From 723dbdfedfc2ebfa9c3cf4205ea8234a47d87b84 Mon Sep 17 00:00:00 2001
From: Jim <jlambert@hashicorp.com>
Date: Tue, 20 Jun 2023 13:56:20 -0400
Subject: [PATCH] fix (boundary dev): make the LDAP auth method active-public
 (#3344)

---
 CHANGELOG.md                                  |  3 +++
 internal/cmd/base/dev.go                      |  1 +
 internal/tests/cli/boundary/_auth.bash        |  6 +++++
 internal/tests/cli/boundary/_helpers.bash     |  2 ++
 internal/tests/cli/boundary/authenticate.bats | 23 +++++++++++++++++++
 5 files changed, 35 insertions(+)
 create mode 100644 internal/tests/cli/boundary/authenticate.bats

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbd9937ff2..bb1ff6e1d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,9 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   still be accepted for now, up until 0.15.0). In the `ids` field, multiple IDs
   can now be specified in a grant, either via commas (text format) or array
   (JSON format). ([PR](https://github.com/hashicorp/boundary/pull/3263)).
+* dev environment: When running `boundary dev` the initial LDAP auth-method with an
+  ID of `amldap_1234567890` is now in a public-active state, so it will be returned
+  in the response from `boundary auth-methods list`
 
 ### Deprecations/Changes
 
diff --git a/internal/cmd/base/dev.go b/internal/cmd/base/dev.go
index 51c92b8868..75b5218a30 100644
--- a/internal/cmd/base/dev.go
+++ b/internal/cmd/base/dev.go
@@ -330,6 +330,7 @@ func (b *Server) createInitialLdapAuthMethod(ctx context.Context, host string, p
 		ldap.WithDiscoverDn(ctx),
 		ldap.WithUserDn(ctx, testdirectory.DefaultUserDN),
 		ldap.WithGroupDn(ctx, testdirectory.DefaultGroupDN),
+		ldap.WithOperationalState(ctx, ldap.ActivePublicState),
 	)
 	if err != nil {
 		return nil, fmt.Errorf("error creating new in memory ldap auth method: %w", err)
diff --git a/internal/tests/cli/boundary/_auth.bash b/internal/tests/cli/boundary/_auth.bash
index e23642def1..d95d146b3b 100644
--- a/internal/tests/cli/boundary/_auth.bash
+++ b/internal/tests/cli/boundary/_auth.bash
@@ -5,3 +5,9 @@ function login() {
   export BP="${DEFAULT_PASSWORD}"
   boundary authenticate password -auth-method-id $DEFAULT_AMPW -login-name $1 -password env://BP
 }
+
+
+function login_ldap() {
+  export BP="${DEFAULT_PASSWORD}"
+  boundary authenticate ldap -auth-method-id $DEFAULT_AMPW -login-name $1 -password env://BP
+}
diff --git a/internal/tests/cli/boundary/_helpers.bash b/internal/tests/cli/boundary/_helpers.bash
index aa1badb685..9598d6d43d 100644
--- a/internal/tests/cli/boundary/_helpers.bash
+++ b/internal/tests/cli/boundary/_helpers.bash
@@ -15,6 +15,8 @@ export DEFAULT_HOST_CATALOG="${DEFAULT_HOST_CATALOG:-hcst_1234567890}"
 export DEFAULT_HOST="${DEFAULT_HOST:-hst_1234567890}"
 export DEFAULT_USER="${DEFAULT_USER:-u_1234567890}"
 export DEFAULT_UNPRIVILEGED_USER="${DEFAULT_UNPRIVILEGED_USER:-u_0987654321}"
+export DEFAULT_AMLDAP="${DEFAULT_AMLDAP:-amldap_1234567890}"
+
 
 function strip() {
   echo "$1" | tr -d '"'
diff --git a/internal/tests/cli/boundary/authenticate.bats b/internal/tests/cli/boundary/authenticate.bats
new file mode 100644
index 0000000000..c9ec53d549
--- /dev/null
+++ b/internal/tests/cli/boundary/authenticate.bats
@@ -0,0 +1,23 @@
+#!/usr/bin/env bats
+
+load _auth
+load _helpers
+load _auth_tokens
+
+export NEW_USER='test'
+
+@test "boundary/authenticate password: can login as unpriv user" {
+  run login $DEFAULT_UNPRIVILEGED_LOGIN
+  [ "$status" -eq 0 ]
+  run logout_cmd
+  [ "$status" -eq 0 ]
+}
+
+@test "boundary/authenticate ldap: can login as unpriv user" {
+  run login_ldap $DEFAULT_UNPRIVILEGED_LOGIN
+  [ "$status" -eq 0 ]
+  run logout_cmd
+  [ "$status" -eq 0 ]
+}
+
+