Add auth provider init generic table validation tests, move openldap …

…to its own package under provider

tests/v2/validation/auth/openldap.go → tests/v2/validation/auth/provider/openldap/openldap.go

@@ -1,4 +1,4 @@
-package auth
+package openldap
 
 import (
 	"context"

tests/v2/validation/auth/openldap_test.go → tests/v2/validation/auth/provider/openldap/openldap_test.go

@@ -1,16 +1,14 @@
-package auth
+package openldap
 
 import (
 	"testing"
 
 	"github.com/rancher/shepherd/clients/rancher"
 	v1 "github.com/rancher/shepherd/clients/rancher/v1"
-	"github.com/rancher/shepherd/extensions/auth"
 	"github.com/rancher/shepherd/pkg/session"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
-
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -38,30 +36,24 @@ func (o *OLDAPTestSuite) TestEnableOLDAP() {
 	subSession := o.session.NewSession()
 	defer subSession.Cleanup()
 
-	client, err := o.client.WithSession(subSession)
-	require.NoError(o.T(), err)
-
-	a, err := auth.NewAuth(client, subSession)
+	err := o.client.Auth.OLDAP.Enable()
 	require.NoError(o.T(), err)
 
-	err = a.OLDAP.Enable()
+	ldapConfig, err := o.client.Management.AuthConfig.ByID("openldap")
 	require.NoError(o.T(), err)
 
-	ldapConfig, err := client.Management.AuthConfig.ByID("openldap")
-	require.NoError(o.T(), err)
-
-	assert.Truef(o.T(), ldapConfig.Enabled, "Checking if Open LDAP is enabled")
+	assert.Truef(o.T(), ldapConfig.Enabled, "Checking if Open LDAP has enabled")
 
 	assert.Equalf(o.T(), authProvCleanupAnnotationValUnlocked, ldapConfig.Annotations[authProvCleanupAnnotationKey], "Checking if annotation set to unlocked for LDAP Auth Config")
 
-	passwordSecretResp, err := client.Steve.SteveType("secret").ByID(passwordSecretID)
+	passwordSecretResp, err := o.client.Steve.SteveType("secret").ByID(passwordSecretID)
 	assert.NoErrorf(o.T(), err, "Checking open LDAP config secret for service account password exists")
 
 	passwordSecret := &corev1.Secret{}
 	err = v1.ConvertToK8sType(passwordSecretResp.JSONResp, passwordSecret)
 	require.NoError(o.T(), err)
 
-	assert.Equal(o.T(), a.OLDAP.Config.ServiceAccount.Password, string(passwordSecret.Data["serviceaccountpassword"]), "Checking if serviceaccountpassword value is equal to the given")
+	assert.Equal(o.T(), o.client.Auth.OLDAP.Config.ServiceAccount.Password, string(passwordSecret.Data["serviceaccountpassword"]), "Checking if serviceaccountpassword value is equal to the given")
 }
 
 func (o *OLDAPTestSuite) TestDisableOLDAP() {
@@ -71,10 +63,7 @@ func (o *OLDAPTestSuite) TestDisableOLDAP() {
 	client, err := o.client.WithSession(subSession)
 	require.NoError(o.T(), err)
 
-	a, err := auth.NewAuth(client, subSession)
-	require.NoError(o.T(), err)
-
-	err = a.OLDAP.Disable()
+	err = o.client.Auth.OLDAP.Disable()
 	require.NoError(o.T(), err)
 
 	ldapConfig, err := waitUntilAnnotationIsUpdated(client)

tests/v2/validation/auth/provider/provider.go

@@ -0,0 +1,90 @@
+package provider
+
+import (
+	"context"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/rancher/shepherd/clients/rancher"
+	"github.com/rancher/shepherd/clients/rancher/auth"
+	v3 "github.com/rancher/shepherd/clients/rancher/generated/management/v3"
+	"github.com/stretchr/testify/require"
+	kwait "k8s.io/apimachinery/pkg/util/wait"
+)
+
+const ConfigurationFileKey = "authInput"
+
+type User struct {
+	Username string `json:"username,omitempty" yaml:"username,omitempty"`
+	Password string `json:"password,omitempty" yaml:"password,omitempty"`
+}
+
+type AuthConfig struct {
+	Group             string `json:"group,omitempty" yaml:"group,omitempty"`
+	Users             []User `json:"users,omitempty" yaml:"users,omitempty"`
+	NestedGroup       string `json:"nestedGroup,omitempty" yaml:"nestedGroup,omitempty"`
+	NestedUsers       []User `json:"nestedUsers,omitempty" yaml:"nestedUsers,omitempty"`
+	DoubleNestedGroup string `json:"doubleNestedGroup,omitempty" yaml:"doubleNestedGroup,omitempty"`
+	DoubleNestedUsers []User `json:"doubleNestedUsers,omitempty" yaml:"doubleNestedUsers,omitempty"`
+}
+
+const (
+	passwordSecretID                     = "cattle-global-data/openldapconfig-serviceaccountpassword"
+	authProvCleanupAnnotationKey         = "management.cattle.io/auth-provider-cleanup"
+	authProvCleanupAnnotationValLocked   = "rancher-locked"
+	authProvCleanupAnnotationValUnlocked = "unlocked"
+)
+
+func waitUntilAnnotationIsUpdated(client *rancher.Client) (*v3.AuthConfig, error) {
+	ldapConfig, err := client.Management.AuthConfig.ByID("openldap")
+	if err != nil {
+		return nil, err
+	}
+
+	err = kwait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, 2*time.Minute, true, func(context.Context) (bool, error) {
+		newLDAPConfig, err := client.Management.AuthConfig.ByID("openldap")
+		if err != nil {
+			return false, nil
+		}
+
+		if ldapConfig.Annotations[authProvCleanupAnnotationKey] != newLDAPConfig.Annotations[authProvCleanupAnnotationKey] {
+			ldapConfig = newLDAPConfig
+			return true, nil
+		}
+
+		return false, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return ldapConfig, err
+}
+
+var userEnabled = true
+
+func login(client *rancher.Client, authProvider auth.Provider, user *v3.User) (*rancher.Client, error) {
+	user.Enabled = &userEnabled
+	return client.AsAuthUser(user, authProvider)
+}
+
+func newPrincipalID(authConfigID, principalType, name, searchBase string) string {
+	return fmt.Sprintf("%v_%v://cn=%v,ou=%vs,%v", authConfigID, principalType, name, principalType, searchBase)
+}
+
+func newWithAccessMode(t *testing.T, client *rancher.Client, authConfigID, accessMode string, allowedPrincipalIDs []string) (existing, updates *v3.AuthConfig) {
+	t.Helper()
+
+	existing, err := client.Management.AuthConfig.ByID(authConfigID)
+	require.NoError(t, err)
+
+	updates = existing
+	updates.AccessMode = accessMode
+
+	if allowedPrincipalIDs != nil {
+		updates.AllowedPrincipalIDs = allowedPrincipalIDs
+	}
+
+	return
+}