k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

test(connector/ldap): rewrite tests to use a single server instance

Browse Source 
Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
This commit is contained in:
Mark Sagi-Kazar
2021-02-15 16:24:26 +01:00
parent 447841f513
commit f11db50369
8 changed files with 555 additions and 603 deletions
Download Patch File Download Diff File Expand all files Collapse all files

588
connector/ldap/ldap_test.go
View File

@@ -5,14 +5,10 @@ import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"
"time"
"github.com/kylelemons/godebug/pretty"
"github.com/sirupsen/logrus"
"github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait"
"github.com/dexidp/dex/connector"
)
@@ -47,29 +43,8 @@ type subtest struct {
}
func TestQuery(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestQuery,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
@@ -81,7 +56,7 @@ userpassword: bar
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestQuery,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -92,7 +67,7 @@ userpassword: bar
username: "john",
password: "bar",
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestQuery,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -112,32 +87,12 @@ userpassword: bar
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestQueryWithEmailSuffix(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
userpassword: bar
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailSuffix = "test.example.com"
c.UserSearch.IDAttr = "DN"
@@ -149,7 +104,7 @@ userpassword: bar
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
Username: "jane",
Email: "jane@test.example.com",
EmailVerified: true,
@@ -160,7 +115,7 @@ userpassword: bar
username: "john",
password: "bar",
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestQueryWithEmailSuffix,dc=example,dc=org",
Username: "john",
Email: "john@test.example.com",
EmailVerified: true,
@@ -168,53 +123,12 @@ userpassword: bar
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestUserFilter(t *testing.T) {
schema := `
dn: ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Seattle
dn: ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Portland
dn: ou=People,ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: ou=People,ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,ou=Seattle,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=jane,ou=People,ou=Portland,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoefromportland@example.com
userpassword: baz
dn: cn=john,ou=People,ou=Seattle,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
`
c := &Config{}
c.UserSearch.BaseDN = "dc=example,dc=org"
c.UserSearch.BaseDN = "ou=TestUserFilter,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
@@ -227,7 +141,7 @@ userpassword: bar
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,ou=Seattle,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -238,7 +152,7 @@ userpassword: bar
username: "john",
password: "bar",
want: connector.Identity{
UserID: "cn=john,ou=People,ou=Seattle,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=Seattle,ou=TestUserFilter,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -258,55 +172,17 @@ userpassword: bar
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestGroupQuery(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
# Group definitions.
dn: ou=Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: cn=admins,ou=Groups,dc=example,dc=org
objectClass: groupOfNames
cn: admins
member: cn=john,ou=People,dc=example,dc=org
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=developers,ou=Groups,dc=example,dc=org
objectClass: groupOfNames
cn: developers
member: cn=jane,ou=People,dc=example,dc=org
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestGroupQuery,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "ou=Groups,dc=example,dc=org"
c.GroupSearch.BaseDN = "ou=Groups,ou=TestGroupQuery,dc=example,dc=org"
c.GroupSearch.UserMatchers = []UserMatcher{
{
UserAttr: "DN",
@@ -322,7 +198,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestGroupQuery,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -335,7 +211,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestGroupQuery,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -344,66 +220,17 @@ member: cn=jane,ou=People,dc=example,dc=org
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestGroupsOnUserEntity(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
# Groups are enumerated as part of the user entity instead of the members being
# a list on the group entity.
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
departmentNumber: 1000
departmentNumber: 1001
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
departmentNumber: 1000
departmentNumber: 1002
# Group definitions. Notice that they don't have any "member" field.
dn: ou=Groups,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: cn=admins,ou=Groups,dc=example,dc=org
objectClass: posixGroup
cn: admins
gidNumber: 1000
dn: cn=developers,ou=Groups,dc=example,dc=org
objectClass: posixGroup
cn: developers
gidNumber: 1001
dn: cn=designers,ou=Groups,dc=example,dc=org
objectClass: posixGroup
cn: designers
gidNumber: 1002
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "ou=Groups,dc=example,dc=org"
c.GroupSearch.BaseDN = "ou=Groups,ou=TestGroupsOnUserEntity,dc=example,dc=org"
c.GroupSearch.UserMatchers = []UserMatcher{
{
UserAttr: "departmentNumber",
@@ -418,7 +245,7 @@ gidNumber: 1002
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -431,7 +258,7 @@ gidNumber: 1002
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestGroupsOnUserEntity,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -439,72 +266,17 @@ gidNumber: 1002
},
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestGroupFilter(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
