From a2f8d87bfbdf454172c194f59920799c922bbfba Mon Sep 17 00:00:00 2001 From: Elim Tsiagbey Date: Wed, 3 May 2023 09:45:29 -0400 Subject: [PATCH] Add support for setting, adding & deleting LDAP account assoicated to a user (#3198) --- .../controller/handlers/users/user_service.go | 3 ++ .../handlers/users/user_service_test.go | 51 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/internal/daemon/controller/handlers/users/user_service.go b/internal/daemon/controller/handlers/users/user_service.go index 37934e1f77..aa99711611 100644 --- a/internal/daemon/controller/handlers/users/user_service.go +++ b/internal/daemon/controller/handlers/users/user_service.go @@ -720,6 +720,7 @@ func validateAddUserAccountsRequest(req *pbs.AddUserAccountsRequest) error { globals.PasswordAccountPreviousPrefix, globals.PasswordAccountPrefix, globals.OidcAccountPrefix, + globals.LdapAccountPrefix, ) { badFields["account_ids"] = "Values must be valid account ids." break @@ -745,6 +746,7 @@ func validateSetUserAccountsRequest(req *pbs.SetUserAccountsRequest) error { globals.PasswordAccountPreviousPrefix, globals.PasswordAccountPrefix, globals.OidcAccountPrefix, + globals.LdapAccountPrefix, ) { badFields["account_ids"] = "Values must be valid account ids." break @@ -773,6 +775,7 @@ func validateRemoveUserAccountsRequest(req *pbs.RemoveUserAccountsRequest) error globals.PasswordAccountPreviousPrefix, globals.PasswordAccountPrefix, globals.OidcAccountPrefix, + globals.LdapAccountPrefix, ) { badFields["account_ids"] = "Values must be valid account ids." break diff --git a/internal/daemon/controller/handlers/users/user_service_test.go b/internal/daemon/controller/handlers/users/user_service_test.go index 5dbce8447e..9656d29890 100644 --- a/internal/daemon/controller/handlers/users/user_service_test.go +++ b/internal/daemon/controller/handlers/users/user_service_test.go @@ -13,6 +13,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/hashicorp/boundary/globals" + "github.com/hashicorp/boundary/internal/auth/ldap" "github.com/hashicorp/boundary/internal/auth/oidc" "github.com/hashicorp/boundary/internal/auth/password" "github.com/hashicorp/boundary/internal/daemon/controller/auth" @@ -770,6 +771,7 @@ func TestUpdate(t *testing.T) { func TestAddAccount(t *testing.T) { conn, _ := db.TestSetup(t, "postgres") wrap := db.TestWrapper(t) + ctx := context.Background() kmsCache := kms.TestKms(t, conn, wrap) iamRepo := iam.TestRepo(t, conn, wrap) repoFn := func() (*iam.Repository, error) { @@ -798,6 +800,14 @@ func TestAddAccount(t *testing.T) { ) oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject") + ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"}) + ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct", + ldap.WithMemberOfGroups(ctx, "admin"), + ldap.WithFullName(ctx, "test-name"), + ldap.WithEmail(ctx, "test-email"), + ldap.WithDn(ctx, "test-dn"), + ) + addCases := []struct { name string setup func(*iam.User) @@ -817,6 +827,12 @@ func TestAddAccount(t *testing.T) { addAccounts: []string{oidcAcct.GetPublicId()}, resultAccounts: []string{oidcAcct.GetPublicId()}, }, + { + name: "Add ldap account on empty user", + setup: func(u *iam.User) {}, + addAccounts: []string{ldapAcct.GetPublicId()}, + resultAccounts: []string{ldapAcct.GetPublicId()}, + }, { name: "Add account on populated user", setup: func(u *iam.User) { @@ -915,6 +931,7 @@ func TestAddAccount(t *testing.T) { func TestSetAccount(t *testing.T) { conn, _ := db.TestSetup(t, "postgres") wrap := db.TestWrapper(t) + ctx := context.Background() kmsCache := kms.TestKms(t, conn, wrap) iamRepo := iam.TestRepo(t, conn, wrap) repoFn := func() (*iam.Repository, error) { @@ -943,6 +960,14 @@ func TestSetAccount(t *testing.T) { ) oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject") + ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"}) + ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct", + ldap.WithMemberOfGroups(ctx, "admin"), + ldap.WithFullName(ctx, "test-name"), + ldap.WithEmail(ctx, "test-email"), + ldap.WithDn(ctx, "test-dn"), + ) + setCases := []struct { name string setup func(*iam.User) @@ -962,6 +987,12 @@ func TestSetAccount(t *testing.T) { setAccounts: []string{oidcAcct.GetPublicId()}, resultAccounts: []string{oidcAcct.GetPublicId()}, }, + { + name: "Set ldap account on empty user", + setup: func(u *iam.User) {}, + setAccounts: []string{ldapAcct.GetPublicId()}, + resultAccounts: []string{ldapAcct.GetPublicId()}, + }, { name: "Set account on populated user", setup: func(u *iam.User) { @@ -1062,6 +1093,7 @@ func TestSetAccount(t *testing.T) { func TestRemoveAccount(t *testing.T) { conn, _ := db.TestSetup(t, "postgres") wrap := db.TestWrapper(t) + ctx := context.Background() kmsCache := kms.TestKms(t, conn, wrap) iamRepo := iam.TestRepo(t, conn, wrap) repoFn := func() (*iam.Repository, error) { @@ -1090,6 +1122,14 @@ func TestRemoveAccount(t *testing.T) { ) oidcAcct := oidc.TestAccount(t, conn, oidcAm, "test-subject") + ldapAm := ldap.TestAuthMethod(t, conn, databaseWrapper, o.PublicId, []string{"ldaps://ldap1"}) + ldapAcct := ldap.TestAccount(t, conn, ldapAm, "test-acct", + ldap.WithMemberOfGroups(ctx, "admin"), + ldap.WithFullName(ctx, "test-name"), + ldap.WithEmail(ctx, "test-email"), + ldap.WithDn(ctx, "test-dn"), + ) + addCases := []struct { name string setup func(*iam.User) @@ -1136,6 +1176,17 @@ func TestRemoveAccount(t *testing.T) { removeAccounts: []string{accts[1].GetPublicId(), accts[1].GetPublicId()}, resultAccounts: []string{accts[0].GetPublicId()}, }, + { + name: "Remove 1 ldap account of 3 accounts from user", + setup: func(u *iam.User) { + _, err := iamRepo.SetUserAccounts(context.Background(), u.GetPublicId(), u.GetVersion(), + []string{accts[0].GetPublicId(), oidcAcct.GetPublicId(), ldapAcct.GetPublicId()}) + require.NoError(t, err) + u.Version = u.Version + 1 + }, + removeAccounts: []string{ldapAcct.GetPublicId()}, + resultAccounts: []string{accts[0].GetPublicId(), oidcAcct.GetPublicId()}, + }, { name: "Remove all accounts from user", setup: func(u *iam.User) {