-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
Copy pathaugmented_ldapinterface_test.go
108 lines (101 loc) · 3.34 KB
/
augmented_ldapinterface_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package ad
import (
"errors"
"fmt"
"reflect"
"testing"
"gopkg.in/ldap.v2"
"github.com/openshift/origin/pkg/auth/ldaputil"
"github.com/openshift/origin/pkg/auth/ldaputil/testclient"
)
func newTestAugmentedADLDAPInterface(client ldap.Client) *AugmentedADLDAPInterface {
// below are common test implementations of LDAPInterface fields
userQuery := ldaputil.LDAPQuery{
BaseDN: "ou=users,dc=example,dc=com",
Scope: ldaputil.ScopeWholeSubtree,
DerefAliases: ldaputil.DerefAliasesAlways,
TimeLimit: 0,
Filter: "objectClass=inetOrgPerson",
}
groupMembershipAttributes := []string{"memberOf"}
userNameAttributes := []string{"cn"}
groupQuery := ldaputil.LDAPQueryOnAttribute{
LDAPQuery: ldaputil.LDAPQuery{
BaseDN: "ou=groups,dc=example,dc=com",
Scope: ldaputil.ScopeWholeSubtree,
DerefAliases: ldaputil.DerefAliasesAlways,
TimeLimit: 0,
Filter: "objectClass=groupOfNames",
},
QueryAttribute: "dn",
}
groupNameAttributes := []string{"cn"}
return NewAugmentedADLDAPInterface(testclient.NewConfig(client),
userQuery,
groupMembershipAttributes,
userNameAttributes,
groupQuery,
groupNameAttributes)
}
// newDefaultTestGroup returns a new LDAP entry with the given CN
func newTestGroup(CN string) *ldap.Entry {
return ldap.NewEntry(fmt.Sprintf("cn=%s,ou=groups,dc=example,dc=com", CN), map[string][]string{"cn": {CN}})
}
func TestGroupEntryFor(t *testing.T) {
var testCases = []struct {
name string
cacheSeed map[string]*ldap.Entry
client ldap.Client
baseDNOverride string
expectedError error
expectedEntry *ldap.Entry
}{
{
name: "cached entries",
cacheSeed: map[string]*ldap.Entry{
"cn=testGroup,ou=groups,dc=example,dc=com": newTestGroup("testGroup"),
},
expectedError: nil,
expectedEntry: newTestGroup("testGroup"),
},
{
name: "search request error",
baseDNOverride: "dc=foo",
expectedError: ldaputil.NewQueryOutOfBoundsError("cn=testGroup,ou=groups,dc=example,dc=com", "dc=foo"),
expectedEntry: nil,
},
{
name: "search error",
client: testclient.NewMatchingSearchErrorClient(testclient.New(), "cn=testGroup,ou=groups,dc=example,dc=com", errors.New("generic search error")),
expectedError: errors.New("generic search error"),
expectedEntry: nil,
},
{
name: "no error",
client: testclient.NewDNMappingClient(
testclient.New(),
map[string][]*ldap.Entry{
"cn=testGroup,ou=groups,dc=example,dc=com": {newTestGroup("testGroup")},
},
),
expectedError: nil,
expectedEntry: newTestGroup("testGroup"),
},
}
for _, testCase := range testCases {
ldapInterface := newTestAugmentedADLDAPInterface(testCase.client)
if len(testCase.cacheSeed) > 0 {
ldapInterface.cachedGroups = testCase.cacheSeed
}
if len(testCase.baseDNOverride) > 0 {
ldapInterface.groupQuery.BaseDN = testCase.baseDNOverride
}
entry, err := ldapInterface.GroupEntryFor("cn=testGroup,ou=groups,dc=example,dc=com")
if !reflect.DeepEqual(err, testCase.expectedError) {
t.Errorf("%s: incorrect error returned:\n\texpected:\n\t%v\n\tgot:\n\t%v\n", testCase.name, testCase.expectedError, err)
}
if !reflect.DeepEqual(entry, testCase.expectedEntry) {
t.Errorf("%s: incorrect members returned:\n\texpected:\n\t%v\n\tgot:\n\t%v\n", testCase.name, testCase.expectedEntry, entry)
}
}
}