,dc=net
 2 | cn: pixiebob
 3 | displayname: pixiebob
 4 | employeenumber: 000002
 5 | gecos: pixiebob
 6 | gidnumber: 100
 7 | givenname: pixiebob
 8 | homedirectory: /home/pixiebob
 9 | loginshell: /bin/bash
10 | mail: pixiebob@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: pixiebob
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: pixiebob
31 | uidnumber: 20245
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person03.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=balinese,ou=People,dc=kittens,dc=net
 2 | cn: balinese
 3 | displayname: balinese
 4 | employeenumber: 000003
 5 | gecos: balinese
 6 | gidnumber: 100
 7 | givenname: balinese
 8 | homedirectory: /home/balinese
 9 | loginshell: /bin/bash
10 | mail: balinese@kittens.net
11 | manager: uid=peterbald,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: balinese
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: balinese
31 | uidnumber: 20246
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person04.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=serengeti,ou=People,dc=kittens,dc=net
 2 | cn: serengeti
 3 | displayname: serengeti
 4 | employeenumber: 000004
 5 | gecos: serengeti
 6 | gidnumber: 100
 7 | givenname: serengeti
 8 | homedirectory: /home/serengeti
 9 | loginshell: /bin/bash
10 | mail: serengeti@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: serengeti
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: serengeti
31 | uidnumber: 20247
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person05.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=germanrex,ou=People,dc=kittens,dc=net
 2 | cn: germanrex
 3 | displayname: germanrex
 4 | employeenumber: 000005
 5 | gecos: germanrex
 6 | gidnumber: 100
 7 | givenname: germanrex
 8 | homedirectory: /home/germanrex
 9 | loginshell: /bin/bash
10 | mail: germanrex@kittens.net
11 | manager: uid=bengal,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: germanrex
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: germanrex
31 | uidnumber: 20248
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person06.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=khaomanee,ou=People,dc=kittens,dc=net
 2 | cn: khaomanee
 3 | displayname: khaomanee
 4 | employeenumber: 000006
 5 | gecos: khaomanee
 6 | gidnumber: 100
 7 | givenname: khaomanee
 8 | homedirectory: /home/khaomanee
 9 | loginshell: /bin/bash
10 | mail: khaomanee@kittens.net
11 | manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: khaomanee
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: khaomanee
31 | uidnumber: 20249
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person07.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=napoleon,ou=People,dc=kittens,dc=net
 2 | cn: napoleon
 3 | displayname: napoleon
 4 | employeenumber: 000007
 5 | gecos: napoleon
 6 | gidnumber: 100
 7 | givenname: napoleon
 8 | homedirectory: /home/napoleon
 9 | loginshell: /bin/bash
10 | mail: napoleon@kittens.net
11 | manager: uid=napoleon,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: napoleon
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: napoleon
31 | uidnumber: 20250
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person08.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=blackmanx,ou=People,dc=kittens,dc=net
 2 | cn: blackmanx
 3 | displayname: blackmanx
 4 | employeenumber: 000008
 5 | gecos: blackmanx
 6 | gidnumber: 100
 7 | givenname: blackmanx
 8 | homedirectory: /home/blackmanx
 9 | loginshell: /bin/bash
10 | mail: blackmanx@kittens.net
11 | manager: uid=mainecoon,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: blackmanx
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: blackmanx
31 | uidnumber: 20251
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person09.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=chausie,ou=People,dc=kittens,dc=net
 2 | cn: chausie
 3 | displayname: chausie
 4 | employeenumber: 000009
 5 | gecos: chausie
 6 | gidnumber: 100
 7 | givenname: chausie
 8 | homedirectory: /home/chausie
 9 | loginshell: /bin/bash
10 | mail: chausie@kittens.net
11 | manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: chausie
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: chausie
31 | uidnumber: 20252
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person10.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=orientallonghair,ou=People,dc=kittens,dc=net
 2 | cn: orientallonghair
 3 | displayname: orientallonghair
 4 | employeenumber: 000010
 5 | gecos: orientallonghair
 6 | gidnumber: 100
 7 | givenname: orientallonghair
 8 | homedirectory: /home/orientallonghair
 9 | loginshell: /bin/bash
10 | mail: orientallonghair@kittens.net
11 | manager: uid=napoleon,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: orientallonghair
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: orientallonghair
31 | uidnumber: 20253
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person11.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=korat,ou=People,dc=kittens,dc=net
 2 | cn: korat
 3 | displayname: korat
 4 | employeenumber: 000011
 5 | gecos: korat
 6 | gidnumber: 100
 7 | givenname: korat
 8 | homedirectory: /home/korat
 9 | loginshell: /bin/bash
10 | mail: korat@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: korat
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: korat
31 | uidnumber: 20254
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person12.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=oregonrex,ou=People,dc=kittens,dc=net
 2 | cn: oregonrex
 3 | displayname: oregonrex
 4 | employeenumber: 000012
 5 | gecos: oregonrex
 6 | gidnumber: 100
 7 | givenname: oregonrex
 8 | homedirectory: /home/oregonrex
 9 | loginshell: /bin/bash
10 | mail: oregonrex@kittens.net
11 | manager: uid=DONSKoy,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: oregonrex
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: oregonrex
31 | uidnumber: 20255
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person13.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=DONSKoy,ou=People,dc=kittens,dc=net
 2 | cn: DONSKoy
 3 | displayname: DONSKoy
 4 | employeenumber: 000013
 5 | gecos: DONSKoy
 6 | gidnumber: 100
 7 | givenname: DONSKoy
 8 | homedirectory: /home/DONSKoy
 9 | loginshell: /bin/bash
10 | mail: DONSKoy@kittens.net
11 | manager: uid=foldex,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: DONSKoy
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: DONSKoy
31 | uidnumber: 20256
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person14.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=russianblue,ou=People,dc=kittens,dc=net
 2 | cn: russianblue
 3 | displayname: russianblue
 4 | employeenumber: 000014
 5 | gecos: russianblue
 6 | gidnumber: 100
 7 | givenname: russianblue
 8 | homedirectory: /home/russianblue
 9 | loginshell: /bin/bash
10 | mail: russianblue@kittens.net
11 | manager: uid=mainecoon,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: russianblue
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: russianblue
31 | uidnumber: 20257
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person15.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=RAGAMUFFIn,ou=People,dc=kittens,dc=net
 2 | cn: RAGAMUFFIn
 3 | displayname: RAGAMUFFIn
 4 | employeenumber: 000015
 5 | gecos: RAGAMUFFIn
 6 | gidnumber: 100
 7 | givenname: RAGAMUFFIn
 8 | homedirectory: /home/RAGAMUFFIn
 9 | loginshell: /bin/bash
10 | mail: RAGAMUFFIn@kittens.net
11 | manager: uid=mainecoon,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: RAGAMUFFIn
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: RAGAMUFFIn
31 | uidnumber: 20258
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person16.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=foldex,ou=People,dc=kittens,dc=net
 2 | cn: foldex
 3 | displayname: foldex
 4 | employeenumber: 000016
 5 | gecos: foldex
 6 | gidnumber: 100
 7 | givenname: foldex
 8 | homedirectory: /home/foldex
 9 | loginshell: /bin/bash
10 | mail: foldex@kittens.net
11 | manager: uid=orientallonghair,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: foldex
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: foldex
31 | uidnumber: 20259
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person17.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=cheetoh,ou=People,dc=kittens,dc=net
 2 | cn: cheetoh
 3 | displayname: cheetoh
 4 | employeenumber: 000017
 5 | gecos: cheetoh
 6 | gidnumber: 100
 7 | givenname: cheetoh
 8 | homedirectory: /home/cheetoh
 9 | loginshell: /bin/bash
10 | mail: cheetoh@kittens.net
11 | manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: cheetoh
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: cheetoh
31 | uidnumber: 20260
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person18.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=peterbald,ou=People,dc=kittens,dc=net
 2 | cn: peterbald
 3 | displayname: peterbald
 4 | employeenumber: 000018
 5 | gecos: peterbald
 6 | gidnumber: 100
 7 | givenname: peterbald
 8 | homedirectory: /home/peterbald
 9 | loginshell: /bin/bash
10 | mail: peterbald@kittens.net
11 | manager: uid=orientallonghair,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: peterbald
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: peterbald
31 | uidnumber: 20261
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person19.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=mainecoon,ou=People,dc=kittens,dc=net
 2 | cn: mainecoon
 3 | displayname: mainecoon
 4 | employeenumber: 000019
 5 | gecos: mainecoon
 6 | gidnumber: 100
 7 | givenname: mainecoon
 8 | homedirectory: /home/mainecoon
 9 | loginshell: /bin/bash
10 | mail: mainecoon@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: mainecoon
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: mainecoon
31 | uidnumber: 20262
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person20.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=cyprus,ou=People,dc=kittens,dc=net
 2 | cn: cyprus
 3 | displayname: cyprus
 4 | employeenumber: 000020
 5 | gecos: cyprus
 6 | gidnumber: 100
 7 | givenname: cyprus
 8 | homedirectory: /home/cyprus
 9 | loginshell: /bin/bash
10 | mail: cyprus@kittens.net
11 | manager: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: cyprus
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: cyprus
31 | uidnumber: 20263
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person21.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=desertlynx,ou=People,dc=kittens,dc=net
 2 | cn: desertlynx
 3 | displayname: desertlynx
 4 | employeenumber: 000021
 5 | gecos: desertlynx
 6 | gidnumber: 100
 7 | givenname: desertlynx
 8 | homedirectory: /home/desertlynx
 9 | loginshell: /bin/bash
10 | mail: desertlynx@kittens.net
11 | manager: uid=bengal,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: desertlynx
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: desertlynx
31 | uidnumber: 20264
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person22.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=minskin,ou=People,dc=kittens,dc=net
 2 | cn: minskin
 3 | displayname: minskin
 4 | employeenumber: 000022
 5 | gecos: minskin
 6 | gidnumber: 100
 7 | givenname: minskin
 8 | homedirectory: /home/minskin
 9 | loginshell: /bin/bash
10 | mail: minskin@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: minskin
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: minskin
31 | uidnumber: 20265
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person23.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=chartreux,ou=People,dc=kittens,dc=net
 2 | cn: chartreux
 3 | displayname: chartreux
 4 | employeenumber: 000023
 5 | gecos: chartreux
 6 | gidnumber: 100
 7 | givenname: chartreux
 8 | homedirectory: /home/chartreux
 9 | loginshell: /bin/bash
10 | mail: chartreux@kittens.net
11 | manager: uid=bengal,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: chartreux
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: chartreux
31 | uidnumber: 20266
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person24.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
 2 | cn: oJosazuLEs
 3 | displayname: oJosazuLEs
 4 | employeenumber: 000024
 5 | gecos: oJosazuLEs
 6 | gidnumber: 100
 7 | givenname: oJosazuLEs
 8 | homedirectory: /home/oJosazuLEs
 9 | loginshell: /bin/bash
10 | mail: oJosazuLEs@kittens.net
11 | manager: uid=DONSKoy,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: oJosazuLEs
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: oJosazuLEs
31 | uidnumber: 20267
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person25.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=bobtail,ou=People,dc=kittens,dc=net
 2 | cn: bobtail
 3 | displayname: bobtail
 4 | employeenumber: 000025
 5 | gecos: bobtail
 6 | gidnumber: 100
 7 | givenname: bobtail
 8 | homedirectory: /home/bobtail
 9 | loginshell: /bin/bash
10 | mail: bobtail@kittens.net
11 | manager: uid=bengal,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: bobtail
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: bobtail
31 | uidnumber: 20268
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person26.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=bengal,ou=People,dc=kittens,dc=net
 2 | cn: bengal
 3 | displayname: bengal
 4 | employeenumber: 000026
 5 | gecos: bengal
 6 | gidnumber: 100
 7 | givenname: bengal
 8 | homedirectory: /home/bengal
 9 | loginshell: /bin/bash
10 | mail: bengal@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: bengal
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: bengal
31 | uidnumber: 20269
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/20-people/person27.ldif:
--------------------------------------------------------------------------------
 1 | dn: uid=abyssinian,ou=People,dc=kittens,dc=net
 2 | cn: abyssinian
 3 | displayname: abyssinian
 4 | employeenumber: 000027
 5 | gecos: abyssinian
 6 | gidnumber: 100
 7 | givenname: abyssinian
 8 | homedirectory: /home/abyssinian
 9 | loginshell: /bin/bash
10 | mail: abyssinian@kittens.net
11 | manager: uid=balinese,ou=People,dc=kittens,dc=net
12 | objectclass: top
13 | objectclass: person
14 | objectclass: organizationalPerson
15 | objectclass: inetOrgPerson
16 | objectclass: posixAccount
17 | objectclass: simpleSecurityObject
18 | objectclass: shadowAccount
19 | objectclass: entitlementsUser
20 | postaladdress: 123 Cuddle Drive, Purrville CA 12345
21 | postalcode: 12345
22 | shadowinactive: 15
23 | shadowlastchange: 16252
24 | shadowmax: 120
25 | shadowmin: 0
26 | shadowwarning: 15
27 | sn: abyssinian
28 | street: 123 Cuddle Drive
29 | telephonenumber: +12005551212
30 | uid: abyssinian
31 | uidnumber: 20270
32 | userpassword:: e0JDUllQVH0kMmEkMTAkMTdIazZxSExIanM5a2JyMkN0WUk4T1pLUkZQa3ZQ
33 |  WWRtWEE1dFNiSUxKVzNxTU1DU2VEQ08=
34 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/ldif/data/99-bind-account/emmy.ldif:
--------------------------------------------------------------------------------
 1 | dn: ou=Service_Accounts,dc=kittens,dc=net
 2 | objectClass: organizationalUnit
 3 | ou: people
 4 | 
 5 | dn: uid=emmy,ou=Service_Accounts,dc=kittens,dc=net
 6 | objectClass: account
 7 | objectClass: simpleSecurityObject
 8 | uid: emmy
 9 | userpassword: kittens
10 | 
11 | dn: olcDatabase={1}hdb,cn=config
12 | changetype: modify
13 | delete: olcAccess
14 | -
15 | add: olcAccess
16 | olcAccess: to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
17 | olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
18 |   by self manage by users manage by * none
19 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/run-server.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # This is the script that runs INSIDE the LDAP server container when it first boots up.
  4 | # This script should:
  5 | #   1) Configure certificates and anything else in the OS
  6 | #   2) Load in the schema and data fixtures
  7 | #   3) Start the LDAP server process
  8 | # Remember: The `spec/acceptance` directory from the repo will be mounted read-only on `/acceptance`
  9 | # in this container, so use that to your advantage!
 10 | 
 11 | [ -z "$LDAP_DOMAIN_SUFFIX" ] && export LDAP_DOMAIN_SUFFIX="dc=kittens,dc=net"
 12 | 
 13 | # Method to wait for LDAP server to become available
 14 | wait_for_server() {
 15 |   COUNTER=0
 16 |   while [ $COUNTER -lt 30 ]; do
 17 |     let COUNTER=COUNTER+1
 18 |     if /usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b "$LDAP_DOMAIN_SUFFIX" >/dev/null 2>&1; then
 19 |       return 0
 20 |     fi
 21 |     echo "Waiting for openldap to become available... ${COUNTER}/30" 1>&2
 22 |     sleep 1
 23 |   done
 24 |   echo "LDAP server did not become available after 30 seconds. :shrug:" 1>&2
 25 |   exit 1
 26 | }
 27 | 
 28 | # Kill existing data
 29 | rm -rf /var/lib/ldap/*
 30 | rm -rf /etc/ldap/slapd.d/*
 31 | 
 32 | # Pre-install our certificates
 33 | rm -f /container/service/slapd/assets/certs/*
 34 | cp /acceptance/ca/intermediate/private/ldap-server.fake.key.pem /container/service/slapd/assets/certs/ldap.key
 35 | cp /acceptance/ca/intermediate/certs/ldap-server.fake.cert.pem /container/service/slapd/assets/certs/ldap.crt
 36 | cp /acceptance/ca/intermediate/certs/ca-chain.cert.pem /container/service/slapd/assets/certs/ca.crt
 37 | cp /acceptance/ldap-server/tls/dhparam.pem /container/service/slapd/assets/certs/dhparam.pem
 38 | chown -R root:root /container/service/slapd/assets/certs
 39 | 
 40 | # Pre-install our configuration environment
 41 | rm -f /container/environment/99-default/*.yaml
 42 | cp /acceptance/ldap-server/env/*.yaml /container/environment/99-default
 43 | 
 44 | # Pre-install our schema (after killing most of the defaults from the container)
 45 | rm -f /container/service/slapd/assets/config/bootstrap/ldif/0[345]*.ldif
 46 | rm -rf /container/service/slapd/assets/config/bootstrap/schema/mmc
 47 | rm -f /etc/ldap/schema/*
 48 | cp /acceptance/ldap-server/schema/* /etc/ldap/schema/
 49 | cp /acceptance/ldap-server/ldif/bootstrap/*.ldif /container/service/slapd/assets/config/bootstrap/ldif
 50 | 
 51 | # Launch openldap
 52 | nohup /usr/bin/python -u /container/tool/run -l info &
 53 | OPENLDAP_PID=$!
 54 | 
 55 | # Wait for the process to be running and connectable
 56 | wait_for_server
 57 | 
 58 | # Add any schema items that are missing
 59 | for file in /etc/ldap/schema/*.ldif; do
 60 |   # Loading some of these configs can prompt a server restart. Avoid a race condition
 61 |   # by verifying that the server is running before trying to do anything.
 62 |   wait_for_server
 63 | 
 64 |   SCHEMA=$(basename "$file" | sed -e 's/\.ldif$//')
 65 |   if /usr/bin/ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=config' 2>/dev/null | grep -q "dn: cn={[0-9]*}${SCHEMA},cn=schema,cn=config"; then
 66 |     echo "Schema ${SCHEMA} already loaded"
 67 |     echo ""
 68 |   else
 69 |     echo "Loading schema ${SCHEMA}"
 70 |     /usr/bin/ldapadd -Y EXTERNAL -H ldapi:// -f "/etc/ldap/schema/${SCHEMA}.ldif"
 71 |   fi
 72 | done
 73 | 
 74 | # Loading some of the above configs can prompt a server restart. Avoid a race condition
 75 | # by verifying that the server is running before trying to do anything.
 76 | wait_for_server
 77 | 
 78 | # Install our data
 79 | cd /acceptance/ldap-server/ldif/data
 80 | for dir in *; do
 81 |   # Need to skip if there aren't any files in that directory.
 82 |   if ls "$dir/"*.ldif >/dev/null 2>&1; then
 83 |     :
 84 |   else
 85 |     continue
 86 |   fi
 87 | 
 88 |   for ldif in "${dir}"/*.ldif; do
 89 |     echo "Starting to import: ${ldif}"
 90 |     if /usr/bin/ldapadd -Y EXTERNAL -H ldapi:/// < "$ldif" > "/tmp/result.out" 2>&1; then
 91 |       echo "Success: Committed ${ldif}"
 92 |     else
 93 |       echo "FAILURE: Could not commit ${ldif}"
 94 |       cat "/tmp/result.out"
 95 |       kill -9 "$OPENLDAP_PID"
 96 |       exit 255
 97 |     fi
 98 |   done
 99 | done
100 | 
101 | echo ""
102 | echo "Hey there, I'm all done setting up! The LDAP server is running on port 636. Test away!"
103 | echo ""
104 | 
105 | # Wait for openldap
106 | wait $OPENLDAP_PID
107 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/README:
--------------------------------------------------------------------------------
 1 | This directory contains user application schema definitions for use
 2 | with slapd(8).
 3 | 
 4 | File                    Description
 5 | ----                    -----------
 6 | collective.schema       Collective attributes (experimental)
 7 | corba.schema            Corba Object
 8 | core.schema             OpenLDAP "core"
 9 | cosine.schema           COSINE Pilot
10 | duaconf.schema          Client Configuration (work in progress)
11 | dyngroup.schema			Dynamic Group (experimental)
12 | inetorgperson.schema    InetOrgPerson
13 | java.schema             Java Object
14 | misc.schema             Miscellaneous Schema (experimental)
15 | nadf.schema             North American Directory Forum (obsolete)
16 | nis.schema              Network Information Service (experimental)
17 | openldap.schema         OpenLDAP Project (FYI)
18 | ppolicy.schema          Password Policy Schema (work in progress)
19 | 
20 | Additional "generally useful" schema definitions can be submitted
21 | using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
22 | Submissions should include a stable reference to a mature, open
23 | technical specification (e.g., an RFC) for the schema.
24 | 
25 | The core.ldif and openldap.ldif files are equivalent to their
26 | corresponding .schema files. They have been provided as examples
27 | for use with the dynamic configuration backend. These example files
28 | are not actually necessary since slapd will automatically convert any
29 | included *.schema files into LDIF when converting a slapd.conf file
30 | to a configuration database, but they serve as a model of how to
31 | convert schema files in general.
32 | 
33 | ---
34 | 
35 | This notice applies to all files in this directory.
36 | 
37 | Copyright 1998-2014 The OpenLDAP Foundation, Redwood City, California, USA
38 | All rights reserved.
39 | 
40 | Redistribution and use in source and binary forms, with or without
41 | modification, are permitted only as authorized by the OpenLDAP
42 | Public License.  A copy of this license is available at
43 | http://www.OpenLDAP.org/license.html or in file LICENSE in the
44 | top-level directory of the distribution.
45 | 
46 | ---
47 | 
48 | This notice applies to all schema in this directory which are derived
49 | from RFCs and other IETF documents.
50 | 
51 | Portions Copyright 1991-2004, The Internet Society.  All Rights Reserved.
52 | 
53 | This document and translations of it may be copied and furnished
54 | to others, and derivative works that comment on or otherwise explain
55 | it or assist in its implementation may be prepared, copied, published
56 | and distributed, in whole or in part, without restriction of any
57 | kind, provided that the above copyright notice and this paragraph  
58 | are included on all such copies and derivative works.  However,
59 | this document itself may not be modified in any way, such as by      
60 | removing the copyright notice or references to the Internet Society
61 | or other Internet organizations, except as needed for the  purpose
62 | of developing Internet standards in which case the procedures for
63 | copyrights defined in the Internet Standards process must be
64 | followed, or as required to translate it into languages other than
65 | English.
66 | 
67 | The limited permissions granted above are perpetual and will not
68 | be revoked by the Internet Society or its successors or assigns.
69 | 
70 | This document and the information contained herein is provided on
71 | an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
72 | INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
73 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
74 | OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY       
75 | IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
76 | PURPOSE.
77 | 
78 | 
79 | ---
80 | $OpenLDAP$
81 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/collective.ldif:
--------------------------------------------------------------------------------
 1 | # collective.ldif -- Collective attribute schema
 2 | # $OpenLDAP$
 3 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 4 | ##
 5 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 6 | ## All rights reserved.
 7 | ##
 8 | ## Redistribution and use in source and binary forms, with or without
 9 | ## modification, are permitted only as authorized by the OpenLDAP
10 | ## Public License.
11 | ##
12 | ## A copy of this license is available in the file LICENSE in the
13 | ## top-level directory of the distribution or, alternatively, at
14 | ## <http://www.OpenLDAP.org/license.html>.
15 | #
