Adding integration test for ActiveDirectoryDomain

jenkinsci · Oct 1, 2024 · d0e482f · d0e482f
1 parent 4862027
commit d0e482f
Show file tree

Hide file tree

Showing 8 changed files with 362 additions and 2 deletions.
diff --git a/src/test/java/hudson/plugins/active_directory/ActiveDirectoryDomainIntegrationTest.java b/src/test/java/hudson/plugins/active_directory/ActiveDirectoryDomainIntegrationTest.java
@@ -0,0 +1,159 @@
+package hudson.plugins.active_directory;
+
+import org.htmlunit.FailingHttpStatusCodeException;
+import org.htmlunit.html.HtmlButton;
+import org.htmlunit.html.HtmlElement;
+import org.htmlunit.html.HtmlForm;
+import org.htmlunit.html.HtmlInput;
+import org.htmlunit.html.HtmlPage;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.jvnet.hudson.test.FlagRule;
+import org.jvnet.hudson.test.JenkinsRule;
+import org.jvnet.hudson.test.recipes.LocalData;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+
+public class ActiveDirectoryDomainIntegrationTest {
+	@Rule
+	public JenkinsRule jenkins = new JenkinsRule();
+
+	@Rule
+	public ExpectedException thrown = ExpectedException.none();
+
+	@ClassRule
+	public static FlagRule<String> fipsSystemPropertyRule =
+			FlagRule.systemProperty("jenkins.security.FIPS140.COMPLIANCE", "true");
+
+
+	/**
+	 * Tests the behavior of the "Test Domain" button when a short password is configured.
+	 *
+	 * <p>For the preconfigured value, the password is "small" in the local data.
+	 * When the "Test Domain" button is clicked, the page should display an error message
+	 * indicating that the password is too short, along with an "angry Jenkins" error message.</p>
+	 *
+	 */
+	@LocalData
+	@Test
+	public void testActiveDirectoryDomainTestDomainButtonClickWithShortPassword() throws Exception {
+		JenkinsRule.WebClient webClient = jenkins.createWebClient();
+		// Navigate to the configuration page
+		HtmlPage configPage = webClient.goTo("configureSecurity");
+		HtmlForm form = configPage.getFormByName("config");
+
+		//Check that the password is too short message is present
+		assertTrue(form.asNormalizedText().contains(Messages.passwordTooShortFIPS()));
+
+		// Click the "Test Domain" button
+		HtmlPage resultPage = getButtonByText(form, "Test Domain").click();
+
+		webClient.waitForBackgroundJavaScript(2000); // Wait for up to 5 seconds
+
+		String responseContent = resultPage.asNormalizedText();
+		// Assert that the error message is present in the page content
+		assertTrue(responseContent.contains("A problem occurred while processing the request"));
+
+		//Check that the password is too short message is present
+		assertTrue(responseContent.contains(Messages.passwordTooShortFIPS()));
+	}
+
+	/**
+	 * Tests the behavior of the "Save" button when a short password is configured.
+	 *
+	 * <p>For the preconfigured value, the password is "small" in the local data.
+	 * When the "Save" button is clicked, an exception is expected because the password
+	 * does not meet the minimum length requirement.</p>
+	 *
+	 */
+	@LocalData
+	@Test
+	public void testActiveDirectoryDomainSaveButtonClick() throws Exception {
+		JenkinsRule.WebClient webClient = jenkins.createWebClient();
+		// Navigate to the configuration page
+		HtmlPage configPage = webClient.goTo("configureSecurity");
+		HtmlForm form = configPage.getFormByName("config");
+
+		//Check that the password is too short message is present
+		assertTrue(form.asNormalizedText().contains(Messages.passwordTooShortFIPS()));
+
+		// Expect FailingHttpStatusCodeException
+		thrown.expect(FailingHttpStatusCodeException.class);
+
+		// Find the "Submit" button and click it
+		getButtonByText(form, "Save").click();
+	}
+
+	/**
+	 * Tests the behavior of the "Save" button when a short password is configured.
+	 *
+	 * <p>For the preconfigured value, the password is "small" in the local data.
+	 * When the "Apply" button is clicked, an exception is expected because the password
+	 * does not meet the minimum length requirement.</p>
+	 *
+	 */
+	@LocalData
+	@Test
+	public void testActiveDirectoryDomainApplyButtonClick() throws Exception {
+		JenkinsRule.WebClient webClient = jenkins.createWebClient();
+		// Navigate to the configuration page
+		HtmlPage configPage = webClient.goTo("configureSecurity");
+		HtmlForm form = configPage.getFormByName("config");
+
+		//Check that the password is too short message is present
+		assertTrue(form.asNormalizedText().contains(Messages.passwordTooShortFIPS()));
+
+		// Expect FailingHttpStatusCodeException
+		thrown.expect(FailingHttpStatusCodeException.class);
+
+		// Find the "Apply" button and click it
+		getButtonByText(form, "Apply").click();
+	}
+
+	/**
+	 * Tests the behavior of the "Apply" button when a valid password is initially configured. then updated to a
+	 * short password
+	 *
+	 * <p>For the preconfigured value, the password is "samell" in the local data.
+	 * When the "Apply" button is clicked, an exception is expected because the password
+	 * does not meet the minimum length requirement.</p>
+	 *
+	 */
+	@LocalData
+	@Test
+	public void testActiveDirectoryDomainSettingShortPassword() throws Exception {
+		JenkinsRule.WebClient webClient = jenkins.createWebClient();
+		// Navigate to the configuration page
+		HtmlPage configPage = webClient.goTo("configureSecurity");
+		HtmlForm form = configPage.getFormByName("config");
+
+		//Since password is valid is should not contain password too short message
+		assertFalse(form.asNormalizedText().contains(Messages.passwordTooShortFIPS()));
+		//Since password is valid, it should not throw exception oon clicking apply
+		assertEquals(200, getButtonByText(form, "Apply").click().getWebResponse().getStatusCode());
+
+		// Find the binf password filed and set an invalid password
+		HtmlInput bindPasswordField = form.getInputByName("_.bindPassword");
+		bindPasswordField.setValueAttribute("small"); // Replace with your password value
+
+		// Expect FailingHttpStatusCodeException
+		thrown.expect(FailingHttpStatusCodeException.class);
+
+		// Find the "Submit" button and click it
+		getButtonByText(form, "Apply").click();
+	}
+
+	private HtmlButton getButtonByText(HtmlForm form, String text) throws Exception {
+		for (HtmlElement e : form.getElementsByTagName("button")) {
+			if (e.getTextContent().contains(text)) {
+				return ((HtmlButton) e);
+			}
+		}
+		throw new AssertionError(String.format("Button [%s] not found", text));
+	}
+
+}
diff --git a/.../plugins/active_directory/ActiveDirectoryJCasCCompatibilityFIPSModeShortPasswordTest.java b/.../plugins/active_directory/ActiveDirectoryJCasCCompatibilityFIPSModeShortPasswordTest.java
@@ -30,6 +30,7 @@ public class ActiveDirectoryJCasCCompatibilityFIPSModeShortPasswordTest {
     @Test
     public void checkOfIncorrectConfigurationsWithShortPasswordInFIPSMode() throws IOException {
         thrown.expect(IllegalStateException.class);
+        thrown.expectMessage(Messages.passwordTooShortFIPS());
 
