feat: add fail-fast LDAP options validation in OtOpcUa via ZB.MOM.WW.Configuration

2026-06-01 18:32:44 -04:00
parent 0cbb82e466
commit f35ebd7aaf
4 changed files with 116 additions and 1 deletions
@@ -0,0 +1,84 @@
+using Shouldly;
+using Xunit;
+using ZB.MOM.WW.OtOpcUa.Host.Configuration;
+using ZB.MOM.WW.OtOpcUa.Security.Ldap;
+
+namespace ZB.MOM.WW.OtOpcUa.Host.IntegrationTests;
+
+/// <summary>
+/// Task 3 — verifies the net-new <see cref="LdapOptionsValidator"/> (built on the shared
+/// <c>ZB.MOM.WW.Configuration</c> <c>OptionsValidatorBase</c>/<c>ValidationBuilder</c>) gates on
+/// <see cref="LdapOptions.Enabled"/>, and that when enabled it requires <c>Server</c>,
+/// <c>SearchBase</c>, and a valid <c>Port</c>. Failure messages carry the real <c>"Ldap:"</c>
+/// section prefix so they read correctly when surfaced at host startup.
+/// </summary>
+public sealed class LdapOptionsValidatorTests
+{
+    private static readonly LdapOptionsValidator Sut = new();
+
+    /// <summary>Valid enabled options pass validation.</summary>
+    [Fact]
+    public void Valid_enabled_options_succeed()
+    {
+        var options = new LdapOptions
+        {
+            Enabled = true,
+            Server = "ldap",
+            SearchBase = "dc=x",
+            Port = 389,
+        };
+
+        Sut.Validate(null, options).Succeeded.ShouldBeTrue();
+    }
+
+    /// <summary>When LDAP is disabled all checks are skipped, so a blank config still passes.</summary>
+    [Fact]
+    public void Disabled_options_succeed_even_when_blank()
+    {
+        var options = new LdapOptions
+        {
+            Enabled = false,
+            Server = string.Empty,
+            SearchBase = string.Empty,
+            Port = 0,
+        };
+
+        Sut.Validate(null, options).Succeeded.ShouldBeTrue();
+    }
+
+    /// <summary>Enabled with a blank server reports the required-server failure.</summary>
+    [Fact]
+    public void Enabled_with_blank_server_fails()
+    {
+        var options = new LdapOptions
+        {
+            Enabled = true,
+            Server = string.Empty,
+            SearchBase = "dc=x",
+            Port = 389,
+        };
+
+        var result = Sut.Validate(null, options);
+
+        result.Failed.ShouldBeTrue();
+        result.Failures.ShouldContain("Ldap:Server is required when LDAP login is enabled.");
+    }
+
+    /// <summary>Enabled with port 0 reports the port-range failure using the shared primitive wording.</summary>
+    [Fact]
+    public void Enabled_with_zero_port_fails()
+    {
+        var options = new LdapOptions
+        {
+            Enabled = true,
+            Server = "ldap",
+            SearchBase = "dc=x",
+            Port = 0,
+        };
+
+        var result = Sut.Validate(null, options);
+
+        result.Failed.ShouldBeTrue();
+        result.Failures.ShouldContain("Ldap:Port must be between 1 and 65535 (was 0)");
+    }
+}