diff --git a/test/int/federated_auth_test.go b/test/int/federated_auth_test.go index 2bb51cd815..5882d6c0a3 100644 --- a/test/int/federated_auth_test.go +++ b/test/int/federated_auth_test.go @@ -29,6 +29,7 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat var originalIdp *admin.FederationIdentityProvider resourceName := "fed-auth-test" + newRoleMapName := "ako_team" ctx := context.Background() BeforeEach(func() { @@ -78,6 +79,7 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat It("Should be able to update existing Organization's federations settings", func() { By("Creating a FederatedAuthConfig resource", func() { + // Construct list of role mappings from pre-existing configuration atlasRoleMappings := originalConnectedOrgConfig.GetRoleMappings() roles := make([]akov2.RoleMapping, 0, len(atlasRoleMappings)) for i := range atlasRoleMappings { @@ -102,10 +104,11 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat } roles = append(roles, newRole) } + // Add new role mapping roles = append( roles, akov2.RoleMapping{ - ExternalGroupName: "ako_team", + ExternalGroupName: newRoleMapName, RoleAssignments: []akov2.RoleAssignment{ {Role: "ORG_OWNER"}, }, @@ -150,58 +153,15 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat fedAuth.Spec.DomainRestrictionEnabled = &originalConnectedOrgConfig.DomainRestrictionEnabled fedAuth.Spec.SSODebugEnabled = originalIdp.SsoDebugEnabled fedAuth.Spec.PostAuthRoleGrants = originalConnectedOrgConfig.GetPostAuthRoleGrants() - fedAuth.Spec.RoleMappings = nil - - if len(originalConnectedOrgConfig.GetRoleMappings()) > 0 { - GinkgoWriter.Println("HAS ROLE MAPPINGS", len(originalConnectedOrgConfig.GetRoleMappings()), originalConnectedOrgConfig.GetRoleMappings()[0]) - roles := make([]akov2.RoleMapping, len(originalConnectedOrgConfig.GetRoleMappings())) - - for _, roleMapping := range originalConnectedOrgConfig.GetRoleMappings() { - assignments := make([]akov2.RoleAssignment, len(roleMapping.GetRoleAssignments())) - for _, roleAssignment := range roleMapping.GetRoleAssignments() { - var projectName string - - if pID, ok := roleAssignment.GetGroupIdOk(); ok { - project, _, err := atlasClient.ProjectsApi.GetProject(ctx, *pID).Execute() - Expect(err).ToNot(HaveOccurred()) - Expect(project).NotTo(BeNil()) - - projectName = project.GetName() - } - - assignments = append( - assignments, - akov2.RoleAssignment{ - ProjectName: projectName, - Role: roleAssignment.GetRole(), - }, - ) - } - - roles = append( - roles, - akov2.RoleMapping{ - ExternalGroupName: roleMapping.GetExternalGroupName(), - RoleAssignments: assignments, - }, - ) - } - fedAuth.Spec.RoleMappings = roles - } else { - roleMappings, _, err := atlasClient.FederatedAuthenticationApi. - ListRoleMappings(ctx, originalFederationSettings.GetId(), orgID). - Execute() - Expect(err).ToNot(HaveOccurred()) - - for _, roleMapping := range roleMappings.GetResults() { - GinkgoWriter.Println("DELETING ROLE MAPPING", roleMapping.GetId()) - _, err := atlasClient.FederatedAuthenticationApi. - DeleteRoleMapping(ctx, originalFederationSettings.GetId(), roleMapping.GetId(), orgID). - Execute() - Expect(err).ToNot(HaveOccurred()) + // Delete role mapping added for test + roleMappings := make([]akov2.RoleMapping, 0, len(fedAuth.Spec.RoleMappings)) + for _, roleMap := range fedAuth.Spec.RoleMappings { + if roleMap.ExternalGroupName != newRoleMapName { + roleMappings = append(roleMappings, roleMap) } } + fedAuth.Spec.RoleMappings = roleMappings Expect(k8sClient.Update(ctx, fedAuth)).NotTo(HaveOccurred()) })