16 | ## Portions Copyright (C) The Internet Society (2003).
17 | ## Please see full copyright statement below.
18 | #
19 | # From RFC 3671 [portions trimmed]:
20 | # 	Collective Attributes in LDAP
21 | #
22 | # This file was automatically generated from collective.schema; see that file
23 | # for complete references.
24 | #
25 | dn: cn=collective,cn=schema,cn=config
26 | objectClass: olcSchemaConfig
27 | cn: collective
28 | olcAttributeTypes: {0}( 2.5.4.7.1 NAME 'c-l' SUP l COLLECTIVE )
29 | olcAttributeTypes: {1}( 2.5.4.8.1 NAME 'c-st' SUP st COLLECTIVE )
30 | olcAttributeTypes: {2}( 2.5.4.9.1 NAME 'c-street' SUP street COLLECTIVE )
31 | olcAttributeTypes: {3}( 2.5.4.10.1 NAME 'c-o' SUP o COLLECTIVE )
32 | olcAttributeTypes: {4}( 2.5.4.11.1 NAME 'c-ou' SUP ou COLLECTIVE )
33 | olcAttributeTypes: {5}( 2.5.4.16.1 NAME 'c-PostalAddress' SUP postalAddress CO
34 |  LLECTIVE )
35 | olcAttributeTypes: {6}( 2.5.4.17.1 NAME 'c-PostalCode' SUP postalCode COLLECTI
36 |  VE )
37 | olcAttributeTypes: {7}( 2.5.4.18.1 NAME 'c-PostOfficeBox' SUP postOfficeBox CO
38 |  LLECTIVE )
39 | olcAttributeTypes: {8}( 2.5.4.19.1 NAME 'c-PhysicalDeliveryOfficeName' SUP phy
40 |  sicalDeliveryOfficeName COLLECTIVE )
41 | olcAttributeTypes: {9}( 2.5.4.20.1 NAME 'c-TelephoneNumber' SUP telephoneNumbe
42 |  r COLLECTIVE )
43 | olcAttributeTypes: {10}( 2.5.4.21.1 NAME 'c-TelexNumber' SUP telexNumber COLLE
44 |  CTIVE )
45 | olcAttributeTypes: {11}( 2.5.4.23.1 NAME 'c-FacsimileTelephoneNumber' SUP facs
46 |  imileTelephoneNumber COLLECTIVE )
47 | olcAttributeTypes: {12}( 2.5.4.25.1 NAME 'c-InternationalISDNNumber' SUP inter
48 |  nationalISDNNumber COLLECTIVE )
49 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/corba.ldif:
--------------------------------------------------------------------------------
 1 | # corba.ldif -- Corba Object Schema
 2 | #	depends upon core.ldif
 3 | # $OpenLDAP$
 4 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 5 | ##
 6 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 7 | ## All rights reserved.
 8 | ##
 9 | ## Redistribution and use in source and binary forms, with or without
10 | ## modification, are permitted only as authorized by the OpenLDAP
11 | ## Public License.
12 | ##
13 | ## A copy of this license is available in the file LICENSE in the
14 | ## top-level directory of the distribution or, alternatively, at
15 | ## <http://www.OpenLDAP.org/license.html>.
16 | #
17 | ## Portions Copyright (C) The Internet Society (1999).
18 | ## Please see full copyright statement below.
19 | #
20 | # From RFC 2714 [portions trimmed]:
21 | #   Schema for Representing CORBA Object References in an LDAP Directory
22 | #
23 | # This file was automatically generated from corba.schema; see that file
24 | # for complete references.
25 | #
26 | dn: cn=corba,cn=schema,cn=config
27 | objectClass: olcSchemaConfig
28 | cn: corba
29 | olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.14 NAME 'corbaIor' DESC 'Strin
30 |  gified interoperable object reference of a CORBA object' EQUALITY caseIgnoreI
31 |  A5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
32 | olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.15 NAME 'corbaRepositoryId' DE
33 |  SC 'Repository ids of interfaces implemented by a CORBA object' EQUALITY case
34 |  ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
35 | olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.10 NAME 'corbaContainer' DESC '
36 |  Container for a CORBA object' SUP top STRUCTURAL MUST cn )
37 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.9 NAME 'corbaObject' DESC 'CORB
38 |  A object representation' SUP top ABSTRACT MAY ( corbaRepositoryId $ descripti
39 |  on ) )
40 | olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.11 NAME 'corbaObjectReference' 
41 |  DESC 'CORBA interoperable object reference' SUP corbaObject AUXILIARY MUST co
42 |  rbaIor )
43 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/dyngroup.ldif:
--------------------------------------------------------------------------------
 1 | # dyngroup.schema -- Dynamic Group schema
 2 | # $OpenLDAP$
 3 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 4 | ##
 5 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 6 | ## All rights reserved.
 7 | ##
 8 | ## Redistribution and use in source and binary forms, with or without
 9 | ## modification, are permitted only as authorized by the OpenLDAP
10 | ## Public License.
11 | ##
12 | ## A copy of this license is available in the file LICENSE in the
13 | ## top-level directory of the distribution or, alternatively, at
14 | ## <http://www.OpenLDAP.org/license.html>.
15 | #
16 | # Dynamic Group schema (experimental), as defined by Netscape.  See
17 | # http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
18 | # page 70 for details on how these groups were used.
19 | #
20 | # A description of the objectclass definition is available here:
21 | # http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
22 | #
23 | # depends upon:
24 | #       core.schema
25 | #
26 | # These definitions are considered experimental due to the lack of
27 | # a formal specification (e.g., RFC).
28 | #
29 | # NOT RECOMMENDED FOR PRODUCTION USE!  USE WITH CAUTION!
30 | #
31 | # The Netscape documentation describes this as an auxiliary objectclass
32 | # but their implementations have always defined it as a structural class.
33 | # The sloppiness here is because Netscape-derived servers don't actually
34 | # implement the X.500 data model, and they don't honor the distinction
35 | # between structural and auxiliary classes. This fact is noted here:
36 | # http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
37 | #
38 | # In accordance with other existing implementations, we define it as a
39 | # structural class.
40 | #
41 | # Our definition of memberURL also does not match theirs but again
42 | # their published definition and what works in practice do not agree.
43 | # In other words, the Netscape definitions are broken and interoperability
44 | # is not guaranteed.
45 | #
46 | # Also see the new DynGroup proposed spec at
47 | # http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
48 | dn: cn=dyngroup,cn=schema,cn=config
49 | objectClass: olcSchemaConfig
50 | cn: dyngroup
51 | olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
52 | olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
53 | olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
54 | olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
55 | olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
56 | olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
57 | olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
58 | olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
59 | olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
60 |  dentifies an URL associated with each member of a group. Any type of labeled 
61 |  URL can be used.' SUP labeledURI )
62 | olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
63 |   when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
64 | olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
65 |  tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
66 |  uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
67 | olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
68 |  TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
69 |   owner $ seeAlso ) )
70 | olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
71 |   ( dgIdentity $ dgAuthz ) )
72 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/inetorgperson.ldif:
--------------------------------------------------------------------------------
 1 | # InetOrgPerson (RFC2798)
 2 | # $OpenLDAP$
 3 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 4 | ##
 5 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 6 | ## All rights reserved.
 7 | ##
 8 | ## Redistribution and use in source and binary forms, with or without
 9 | ## modification, are permitted only as authorized by the OpenLDAP
10 | ## Public License.
11 | ##
12 | ## A copy of this license is available in the file LICENSE in the
13 | ## top-level directory of the distribution or, alternatively, at
14 | ## <http://www.OpenLDAP.org/license.html>.
15 | #
16 | # InetOrgPerson (RFC2798)
17 | #
18 | # Depends upon
19 | #   Definition of an X.500 Attribute Type and an Object Class to Hold
20 | #   Uniform Resource Identifiers (URIs) [RFC2079]
21 | #	(core.ldif)
22 | #
23 | #   A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
24 | #	(core.ldif)
25 | #
26 | #   The COSINE and Internet X.500 Schema [RFC1274] (cosine.ldif)
27 | #
28 | # This file was automatically generated from inetorgperson.schema; see
29 | # that file for complete references.
30 | #
31 | dn: cn=inetorgperson,cn=schema,cn=config
32 | objectClass: olcSchemaConfig
33 | cn: inetorgperson
34 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
35 |  8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
36 |  eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
37 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
38 |  RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
39 |  atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
40 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
41 |  2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
42 |  atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
43 |  NGLE-VALUE )
44 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
45 |  C2798: numerically identifies an employee within an organization' EQUALITY ca
46 |  seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
47 |  1.1.15 SINGLE-VALUE )
48 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
49 |  798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
50 |  oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
51 | olcAttributeTypes: ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
52 |  798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
53 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
54 |   'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
55 |  noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
56 |  15 SINGLE-VALUE )
57 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
58 |  ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
59 |  66.115.121.1.5 )
60 | olcAttributeTypes: ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
61 |  798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
62 |  15.121.1.5 )
63 | olcObjectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
64 |  798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY 
65 |  ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
66 |  ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
67 |  tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo 
68 |  $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
69 |  ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
70 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/java.ldif:
--------------------------------------------------------------------------------
 1 | # java.ldif -- Java Object Schema
 2 | # $OpenLDAP$
 3 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 4 | ##
 5 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 6 | ## All rights reserved.
 7 | ##
 8 | ## Redistribution and use in source and binary forms, with or without
 9 | ## modification, are permitted only as authorized by the OpenLDAP
10 | ## Public License.
11 | ##
12 | ## A copy of this license is available in the file LICENSE in the
13 | ## top-level directory of the distribution or, alternatively, at
14 | ## <http://www.OpenLDAP.org/license.html>.
15 | #
16 | # Java Object Schema (defined in RFC 2713)
17 | #	depends upon core.ldif
18 | #
19 | # This file was automatically generated from java.schema; see that file
20 | # for complete references.
21 | #
22 | dn: cn=java,cn=schema,cn=config
23 | objectClass: olcSchemaConfig
24 | cn: java
25 | olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'F
26 |  ully qualified name of distinguished Java class or interface' EQUALITY caseEx
27 |  actMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
28 | olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'UR
29 |  L(s) specifying the location of class definition' EQUALITY caseExactIA5Match 
30 |  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
31 | olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 
32 |  'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX
33 |   1.3.6.1.4.1.1466.115.121.1.15 )
34 | olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DE
35 |  SC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SI
36 |  NGLE-VALUE )
37 | olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fu
38 |  lly qualified Java class name of a JNDI object factory' EQUALITY caseExactMat
39 |  ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
40 | olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress'
41 |   DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SY
42 |  NTAX 1.3.6.1.4.1.1466.115.121.1.15 )
43 | olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Ja
44 |  va documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1
45 |  .1466.115.121.1.26 )
46 | olcObjectClasses: {0}( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Co
47 |  ntainer for a Java object' SUP top STRUCTURAL MUST cn )
48 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java 
49 |  object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNam
50 |  es $ javaCodebase $ javaDoc $ description ) )
51 | olcObjectClasses: {2}( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' D
52 |  ESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData
53 |   )
54 | olcObjectClasses: {3}( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' D
55 |  ESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData
56 |   )
57 | olcObjectClasses: {4}( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DE
58 |  SC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ jav
59 |  aFactory ) )
60 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/misc.ldif:
--------------------------------------------------------------------------------
 1 | # misc.ldif -- assorted schema definitions
 2 | # $OpenLDAP$
 3 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 4 | ##
 5 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 6 | ## All rights reserved.
 7 | ##
 8 | ## Redistribution and use in source and binary forms, with or without
 9 | ## modification, are permitted only as authorized by the OpenLDAP
10 | ## Public License.
11 | ##
12 | ## A copy of this license is available in the file LICENSE in the
13 | ## top-level directory of the distribution or, alternatively, at
14 | ## <http://www.OpenLDAP.org/license.html>.
15 | #
16 | # Assorted definitions from several sources, including
17 | # ''works in progress''.  Contents of this file are
18 | # subject to change (including deletion) without notice.
19 | #
20 | # Not recommended for production use!
21 | # Use with extreme caution!
22 | #
23 | # This file was automatically generated from misc.schema; see that file
24 | # for complete references.
25 | #
26 | dn: cn=misc,cn=schema,cn=config
27 | objectClass: olcSchemaConfig
28 | cn: misc
29 | olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.13 NAME 'mailLocalAddress' DESC 
30 |  'RFC822 email address of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1
31 |  .3.6.1.4.1.1466.115.121.1.26{256} )
32 | olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'FQDN of
33 |   the SMTP/MTA of this recipient' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
34 |  .1.1466.115.121.1.26{256} SINGLE-VALUE )
35 | olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.47 NAME 'mailRoutingAddress' DES
36 |  C 'RFC822 routing address of this recipient' EQUALITY caseIgnoreIA5Match SYNT
37 |  AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
38 | olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DES
39 |  C 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX
40 |   1.3.6.1.4.1.1466.115.121.1.26 )
41 | olcObjectClasses: {0}( 2.16.840.1.113730.3.2.147 NAME 'inetLocalMailRecipient'
42 |   DESC 'Internet local mail recipient' SUP top AUXILIARY MAY ( mailLocalAddres
43 |  s $ mailHost $ mailRoutingAddress ) )
44 | olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' DESC 'NIS
45 |   mail alias' SUP top STRUCTURAL MUST cn MAY rfc822MailMember )
46 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/nssldap.ldif:
--------------------------------------------------------------------------------
 1 | # LDAP Name Service Additional Schema
 2 | # http://www.iana.org/assignments/gssapi-service-names
 3 | dn: cn=nssldap,cn=schema,cn=config
 4 | objectClass: olcSchemaConfig
 5 | cn: nssldap
 6 | olcAttributeTypes: {0}( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC
 7 |  'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.
 8 |  1.4.1.1466.115.121.1.15{256} X-ORIGIN 'NSS LDAP schema')
 9 | olcObjectClasses: {0}( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
10 |   DESC 'Auxiliary object class for adding authorizedService attribute' SUP top
11 |   AUXILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema')
12 | olcObjectClasses: {1}( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxilia
13 |  ry object class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGI
14 |  N 'NSS LDAP schema')
15 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/openldap.ldif:
--------------------------------------------------------------------------------
 1 | # $OpenLDAP$
 2 | ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 3 | ##
 4 | ## Copyright 1998-2014 The OpenLDAP Foundation.
 5 | ## All rights reserved.
 6 | ##
 7 | ## Redistribution and use in source and binary forms, with or without
 8 | ## modification, are permitted only as authorized by the OpenLDAP
 9 | ## Public License.
10 | ##
11 | ## A copy of this license is available in the file LICENSE in the
12 | ## top-level directory of the distribution or, alternatively, at
13 | ## <http://www.OpenLDAP.org/license.html>.
14 | #
15 | #
16 | # OpenLDAP Project's directory schema items
17 | #
18 | # depends upon:
19 | #	core.schema
20 | #	cosine.schema
21 | #	inetorgperson.schema
22 | #
23 | # These are provided for informational purposes only.
24 | #
25 | # This openldap.ldif file is provided as a demonstration of how to
26 | # convert a *.schema file into *.ldif format. The key points:
27 | #   In LDIF, a blank line terminates an entry. Blank lines in a *.schema
28 | #     file should be replaced with a single '#' to turn them into
29 | #     comments, or they should just be removed.
30 | #   In addition to the actual schema directives, the file needs a small
31 | #     header to make it a valid LDAP entry. This header must provide the
32 | #     dn of the entry, the objectClass, and the cn, as shown here:
33 | #
34 | dn: cn=openldap,cn=schema,cn=config
35 | objectClass: olcSchemaConfig
36 | cn: openldap
37 | #
38 | # The schema directives need to be changed to LDAP Attributes.
39 | #   First a basic string substitution can be done on each of the keywords:
40 | #     objectIdentifier -> olcObjectIdentifier:
41 | #     objectClass -> olcObjectClasses:
42 | #     attributeType -> olcAttributeTypes:
43 | #   Then leading whitespace must be fixed. The slapd.conf format allows
44 | #     tabs or spaces to denote line continuation, while LDIF only allows
45 | #     the space character.
46 | #   Also slapd.conf preserves the continuation character, while LDIF strips
47 | #     it out. So a single TAB/SPACE in slapd.conf must be replaced with
48 | #     two SPACEs in LDIF, otherwise the continued text may get joined as
49 | #     a single word.
50 | #   The directives must be listed in a proper sequence:
51 | #     All olcObjectIdentifiers must be first, so they may be referenced by
52 | #        any following definitions.
53 | #     All olcAttributeTypes must be next, so they may be referenced by any
54 | #        following objectClass definitions.
55 | #     All olcObjectClasses must be after the olcAttributeTypes.
56 | #   And of course, any superior must occur before anything that inherits
57 | #     from it.
58 | #
59 | olcObjectIdentifier: OpenLDAProot 1.3.6.1.4.1.4203
60 | #
61 | olcObjectIdentifier: OpenLDAP OpenLDAProot:1
62 | olcObjectIdentifier: OpenLDAPattributeType OpenLDAP:3
63 | olcObjectIdentifier: OpenLDAPobjectClass OpenLDAP:4
64 | #
65 | olcObjectClasses: ( OpenLDAPobjectClass:3
66 |   NAME 'OpenLDAPorg'
67 |   DESC 'OpenLDAP Organizational Object'
68 |   SUP organization
69 |   MAY ( buildingName $ displayName $ labeledURI ) )
70 | #
71 | olcObjectClasses: ( OpenLDAPobjectClass:4
72 |   NAME 'OpenLDAPou'
73 |   DESC 'OpenLDAP Organizational Unit Object'
74 |   SUP organizationalUnit
75 |   MAY ( buildingName $ displayName $ labeledURI $ o ) )
76 | #
77 | olcObjectClasses: ( OpenLDAPobjectClass:5
78 |   NAME 'OpenLDAPperson'
79 |   DESC 'OpenLDAP Person'
80 |   SUP ( pilotPerson $ inetOrgPerson )
81 |   MUST ( uid $ cn )
82 |   MAY ( givenName $ labeledURI $ o ) )
83 | #
84 | olcObjectClasses: ( OpenLDAPobjectClass:6
85 |   NAME 'OpenLDAPdisplayableObject'
86 |   DESC 'OpenLDAP Displayable Object'
87 |   AUXILIARY
88 |   MAY displayName )
89 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/postfix.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=postfix,cn=schema,cn=config
 2 | objectClass: olcSchemaConfig
 3 | cn: postfix
 4 | olcAttributeTypes: {0}( 1.3.6.1.4.1.4203.666.1.200 NAME 'mailacceptinggenerali
 5 |  d' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4
 6 |  .1.1466.115.121.1.15{1024} )
 7 | olcAttributeTypes: {1}( 1.3.6.1.4.1.4203.666.1.201 NAME 'maildrop' EQUALITY ca
 8 |  seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
 9 |  1.1.15{1024} )
10 | olcObjectClasses: {0}( 1.3.6.1.4.1.4203.666.1.100 NAME 'postfixUser' DESC 'Pos
11 |  tfix Mail User' SUP top AUXILIARY MAY ( mailacceptinggeneralid $ maildrop ) )
12 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/puppet.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=puppet,cn=schema,cn=config
 2 | objectClass: olcSchemaConfig
 3 | cn: puppet
 4 | olcAttributeTypes: {0}( 1.3.6.1.4.1.34380.1.1.3.10 NAME 'puppetClass' DESC 'Pu
 5 |  ppet Node Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
 6 |  1.26 )
 7 | olcAttributeTypes: {1}( 1.3.6.1.4.1.34380.1.1.3.9 NAME 'parentNode' DESC 'Pupp
 8 |  et Parent Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1
 9 |  .26 SINGLE-VALUE )
10 | olcAttributeTypes: {2}( 1.3.6.1.4.1.34380.1.1.3.11 NAME 'environment' DESC 'Pu
11 |  ppet Node Environment' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.11
12 |  5.121.1.26 )
13 | olcAttributeTypes: {3}( 1.3.6.1.4.1.34380.1.1.3.12 NAME 'puppetVar' DESC 'A va
14 |  riable setting for puppet' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146
15 |  6.115.121.1.26 )
16 | olcObjectClasses: {0}( 1.3.6.1.4.1.34380.1.1.1.2 NAME 'puppetClient' DESC 'Pup
17 |  pet Client objectclass' SUP top AUXILIARY MAY ( puppetclass $ parentnode $ en
18 |  vironment $ puppetvar ) )
19 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/sshaccount.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=sshaccount,cn=schema,cn=config
 2 | objectClass: olcSchemaConfig
 3 | cn: sshaccount
 4 | olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES
 5 |  C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.
 6 |  1.1466.115.121.1.40 )
 7 | olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
 8 |   'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY ( sshPublicKey $ 
 9 |  uid ) )
10 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/schema/sudoers.ldif:
--------------------------------------------------------------------------------
 1 | dn: cn=sudoers,cn=schema,cn=config
 2 | objectClass: olcSchemaConfig
 3 | cn: sudoers
 4 | olcAttributeTypes: {0}( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) 
 5 |  who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMa
 6 |  tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 7 | olcAttributeTypes: {1}( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) 
 8 |  who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMat
 9 |  ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
10 | olcAttributeTypes: {2}( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Comma
11 |  nd(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
12 |  466.115.121.1.26 )
13 | olcAttributeTypes: {3}( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s)
14 |   impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115
15 |  .121.1.26 )
16 | olcAttributeTypes: {4}( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Option
17 |  s(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115
18 |  .121.1.26 )
19 | olcObjectClasses: {0}( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer En
20 |  tries' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ s
21 |  udoRunAs $ sudoOption $ description ) )
22 | 


