Add tests to check required ldap settings parameters

molotkov-and · Feb 13, 2024 · 372f0f6 · 372f0f6
1 parent 930f62c
commit 372f0f6
Showing 1 changed file with 48 additions and 9 deletions.
diff --git a/ydb/services/ydb/ydb_ldap_login_ut.cpp b/ydb/services/ydb/ydb_ldap_login_ut.cpp
@@ -72,9 +72,29 @@ void InitLdapSettingsWithInvalidFilter(NKikimrProto::TLdapAuthentication* ldapSe
     ldapSettings->SetSearchFilter("&(uid=$username)()");
 }
 
-void InitLdapSettingsWithUnavaliableHost(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
+void InitLdapSettingsWithUnavailableHost(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
     InitLdapSettings(ldapSettings, ldapPort, certificateFile);
-    ldapSettings->SetHost("unavaliablehost");
+    ldapSettings->SetHost("unavailablehost");
+}
+
+void InitLdapSettingsWithEmptyHost(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
+    InitLdapSettings(ldapSettings, ldapPort, certificateFile);
+    ldapSettings->SetHost("");
+}
+
+void InitLdapSettingsWithEmptyBaseDn(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
+    InitLdapSettings(ldapSettings, ldapPort, certificateFile);
+    ldapSettings->SetBaseDn("");
+}
+
+void InitLdapSettingsWithEmptyBindDn(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
+    InitLdapSettings(ldapSettings, ldapPort, certificateFile);
+    ldapSettings->SetBindDn("");
+}
+
+void InitLdapSettingsWithEmptyBindPassword(NKikimrProto::TLdapAuthentication* ldapSettings, ui16 ldapPort, TTempFileHandle& certificateFile) {
+    InitLdapSettings(ldapSettings, ldapPort, certificateFile);
+    ldapSettings->SetBindPassword("");
 }
 
 class TLoginClientConnection {
@@ -233,25 +253,44 @@ Y_UNIT_TEST_SUITE(TGRpcLdapAuthentication) {
         ldapServer.Stop();
     }
 
-    Y_UNIT_TEST(LdapAuthServerIsUnavaliable) {
+    void CheckRequiredLdapSettings(std::function<void(NKikimrProto::TLdapAuthentication*, ui16, TTempFileHandle&)> initLdapSettings, const TString& expectedErrorMessage) {
         TString login = "ldapuser";
         TString password = "ldapUserPassword";
 
-        TLoginClientConnection loginConnection(InitLdapSettingsWithUnavaliableHost);
+        TLoginClientConnection loginConnection(initLdapSettings);
         LdapMock::TLdapMockResponses responses;
         LdapMock::TLdapSimpleServer ldapServer(loginConnection.GetLdapPort(), responses);
 
         auto factory = CreateLoginCredentialsProviderFactory({.User = login + "@ldap", .Password = password});
         auto loginProvider = factory->CreateProvider(loginConnection.GetCoreFacility());
-        TString expectedErrorMessage = "Could not start TLS\nCan't contact LDAP server";
         UNIT_ASSERT_EXCEPTION_CONTAINS(loginProvider->GetAuthInfo(), yexception, expectedErrorMessage);
 
         loginConnection.Stop();
         ldapServer.Stop();
     }
 
+    Y_UNIT_TEST(LdapAuthServerIsUnavailable) {
+        CheckRequiredLdapSettings(InitLdapSettingsWithUnavailableHost, "Could not start TLS\nCan't contact LDAP server");
+    }
+
+    Y_UNIT_TEST(LdapAuthSettingsWithEmptyHost) {
+        CheckRequiredLdapSettings(InitLdapSettingsWithEmptyHost, "Ldap server host is empty");
+    }
+
+    Y_UNIT_TEST(LdapAuthSettingsWithEmptyBaseDn) {
+        CheckRequiredLdapSettings(InitLdapSettingsWithEmptyBaseDn, "Parameter BaseDn is empty");
+    }
+
+    Y_UNIT_TEST(LdapAuthSettingsWithEmptyBindDn) {
+        CheckRequiredLdapSettings(InitLdapSettingsWithEmptyBindDn, "Parameter BindDn is empty");
+    }
+
+    Y_UNIT_TEST(LdapAuthSettingsWithEmptyBindPassword) {
+        CheckRequiredLdapSettings(InitLdapSettingsWithEmptyBindPassword, "Parameter BindPassword is empty");
+    }
+
     Y_UNIT_TEST(LdapAuthWithInvalidLogin) {
-        TString nonExistenUser = "nonexistenldapuser";
+        TString nonExistentUser = "nonexistentldapuser";
         TString password = "ldapUserPassword";
 
         LdapMock::TLdapMockResponses responses;
@@ -262,7 +301,7 @@ Y_UNIT_TEST_SUITE(TGRpcLdapAuthentication) {
                 .BaseDn = "dc=search,dc=yandex,dc=net",
                 .Scope = 2,
                 .DerefAliases = 0,
-                .Filter = {.Type = LdapMock::EFilterType::LDAP_FILTER_EQUALITY, .Attribute = "uid", .Value = nonExistenUser},
+                .Filter = {.Type = LdapMock::EFilterType::LDAP_FILTER_EQUALITY, .Attribute = "uid", .Value = nonExistentUser},
                 .Attributes = {"1.1"}
             }
         };
@@ -276,9 +315,9 @@ Y_UNIT_TEST_SUITE(TGRpcLdapAuthentication) {
         TLoginClientConnection loginConnection(InitLdapSettings);
         LdapMock::TLdapSimpleServer ldapServer(loginConnection.GetLdapPort(), responses);
 
-        auto factory = CreateLoginCredentialsProviderFactory({.User = nonExistenUser + "@ldap", .Password = password});
+        auto factory = CreateLoginCredentialsProviderFactory({.User = nonExistentUser + "@ldap", .Password = password});
         auto loginProvider = factory->CreateProvider(loginConnection.GetCoreFacility());
-        TString expectedErrorMessage = "LDAP user " + nonExistenUser + " does not exist. LDAP search for filter uid=" + nonExistenUser + " on server localhost return no entries";
+        TString expectedErrorMessage = "LDAP user " + nonExistentUser + " does not exist. LDAP search for filter uid=" + nonExistentUser + " on server localhost return no entries";
         UNIT_ASSERT_EXCEPTION_CONTAINS(loginProvider->GetAuthInfo(), yexception, expectedErrorMessage);
 
         loginConnection.Stop();