From cc01a5cfbfedd924487d6fe2d353e702578038e3 Mon Sep 17 00:00:00 2001
From: SIX Douglas <six.douglas@gmail.com>
Date: Mon, 3 Feb 2025 08:02:04 +0100
Subject: [PATCH] feat(LDAP): add integration tests for LDAP Authorization

closes #782
---
 .../kafbat/ui/OpenLdapPIntegrationTest.java   | 21 +++++++------------
 .../test/resources/application-rbac-ldap.yml  |  3 ---
 2 files changed, 7 insertions(+), 17 deletions(-)

diff --git a/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java b/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java
index 07c1790bc..dd38ad825 100644
--- a/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java
+++ b/api/src/test/java/io/kafbat/ui/OpenLdapPIntegrationTest.java
@@ -6,6 +6,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import io.kafbat.ui.api.model.Action;
 import io.kafbat.ui.container.OpenLdapContainer;
 import io.kafbat.ui.model.AuthenticationInfoDTO;
 import io.kafbat.ui.model.ResourceTypeDTO;
@@ -60,26 +61,19 @@ public void testUserPermissions() {
 
     assertNotNull(info);
     assertTrue(info.getRbacEnabled());
-    System.out.println("info = " + info);
     List<UserPermissionDTO> permissions = info.getUserInfo().getPermissions();
     assertFalse(permissions.isEmpty());
     assertTrue(permissions.stream().anyMatch(permission ->
-        permission.getClusters().contains(LOCAL) && permission.getResource() == ResourceTypeDTO.TOPIC));
+        permission.getClusters().contains(LOCAL)
+            && permission.getResource() == ResourceTypeDTO.TOPIC
+            && permission.getActions().stream()
+                .allMatch(action -> Action.fromValue(action.getValue()) != Action.ALL)
+        )
+    );
     assertEquals(permissions, authenticationInfo("johnwick").getUserInfo().getPermissions());
     assertEquals(permissions, authenticationInfo("jacksmith").getUserInfo().getPermissions());
   }
 
-  @Test
-  public void testDirectUserPermissions() {
-    AuthenticationInfoDTO info = authenticationInfo("jacksmith");
-
-    assertNotNull(info);
-    assertTrue(info.getRbacEnabled());
-    System.out.println("info = " + info);
-    List<UserPermissionDTO> permissions = info.getUserInfo().getPermissions();
-    assertFalse(permissions.isEmpty());
-  }
-
   @Test
   public void testEmptyPermissions() {
     assertTrue(Objects.requireNonNull(authenticationInfo("johnjames"))
@@ -123,7 +117,6 @@ public static class Initializer implements ApplicationContextInitializer<Configu
     @Override
     public void initialize(ConfigurableApplicationContext context) {
       System.setProperty("spring.ldap.urls", LDAP_CONTAINER.getLdapUrl());
-      System.setProperty("oauth2.ldap.activeDirectory", "false");
     }
   }
 }
diff --git a/api/src/test/resources/application-rbac-ldap.yml b/api/src/test/resources/application-rbac-ldap.yml
index ee9a6fc6f..76d87529b 100644
--- a/api/src/test/resources/application-rbac-ldap.yml
+++ b/api/src/test/resources/application-rbac-ldap.yml
@@ -6,9 +6,6 @@ spring:
     user-filter-search-base: "dc=kafbat,dc=io"
     user-filter-search-filter: "(&(uid={0})(objectClass=inetOrgPerson))"
     group-filter-search-base: "ou=people,dc=kafbat,dc=io" # required for RBAC
-oauth2:
-  ldap:
-    activeDirectory: false
 logging:
   level:
     root: info