--------------------------------------------------------------------------------
/spec/acceptance/ldap-server/tls/dhparam.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN DH PARAMETERS-----
2 | MIIBCAKCAQEA4iGvgrZB4kM8xNGTC8uWmyTnomeJqatPI3zq9K6AbNv6GmfIklGo
3 | IigkeNLejRCMn7VdliXmwFwkQyGiuyLl77mXOfs4lnZTb3sCmt9YLBZIDp2gtfXG
4 | ryaeB70hUrjAMct5W+AntW+5MB+pPPDizpoqpAfJXhJGF2JJSKfaikphEnLeCQM1
5 | WSFe/AydjlyUH+9NsWwiIDB5y6/tTNA86cdVL8+jpq0zxgrN0Je3anvg1U0yQBB0
6 | WAJ0A+ow7fzbqXNK80fg0GtB5mYg6gR1zEG/G4hC/19bOf1aa27YzTmQxVTSA3jO
7 | E726UAV7gWWfTElxx6xuPnUqlUR+/iWPkwIBAg==
8 | -----END DH PARAMETERS-----
9 | 


--------------------------------------------------------------------------------
/spec/acceptance/support/run-app.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | export DIR="/data/entitlements"
  4 | export SERVER="ldap-server.fake"
  5 | export GITHUB_SERVER="github.fake"
  6 | 
  7 | begin_fold() {
  8 |   local tag="$1"
  9 |   echo "%%%FOLD {${tag}}%%%" 1>&2
 10 |   set -x
 11 | }
 12 | 
 13 | end_fold() {
 14 |   set +x
 15 |   echo "%%%END FOLD%%%" 1>&2
 16 | }
 17 | 
 18 | ping_ldap_server() {
 19 |   ping -c 1 -w 1 "$SERVER" 1>&2 && rc=$? || rc=$?
 20 |   return $rc
 21 | }
 22 | 
 23 | set -e
 24 | 
 25 | begin_fold "Bootstrapping"
 26 | cd "$DIR"
 27 | mkdir -p .git/hooks # So bootstrap doesn't fail to create symlinks
 28 | script/bootstrap 1>&2
 29 | bundle binstubs entitlements-app
 30 | end_fold
 31 | 
 32 | begin_fold "Verifying network connectivity to the LDAP container"
 33 | COUNTER=0
 34 | SUCCESS=0
 35 | while [ $COUNTER -lt 3 ]; do
 36 |   let COUNTER=COUNTER+1
 37 |   if ping_ldap_server; then
 38 |     SUCCESS=1
 39 |     break
 40 |   fi
 41 |   sleep 1
 42 | done
 43 | end_fold
 44 | 
 45 | if [ "$SUCCESS" -eq 0 ]; then
 46 |   echo "" 1>&2
 47 |   echo "%%%HIGHLIGHT {danger}%%%" 1>&2
 48 |   echo "*** Error: Unable to ping host '$SERVER'" 1>&2
 49 |   echo "%%%END HIGHLIGHT%%%" 1>&2
 50 |   exit 255 1>&2
 51 | fi
 52 | 
 53 | begin_fold "Network details"
 54 | cat /etc/hosts 1>&2 || true
 55 | cat /etc/resolv.conf 1>&2 || true
 56 | getent hosts "$SERVER" 1>&2 || true
 57 | server_ip=$((getent hosts "$SERVER" || true) | awk '{ print $1 }')
 58 | getent hosts "$server_ip" 1>&2 || true
 59 | end_fold
 60 | 
 61 | begin_fold "Installing SSL CA certificate"
 62 | cp /acceptance/ca/intermediate/certs/ca-chain.cert.pem /etc/ssl/certs/
 63 | cert_hash=$(openssl x509 -hash -in /acceptance/ca/intermediate/certs/ca-chain.cert.pem -noout)
 64 | ln -s /etc/ssl/certs/ca-chain.cert.pem "/etc/ssl/certs/${cert_hash}.0"
 65 | cat /etc/ssl/certs/ca-chain.cert.pem >> /etc/ssl/certs/ca-certificates.crt
 66 | end_fold
 67 | 
 68 | begin_fold "Waiting for openldap server to become available"
 69 | COUNTER=0
 70 | SUCCESS=0
 71 | DN="uid=emmy,ou=Service_Accounts,dc=kittens,dc=net"
 72 | while [ $COUNTER -lt 3 ]; do
 73 |   let COUNTER=COUNTER+1
 74 |   if ldapsearch -H ldaps://ldap-server.fake:636 -D "$DN" -w kittens -b "$DN" -d-1 > /tmp/ldapsearch.out 2>&1; then
 75 |     echo "Success connecting to LDAP server!" 1>&2
 76 |     SUCCESS=1
 77 |     break
 78 |   fi
 79 | 
 80 |   echo "Failed to bind to LDAP on try ${COUNTER} of 30" 1>&2
 81 | 
 82 |   # Make sure server has not died
 83 |   if ping_ldap_server; then
 84 |     sleep 1
 85 |     continue
 86 |   fi
 87 | 
 88 |   echo "LDAP server is no longer pingable. Aborting" 1>&2
 89 |   SUCCESS="0"
 90 |   break
 91 | done
 92 | end_fold
 93 | 
 94 | if [ "$SUCCESS" -eq 0 ]; then
 95 |   echo "" 1>&2
 96 |   echo "%%%HIGHLIGHT {danger}%%%" 1>&2
 97 |   echo "*** Error: Unable to connect to host '$SERVER' on port 636/tcp" 1>&2
 98 |   cat /tmp/ldapsearch.out 1>&2
 99 |   echo "%%%END HIGHLIGHT%%%" 1>&2
100 |   exit 255
101 | fi
102 | 
103 | 
104 | export PATH="/usr/share/rbenv/shims:$PATH"
105 | cd "/data/entitlements"
106 | 
107 | FAILED_TEST=0
108 | for test in spec/acceptance/tests/*_spec.rb; do
109 |   test_name=$(basename "$test" | sed -s 's/_spec\.rb$//')
110 | 
111 |   if [ $FAILED_TEST -eq 1 ]; then
112 |     echo "Test: ${test_name} - Skipped because previous test failed" 1>&2
113 |     continue
114 |   fi
115 | 
116 |   bundle exec rspec "$test" > /tmp/rspec.out 2>&1 && rc=$? || rc=$?
117 | 
118 |   if [ "$rc" -eq 0 ]; then
119 |     begin_fold "Test: ${test_name} - Passed"
120 |     cat /tmp/rspec.out 1>&2
121 |     end_fold
122 |   else
123 |     echo "%%%HIGHLIGHT {danger}%%%" 1>&2
124 |     echo "Test: ${test_name} - Failed (exitcode = $rc)" 1>&2
125 |     echo "%%%END HIGHLIGHT%%%" 1>&2
126 |     cat /tmp/rspec.out 1>&2
127 |     FAILED_TEST=1
128 |   fi
129 | done
130 | 
131 | exit $FAILED_TEST
132 | 


