seawinde commented on code in PR #63411:
URL: https://github.com/apache/doris/pull/63411#discussion_r3309743644
##########
fe/fe-core/src/test/java/org/apache/doris/mysql/authenticate/ldap/LdapManagerTest.java:
##########
@@ -74,4 +100,23 @@ public void testCheckUserPasswd() {
mockClient(true, false);
Assert.assertFalse(ldapManager.checkUserPasswd(USER2, "123"));
}
+
+ @Test
+ public void testGetUserInfoWithLdapDefaultRoles() {
+ LdapManager ldapManager = new LdapManager();
+ Deencapsulation.setField(ldapManager, "ldapClient", ldapClient);
+ LdapConfig.ldap_default_roles = new String[] {LDAP_DEFAULT_ROLE,
MISSING_LDAP_DEFAULT_ROLE};
+ Role ldapGroupRole = new Role(LDAP_GROUP_ROLE);
+ Role ldapDefaultRole = new Role(LDAP_DEFAULT_ROLE);
+ mockClient(true, true, new
ArrayList<>(Arrays.asList(LDAP_GROUP_ROLE)));
+ try (MockedStatic<Env> envMockedStatic =
Mockito.mockStatic(Env.class)) {
+ mockAuth(envMockedStatic, ldapGroupRole, ldapDefaultRole);
+
+ LdapUserInfo ldapUserInfo = ldapManager.getUserInfo(USER1);
+ Assert.assertNotNull(ldapUserInfo);
+ Assert.assertTrue(ldapUserInfo.getRoles().contains(ldapGroupRole));
Review Comment:
This test currently verifies the unconditional additive behavior: the user
has an LDAP group role and still receives ldap_default_roles. If default roles
are intended as a fallback only when no LDAP group role is found, this
expectation should be changed. It would be better to add separate cases
for: LDAP group role exists -> no default role; no effective LDAP group role ->
default role is added.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