         String resourcePath = "configuration-as-code-fips-short-password.yaml";
         String resourceContent = this.getResourceContent(resourcePath);

diff --git a/.../plugins/active_directory/ActiveDirectoryJCasCCompatibilityFIPSModeValidPasswordTest.java b/.../plugins/active_directory/ActiveDirectoryJCasCCompatibilityFIPSModeValidPasswordTest.java
@@ -28,7 +28,7 @@ protected void assertConfiguredAsExpected(RestartableJenkinsRule restartableJenk
         assertEquals("admin", domain.bindName);
         assertEquals("ad1.acme.com:123,ad2.acme.com:456", domain.servers);
         assertEquals("site", domain.getSite());
-        assertEquals("S3cur3P@ssw0rd!", domain.getBindPassword().getPlainText());  // check for valid password
+        assertEquals("veryLargePassword", domain.getBindPassword().getPlainText());  // check for valid password
         assertEquals(TlsConfiguration.JDK_TRUSTSTORE, domain.getTlsConfiguration());
 
         assertEquals(2, realm.getEnvironmentProperties().size());

diff --git a/...ActiveDirectoryDomainIntegrationTest/testActiveDirectoryDomainApplyButtonClick/config.xml b/...ActiveDirectoryDomainIntegrationTest/testActiveDirectoryDomainApplyButtonClick/config.xml
@@ -0,0 +1,50 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="[email protected]">
+    <domains>
+      <hudson.plugins.active__directory.ActiveDirectoryDomain>
+        <name>samdom.example.com</name>
+        <bindName>CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com</bindName>
+        <bindPassword>small</bindPassword>
+        <tlsConfiguration>TRUST_ALL_CERTIFICATES</tlsConfiguration>
+        <internalUsersDatabase>admin</internalUsersDatabase>
+      </hudson.plugins.active__directory.ActiveDirectoryDomain>
+    </domains>
+    <startTls>true</startTls>
+    <groupLookupStrategy>RECURSIVE</groupLookupStrategy>
+    <removeIrrelevantGroups>false</removeIrrelevantGroups>
+    <internalUsersDatabase>
+      <jenkinsInternalUser>admin</jenkinsInternalUser>
+    </internalUsersDatabase>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>-1</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
diff --git a/.../ActiveDirectoryDomainIntegrationTest/testActiveDirectoryDomainSaveButtonClick/config.xml b/.../ActiveDirectoryDomainIntegrationTest/testActiveDirectoryDomainSaveButtonClick/config.xml
@@ -0,0 +1,50 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="[email protected]">
+    <domains>
+      <hudson.plugins.active__directory.ActiveDirectoryDomain>
+        <name>samdom.example.com</name>
+        <bindName>CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com</bindName>
+        <bindPassword>small</bindPassword>
+        <tlsConfiguration>TRUST_ALL_CERTIFICATES</tlsConfiguration>
+        <internalUsersDatabase>admin</internalUsersDatabase>
+      </hudson.plugins.active__directory.ActiveDirectoryDomain>
+    </domains>
+    <startTls>true</startTls>
+    <groupLookupStrategy>RECURSIVE</groupLookupStrategy>
+    <removeIrrelevantGroups>false</removeIrrelevantGroups>
+    <internalUsersDatabase>
+      <jenkinsInternalUser>admin</jenkinsInternalUser>
+    </internalUsersDatabase>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>-1</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
diff --git a/...veDirectoryDomainIntegrationTest/testActiveDirectoryDomainSettingShortPassword/config.xml b/...veDirectoryDomainIntegrationTest/testActiveDirectoryDomainSettingShortPassword/config.xml
@@ -0,0 +1,50 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="[email protected]">
+    <domains>
