105 lines
3.2 KiB
Go
105 lines
3.2 KiB
Go
// Copyright 2021 the Pinniped contributors. All Rights Reserved.
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
package upstreamldap
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
ldap "github.com/go-ldap/ldap/v3"
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/stretchr/testify/require"
|
|
"k8s.io/apiserver/pkg/authentication/authenticator"
|
|
"k8s.io/apiserver/pkg/authentication/user"
|
|
|
|
"go.pinniped.dev/internal/mocks/mockldapconn"
|
|
)
|
|
|
|
var (
|
|
upstreamUsername = "some-upstream-username"
|
|
upstreamPassword = "some-upstream-password"
|
|
upstreamGroups = []string{"some-upstream-group-0", "some-upstream-group-1"}
|
|
upstreamUID = "some-upstream-uid"
|
|
)
|
|
|
|
func TestAuthenticateUser(t *testing.T) {
|
|
// Please the linter...
|
|
_ = upstreamGroups
|
|
_ = upstreamUID
|
|
t.Skip("TODO: make me pass!")
|
|
|
|
tests := []struct {
|
|
name string
|
|
provider *Provider
|
|
wantError string
|
|
wantUnauthenticated bool
|
|
wantAuthResponse *authenticator.Response
|
|
}{
|
|
{
|
|
name: "happy path",
|
|
provider: &Provider{
|
|
URL: "ldaps://some-ldap-url:1234",
|
|
BindUsername: upstreamUsername,
|
|
BindPassword: upstreamPassword,
|
|
UserSearch: &UserSearch{
|
|
Base: "some-upstream-base-dn",
|
|
Filter: "some-filter",
|
|
UsernameAttribute: "some-upstream-username-attribute",
|
|
UIDAttribute: "some-upstream-uid-attribute",
|
|
},
|
|
},
|
|
wantAuthResponse: &authenticator.Response{
|
|
User: &user.DefaultInfo{
|
|
Name: upstreamUsername,
|
|
Groups: upstreamGroups,
|
|
UID: upstreamUID,
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, test := range tests {
|
|
test := test
|
|
t.Run(test.name, func(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
t.Cleanup(ctrl.Finish)
|
|
conn := mockldapconn.NewMockConn(ctrl)
|
|
conn.EXPECT().Bind(test.provider.BindUsername, test.provider.BindPassword).Times(1)
|
|
conn.EXPECT().Search(&ldap.SearchRequest{
|
|
BaseDN: test.provider.UserSearch.Base,
|
|
Scope: 99, // TODO: what should this be?
|
|
DerefAliases: 99, // TODO: what should this be?
|
|
SizeLimit: 99,
|
|
TimeLimit: 99, // TODO: what should this be?
|
|
TypesOnly: true, // TODO: what should this be?
|
|
Filter: test.provider.UserSearch.Filter,
|
|
Attributes: []string{}, // TODO: what should this be?
|
|
Controls: []ldap.Control{}, // TODO: what should this be?
|
|
}).Return(&ldap.SearchResult{
|
|
Entries: []*ldap.Entry{
|
|
{
|
|
DN: "", // TODO: what should this be?
|
|
Attributes: []*ldap.EntryAttribute{}, // TODO: what should this be?
|
|
},
|
|
},
|
|
Referrals: []string{}, // TODO: what should this be?
|
|
Controls: []ldap.Control{}, // TODO: what should this be?
|
|
}, nil).Times(1)
|
|
conn.EXPECT().Close().Times(1)
|
|
|
|
test.provider.Dial = func(ctx context.Context, url string) (Conn, error) {
|
|
require.Equal(t, test.provider.URL, url)
|
|
return conn, nil
|
|
}
|
|
|
|
authResponse, authenticated, err := test.provider.AuthenticateUser(context.Background(), upstreamUsername, upstreamPassword)
|
|
if test.wantError != "" {
|
|
require.EqualError(t, err, test.wantError)
|
|
return
|
|
}
|
|
require.Equal(t, !test.wantUnauthenticated, authenticated)
|
|
require.Equal(t, test.wantAuthResponse, authResponse)
|
|
})
|
|
}
|
|
}
|