opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-08-02 18:23:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

SSO: Add more LDAP config validations for SSO settings (#90036)

Browse Source 
add more LDAP config validations for SSO settings
This commit is contained in:
Mihai Doarna
2024-07-05 10:48:34 +03:00
committed by GitHub
parent f337da8e57
commit e7780c9c9c
2 changed files with 160 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
pkg/services/ldap/service/ldap_test.go
View File

@ -314,7 +314,21 @@ func TestValidate(t *testing.T) {
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
"min_tls_version": "TLS1.3",
"tls_ciphers": []string{"TLS_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
"group_mappings": []any{
map[string]any{
"group_dn": "cn=admins,ou=groups,dc=grafana,dc=org",
"grafana_admin": true,
},
map[string]any{
"group_dn": "cn=users,ou=groups,dc=grafana,dc=org",
"org_role": "Editor",
},
},
},
},
},
@ -376,10 +390,14 @@ func TestValidate(t *testing.T) {
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
},
map[string]any{
"port": 123,
"port": 123,
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
},
},
},
@ -388,6 +406,116 @@ func TestValidate(t *testing.T) {
isValid: false,
containsError: "no host configured",
},
{
description: "validation fails if search filter is not configured",
settings: models.SSOSettings{
Provider: "ldap",
Settings: map[string]any{
"enabled": true,
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"search_base_dns": []string{"dc=grafana,dc=org"},
},
},
},
},
},
isValid: false,
containsError: "no search filter",
},
{
description: "validation fails if search base DN is not configured",
settings: models.SSOSettings{
Provider: "ldap",
Settings: map[string]any{
"enabled": true,
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
},
},
},
},
},
isValid: false,
containsError: "no search base DN",
},
{
description: "validation fails if min TLS version is invalid",
settings: models.SSOSettings{
Provider: "ldap",
Settings: map[string]any{
"enabled": true,
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
"min_tls_version": "TLS5.18",
},
},
},
},
},
isValid: false,
containsError: "invalid min TLS version",
},
{
description: "validation fails if TLS cyphers are invalid",
settings: models.SSOSettings{
Provider: "ldap",
Settings: map[string]any{
"enabled": true,
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
"tls_ciphers": []string{"TLS_AES_128_GCM_SHA256", "invalid-tls-cypher"},
},
},
},
},
},
isValid: false,
containsError: "invalid TLS ciphers",
},
{
description: "validation fails if a group mapping contains no organization role",
settings: models.SSOSettings{
Provider: "ldap",
Settings: map[string]any{
"enabled": true,
"config": map[string]any{
"servers": []any{
map[string]any{
"host": "127.0.0.1",
"search_filter": "(cn=%s)",
"search_base_dns": []string{"dc=grafana,dc=org"},
"group_mappings": []any{
map[string]any{
"group_dn": "cn=admins,ou=groups,dc=grafana,dc=org",
"org_role": "Admin",
"grafana_admin": true,
},
map[string]any{
"group_dn": "cn=users,ou=groups,dc=grafana,dc=org",
},
},
},
},
},
},
},
isValid: false,
containsError: "organization role",
},
}
for _, tt := range testCases {