fix: bind OtOpcUa LdapOptions from real Security:Ldap section; gate validator on DevStubMode
This commit is contained in:
Joseph Doherty
@@ -0,0 +1,62 @@
|
||||
using Microsoft.Extensions.Configuration;
|
||||
using Shouldly;
|
||||
using Xunit;
|
||||
using ZB.MOM.WW.OtOpcUa.Security.Ldap;
|
||||
|
||||
namespace ZB.MOM.WW.OtOpcUa.Host.IntegrationTests;
|
||||
|
||||
/// <summary>
|
||||
/// Regression guard for the LDAP config-section fix. The real config (admin/driver/Development
|
||||
/// overlays) lives under <c>Security:Ldap</c>, and <see cref="LdapOptions.SectionName"/> must point
|
||||
/// there so the configured <c>DevStubMode</c> actually binds. Previously the binders used the
|
||||
/// nonexistent <c>"Ldap"</c>/<c>"Authentication:Ldap"</c> sections, so the dev stub never activated.
|
||||
/// </summary>
|
||||
public sealed class LdapOptionsBindingTests
|
||||
{
|
||||
/// <summary><see cref="LdapOptions.SectionName"/> resolves to the real overlay section.</summary>
|
||||
[Fact]
|
||||
public void SectionName_is_Security_Ldap()
|
||||
{
|
||||
LdapOptions.SectionName.ShouldBe("Security:Ldap");
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Binding from <see cref="LdapOptions.SectionName"/> reads the configured <c>DevStubMode</c>
|
||||
/// from the real <c>Security:Ldap</c> section — proving the dev stub now takes effect.
|
||||
/// </summary>
|
||||
[Fact]
|
||||
public void Binding_from_SectionName_reads_Security_Ldap_DevStubMode()
|
||||
{
|
||||
var configuration = new ConfigurationBuilder()
|
||||
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||
{
|
||||
["Security:Ldap:DevStubMode"] = "true",
|
||||
})
|
||||
.Build();
|
||||
|
||||
var options = configuration.GetSection(LdapOptions.SectionName).Get<LdapOptions>();
|
||||
|
||||
options.ShouldNotBeNull();
|
||||
options.DevStubMode.ShouldBeTrue();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Negative control: binding from the old (nonexistent) <c>"Ldap"</c> section against the same
|
||||
/// <c>Security:Ldap</c> config does NOT pick up <c>DevStubMode</c> — it falls back to the C#
|
||||
/// default (false). This is the pre-fix behaviour the change corrects.
|
||||
/// </summary>
|
||||
[Fact]
|
||||
public void Binding_from_old_Ldap_section_does_not_read_DevStubMode()
|
||||
{
|
||||
var configuration = new ConfigurationBuilder()
|
||||
.AddInMemoryCollection(new Dictionary<string, string?>
|
||||
{
|
||||
["Security:Ldap:DevStubMode"] = "true",
|
||||
})
|
||||
.Build();
|
||||
|
||||
var options = configuration.GetSection("Ldap").Get<LdapOptions>() ?? new LdapOptions();
|
||||
|
||||
options.DevStubMode.ShouldBeFalse();
|
||||
}
|
||||
}
|
||||
@@ -46,6 +46,25 @@ public sealed class LdapOptionsValidatorTests
|
||||
Sut.Validate(null, options).Succeeded.ShouldBeTrue();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// When the dev stub is active the real LDAP fields are irrelevant (the bind is bypassed), so
|
||||
/// the gate skips the Server/SearchBase/Port checks even though LDAP is nominally enabled.
|
||||
/// </summary>
|
||||
[Fact]
|
||||
public void DevStubMode_options_succeed_even_when_server_blank()
|
||||
{
|
||||
var options = new LdapOptions
|
||||
{
|
||||
Enabled = true,
|
||||
DevStubMode = true,
|
||||
Server = string.Empty,
|
||||
SearchBase = string.Empty,
|
||||
Port = 0,
|
||||
};
|
||||
|
||||
Sut.Validate(null, options).Succeeded.ShouldBeTrue();
|
||||
}
|
||||
|
||||
/// <summary>Enabled with a blank server reports the required-server failure.</summary>
|
||||
[Fact]
|
||||
public void Enabled_with_blank_server_fails()
|
||||
|
||||
Reference in New Issue
Block a user