--------------------------------------------------------------------------------
/spec/acceptance/tests/20_auditor_setup_spec.rb:
--------------------------------------------------------------------------------
 1 | # frozen_string_literal: true
 2 | 
 3 | require_relative "spec_helper"
 4 | 
 5 | describe Entitlements do
 6 |   let(:basedn) { "ou=Expiration,ou=Entitlements,ou=Groups,dc=kittens,dc=net" }
 7 | 
 8 |   before(:all) do
 9 |     @result = run("auditor_setup", ["--debug"])
10 |   end
11 | 
12 |   it "returns success" do
13 |     expect(@result.success?).to eq(true)
14 |   end
15 | 
16 |   it "prints nothing on STDOUT" do
17 |     expect(@result.stdout).to eq("")
18 |   end
19 | 
20 |   it "logs appropriate debug messages to STDERR for enabling the auditor" do
21 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Execute: git clone")))
22 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Execute: git config")))
23 |   end
24 | 
25 |   it "logs appropriate debug messages to STDERR for auditor" do
26 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=empty) queued")))
27 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=expired) queued")))
28 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=full) queued")))
29 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=partial) queued")))
30 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=wildcard) queued")))
31 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Execute: git add dc\\=net/dc\\=kittens/ou\\=Groups/ou\\=Entitlements/ou\\=Expiration/cn\\=wildcard")))
32 |     expect(@result.stderr).to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Execute: git commit -m"))
33 |     expect(@result.stderr).to match(log("DEBUG", "Audit Entitlements::Auditor::GitRepo completed successfully"))
34 |   end
35 | 
36 |   it "does not record any auditor sync commits" do
37 |     expect(@result.stderr).to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Execute: git commit -m \\\\\\[sync\\\\ commit\\\\\\]"))
38 |     expect(@result.stderr).to match(log("WARN", "Entitlements::Auditor::GitRepo: Sync change"))
39 |   end
40 | end
41 | 


