feat(LDAP): add integration tests for LDAP Authorization

closes #782
kafbat · Feb 3, 2025 · cc01a5c · cc01a5c
1 parent a1c83b8
commit cc01a5c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 17 deletions.
diff --git a/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java b/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java
@@ -6,6 +6,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import io.kafbat.ui.api.model.Action;
 import io.kafbat.ui.container.OpenLdapContainer;
 import io.kafbat.ui.model.AuthenticationInfoDTO;
 import io.kafbat.ui.model.ResourceTypeDTO;
@@ -60,26 +61,19 @@ public void testUserPermissions() {
 
     assertNotNull(info);
     assertTrue(info.getRbacEnabled());
-    System.out.println("info = " + info);
     List<UserPermissionDTO> permissions = info.getUserInfo().getPermissions();
     assertFalse(permissions.isEmpty());
     assertTrue(permissions.stream().anyMatch(permission ->
-        permission.getClusters().contains(LOCAL) && permission.getResource() == ResourceTypeDTO.TOPIC));
+        permission.getClusters().contains(LOCAL)
+            && permission.getResource() == ResourceTypeDTO.TOPIC
+            && permission.getActions().stream()
+                .allMatch(action -> Action.fromValue(action.getValue()) != Action.ALL)
+        )
+    );
     assertEquals(permissions, authenticationInfo("johnwick").getUserInfo().getPermissions());
     assertEquals(permissions, authenticationInfo("jacksmith").getUserInfo().getPermissions());
   }
 
-  @Test
-  public void testDirectUserPermissions() {
-    AuthenticationInfoDTO info = authenticationInfo("jacksmith");
-
-    assertNotNull(info);
-    assertTrue(info.getRbacEnabled());
-    System.out.println("info = " + info);
-    List<UserPermissionDTO> permissions = info.getUserInfo().getPermissions();
-    assertFalse(permissions.isEmpty());
-  }
-
   @Test
   public void testEmptyPermissions() {
     assertTrue(Objects.requireNonNull(authenticationInfo("johnjames"))
@@ -123,7 +117,6 @@ public static class Initializer implements ApplicationContextInitializer<Configu
     @Override
     public void initialize(ConfigurableApplicationContext context) {
       System.setProperty("spring.ldap.urls", LDAP_CONTAINER.getLdapUrl());
-      System.setProperty("oauth2.ldap.activeDirectory", "false");
     }
   }
 }
diff --git a/api/src/test/resources/application-rbac-ldap.yml b/api/src/test/resources/application-rbac-ldap.yml
@@ -6,9 +6,6 @@ spring:
     user-filter-search-base: "dc=kafbat,dc=io"
     user-filter-search-filter: "(&(uid={0})(objectClass=inetOrgPerson))"
     group-filter-search-base: "ou=people,dc=kafbat,dc=io" # required for RBAC
-oauth2:
-  ldap:
-    activeDirectory: false
 logging:
   level:
     root: info