# Group definitions.
dn: ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Seattle
dn: ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Portland
dn: ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: ou=Groups,ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
objectClass: groupOfNames
cn: qa
member: cn=john,ou=People,dc=example,dc=org
dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: admins
member: cn=john,ou=People,dc=example,dc=org
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: developers
member: cn=jane,ou=People,dc=example,dc=org
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestGroupFilter,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "dc=example,dc=org"
c.GroupSearch.BaseDN = "ou=TestGroupFilter,dc=example,dc=org"
c.GroupSearch.UserMatchers = []UserMatcher{
{
UserAttr: "DN",
@@ -521,7 +293,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestGroupFilter,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -534,7 +306,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestGroupFilter,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -543,94 +315,17 @@ member: cn=jane,ou=People,dc=example,dc=org
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestGroupToUserMatchers(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
uid: janedoe
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
uid: johndoe
mail: johndoe@example.com
userpassword: bar
# Group definitions.
dn: ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Seattle
dn: ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Portland
dn: ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: ou=UnixGroups,ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: UnixGroups
dn: ou=Groups,ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: ou=UnixGroups,ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: UnixGroups
dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
objectClass: groupOfNames
cn: qa
member: cn=john,ou=People,dc=example,dc=org
dn: cn=logger,ou=UnixGroups,ou=Portland,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1000
cn: logger
memberUid: johndoe
dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: admins
member: cn=john,ou=People,dc=example,dc=org
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: developers
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=frontend,ou=UnixGroups,ou=Seattle,dc=example,dc=org
objectClass: posixGroup
gidNumber: 1001
cn: frontend
memberUid: janedoe
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "dc=example,dc=org"
c.GroupSearch.BaseDN = "ou=TestGroupToUserMatchers,dc=example,dc=org"
c.GroupSearch.UserMatchers = []UserMatcher{
{
UserAttr: "DN",
@@ -651,7 +346,7 @@ memberUid: janedoe
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -664,84 +359,29 @@ memberUid: janedoe
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestGroupToUserMatchers,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
Groups: []string{"qa", "admins", "logger"},
Groups: []string{"admins", "qa", "logger"},
},
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
// Test deprecated group to user matching implementation
// which was left for backward compatibility.
// See "Config.GroupSearch.UserMatchers" comments for the details
func TestDeprecatedGroupToUserMatcher(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
dn: cn=john,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: john
mail: johndoe@example.com
userpassword: bar
# Group definitions.
dn: ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Seattle
dn: ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Portland
dn: ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: ou=Groups,ou=Portland,dc=example,dc=org
objectClass: organizationalUnit
ou: Groups
dn: cn=qa,ou=Groups,ou=Portland,dc=example,dc=org
objectClass: groupOfNames
cn: qa
member: cn=john,ou=People,dc=example,dc=org
dn: cn=admins,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: admins
member: cn=john,ou=People,dc=example,dc=org
member: cn=jane,ou=People,dc=example,dc=org
dn: cn=developers,ou=Groups,ou=Seattle,dc=example,dc=org
objectClass: groupOfNames
cn: developers
member: cn=jane,ou=People,dc=example,dc=org
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
c.UserSearch.Username = "cn"
c.GroupSearch.BaseDN = "dc=example,dc=org"
c.GroupSearch.BaseDN = "ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org"
c.GroupSearch.UserAttr = "DN"
c.GroupSearch.GroupAttr = "member"
c.GroupSearch.NameAttr = "cn"
@@ -754,7 +394,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "foo",
groups: true,
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
@@ -767,7 +407,7 @@ member: cn=jane,ou=People,dc=example,dc=org
password: "bar",
groups: true,
want: connector.Identity{
UserID: "cn=john,ou=People,dc=example,dc=org",
UserID: "cn=john,ou=People,ou=TestDeprecatedGroupToUserMatcher,dc=example,dc=org",
Username: "john",
Email: "johndoe@example.com",
EmailVerified: true,
@@ -776,25 +416,12 @@ member: cn=jane,ou=People,dc=example,dc=org
},
}
runTests(t, schema, connectLDAP, c, tests)
runTests(t, connectLDAP, c, tests)
}
func TestStartTLS(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestStartTLS,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
@@ -806,32 +433,19 @@ userpassword: foo
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestStartTLS,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
},
},
}
runTests(t, schema, connectStartTLS, c, tests)
runTests(t, connectStartTLS, c, tests)
}
func TestInsecureSkipVerify(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
@@ -843,32 +457,19 @@ userpassword: foo
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestInsecureSkipVerify,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
},
},
}
runTests(t, schema, connectInsecureSkipVerify, c, tests)
runTests(t, connectInsecureSkipVerify, c, tests)
}
func TestLDAPS(t *testing.T) {
schema := `
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People
dn: cn=jane,ou=People,dc=example,dc=org
objectClass: person
objectClass: inetOrgPerson
sn: doe
cn: jane
mail: janedoe@example.com
userpassword: foo
`
c := &Config{}
c.UserSearch.BaseDN = "ou=People,dc=example,dc=org"
c.UserSearch.BaseDN = "ou=People,ou=TestLDAPS,dc=example,dc=org"
c.UserSearch.NameAttr = "cn"
c.UserSearch.EmailAttr = "mail"
c.UserSearch.IDAttr = "DN"
@@ -880,14 +481,14 @@ userpassword: foo
username: "jane",
password: "foo",
want: connector.Identity{
UserID: "cn=jane,ou=People,dc=example,dc=org",
UserID: "cn=jane,ou=People,ou=TestLDAPS,dc=example,dc=org",
Username: "jane",
Email: "janedoe@example.com",
EmailVerified: true,
},
},
}
runTests(t, schema, connectLDAPS, c, tests)
runTests(t, connectLDAPS, c, tests)
}
func TestUsernamePrompt(t *testing.T) {
@@ -915,89 +516,24 @@ func TestUsernamePrompt(t *testing.T) {
}
}
// runTests runs a set of tests against an LDAP schema. It does this by
// setting up an OpenLDAP server and injecting the provided scheme.