--------------------------------------------------------------------------------
/spec/acceptance/tests/30_auditor_changes_spec.rb:
--------------------------------------------------------------------------------
 1 | # frozen_string_literal: true
 2 | 
 3 | require_relative "spec_helper"
 4 | 
 5 | describe Entitlements do
 6 |   let(:basedn) { "ou=Expiration,ou=Entitlements,ou=Groups,dc=kittens,dc=net" }
 7 | 
 8 |   before(:all) do
 9 |     @result = run("auditor_changes", ["--debug"])
10 |   end
11 | 
12 |   it "returns success" do
13 |     expect(@result.success?).to eq(true)
14 |   end
15 | 
16 |   it "prints nothing on STDOUT" do
17 |     expect(@result.stdout).to eq("")
18 |   end
19 | 
20 |   it "logs appropriate debug messages to STDERR for auditor" do
21 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (update dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=wildcard) queued")))
22 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (create dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=new) queued")))
23 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Valid change (delete dc=net/dc=kittens/ou=Groups/ou=Entitlements/ou=Expiration/cn=partial) queued")))
24 |     expect(@result.stderr).to match(log("DEBUG", Regexp.escape("Entitlements::Auditor::GitRepo: Execute: git add dc\\=net/dc\\=kittens/ou\\=Groups/ou\\=Entitlements/ou\\=Expiration/cn\\=wildcard")))
25 |     expect(@result.stderr).to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Execute: git commit -m"))
26 |     expect(@result.stderr).to match(log("DEBUG", "Audit Entitlements::Auditor::GitRepo completed successfully"))
27 |   end
28 | 
29 |   it "does not record any auditor sync commits" do
30 |     expect(@result.stderr).not_to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Execute: git commit -m \\\\\\[sync\\\\ commit\\\\\\]"))
31 |     expect(@result.stderr).not_to match(log("WARN", "Entitlements::Auditor::GitRepo: Sync change"))
32 |   end
33 | 
34 |   context "verifying GitRepo auditor" do
35 |     let(:dir) { ENV["GIT_REPO_CHECKOUT_DIRECTORY"] }
36 |     let(:repo) { Rugged::Repository.new(dir) }
37 |     let(:commits) do
38 |       walker = Rugged::Walker.new(repo)
39 |       walker.sorting(Rugged::SORT_TOPO | Rugged::SORT_REVERSE)
40 |       walker.push(repo.head.target_id)
41 |       walker.to_a
42 |     end
43 | 
44 |     it "creates the expected commits with their messages" do
45 |       expect(commits.size).to eq(5), commits.inspect
46 |       expect(commits[0].message).to eq("initialize repo\n")
47 |       expect(commits[2].message).to eq("[sync commit] gitrepo-auditor\n")
48 |     end
49 | 
50 |     it "creates the correct tree with the valid commit" do
51 |       tree = commits[2].tree
52 |       expect(tree.count).to eq(1)
53 |       expect(tree.count_recursive).to eq(1)
54 |     end
55 | 
56 |     it "creates the correct files (representative sampling)" do
57 |       pending "Write this test"
58 |       system "ls -lR #{dir} 1>&2"
59 |       expect(false).to eq(true)
60 |     end
61 |   end
62 | end
63 | 


