fix (boundary dev): make the LDAP auth method active-public (#3344)

3 years ago · 723dbdfedf
parent 15e7bbe816
commit 723dbdfedf
5 changed files with 35 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,9 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
  still be accepted for now, up until 0.15.0). In the `ids` field, multiple IDs
  can now be specified in a grant, either via commas (text format) or array
  (JSON format). ([PR](https://github.com/hashicorp/boundary/pull/3263)).
+* dev environment: When running `boundary dev` the initial LDAP auth-method with an
+  ID of `amldap_1234567890` is now in a public-active state, so it will be returned
+  in the response from `boundary auth-methods list`

 ### Deprecations/Changes

--- a/internal/cmd/base/dev.go
+++ b/internal/cmd/base/dev.go
@ -330,6 +330,7 @@ func (b *Server) createInitialLdapAuthMethod(ctx context.Context, host string, p
 		ldap.WithDiscoverDn(ctx),
 		ldap.WithUserDn(ctx, testdirectory.DefaultUserDN),
 		ldap.WithGroupDn(ctx, testdirectory.DefaultGroupDN),
+		ldap.WithOperationalState(ctx, ldap.ActivePublicState),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new in memory ldap auth method: %w", err)
--- a/internal/tests/cli/boundary/_auth.bash
+++ b/internal/tests/cli/boundary/_auth.bash
@ -5,3 +5,9 @@ function login() {
  export BP="${DEFAULT_PASSWORD}"
  boundary authenticate password -auth-method-id $DEFAULT_AMPW -login-name $1 -password env://BP
 }
+
+
+function login_ldap() {
+  export BP="${DEFAULT_PASSWORD}"
+  boundary authenticate ldap -auth-method-id $DEFAULT_AMPW -login-name $1 -password env://BP
+}
--- a/internal/tests/cli/boundary/_helpers.bash
+++ b/internal/tests/cli/boundary/_helpers.bash
@ -15,6 +15,8 @@ export DEFAULT_HOST_CATALOG="${DEFAULT_HOST_CATALOG:-hcst_1234567890}"
 export DEFAULT_HOST="${DEFAULT_HOST:-hst_1234567890}"
 export DEFAULT_USER="${DEFAULT_USER:-u_1234567890}"
 export DEFAULT_UNPRIVILEGED_USER="${DEFAULT_UNPRIVILEGED_USER:-u_0987654321}"
+export DEFAULT_AMLDAP="${DEFAULT_AMLDAP:-amldap_1234567890}"
+

 function strip() {
  echo "$1" | tr -d '"'
--- a/internal/tests/cli/boundary/authenticate.bats
+++ b/internal/tests/cli/boundary/authenticate.bats
@ -0,0 +1,23 @@
+#!/usr/bin/env bats
+
+load _auth
+load _helpers
+load _auth_tokens
+
+export NEW_USER='test'
+
+@test "boundary/authenticate password: can login as unpriv user" {
+  run login $DEFAULT_UNPRIVILEGED_LOGIN
+  [ "$status" -eq 0 ]
+  run logout_cmd
+  [ "$status" -eq 0 ]
+}
+
+@test "boundary/authenticate ldap: can login as unpriv user" {
+  run login_ldap $DEFAULT_UNPRIVILEGED_LOGIN
+  [ "$status" -eq 0 ]
+  run logout_cmd
+  [ "$status" -eq 0 ]
+}
+
+