test(e2e): Add check for ldap account attribute mapping (#4867)

2 years ago · 3da1615ddb
parent 61db074b1e
commit 3da1615ddb
2 changed files with 35 additions and 0 deletions
--- a/enos/modules/docker_ldap/entries/user.ldif
+++ b/enos/modules/docker_ldap/entries/user.ldif
@ -3,4 +3,5 @@ objectClass: inetOrgPerson
 cn: ${user_name}
 sn: ${user_name}
 uid: ${user_name}
+mail: ${user_name}@mail.com
 userPassword: ${user_password}
--- a/testing/internal/e2e/tests/base_plus/ldap_test.go
+++ b/testing/internal/e2e/tests/base_plus/ldap_test.go
@ -6,6 +6,7 @@ package base_plus_test
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"testing"

@ -51,6 +52,8 @@ func TestCliLdap(t *testing.T) {
 			"-state", "active-public",
 			"-enable-groups=true",
 			"-discover-dn=true",
+			"-account-attribute-map", "cn=fullName",
+			"-account-attribute-map", "mail=email",
 			"-format", "json",
 		),
 		e2e.WithEnv("LDAP_PW", c.LdapAdminPassword),
@ -85,6 +88,23 @@ func TestCliLdap(t *testing.T) {
 	err = boundary.SetAccountToUserCli(t, ctx, userId, newAccountId)
 	require.NoError(t, err)

+	// Read account details. Confirm that account attributes have not loaded
+	// yet. The corresponding user needs to log in first before attributes are
+	// populated
+	output = e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"accounts", "read",
+			"-id", newAccountId,
+			"-format", "json",
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var readAccountResult accounts.AccountReadResult
+	err = json.Unmarshal(output.Stdout, &readAccountResult)
+	require.NoError(t, err)
+	require.Empty(t, readAccountResult.Item.Attributes["full_name"])
+	require.Empty(t, readAccountResult.Item.Attributes["email"])
+
 	// Try to log in with the wrong password
 	output = e2e.RunCommand(ctx, "boundary",
 		e2e.WithArgs(
@ -165,6 +185,20 @@ func TestCliLdap(t *testing.T) {
 	err = boundary.AddGrantToRoleCli(t, ctx, roleId, "ids=*;type=auth-method;actions=read")
 	require.NoError(t, err)

+	// Check account attributes are populated after user has logged in
+	output = e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"accounts", "read",
+			"-id", newAccountId,
+			"-format", "json",
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	err = json.Unmarshal(output.Stdout, &readAccountResult)
+	require.NoError(t, err)
+	require.Equal(t, c.LdapUserName, readAccountResult.Item.Attributes["full_name"])
+	require.Equal(t, fmt.Sprintf("%s@mail.com", c.LdapUserName), readAccountResult.Item.Attributes["email"])
+
 	// Log in as the LDAP user again
 	output = e2e.RunCommand(ctx, "boundary",
 		e2e.WithArgs(