--------------------------------------------------------------------------------
/spec/acceptance/tests/40_auditor_idempotent_run_spec.rb:
--------------------------------------------------------------------------------
 1 | # frozen_string_literal: true
 2 | 
 3 | require_relative "spec_helper"
 4 | 
 5 | describe Entitlements do
 6 |   let(:basedn) { "ou=Expiration,ou=Entitlements,ou=Groups,dc=kittens,dc=net" }
 7 | 
 8 |   before(:all) do
 9 |     @result = run("auditor_changes", ["--debug"])
10 |   end
11 | 
12 |   it "returns success" do
13 |     expect(@result.success?).to eq(true)
14 |   end
15 | 
16 |   it "prints nothing on STDOUT" do
17 |     expect(@result.stdout).to eq("")
18 |   end
19 | 
20 |   it "records no changes" do
21 |     expect(@result.stderr).to match(log("INFO", "No changes to be made. You're all set, friend! :sparkles:"))
22 |   end
23 | 
24 |   it "does not record any auditor sync commits" do
25 |     expect(@result.stderr).not_to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Execute: git commit -m \\\\\\[sync\\\\ commit\\\\\\]"))
26 |     expect(@result.stderr).not_to match(log("WARN", "Entitlements::Auditor::GitRepo: Sync change"))
27 |     expect(@result.stderr).not_to match(log("DEBUG", "Entitlements::Auditor::GitRepo: Valid change"))
28 |   end
29 | end
30 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/backend-and-type.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | backends:
 4 |   dummy-backend:
 5 |     my-key1: default-value-1
 6 |     my-key2: default-value-2
 7 |     type: dummy
 8 | groups:
 9 |   foo/bar/baz:
10 |     backend: dummy-backend
11 |     my-key2: specific-value-2
12 |     type: ldap
13 | people:
14 |   yaml:
15 |     type: yaml
16 |     filename: people.yaml
17 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
18 | people_data_source: yaml
19 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/backend-missing-type.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | backends:
 4 |   dummy-backend:
 5 |     my-key1: default-value-1
 6 |     my-key2: default-value-2
 7 | groups:
 8 |   foo/bar/baz:
 9 |     backend: dummy-backend
10 |     my-key2: specific-value-2
11 | people:
12 |   yaml:
13 |     type: yaml
14 |     filename: people.yaml
15 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
16 | people_data_source: yaml
17 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/backend-missing.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | backends:
 4 |   dummy-backend:
 5 |     my-key1: default-value-1
 6 |     my-key2: default-value-2
 7 |     type: dummy
 8 | groups:
 9 |   foo/bar/baz:
10 |     backend: missing-backend
11 |     my-key2: specific-value-2
12 | people:
13 |   yaml:
14 |     type: yaml
15 |     filename: people.yaml
16 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
17 | people_data_source: yaml
18 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/backend-valid.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | backends:
 4 |   dummy-backend:
 5 |     my-key1: default-value-1
 6 |     my-key2: default-value-2
 7 |     type: dummy
 8 | groups:
 9 |   foo/bar/baz:
10 |     backend: dummy-backend
11 |     my-key2: specific-value-2
12 | people:
13 |   yaml:
14 |     type: yaml
15 |     filename: people.yaml
16 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
17 | people_data_source: yaml
18 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/class-order.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | backends:
 4 |   default-ldap:
 5 |     ldap_uri: ldaps://ldap.example.net
 6 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
 7 |     ldap_bindpw: s3cr3t
 8 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
 9 |     type: ldap
10 | configuration_path: ./ldap-config
11 | people:
12 |   yaml:
13 |     type: yaml
14 |     filename: people.yaml
15 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
16 | people_data_source: yaml
17 | groups:
18 |   pizza_teams_mirror:
19 |     base: ou=pizza_teams_mirror,ou=Groups,dc=kittens,dc=net
20 |     backend: default-ldap
21 |     mirror: pizza_teams
22 |   pizza_teams:
23 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
24 |     backend: default-ldap
25 |   member_of:
26 |     ldap_uri: ldaps://ldap.example.net
27 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
28 |     ldap_bindpw: s3cr3t
29 |     memberof_attribute: shellentitlements
30 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
31 |     ou:
32 |       - pizza_teams
33 |       - pizza_teams_mirror
34 |     type: member_of
35 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-ldap-ou.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | groups:
 5 |   pizza_teams:
 6 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
 7 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
 8 |     type: ldap
 9 | people:
10 |   yaml:
11 |     type: yaml
12 |     filename: people.yaml
13 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
14 | people_data_source: yaml
15 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-lockout.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | backends:
 4 |   ldap:
 5 |     type: ldap
 6 |     ldap_uri: ldaps://ldap.example.net
 7 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
 8 |     ldap_bindpw: s3cr3t
 9 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
10 | configuration_path: ./ldap-config
11 | groups:
12 |   pizza_teams:
13 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
14 |     backend: ldap
15 | extras:
16 |   ldap_group:
17 |     ldap_uri: ldaps://ldap.example.net
18 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
19 |     ldap_bindpw: s3cr3t
20 | filters:
21 |   lockout:
22 |     class: Entitlements::Extras::LDAPGroup::Filters::MemberOfLDAPGroup
23 |     config:
24 |       ldap_group: cn=lockout,ou=Groups,dc=kittens,dc=net
25 | people:
26 |   yaml:
27 |     type: yaml
28 |     filename: people.yaml
29 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
30 | people_data_source: yaml
31 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-memberof.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | groups:
 5 |   ou_one:
 6 |     type: dummy
 7 |   ou_two:
 8 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
 9 |     ldap_uri: ldaps://ldap.example.net
10 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
11 |     ldap_bindpw: s3cr3t
12 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
13 |     type: ldap
14 |   memberof:
15 |     ldap_uri: ldaps://ldap.example.net
16 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
17 |     ldap_bindpw: s3cr3t
18 |     memberof_attribute: chickenEntitlements
19 |     ou:
20 |       - ou_two
21 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
22 |     type: member_of
23 | people:
24 |   yaml:
25 |     type: yaml
26 |     filename: people.yaml
27 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
28 | people_data_source: yaml
29 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-mirror-target-does-not-exist.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | extras:
 5 |   orgchart:
 6 |     manager_map_file: manager-map.yaml
 7 | groups:
 8 |   entitlements/mirror:
 9 |     base: ou=mirror,ou=Groups,dc=kittens,dc=net
10 |     mirror: entitlements/target
11 |     person_dn_format: foo
12 |     type: ldap
13 |   pizza_teams:
14 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
15 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
16 |     type: ldap
17 |   internal:
18 |     type: dummy
19 | people:
20 |   yaml:
21 |     type: yaml
22 |     filename: people.yaml
23 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
24 | people_data_source: yaml
25 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-mirror-target-is-also-a-mirror.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | extras:
 5 |   orgchart:
 6 |     manager_map_file: manager-map.yaml
 7 | groups:
 8 |   entitlements/mirror:
 9 |     base: ou=mirror,ou=Groups,dc=kittens,dc=net
10 |     mirror: entitlements/mirror2
11 |     person_dn_format: foo
12 |     type: ldap
13 |   entitlements/mirror2:
14 |     base: ou=mirror2,ou=Groups,dc=kittens,dc=net
15 |     mirror: pizza_teams
16 |     person_dn_format: foo
17 |     type: ldap
18 |   pizza_teams:
19 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
20 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
21 |     type: ldap
22 |   internal:
23 |     type: dummy
24 | people:
25 |   yaml:
26 |     type: yaml
27 |     filename: people.yaml
28 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
29 | people_data_source: yaml
30 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/config-mirror-valid.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | extras:
 5 |   orgchart:
 6 |     manager_map_file: manager-map.yaml
 7 | groups:
 8 |   entitlements/mirror:
 9 |     base: ou=mirror,ou=Groups,dc=kittens,dc=net
10 |     mirror: pizza_teams
11 |     person_dn_format: foo
12 |     type: ldap
13 |   pizza_teams:
14 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
15 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
16 |     type: ldap
17 |   internal:
18 |     type: dummy
19 | people:
20 |   yaml:
21 |     type: yaml
22 |     filename: people.yaml
23 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
24 | people_data_source: yaml
25 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/entitlements-execute.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | groups:
 5 |   ldap-dir:
 6 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
 7 |     ldap_binddn: uid=binder,ou=People,dc=kittens,dc=net
 8 |     ldap_bindpw: s3cr3t
 9 |     ldap_uri: ldaps://ldap.kittens.net
10 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
11 |     type: ldap
12 |   other-ldap-dir:
13 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
14 |     ldap_binddn: uid=binder,ou=People,dc=kittens,dc=net
15 |     ldap_bindpw: s3cr3t
16 |     ldap_uri: ldaps://ldap.kittens.net
17 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
18 |     type: ldap
19 | people:
20 |   yaml:
21 |     type: yaml
22 |     filename: people.yaml
23 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
24 | people_data_source: yaml
25 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/group-invalid-type.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | groups:
 4 |   foo/bar/baz:
 5 |     foo: bar
 6 |     fizz: buzz
 7 |     type: this-is-clearly-not-valid
 8 | people:
 9 |   yaml:
10 |     type: yaml
11 |     filename: people.yaml
12 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
13 | people_data_source: yaml
14 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/group-no-type.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | groups:
 4 |   foo/bar/baz:
 5 |     foo: bar
 6 |     fizz: buzz
 7 | people:
 8 |   yaml:
 9 |     type: yaml
10 |     filename: people.yaml
11 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
12 | people_data_source: yaml
13 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/prefetch-people-invalid.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | configuration_path: foo/bar
3 | groups:
4 |   foo/bar/baz:
5 |     type: dummy
6 | people: {}
7 | people_data_source: yaml
8 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/prefetch-people-valid.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | groups:
 4 |   foo/bar/baz:
 5 |     type: dummy
 6 | people:
 7 |   ldap:
 8 |     type: ldap
 9 |     config:
10 |       base: ou=People,dc=kittens,dc=net
11 |       ldap_uri: ldaps://ldap.example.net
12 |       ldap_binddn: uid=binder,ou=People,dc=kittens,dc=net
13 |       ldap_bindpw: s3cr3t
14 |       person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
15 |   yaml:
16 |     type: yaml
17 |     config:
18 |       filename: people.yaml
19 |       person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
20 | people_data_source: ldap
21 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/required-attribute-missing.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | groups:
 3 |   foo/bar/baz:
 4 |     type: dummy
 5 | people:
 6 |   yaml:
 7 |     type: yaml
 8 |     filename: people.yaml
 9 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
10 | people_data_source: yaml
11 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/required-attribute-wrong-datatype.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path:
 3 |   - foo
 4 |   - bar
 5 | groups:
 6 |   foo/bar/baz:
 7 |     type: dummy
 8 | people:
 9 |   yaml:
10 |     type: yaml
11 |     filename: people.yaml
12 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
13 | people_data_source: yaml
14 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config-files/valid.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | configuration_path: foo/bar
 3 | groups:
 4 |   foo/bar/baz:
 5 |     type: dummy
 6 | people:
 7 |   yaml:
 8 |     type: yaml
 9 |     filename: people.yaml
10 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
11 | people_data_source: yaml
12 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | configuration_path: ./ldap-config
 4 | extras:
 5 |   ldap_group:
 6 |     ldap_uri: ldaps://ldap.example.net
 7 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
 8 |     ldap_bindpw: s3cr3t
 9 |   orgchart:
10 |     manager_map_file: manager-map.yaml
11 | people:
12 |   yaml:
13 |     type: yaml
14 |     filename: people.yaml
15 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
16 | people_data_source: yaml
17 | groups:
18 |   pizza_teams:
19 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
20 |     ldap_uri: ldaps://ldap.example.net
21 |     ldap_binddn: uid=binder,ou=People,dc=example,dc=net
22 |     ldap_bindpw: s3cr3t
23 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
24 |     type: ldap
25 |   internal:
26 |     type: dummy
27 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/config_with_erb.yaml:
--------------------------------------------------------------------------------
 1 | # Configuration file for the entitlements app.
 2 | ---
 3 | kittens: <%= ENV["TEST_ERB_VARIABLE"] %>
 4 | configuration_path: ./ldap-config
 5 | contractors_group: ./contractors.yaml
 6 | pre_hires_group: ./pre-hires.yaml
 7 | groups:
 8 |   pizza_teams:
 9 |     base: ou=pizza_teams,ou=Groups,dc=kittens,dc=net
10 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
11 |     type: ldap
12 | people:
13 |   yaml:
14 |     type: yaml
15 |     filename: people.yaml
16 |     person_dn_format: uid=%KEY%,ou=People,dc=kittens,dc=net
17 | people_data_source: yaml
18 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/git-repo-audit-dir/dc=net/dc=kittens/ou=Groups/cn=group1:
--------------------------------------------------------------------------------
1 | # Placeholder
2 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/git-repo-audit-dir/dc=net/dc=kittens/ou=Groups/cn=group2:
--------------------------------------------------------------------------------
1 | # Placeholder
2 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/git-repo-audit-dir/dc=net/dc=kittens/ou=Groups/cn=group3:
--------------------------------------------------------------------------------
1 | # Placeholder
2 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/git-repo-audit-dir/dc=net/dc=kittens/ou=Groups/cn=group4:
--------------------------------------------------------------------------------
1 | # Placeholder
2 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/git-repo-audit-dir/dc=net/dc=kittens/ou=extra/cn=extragroup:
--------------------------------------------------------------------------------
1 | # Placeholder
2 | 


