BE: RBAC: Add integration test for Active Directory auth

wernerdv · wernerdv · commit 21712c59bd3c · 2025-01-01T23:29:35.000+05:00
update
diff --git a/api/src/test/java/io/kafbat/ui/ActiveDirectoryIntegrationTest.java b/api/src/test/java/io/kafbat/ui/ActiveDirectoryIntegrationTest.java
@@ -2,6 +2,7 @@
 
 import static io.kafbat.ui.AbstractIntegrationTest.LOCAL;
 import static io.kafbat.ui.container.ActiveDirectoryContainer.DOMAIN;
+import static io.kafbat.ui.container.ActiveDirectoryContainer.EMPTY_PERMISSIONS_USER;
 import static io.kafbat.ui.container.ActiveDirectoryContainer.FIRST_USER_WITH_GROUP;
 import static io.kafbat.ui.container.ActiveDirectoryContainer.PASSWORD;
 import static io.kafbat.ui.container.ActiveDirectoryContainer.SECOND_USER_WITH_GROUP;
@@ -67,11 +68,12 @@ public void testUserPermissions() {
     assertTrue(permissions.stream().anyMatch(permission ->
         permission.getClusters().contains(LOCAL) && permission.getResource() == ResourceTypeDTO.TOPIC));
     assertEquals(permissions, authenticationInfo(SECOND_USER_WITH_GROUP).getUserInfo().getPermissions());
+    assertEquals(permissions, authenticationInfo(USER_WITHOUT_GROUP).getUserInfo().getPermissions());
   }
 
   @Test
   public void testEmptyPermissions() {
-    assertTrue(Objects.requireNonNull(authenticationInfo(USER_WITHOUT_GROUP))
+    assertTrue(Objects.requireNonNull(authenticationInfo(EMPTY_PERMISSIONS_USER))
         .getUserInfo()
         .getPermissions()
         .isEmpty()
diff --git a/api/src/test/java/io/kafbat/ui/container/ActiveDirectoryContainer.java b/api/src/test/java/io/kafbat/ui/container/ActiveDirectoryContainer.java
@@ -13,10 +13,12 @@ public class ActiveDirectoryContainer extends GenericContainer<ActiveDirectoryCo
   public static final String FIRST_USER_WITH_GROUP = "JohnDoe";
   public static final String SECOND_USER_WITH_GROUP = "JohnWick";
   public static final String USER_WITHOUT_GROUP = "JackSmith";
+  public static final String EMPTY_PERMISSIONS_USER = "JohnJames";
 
   private static final String DOMAIN_DC = "dc=corp,dc=kafbat,dc=io";
   private static final String GROUP = "group";
-  private static final String TEST_GROUP = "test-AD-Group";
+  private static final String FIRST_GROUP = "firstGroup";
+  private static final String SECOND_GROUP = "secondGroup";
   private static final String DOMAIN_EMAIL = "kafbat.io";
   private static final String SAMBA_TOOL = "samba-tool";
   private static final int LDAP_PORT = 389;
@@ -38,13 +40,15 @@ public ActiveDirectoryContainer() {
   }
 
   protected void containerIsStarted(InspectContainerResponse containerInfo) {
+    createUser(EMPTY_PERMISSIONS_USER);
     createUser(USER_WITHOUT_GROUP);
     createUser(FIRST_USER_WITH_GROUP);
     createUser(SECOND_USER_WITH_GROUP);
 
-    exec(SAMBA_TOOL, GROUP, "add", TEST_GROUP);
-    exec(SAMBA_TOOL, GROUP, "addmembers", TEST_GROUP, FIRST_USER_WITH_GROUP);
-    exec(SAMBA_TOOL, GROUP, "addmembers", TEST_GROUP, SECOND_USER_WITH_GROUP);
+    exec(SAMBA_TOOL, GROUP, "add", FIRST_GROUP);
+    exec(SAMBA_TOOL, GROUP, "add", SECOND_GROUP);
+    exec(SAMBA_TOOL, GROUP, "addmembers", FIRST_GROUP, FIRST_USER_WITH_GROUP);
+    exec(SAMBA_TOOL, GROUP, "addmembers", SECOND_GROUP, SECOND_USER_WITH_GROUP);
   }
 
   public String getLdapUrl() {
diff --git a/api/src/test/resources/application-rbac-ad.yml b/api/src/test/resources/application-rbac-ad.yml
@@ -2,11 +2,19 @@ auth:
   type: LDAP
 rbac:
   roles:
-    - name: "test-AD-Group"
+    - name: "roleName"
       clusters:
         - local
       subjects:
         - provider: ldap_ad
+          type: group
+          value: firstGroup
+        - provider: ldap_ad
+          type: group
+          value: secondGroup
+        - provider: ldap_ad
+          type: user
+          value: JackSmith
       permissions:
         - resource: applicationconfig
           actions: all