+      <hudson.plugins.active__directory.ActiveDirectoryDomain>
+        <name>samdom.example.com</name>
+        <bindName>CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com</bindName>
+        <bindPassword>verylargepassword12345</bindPassword>
+        <tlsConfiguration>TRUST_ALL_CERTIFICATES</tlsConfiguration>
+        <internalUsersDatabase>admin</internalUsersDatabase>
+      </hudson.plugins.active__directory.ActiveDirectoryDomain>
+    </domains>
+    <startTls>true</startTls>
+    <groupLookupStrategy>RECURSIVE</groupLookupStrategy>
+    <removeIrrelevantGroups>false</removeIrrelevantGroups>
+    <internalUsersDatabase>
+      <jenkinsInternalUser>admin</jenkinsInternalUser>
+    </internalUsersDatabase>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>-1</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
diff --git a/...ntegrationTest/testActiveDirectoryDomainTestDomainButtonClickWithShortPassword/config.xml b/...ntegrationTest/testActiveDirectoryDomainTestDomainButtonClickWithShortPassword/config.xml
@@ -0,0 +1,50 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<hudson>
+  <disabledAdministrativeMonitors/>
+  <version>1.0</version>
+  <numExecutors>2</numExecutors>
+  <mode>NORMAL</mode>
+  <useSecurity>true</useSecurity>
+  <authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>
+  <securityRealm class="hudson.plugins.active_directory.ActiveDirectorySecurityRealm" plugin="[email protected]">
+    <domains>
+      <hudson.plugins.active__directory.ActiveDirectoryDomain>
+        <name>samdom.example.com</name>
+        <bindName>CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com</bindName>
+        <bindPassword>small</bindPassword>
+        <tlsConfiguration>TRUST_ALL_CERTIFICATES</tlsConfiguration>
+        <internalUsersDatabase>admin</internalUsersDatabase>
+      </hudson.plugins.active__directory.ActiveDirectoryDomain>
+    </domains>
+    <startTls>true</startTls>
+    <groupLookupStrategy>RECURSIVE</groupLookupStrategy>
+    <removeIrrelevantGroups>false</removeIrrelevantGroups>
+    <internalUsersDatabase>
+      <jenkinsInternalUser>admin</jenkinsInternalUser>
+    </internalUsersDatabase>
+  </securityRealm>
+  <disableRememberMe>false</disableRememberMe>
+  <projectNamingStrategy class="jenkins.model.ProjectNamingStrategy$DefaultProjectNamingStrategy"/>
+  <workspaceDir>${ITEM_ROOTDIR}/workspace</workspaceDir>
+  <buildsDir>${ITEM_ROOTDIR}/builds</buildsDir>
+  <markupFormatter class="hudson.markup.EscapedMarkupFormatter"/>
+  <jdks/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <myViewsTabBar class="hudson.views.DefaultMyViewsTabBar"/>
+  <clouds/>
+  <scmCheckoutRetryCount>0</scmCheckoutRetryCount>
+  <views>
+    <hudson.model.AllView>
+      <owner class="hudson" reference="../../.."/>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+    </hudson.model.AllView>
+  </views>
+  <primaryView>All</primaryView>
+  <slaveAgentPort>-1</slaveAgentPort>
+  <label></label>
+  <nodeProperties/>
+  <globalNodeProperties/>
+</hudson>
diff --git a/.../resources/hudson/plugins/active_directory/configuration-as-code-fips-valid-password.yaml b/.../resources/hudson/plugins/active_directory/configuration-as-code-fips-valid-password.yaml
@@ -7,7 +7,7 @@ jenkins:
       customDomain: true
       domains:
         - bindName: "admin"
-          bindPassword: "S3cur3P@ssw0rd!"  # Updated to a stronger password
+          bindPassword: "veryLargePassword"
           name: "acme"
           servers: "ad1.acme.com:123,ad2.acme.com:456"
           site: "site"