--------------------------------------------------------------------------------
/spec/unit/fixtures/people.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | balinese:
  3 |   dn: uid=balinese,ou=People,dc=kittens,dc=net
  4 |   githubdotcomid: balinese
  5 |   manager: peterbald
  6 | bengal:
  7 |   dn: uid=bengal,ou=People,dc=kittens,dc=net
  8 |   githubdotcomid: bengal
  9 |   manager: balinese
 10 | chartreux:
 11 |   dn: uid=chartreux,ou=People,dc=kittens,dc=net
 12 |   githubdotcomid: chartreux
 13 |   manager: bengal
 14 | DwelF:
 15 |   dn: uid=DwelF,ou=People,dc=kittens,dc=net
 16 |   githubdotcomid: DwelF
 17 |   manager: bengal
 18 | desertlynx:
 19 |   dn: uid=desertlynx,ou=People,dc=kittens,dc=net
 20 |   githubdotcomid: desertlynx
 21 |   manager: bengal
 22 | bobtail:
 23 |   dn: uid=bobtail,ou=People,dc=kittens,dc=net
 24 |   githubdotcomid: bobtail
 25 |   manager: bengal
 26 | germanrex:
 27 |   dn: uid=germanrex,ou=People,dc=kittens,dc=net
 28 |   githubdotcomid: germanrex
 29 |   manager: bengal
 30 | korat:
 31 |   dn: uid=korat,ou=People,dc=kittens,dc=net
 32 |   githubdotcomid: korat
 33 |   manager: balinese
 34 | minskin:
 35 |   dn: uid=minskin,ou=People,dc=kittens,dc=net
 36 |   githubdotcomid: minskin
 37 |   manager: balinese
 38 | mainecoon:
 39 |   dn: uid=mainecoon,ou=People,dc=kittens,dc=net
 40 |   githubdotcomid: mainecoon
 41 |   manager: balinese
 42 | RAGAMUFFIn:
 43 |   dn: uid=RAGAMUFFIn,ou=People,dc=kittens,dc=net
 44 |   githubdotcomid: RAGAMUFFIn
 45 |   manager: mainecoon
 46 | blackmanx:
 47 |   dn: uid=blackmanx,ou=People,dc=kittens,dc=net
 48 |   githubdotcomid: blackmanx
 49 |   manager: mainecoon
 50 | russianblue:
 51 |   dn: uid=russianblue,ou=People,dc=kittens,dc=net
 52 |   githubdotcomid: russianblue
 53 |   manager: mainecoon
 54 | pixiEbob:
 55 |   dn: uid=pixiEbob,ou=People,dc=kittens,dc=net
 56 |   githubdotcomid: pixiEbob
 57 |   manager: balinese
 58 | peterbald:
 59 |   dn: uid=peterbald,ou=People,dc=kittens,dc=net
 60 |   githubdotcomid: peterbald
 61 |   manager: orientallonghair
 62 | orientallonghair:
 63 |   dn: uid=orientallonghair,ou=People,dc=kittens,dc=net
 64 |   githubdotcomid: orientallonghair
 65 |   manager: napoleon
 66 | napoleon:
 67 |   dn: uid=napoleon,ou=People,dc=kittens,dc=net
 68 |   githubdotcomid: napoleon
 69 |   manager: napoleon
 70 | oJosazuLEs:
 71 |   dn: uid=oJosazuLEs,ou=People,dc=kittens,dc=net
 72 |   githubdotcomid: oJosazuLEs
 73 |   manager: DONSKoy
 74 | NEBELUNg:
 75 |   dn: uid=NEBELUNg,ou=People,dc=kittens,dc=net
 76 |   githubdotcomid: NEBELUNg
 77 |   manager: oJosazuLEs
 78 | khaomanee:
 79 |   dn: uid=khaomanee,ou=People,dc=kittens,dc=net
 80 |   githubdotcomid: khaomanee
 81 |   manager: oJosazuLEs
 82 | cyprus:
 83 |   dn: uid=cyprus,ou=People,dc=kittens,dc=net
 84 |   githubdotcomid: cyprus
 85 |   manager: oJosazuLEs
 86 | cheetoh:
 87 |   dn: uid=cheetoh,ou=People,dc=kittens,dc=net
 88 |   githubdotcomid: cheetoh
 89 |   manager: oJosazuLEs
 90 | chausie:
 91 |   dn: uid=chausie,ou=People,dc=kittens,dc=net
 92 |   githubdotcomid: chausie
 93 |   manager: oJosazuLEs
 94 | DONSKoy:
 95 |   dn: uid=DONSKoy,ou=People,dc=kittens,dc=net
 96 |   githubdotcomid: DONSKoy
 97 |   manager: foldex
 98 | foldex:
 99 |   dn: uid=foldex,ou=People,dc=kittens,dc=net
100 |   githubdotcomid: foldex
101 |   manager: orientallonghair
102 | oregonrex:
103 |   dn: uid=oregonrex,ou=People,dc=kittens,dc=net
104 |   githubdotcomid: oregonrex
105 |   manager: DONSKoy
106 | serengeti:
107 |   dn: uid=serengeti,ou=People,dc=kittens,dc=net
108 |   githubdotcomid: serengeti
109 |   manager: balinese
110 | 


