From 3da1615ddbfcf138115538071df28c00718b36b8 Mon Sep 17 00:00:00 2001
From: Michael Li <michael.li@hashicorp.com>
Date: Tue, 4 Jun 2024 14:24:15 -0400
Subject: [PATCH] test(e2e): Add check for ldap account attribute mapping
 (#4867)

---
 enos/modules/docker_ldap/entries/user.ldif    |  1 +
 .../internal/e2e/tests/base_plus/ldap_test.go | 34 +++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/enos/modules/docker_ldap/entries/user.ldif b/enos/modules/docker_ldap/entries/user.ldif
index f84a8f5884..acecb1c784 100644
--- a/enos/modules/docker_ldap/entries/user.ldif
+++ b/enos/modules/docker_ldap/entries/user.ldif
@@ -3,4 +3,5 @@ objectClass: inetOrgPerson
 cn: ${user_name}
 sn: ${user_name}
 uid: ${user_name}
+mail: ${user_name}@mail.com
 userPassword: ${user_password}
diff --git a/testing/internal/e2e/tests/base_plus/ldap_test.go b/testing/internal/e2e/tests/base_plus/ldap_test.go
index dc0a3f715c..40fb20454c 100644
--- a/testing/internal/e2e/tests/base_plus/ldap_test.go
+++ b/testing/internal/e2e/tests/base_plus/ldap_test.go
@@ -6,6 +6,7 @@ package base_plus_test
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"testing"
 
@@ -51,6 +52,8 @@ func TestCliLdap(t *testing.T) {
 			"-state", "active-public",
 			"-enable-groups=true",
 			"-discover-dn=true",
+			"-account-attribute-map", "cn=fullName",
+			"-account-attribute-map", "mail=email",
 			"-format", "json",
 		),
 		e2e.WithEnv("LDAP_PW", c.LdapAdminPassword),
@@ -85,6 +88,23 @@ func TestCliLdap(t *testing.T) {
 	err = boundary.SetAccountToUserCli(t, ctx, userId, newAccountId)
 	require.NoError(t, err)
 
+	// Read account details. Confirm that account attributes have not loaded
+	// yet. The corresponding user needs to log in first before attributes are
+	// populated
+	output = e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"accounts", "read",
+			"-id", newAccountId,
+			"-format", "json",
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	var readAccountResult accounts.AccountReadResult
+	err = json.Unmarshal(output.Stdout, &readAccountResult)
+	require.NoError(t, err)
+	require.Empty(t, readAccountResult.Item.Attributes["full_name"])
+	require.Empty(t, readAccountResult.Item.Attributes["email"])
+
 	// Try to log in with the wrong password
 	output = e2e.RunCommand(ctx, "boundary",
 		e2e.WithArgs(
@@ -165,6 +185,20 @@ func TestCliLdap(t *testing.T) {
 	err = boundary.AddGrantToRoleCli(t, ctx, roleId, "ids=*;type=auth-method;actions=read")
 	require.NoError(t, err)
 
+	// Check account attributes are populated after user has logged in
+	output = e2e.RunCommand(ctx, "boundary",
+		e2e.WithArgs(
+			"accounts", "read",
+			"-id", newAccountId,
+			"-format", "json",
+		),
+	)
+	require.NoError(t, output.Err, string(output.Stderr))
+	err = json.Unmarshal(output.Stdout, &readAccountResult)
+	require.NoError(t, err)
+	require.Equal(t, c.LdapUserName, readAccountResult.Item.Attributes["full_name"])
+	require.Equal(t, fmt.Sprintf("%s@mail.com", c.LdapUserName), readAccountResult.Item.Attributes["email"])
+
 	// Log in as the LDAP user again
 	output = e2e.RunCommand(ctx, "boundary",
 		e2e.WithArgs(