github.com/greenpau/go-authcrunch@v1.1.4/pkg/ids/config_test.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package ids 16 17 import ( 18 "fmt" 19 "github.com/google/go-cmp/cmp" 20 "github.com/greenpau/go-authcrunch/internal/tests" 21 "github.com/greenpau/go-authcrunch/pkg/errors" 22 "testing" 23 ) 24 25 func TestNewIdentityStoreConfig(t *testing.T) { 26 testcases := []struct { 27 name string 28 storeName string 29 kind string 30 params map[string]interface{} 31 want string 32 shouldErr bool 33 err error 34 }{ 35 { 36 name: "test local identity store", 37 storeName: "default", 38 kind: "local", 39 params: map[string]interface{}{ 40 "path": "foo", 41 "realm": "local", 42 }, 43 want: `{ 44 "kind": "local", 45 "name": "default", 46 "params": { 47 "path":"foo", 48 "realm":"local" 49 } 50 }`, 51 }, 52 { 53 name: "test ldap identity store", 54 storeName: "contoso.com", 55 kind: "ldap", 56 params: map[string]interface{}{ 57 "realm": "contoso.com", 58 "bind_password": "P@ssW0rd123", 59 "bind_username": "CN=authzsvc,OU=Service Accounts,OU=Administrative Accounts,DC=CONTOSO,DC=COM", 60 "search_base_dn": "DC=CONTOSO,DC=COM", 61 "search_user_filter": "(&(|(sAMAccountName=%s)(mail=%s))(objectclass=user))", 62 "attributes": map[string]interface{}{ 63 "email": "mail", 64 "member_of": "memberOf", 65 "name": "givenName", 66 "surname": "sn", 67 "username": "sAMAccountName", 68 }, 69 "servers": []map[string]interface{}{ 70 { 71 "address": "ldaps://ldaps.contoso.com", 72 "ignore_cert_errors": true, 73 }, 74 }, 75 "groups": []map[string]interface{}{ 76 { 77 "dn": "CN=Admins,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 78 "roles": []string{"admin"}, 79 }, 80 { 81 "dn": "CN=Editors,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 82 "roles": []string{"editor"}, 83 }, 84 { 85 "dn": "CN=Viewers,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 86 "roles": []string{"viewer"}, 87 }, 88 }, 89 }, 90 want: `{ 91 "name": "contoso.com", 92 "kind": "ldap", 93 "params": { 94 "attributes": { 95 "email": "mail", 96 "member_of": "memberOf", 97 "name": "givenName", 98 "surname": "sn", 99 "username": "sAMAccountName" 100 }, 101 "bind_password": "P@ssW0rd123", 102 "bind_username": "CN=authzsvc,OU=Service Accounts,OU=Administrative Accounts,DC=CONTOSO,DC=COM", 103 "groups": [ 104 { 105 "dn": "CN=Admins,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 106 "roles": ["admin"] 107 }, 108 { 109 "dn": "CN=Editors,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 110 "roles": ["editor"] 111 }, 112 { 113 "dn": "CN=Viewers,OU=Security,OU=Groups,DC=CONTOSO,DC=COM", 114 "roles": ["viewer"] 115 } 116 ], 117 "realm": "contoso.com", 118 "search_base_dn": "DC=CONTOSO,DC=COM", 119 "search_user_filter": "(&(|(sAMAccountName=%s)(mail=%s))(objectclass=user))", 120 "servers": [ 121 { 122 "address": "ldaps://ldaps.contoso.com", 123 "ignore_cert_errors": true 124 } 125 ] 126 } 127 }`, 128 }, 129 { 130 name: "test config validation error", 131 storeName: "default", 132 kind: "local", 133 params: map[string]interface{}{ 134 "realm": "local", 135 }, 136 shouldErr: true, 137 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 138 fmt.Errorf("required field %q not found", "path"), 139 ), 140 }, 141 { 142 name: "test config validation error with empty name", 143 kind: "local", 144 params: map[string]interface{}{ 145 "realm": "local", 146 }, 147 shouldErr: true, 148 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 149 "empty identity store name", 150 ), 151 }, 152 { 153 name: "test config validation error with unsupported store kind", 154 storeName: "default", 155 kind: "foobar", 156 params: map[string]interface{}{ 157 "realm": "local", 158 }, 159 shouldErr: true, 160 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 161 "unsupported identity store type foobar", 162 ), 163 }, 164 { 165 name: "test config validation error with empty store kind", 166 storeName: "default", 167 params: map[string]interface{}{ 168 "realm": "local", 169 }, 170 shouldErr: true, 171 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 172 "empty identity store type", 173 ), 174 }, 175 { 176 name: "test config validation error with nil params", 177 storeName: "default", 178 kind: "local", 179 params: map[string]interface{}{}, 180 shouldErr: true, 181 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 182 "empty identity store parameters", 183 ), 184 }, 185 { 186 name: "test config validation error with unsupported param field", 187 storeName: "default", 188 kind: "local", 189 params: map[string]interface{}{ 190 "path": "foo", 191 "realm": "local", 192 "foo": "bar", 193 }, 194 shouldErr: true, 195 err: errors.ErrIdentityStoreConfigInvalid.WithArgs( 196 fmt.Errorf("found unsupported %q field", "foo"), 197 ), 198 }, 199 } 200 for _, tc := range testcases { 201 t.Run(tc.name, func(t *testing.T) { 202 cfg, err := NewIdentityStoreConfig(tc.storeName, tc.kind, tc.params) 203 if err != nil { 204 if !tc.shouldErr { 205 t.Fatalf("expected success, got: %v", err) 206 } 207 if diff := cmp.Diff(err.Error(), tc.err.Error()); diff != "" { 208 t.Fatalf("unexpected error: %v, want: %v", err, tc.err) 209 } 210 return 211 } 212 if tc.shouldErr { 213 t.Fatalf("unexpected success, want: %v", tc.err) 214 } 215 got := tests.Unpack(t, cfg) 216 want := tests.Unpack(t, tc.want) 217 218 if diff := cmp.Diff(want, got); diff != "" { 219 t.Logf("JSON: %v", tests.UnpackJSON(t, got)) 220 t.Errorf("NewIdentityStoreConfig() mismatch (-want +got):\n%s", diff) 221 } 222 }) 223 } 224 }