From 4fe852421a1aa34ab18161a3e2d39e32d67d9dd0 Mon Sep 17 00:00:00 2001
From: Guillaume Perrin <guillaume28.perrin@gmail.com>
Date: Fri, 19 Apr 2024 11:36:36 +0200
Subject: [PATCH] Add test where ldap port is disable

Signed-off-by: Guillaume Perrin <guillaume28.perrin@gmail.com>
---
 .bin/disableLdapPort.yaml | 25 +++++++++++++++++++++++++
 .bin/simpleUser.ldif      | 12 ++++++++++++
 .github/workflows/ci.yml  | 18 ++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 .bin/disableLdapPort.yaml
 create mode 100644 .bin/simpleUser.ldif

diff --git a/.bin/disableLdapPort.yaml b/.bin/disableLdapPort.yaml
new file mode 100644
index 0000000..6f3d70c
--- /dev/null
+++ b/.bin/disableLdapPort.yaml
@@ -0,0 +1,25 @@
+logLevel: debug
+resources:
+  limits:
+    cpu: "128m"
+    memory: "64Mi"
+replicaCount: 3
+customLdifFiles:
+  00-root.ldif: |-
+    # Root creation
+    dn: dc=example,dc=org
+    objectClass: dcObject
+    objectClass: organization
+    o: Example, Inc
+service:
+  enableLdapPort: false
+  sslLdapPortNodePort: 30636
+  type: NodePort
+initTLSSecret:
+  tls_enabled: true
+  image:
+    registry: docker.io
+    repository: alpine/openssl
+    tag: latest
+    pullPolicy: IfNotPresent
+  secret: "custom-cert"
diff --git a/.bin/simpleUser.ldif b/.bin/simpleUser.ldif
new file mode 100644
index 0000000..7a55f0d
--- /dev/null
+++ b/.bin/simpleUser.ldif
@@ -0,0 +1,12 @@
+dn: cn=Jean Dupond,dc=example,dc=org
+cn: Jean Dupond
+gidnumber: 500
+givenname: Jean
+homedirectory: /home/users/jdupond
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: Dupond
+uid: jdupond
+uidnumber: 1000
+userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2006670..7d671ca 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -105,6 +105,24 @@ jobs:
            LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=singlenode,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=singlenode,dc=org' > /tmp/test-single-node.txt
            cat /tmp/test-single-node.txt
            if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi
+      - name: deploy openldap-stack-ha-disable-ldap-port
+        shell: bash
+        run: |
+          helm delete openldap-stack-ha
+          cd "$GITHUB_WORKSPACE"
+          kubectl -n no-ldap-port create secret generic custom-cert --from-file=./tls.crt --from-file=./tls.key --from-file=./ca.crt
+          helm install openldap-stack-ha -n no-ldap-port --create-namespace -f .bin/disbaleLdpaPort.yaml .
+          kubectl rollout status sts openldap-stack-ha -n no-ldap-port
+      - name: verify no ldap port deployment
+        shell: bash
+        run: |
+           echo "test access to openldap database"
+           sudo apt-get install -y ldap-utils
+           echo "Write test to openldap database"
+           LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/simpleUser.ldif
+           LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt
+           cat /tmp/test-write.txt
+           if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 3 ]; then exit 1 ; fi