github.com/hashicorp/vault/sdk@v0.11.0/helper/ldaputil/config_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package ldaputil 5 6 import ( 7 "encoding/json" 8 "testing" 9 10 "github.com/go-test/deep" 11 "github.com/hashicorp/vault/sdk/framework" 12 ) 13 14 func TestCertificateValidation(t *testing.T) { 15 // certificate should default to "" without error if it doesn't exist 16 config := testConfig(t) 17 if err := config.Validate(); err != nil { 18 t.Fatal(err) 19 } 20 if config.Certificate != "" { 21 t.Fatalf("expected no certificate but received %s", config.Certificate) 22 } 23 24 // certificate should cause an error if a bad one is provided 25 config.Certificate = "cats" 26 if err := config.Validate(); err == nil { 27 t.Fatal("should err due to bad cert") 28 } 29 30 // valid certificates should pass inspection 31 config.Certificate = validCertificate 32 if err := config.Validate(); err != nil { 33 t.Fatal(err) 34 } 35 } 36 37 func TestNewConfigEntry(t *testing.T) { 38 s := &framework.FieldData{Schema: ConfigFields()} 39 config, err := NewConfigEntry(nil, s) 40 if err != nil { 41 t.Fatal("error getting default config") 42 } 43 configFromJSON := testJSONConfig(t, jsonConfigDefault) 44 45 t.Run("equality_check", func(t *testing.T) { 46 if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { 47 t.Fatalf("bad, diff: %#v", diff) 48 } 49 }) 50 } 51 52 func TestConfig(t *testing.T) { 53 config := testConfig(t) 54 configFromJSON := testJSONConfig(t, jsonConfig) 55 56 t.Run("equality_check", func(t *testing.T) { 57 if diff := deep.Equal(config, configFromJSON); len(diff) > 0 { 58 t.Fatalf("bad, diff: %#v", diff) 59 } 60 }) 61 62 t.Run("default_use_token_groups", func(t *testing.T) { 63 if config.UseTokenGroups { 64 t.Errorf("expected false UseTokenGroups but got %t", config.UseTokenGroups) 65 } 66 67 if configFromJSON.UseTokenGroups { 68 t.Errorf("expected false UseTokenGroups from JSON but got %t", configFromJSON.UseTokenGroups) 69 } 70 }) 71 } 72 73 func testConfig(t *testing.T) *ConfigEntry { 74 t.Helper() 75 76 return &ConfigEntry{ 77 Url: "ldap://138.91.247.105", 78 UserDN: "example,com", 79 BindDN: "kitty", 80 BindPassword: "cats", 81 TLSMaxVersion: "tls12", 82 TLSMinVersion: "tls12", 83 RequestTimeout: 30, 84 ConnectionTimeout: 15, 85 ClientTLSCert: "", 86 ClientTLSKey: "", 87 } 88 } 89 90 func testJSONConfig(t *testing.T, rawJson []byte) *ConfigEntry { 91 t.Helper() 92 93 config := new(ConfigEntry) 94 if err := json.Unmarshal(rawJson, config); err != nil { 95 t.Fatal(err) 96 } 97 return config 98 } 99 100 const validCertificate = ` 101 -----BEGIN CERTIFICATE----- 102 MIIF7zCCA9egAwIBAgIJAOY2qjn64Qq5MA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD 103 VQQGEwJVUzEQMA4GA1UECAwHTm93aGVyZTERMA8GA1UEBwwIVGltYnVrdHUxEjAQ 104 BgNVBAoMCVRlc3QgRmFrZTENMAsGA1UECwwETm9uZTEPMA0GA1UEAwwGTm9ib2R5 105 MSUwIwYJKoZIhvcNAQkBFhZkb25vdHRydXN0QG5vd2hlcmUuY29tMB4XDTE4MDQw 106 MzIwNDQwOFoXDTE5MDQwMzIwNDQwOFowgY0xCzAJBgNVBAYTAlVTMRAwDgYDVQQI 107 DAdOb3doZXJlMREwDwYDVQQHDAhUaW1idWt0dTESMBAGA1UECgwJVGVzdCBGYWtl 108 