--------------------------------------------------------------------------------
/vendor/cache/activesupport-7.1.3.3.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/activesupport-7.1.3.3.gem


--------------------------------------------------------------------------------
/vendor/cache/addressable-2.8.7.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/addressable-2.8.7.gem


--------------------------------------------------------------------------------
/vendor/cache/ast-2.4.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/ast-2.4.2.gem


--------------------------------------------------------------------------------
/vendor/cache/base64-0.2.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/base64-0.2.0.gem


--------------------------------------------------------------------------------
/vendor/cache/bigdecimal-3.1.8.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/bigdecimal-3.1.8.gem


--------------------------------------------------------------------------------
/vendor/cache/concurrent-ruby-1.3.4.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/concurrent-ruby-1.3.4.gem


--------------------------------------------------------------------------------
/vendor/cache/connection_pool-2.4.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/connection_pool-2.4.1.gem


--------------------------------------------------------------------------------
/vendor/cache/contracts-0.17.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/contracts-0.17.2.gem


--------------------------------------------------------------------------------
/vendor/cache/crack-1.0.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/crack-1.0.0.gem


--------------------------------------------------------------------------------
/vendor/cache/debug-1.9.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/debug-1.9.2.gem


--------------------------------------------------------------------------------
/vendor/cache/diff-lcs-1.5.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/diff-lcs-1.5.1.gem


--------------------------------------------------------------------------------
/vendor/cache/docile-1.4.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/docile-1.4.0.gem


--------------------------------------------------------------------------------
/vendor/cache/drb-2.2.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/drb-2.2.1.gem


--------------------------------------------------------------------------------
/vendor/cache/entitlements-app-1.1.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/entitlements-app-1.1.0.gem


--------------------------------------------------------------------------------
/vendor/cache/faraday-2.12.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/faraday-2.12.1.gem


--------------------------------------------------------------------------------
/vendor/cache/faraday-net_http-3.4.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/faraday-net_http-3.4.0.gem


--------------------------------------------------------------------------------
/vendor/cache/hashdiff-1.1.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/hashdiff-1.1.0.gem


--------------------------------------------------------------------------------
/vendor/cache/i18n-1.14.5.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/i18n-1.14.5.gem


--------------------------------------------------------------------------------
/vendor/cache/io-console-0.7.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/io-console-0.7.2.gem


--------------------------------------------------------------------------------
/vendor/cache/irb-1.13.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/irb-1.13.1.gem


--------------------------------------------------------------------------------
/vendor/cache/json-2.7.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/json-2.7.2.gem


--------------------------------------------------------------------------------
/vendor/cache/language_server-protocol-3.17.0.3.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/language_server-protocol-3.17.0.3.gem


--------------------------------------------------------------------------------
/vendor/cache/logger-1.6.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/logger-1.6.2.gem


--------------------------------------------------------------------------------
/vendor/cache/minitest-5.23.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/minitest-5.23.1.gem


--------------------------------------------------------------------------------
/vendor/cache/mutex_m-0.2.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/mutex_m-0.2.0.gem


--------------------------------------------------------------------------------
/vendor/cache/net-http-0.6.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/net-http-0.6.0.gem


--------------------------------------------------------------------------------
/vendor/cache/net-ldap-0.19.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/net-ldap-0.19.0.gem


--------------------------------------------------------------------------------
/vendor/cache/octokit-4.25.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/octokit-4.25.1.gem


--------------------------------------------------------------------------------
/vendor/cache/optimist-3.2.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/optimist-3.2.0.gem


--------------------------------------------------------------------------------
/vendor/cache/ostruct-0.6.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/ostruct-0.6.1.gem


--------------------------------------------------------------------------------
/vendor/cache/parallel-1.25.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/parallel-1.25.1.gem


--------------------------------------------------------------------------------
/vendor/cache/parser-3.3.4.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/parser-3.3.4.0.gem


--------------------------------------------------------------------------------
/vendor/cache/psych-5.1.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/psych-5.1.2.gem


--------------------------------------------------------------------------------
/vendor/cache/public_suffix-6.0.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/public_suffix-6.0.1.gem


--------------------------------------------------------------------------------
/vendor/cache/racc-1.8.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/racc-1.8.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rack-3.0.14.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rack-3.0.14.gem


--------------------------------------------------------------------------------
/vendor/cache/rainbow-3.1.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rainbow-3.1.1.gem


--------------------------------------------------------------------------------
/vendor/cache/rake-13.2.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rake-13.2.1.gem


--------------------------------------------------------------------------------
/vendor/cache/rdoc-6.7.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rdoc-6.7.0.gem


--------------------------------------------------------------------------------
/vendor/cache/regexp_parser-2.9.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/regexp_parser-2.9.2.gem


--------------------------------------------------------------------------------
/vendor/cache/reline-0.5.8.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/reline-0.5.8.gem


--------------------------------------------------------------------------------
/vendor/cache/rexml-3.3.9.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rexml-3.3.9.gem


--------------------------------------------------------------------------------
/vendor/cache/rspec-3.13.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rspec-3.13.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rspec-core-3.13.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rspec-core-3.13.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rspec-expectations-3.13.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rspec-expectations-3.13.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rspec-mocks-3.13.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rspec-mocks-3.13.1.gem


--------------------------------------------------------------------------------
/vendor/cache/rspec-support-3.13.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rspec-support-3.13.1.gem


--------------------------------------------------------------------------------
/vendor/cache/rubocop-1.65.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rubocop-1.65.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rubocop-ast-1.31.3.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rubocop-ast-1.31.3.gem


--------------------------------------------------------------------------------
/vendor/cache/rubocop-github-0.20.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rubocop-github-0.20.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rubocop-performance-1.21.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rubocop-performance-1.21.1.gem


--------------------------------------------------------------------------------
/vendor/cache/rubocop-rails-2.25.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rubocop-rails-2.25.0.gem


--------------------------------------------------------------------------------
/vendor/cache/ruby-progressbar-1.13.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/ruby-progressbar-1.13.0.gem


--------------------------------------------------------------------------------
/vendor/cache/rugged-1.7.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/rugged-1.7.2.gem


--------------------------------------------------------------------------------
/vendor/cache/sawyer-0.9.2.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/sawyer-0.9.2.gem


--------------------------------------------------------------------------------
/vendor/cache/simplecov-0.22.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/simplecov-0.22.0.gem


--------------------------------------------------------------------------------
/vendor/cache/simplecov-erb-1.0.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/simplecov-erb-1.0.1.gem


--------------------------------------------------------------------------------
/vendor/cache/simplecov-html-0.12.3.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/simplecov-html-0.12.3.gem


--------------------------------------------------------------------------------
/vendor/cache/simplecov_json_formatter-0.1.4.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/simplecov_json_formatter-0.1.4.gem


--------------------------------------------------------------------------------
/vendor/cache/stringio-3.1.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/stringio-3.1.0.gem


--------------------------------------------------------------------------------
/vendor/cache/tzinfo-2.0.6.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/tzinfo-2.0.6.gem


--------------------------------------------------------------------------------
/vendor/cache/unicode-display_width-2.5.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/unicode-display_width-2.5.0.gem


--------------------------------------------------------------------------------
/vendor/cache/uri-1.0.3.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/uri-1.0.3.gem


--------------------------------------------------------------------------------
/vendor/cache/vcr-6.2.0.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/vcr-6.2.0.gem


--------------------------------------------------------------------------------
/vendor/cache/webmock-3.23.1.gem:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/github/entitlements-gitrepo-auditor-plugin/8972d7e2fbab7704fe872098c9e6bea6f86352fb/vendor/cache/webmock-3.23.1.gem


--------------------------------------------------------------------------------