aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'efe9fe780d'
${ noResults }
boundary/internal/auth/ldap/testing_test.go

122 lines
4.6 KiB
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package ldap
import (
"context"
"crypto/ed25519"
"crypto/rand"
"crypto/x509"
"testing"
"github.com/hashicorp/boundary/internal/db"
"github.com/hashicorp/boundary/internal/iam"
"github.com/hashicorp/boundary/internal/kms"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_testAuthMethod(t *testing.T) {
t.Parallel()
assert, require := assert.New(t), require.New(t)
conn, _ := db.TestSetup(t, "postgres")
testWrapper := db.TestWrapper(t)
testKms := kms.TestKms(t, conn, testWrapper)
org, _ := iam.TestScopes(t, iam.TestRepo(t, conn, testWrapper))
databaseWrapper, err := testKms.GetWrapper(context.Background(), org.PublicId, kms.KeyPurposeDatabase)
require.NoError(err)
testCtx := context.Background()
c1, c1Pem := TestGenerateCA(t, "localhost")
c2, c2Pem := TestGenerateCA(t, "127.0.0.1")
_, privKey, err := ed25519.GenerateKey(rand.Reader)
require.NoError(err)
derPrivKey, err := x509.MarshalPKCS8PrivateKey(privKey)
require.NoError(err)
am := TestAuthMethod(
t, conn, databaseWrapper,
org.PublicId,
[]string{"ldaps://d1.alice.com", "ldap://d2.alice.com"},
WithName(testCtx, "test-name"),
WithDescription(testCtx, "test-desc"),
WithStartTLS(testCtx),
WithInsecureTLS(testCtx),
WithDiscoverDn(testCtx),
WithAnonGroupSearch(testCtx),
WithUpnDomain(testCtx, "alice.com"),
WithCertificates(testCtx, c1, c2),
WithUserDn(testCtx, "user-dn"),
WithUserAttr(testCtx, "user-attr"),
WithUserFilter(testCtx, "user-filter"),
WithGroupDn(testCtx, "group-dn"),
WithGroupAttr(testCtx, "group-attr"),
WithGroupFilter(testCtx, "group-filter"),
WithClientCertificate(testCtx, derPrivKey, c2), // not a client cert, but good enough for the test.
WithBindCredential(testCtx, "bind-dn", "bind-password"),
)
rw := db.New(conn)
found := AllocAuthMethod()
found.PublicId = am.PublicId
rw.LookupById(testCtx, &found)
assert.Equal(am.PublicId, found.PublicId)
assert.Equal(found.ScopeId, org.PublicId)
assert.Equal(found.Name, "test-name")
assert.Equal(found.Description, "test-desc")
assert.Equal(found.OperationalState, InactiveState.String())
assert.Equal(found.Version, uint32(1))
assert.True(found.StartTls)
assert.True(found.InsecureTls)
assert.True(found.DiscoverDn)
assert.True(found.AnonGroupSearch)
assert.Equal("alice.com", found.UpnDomain)
foundUrls := []*Url{}
err = rw.SearchWhere(testCtx, &foundUrls, "ldap_method_id = ?", []any{found.PublicId}, db.WithOrder("connection_priority asc"))
require.NoError(err)
assert.Equal("ldaps://d1.alice.com", foundUrls[0].GetServerUrl())
assert.Equal(uint32(1), foundUrls[0].ConnectionPriority)
assert.Equal("ldap://d2.alice.com", foundUrls[1].GetServerUrl())
assert.Equal(uint32(2), foundUrls[1].ConnectionPriority)
foundCerts := []*Certificate{}
err = rw.SearchWhere(testCtx, &foundCerts, "ldap_method_id = ?", []any{found.PublicId}, db.WithOrder("create_time asc"))
require.NoError(err)
assert.Equal(c1Pem, foundCerts[0].GetCert())
assert.Equal(c2Pem, foundCerts[1].GetCert())
foundUserSearchConf := allocUserEntrySearchConf()
err = rw.LookupWhere(testCtx, &foundUserSearchConf, "ldap_method_id = ?", []any{found.PublicId})
require.NoError(err)
assert.Equal("user-dn", foundUserSearchConf.GetUserDn())
assert.Equal("user-attr", foundUserSearchConf.GetUserAttr())
assert.Equal("user-filter", foundUserSearchConf.GetUserFilter())
foundGroupSearchConf := allocGroupEntrySearchConf()
err = rw.LookupWhere(testCtx, &foundGroupSearchConf, "ldap_method_id = ?", []any{found.PublicId})
require.NoError(err)
assert.Equal("group-dn", foundGroupSearchConf.GetGroupDn())
assert.Equal("group-attr", foundGroupSearchConf.GetGroupAttr())
assert.Equal("group-filter", foundGroupSearchConf.GetGroupFilter())
foundClientCert := allocClientCertificate()
err = rw.LookupWhere(testCtx, &foundClientCert, "ldap_method_id = ?", []any{found.PublicId})
require.NoError(err)
require.NoError(foundClientCert.decrypt(testCtx, databaseWrapper))
assert.NotEmpty(foundClientCert.GetKeyId())
assert.NotEmpty(foundClientCert.GetCertificate())
assert.NotEmpty(foundClientCert.GetCertificateKey())
assert.NotEmpty(foundClientCert.GetCertificateKeyHmac())
foundBindCred := allocBindCredential()
err = rw.LookupWhere(testCtx, &foundBindCred, "ldap_method_id = ?", []any{found.PublicId})
require.NoError(err)
require.NoError(foundBindCred.decrypt(testCtx, databaseWrapper))
assert.NotEmpty(foundBindCred.GetKeyId())
assert.NotEmpty(foundBindCred.GetDn())
assert.NotEmpty(foundBindCred.GetPassword())
assert.NotEmpty(foundBindCred.GetPasswordHmac())
}
Reference in new issue View Git Blame Copy Permalink