MQ0wCwYDVQQLDAROb25lMQ8wDQYDVQQDDAZOb2JvZHkxJTAjBgkqhkiG9w0BCQEW 109 FmRvbm90dHJ1c3RAbm93aGVyZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw 110 ggIKAoICAQDzQPGErqjaoFcuUV6QFpSMU6w8wO8F0othik+rrlKERmrGonUGsoum 111 WqRe6L4ZnxBvCKB6EWjvf894TXOF2cpUnjDAyBePISyPkRBEJS6VS2SEC4AJzmVu 112 a+P+fZr4Hf7/bEcUr7Ax37yGVZ5i5ByNHgZkBlPxKiGWSmAqIDRZLp9gbu2EkG9q 113 NOjNLPU+QI2ov6U/laGS1vbE2LahTYeT5yscu9LpllxzFv4lM1f4wYEaM3HuOxzT 114 l86cGmEr9Q2N4PZ2T0O/s6D4but7c6Bz2XPXy9nWb5bqu0n5bJEpbRFrkryW1ozh 115 L9uVVz4dyW10pFBJtE42bqA4PRCDQsUof7UfsQF11D1ThrDfKsQa8PxrYdGUHUG9 116 GFF1MdTTwaoT90RI582p+6XYV+LNlXcdfyNZO9bMThu9fnCvT7Ey0TKU4MfPrlfT 117 aIhZmyaHt6mL5p881UPDIvy7paTLgL+C1orLjZAiT//c4Zn+0qG0//Cirxr020UF 118 3YiEFk2H0bBVwOHoOGw4w5HrvLdyy0ZLDSPQbzkSZ0RusHb5TjiyhtTk/h9vvJv7 119 u1fKJub4MzgrBRi16ejFdiWoVuMXRC6fu/ERy3+9DH6LURerbPrdroYypUmTe9N6 120 XPeaF1Tc+WO7O/yW96mV7X/D211qjkOtwboZC5kjogVbaZgGzjHCVwIDAQABo1Aw 121 TjAdBgNVHQ4EFgQU2zWT3HeiMBzusz7AggVqVEL5g0UwHwYDVR0jBBgwFoAU2zWT 122 3HeiMBzusz7AggVqVEL5g0UwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC 123 AgEAwTGcppY86mNRE43uOimeApTfqHJv+lGDTjEoJCZZmzmtxFe6O9+Vk4bH/8/i 124 gVQvqzBpaWXRt9OhqlFMK7OkX4ZvqXmnShmxib1dz1XxGhbwSec9ca8bill59Jqa 125 bIOq2SXVMcFD0GwFxfJRBVzHHuB6AwV9B2QN61zeB1oxNGJrUOo80jVkB7+MWMyD 126 bQqiFCHWGMa6BG4N91KGOTveZCGdBvvVw5j6lt731KjbvL2hB1UHioucOweKLfa4 127 QWDImTEjgV68699wKERNL0DCpeD7PcP/L3SY2RJzdyC1CSR7O8yU4lQK7uZGusgB 128 Mgup+yUaSjxasIqYMebNDDocr5kdwG0+2r2gQdRwc5zLX6YDBn6NLSWjRnY04ZuK 129 P1cF68rWteWpzJu8bmkJ5r2cqskqrnVK+zz8xMQyEaj548Bnt51ARLHOftR9jkSU 130 NJWh7zOLZ1r2UUKdDlrMoh3GQO3rvnCJJ16NBM1dB7TUyhMhtF6UOE62BSKdHtQn 131 d6TqelcRw9WnDsb9IPxRwaXhvGljnYVAgXXlJEI/6nxj2T4wdmL1LWAr6C7DuWGz 132 8qIvxc4oAau4DsZs2+BwolCFtYc98OjWGcBStBfZz/YYXM+2hKjbONKFxWdEPxGR 133 Beq3QOqp2+dga36IzQybzPQ8QtotrpSJ3q82zztEvyWiJ7E= 134 -----END CERTIFICATE----- 135 ` 136 137 var jsonConfig = []byte(`{ 138 "url": "ldap://138.91.247.105", 139 "userdn": "example,com", 140 "binddn": "kitty", 141 "bindpass": "cats", 142 "tls_max_version": "tls12", 143 "tls_min_version": "tls12", 144 "request_timeout": 30, 145 "connection_timeout": 15, 146 "ClientTLSCert": "", 147 "ClientTLSKey": "" 148 }`) 149 150 var jsonConfigDefault = []byte(` 151 { 152 "url": "ldap://127.0.0.1", 153 "userdn": "", 154 "anonymous_group_search": false, 155 "groupdn": "", 156 "groupfilter": "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))", 157 "groupattr": "cn", 158 "upndomain": "", 159 "userattr": "cn", 160 "userfilter": "({{.UserAttr}}={{.Username}})", 161 "certificate": "", 162 "client_tls_cert": "", 163 "client_tsl_key": "", 164 "insecure_tls": false, 165 "starttls": false, 166 "binddn": "", 167 "bindpass": "", 168 "deny_null_bind": true, 169 "discoverdn": false, 170 "tls_min_version": "tls12", 171 "tls_max_version": "tls12", 172 "use_token_groups": false, 173 "use_pre111_group_cn_behavior": null, 174 "username_as_alias": false, 175 "request_timeout": 90, 176 "connection_timeout": 30, 177 "dereference_aliases": "never", 178 "max_page_size": 0, 179 "CaseSensitiveNames": false, 180 "ClientTLSCert": "", 181 "ClientTLSKey": "" 182 } 183 `)