func getenv(key, defaultVal string) string {
if val := os.Getenv(key); val != "" {
return val
}
return defaultVal
}
// runTests runs a set of tests against an LDAP schema.
//
// The tests require Docker.
// The tests require LDAP to be runnning.
// You can use the provided docker-compose file to setup an LDAP server.
//
// The DEX_LDAP_TESTS must be set to "1"
func runTests(t *testing.T, schema string, connMethod connectionMethod, config *Config, tests []subtest) {
func runTests(t *testing.T, connMethod connectionMethod, config *Config, tests []subtest) {
if os.Getenv(envVar) != "1" {
t.Skipf("%s not set. Skipping test (run 'export %s=1' to run tests)", envVar, envVar)
}
wd, err := os.Getwd()
if err != nil {
t.Fatal(err)
}
tempDir, err := ioutil.TempDir("", "")
if err != nil {
t.Fatal(err)
}
defer os.RemoveAll(tempDir)
schemaPath := filepath.Join(tempDir, "schema.ldif")
if err := ioutil.WriteFile(schemaPath, []byte(schema), 0777); err != nil {
t.Fatal(err)
}
req := testcontainers.ContainerRequest{
Image: "osixia/openldap:1.3.0",
ExposedPorts: []string{"389/tcp", "636/tcp"},
Cmd: []string{"--copy-service"},
Env: map[string]string{
"LDAP_BASE_DN": "dc=example,dc=org",
"LDAP_TLS": "true",
"LDAP_TLS_VERIFY_CLIENT": "try",
},
BindMounts: map[string]string{
filepath.Join(wd, "testdata", "certs"): "/container/service/slapd/assets/certs",
schemaPath: "/container/service/slapd/assets/config/bootstrap/ldif/99-schema.ldif",
},
WaitingFor: wait.ForAll(
wait.ForLog("slapd starting").WithOccurrence(3).WithStartupTimeout(time.Minute),
wait.ForListeningPort("389/tcp"),
wait.ForListeningPort("636/tcp"),
),
}
ctx := context.Background()
slapd, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{
ContainerRequest: req,
Started: true,
})
if err != nil {
if slapd != nil {
logs, err := slapd.Logs(ctx)
if err == nil {
defer logs.Close()
logLines, err := ioutil.ReadAll(logs)
if err != nil {
t.Log(string(logLines))
}
}
}
t.Fatal(err)
}
defer slapd.Terminate(ctx)
ip, err := slapd.Host(ctx)
if err != nil {
t.Fatal(err)
}
port, err := slapd.MappedPort(ctx, "389")
if err != nil {
t.Fatal(err)
}
tlsPort, err := slapd.MappedPort(ctx, "636")
if err != nil {
t.Fatal(err)
}
// Shallow copy.
c := *config
@@ -1005,17 +541,17 @@ func runTests(t *testing.T, schema string, connMethod connectionMethod, config *
// group search configuration.
switch connMethod {
case connectStartTLS:
c.Host = fmt.Sprintf("%s:%s", ip, port.Port())
c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_PORT", "389"))
c.RootCA = "testdata/certs/ca.crt"
c.StartTLS = true
case connectLDAPS:
c.Host = fmt.Sprintf("%s:%s", ip, tlsPort.Port())
c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_TLS_PORT", "636"))
c.RootCA = "testdata/certs/ca.crt"
case connectInsecureSkipVerify:
c.Host = fmt.Sprintf("%s:%s", ip, tlsPort.Port())
c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_TLS_PORT", "636"))
c.InsecureSkipVerify = true
case connectLDAP:
c.Host = fmt.Sprintf("%s:%s", ip, port.Port())
c.Host = fmt.Sprintf("%s:%s", getenv("DEX_LDAP_HOST", "localhost"), getenv("DEX_LDAP_PORT", "389"))
c.InsecureNoSSL = true
}