aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for setting, adding & deleting LDAP account assoicated to a user (#3198)

Browse Source
jefferai-unsettable-bools
Elim Tsiagbey 3 years ago committed by GitHub
parent e04438b7f8
commit a2f8d87bfb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
internal/daemon/controller/handlers/users/user_service.go
Unescape View File

@ -720,6 +720,7 @@ func validateAddUserAccountsRequest(req *pbs.AddUserAccountsRequest) error {
globals.PasswordAccountPreviousPrefix,
globals.PasswordAccountPrefix,
globals.OidcAccountPrefix,
globals.LdapAccountPrefix,
) {
badFields["account_ids"] = "Values must be valid account ids."
break
@ -745,6 +746,7 @@ func validateSetUserAccountsRequest(req *pbs.SetUserAccountsRequest) error {
globals.PasswordAccountPreviousPrefix,
globals.PasswordAccountPrefix,
globals.OidcAccountPrefix,
globals.LdapAccountPrefix,
) {
badFields["account_ids"] = "Values must be valid account ids."
break
@ -773,6 +775,7 @@ func validateRemoveUserAccountsRequest(req *pbs.RemoveUserAccountsRequest) error
globals.PasswordAccountPreviousPrefix,
globals.PasswordAccountPrefix,
globals.OidcAccountPrefix,
globals.LdapAccountPrefix,
) {
badFields["account_ids"] = "Values must be valid account ids."
break

51
internal/daemon/controller/handlers/users/user_service_test.go
Unescape View File

@ -13,6 +13,7 @@ import (
"github.com/google/go-cmp/cmp"
"github.com/hashicorp/boundary/globals"
"github.com/hashicorp/boundary/internal/auth/ldap"
"github.com/hashicorp/boundary/internal/auth/oidc"
"github.com/hashicorp/boundary/internal/auth/password"
"github.com/hashicorp/boundary/internal/daemon/controller/auth"
@ -770,6 +771,7 @@ func TestUpdate(t *testing.T) {
func TestAddAccount(t *testing.T) {
conn, _ := db.TestSetup(t, "postgres")
wrap := db.TestWrapper(t)
ctx := context.Background()
kmsCache := kms.TestKms(t, conn, wrap)
iamRepo := iam.TestRepo(t, conn, wrap)
repoFn := func() (*iam.Repository, error) {
@ -798,6 +800,14 @@ func TestAddAccount(t *testing.T) {
)
oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject")
ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"})
ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct",
ldap.WithMemberOfGroups(ctx, "admin"),
ldap.WithFullName(ctx, "test-name"),
ldap.WithEmail(ctx, "test-email"),
ldap.WithDn(ctx, "test-dn"),
)
addCases := []struct {
name string
setup func(*iam.User)
@ -817,6 +827,12 @@ func TestAddAccount(t *testing.T) {
addAccounts: []string{oidcAcct.GetPublicId()},
resultAccounts: []string{oidcAcct.GetPublicId()},
},
{
name: "Add ldap account on empty user",
setup: func(u *iam.User) {},
addAccounts: []string{ldapAcct.GetPublicId()},
resultAccounts: []string{ldapAcct.GetPublicId()},
},
{
name: "Add account on populated user",
setup: func(u *iam.User) {
@ -915,6 +931,7 @@ func TestAddAccount(t *testing.T) {
func TestSetAccount(t *testing.T) {
conn, _ := db.TestSetup(t, "postgres")
wrap := db.TestWrapper(t)
ctx := context.Background()
kmsCache := kms.TestKms(t, conn, wrap)
iamRepo := iam.TestRepo(t, conn, wrap)
repoFn := func() (*iam.Repository, error) {
@ -943,6 +960,14 @@ func TestSetAccount(t *testing.T) {
)
oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject")
ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"})
ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct",
ldap.WithMemberOfGroups(ctx, "admin"),
ldap.WithFullName(ctx, "test-name"),
ldap.WithEmail(ctx, "test-email"),
ldap.WithDn(ctx, "test-dn"),
)
setCases := []struct {
name string
setup func(*iam.User)
@ -962,6 +987,12 @@ func TestSetAccount(t *testing.T) {
setAccounts: []string{oidcAcct.GetPublicId()},
resultAccounts: []string{oidcAcct.GetPublicId()},
},
{
name: "Set ldap account on empty user",
setup: func(u *iam.User) {},
setAccounts: []string{ldapAcct.GetPublicId()},
resultAccounts: []string{ldapAcct.GetPublicId()},
},
{
name: "Set account on populated user",
setup: func(u *iam.User) {
@ -1062,6 +1093,7 @@ func TestSetAccount(t *testing.T) {
func TestRemoveAccount(t *testing.T) {
conn, _ := db.TestSetup(t, "postgres")
wrap := db.TestWrapper(t)
ctx := context.Background()
kmsCache := kms.TestKms(t, conn, wrap)
iamRepo := iam.TestRepo(t, conn, wrap)
repoFn := func() (*iam.Repository, error) {
@ -1090,6 +1122,14 @@ func TestRemoveAccount(t *testing.T) {
)
oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject")
ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"})
ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct",
ldap.WithMemberOfGroups(ctx, "admin"),
ldap.WithFullName(ctx, "test-name"),
ldap.WithEmail(ctx, "test-email"),
ldap.WithDn(ctx, "test-dn"),
)
addCases := []struct {
name string
setup func(*iam.User)
@ -1136,6 +1176,17 @@ func TestRemoveAccount(t *testing.T) {
removeAccounts: []string{accts[1].GetPublicId(), accts[1].GetPublicId()},
resultAccounts: []string{accts[0].GetPublicId()},
},
{
name: "Remove 1 ldap account of 3 accounts from user",
setup: func(u *iam.User) {
_, err := iamRepo.SetUserAccounts(context.Background(), u.GetPublicId(), u.GetVersion(),
[]string{accts[0].GetPublicId(), oidcAcct.GetPublicId(), ldapAcct.GetPublicId()})
require.NoError(t, err)
u.Version = u.Version + 1
},
removeAccounts: []string{ldapAcct.GetPublicId()},
resultAccounts: []string{accts[0].GetPublicId(), oidcAcct.GetPublicId()},
},
{
name: "Remove all accounts from user",
setup: func(u *iam.User) {

Write Preview
Loading…
Cancel
Save