Skip to content

Commit

Permalink
CLOUDP-236434: Fix role mapping patch in FedAuth (#1434)
Browse files Browse the repository at this point in the history
* Fix role mapping patch in FedAUth

* Fix unit test

* remove focus

* fix import

---------

Co-authored-by: Sergiusz Urbaniak <[email protected]>
  • Loading branch information
helderjs and s-urbaniak authored Mar 12, 2024
1 parent 1dcb87a commit 78466b6
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 2 deletions.
1 change: 0 additions & 1 deletion pkg/api/v1/atlasfederatedauth_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ func (f *AtlasFederatedAuthSpec) ToAtlas(orgID, idpID string, projectNameToID ma
}
atlasRoleMappings = append(atlasRoleMappings, admin.AuthFederationRoleMapping{
ExternalGroupName: roleMapping.ExternalGroupName,
Id: &idpID,
RoleAssignments: &atlasRoleAssignments,
})
}
Expand Down
1 change: 0 additions & 1 deletion pkg/api/v1/atlasfederatedauth_types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,6 @@ func Test_FederatedAuthSpec_ToAtlas(t *testing.T) {
RoleMappings: &[]admin.AuthFederationRoleMapping{
{
ExternalGroupName: spec.RoleMappings[0].ExternalGroupName,
Id: &idpID,
RoleAssignments: &[]admin.RoleAssignment{
{
GroupId: &projectID,
Expand Down
61 changes: 61 additions & 0 deletions test/int/federated_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,15 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
}
roles = append(roles, newRole)
}
roles = append(
roles,
akov2.RoleMapping{
ExternalGroupName: "ako_team",
RoleAssignments: []akov2.RoleAssignment{
{Role: "ORG_OWNER"},
},
},
)

fedAuth := &akov2.AtlasFederatedAuth{
ObjectMeta: metav1.ObjectMeta{
Expand Down Expand Up @@ -141,6 +150,58 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
fedAuth.Spec.DomainRestrictionEnabled = &originalConnectedOrgConfig.DomainRestrictionEnabled
fedAuth.Spec.SSODebugEnabled = originalIdp.SsoDebugEnabled
fedAuth.Spec.PostAuthRoleGrants = originalConnectedOrgConfig.GetPostAuthRoleGrants()
fedAuth.Spec.RoleMappings = nil

if len(originalConnectedOrgConfig.GetRoleMappings()) > 0 {
GinkgoWriter.Println("HAS ROLE MAPPINGS", len(originalConnectedOrgConfig.GetRoleMappings()), originalConnectedOrgConfig.GetRoleMappings()[0])
roles := make([]akov2.RoleMapping, len(originalConnectedOrgConfig.GetRoleMappings()))

for _, roleMapping := range originalConnectedOrgConfig.GetRoleMappings() {
assignments := make([]akov2.RoleAssignment, len(roleMapping.GetRoleAssignments()))
for _, roleAssignment := range roleMapping.GetRoleAssignments() {
var projectName string

if pID, ok := roleAssignment.GetGroupIdOk(); ok {
project, _, err := atlasClient.ProjectsApi.GetProject(ctx, *pID).Execute()
Expect(err).ToNot(HaveOccurred())
Expect(project).NotTo(BeNil())

projectName = project.GetName()
}

assignments = append(
assignments,
akov2.RoleAssignment{
ProjectName: projectName,
Role: roleAssignment.GetRole(),
},
)
}

roles = append(
roles,
akov2.RoleMapping{
ExternalGroupName: roleMapping.GetExternalGroupName(),
RoleAssignments: assignments,
},
)
}

fedAuth.Spec.RoleMappings = roles
} else {
roleMappings, _, err := atlasClient.FederatedAuthenticationApi.
ListRoleMappings(ctx, originalFederationSettings.GetId(), orgID).
Execute()
Expect(err).ToNot(HaveOccurred())

for _, roleMapping := range roleMappings.GetResults() {
GinkgoWriter.Println("DELETING ROLE MAPPING", roleMapping.GetId())
_, err := atlasClient.FederatedAuthenticationApi.
DeleteRoleMapping(ctx, originalFederationSettings.GetId(), roleMapping.GetId(), orgID).
Execute()
Expect(err).ToNot(HaveOccurred())
}
}

Expect(k8sClient.Update(ctx, fedAuth)).NotTo(HaveOccurred())
})
Expand Down

0 comments on commit 78466b6

Please sign in to comment.