mongodb · s-urbaniak · Mar 18, 2024 · Mar 18, 2024 · Mar 18, 2024
@@ -29,6 +29,7 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
 	var originalIdp *admin.FederationIdentityProvider
 
 	resourceName := "fed-auth-test"
+	newRoleMapName := "ako_team"
 	ctx := context.Background()
 
 	BeforeEach(func() {
@@ -78,6 +79,7 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
 
 	It("Should be able to update existing Organization's federations settings", func() {
 		By("Creating a FederatedAuthConfig resource", func() {
+			// Construct list of role mappings from pre-existing configuration
 			atlasRoleMappings := originalConnectedOrgConfig.GetRoleMappings()
 			roles := make([]akov2.RoleMapping, 0, len(atlasRoleMappings))
 			for i := range atlasRoleMappings {
@@ -102,10 +104,11 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
 				}
 				roles = append(roles, newRole)
 			}
+			// Add new role mapping
 			roles = append(
 				roles,
 				akov2.RoleMapping{
-					ExternalGroupName: "ako_team",
+					ExternalGroupName: newRoleMapName,
 					RoleAssignments: []akov2.RoleAssignment{
 						{Role: "ORG_OWNER"},
 					},
@@ -150,58 +153,15 @@ var _ = Describe("AtlasFederatedAuth test", Label("AtlasFederatedAuth", "federat
 			fedAuth.Spec.DomainRestrictionEnabled = &originalConnectedOrgConfig.DomainRestrictionEnabled
 			fedAuth.Spec.SSODebugEnabled = originalIdp.SsoDebugEnabled
 			fedAuth.Spec.PostAuthRoleGrants = originalConnectedOrgConfig.GetPostAuthRoleGrants()
-			fedAuth.Spec.RoleMappings = nil
-
-			if len(originalConnectedOrgConfig.GetRoleMappings()) > 0 {
-				GinkgoWriter.Println("HAS ROLE MAPPINGS", len(originalConnectedOrgConfig.GetRoleMappings()), originalConnectedOrgConfig.GetRoleMappings()[0])
-				roles := make([]akov2.RoleMapping, len(originalConnectedOrgConfig.GetRoleMappings()))
-
-				for _, roleMapping := range originalConnectedOrgConfig.GetRoleMappings() {
-					assignments := make([]akov2.RoleAssignment, len(roleMapping.GetRoleAssignments()))
-					for _, roleAssignment := range roleMapping.GetRoleAssignments() {
-						var projectName string
-
-						if pID, ok := roleAssignment.GetGroupIdOk(); ok {
-							project, _, err := atlasClient.ProjectsApi.GetProject(ctx, *pID).Execute()
-							Expect(err).ToNot(HaveOccurred())
-							Expect(project).NotTo(BeNil())
-
-							projectName = project.GetName()
-						}
-
-						assignments = append(
-							assignments,
-							akov2.RoleAssignment{
-								ProjectName: projectName,
-								Role:        roleAssignment.GetRole(),
-							},
-						)
-					}
-
-					roles = append(
-						roles,
-						akov2.RoleMapping{
-							ExternalGroupName: roleMapping.GetExternalGroupName(),
-							RoleAssignments:   assignments,
-						},
-					)
-				}
 
-				fedAuth.Spec.RoleMappings = roles
-			} else {
-				roleMappings, _, err := atlasClient.FederatedAuthenticationApi.
-					ListRoleMappings(ctx, originalFederationSettings.GetId(), orgID).
-					Execute()
-				Expect(err).ToNot(HaveOccurred())
-
-				for _, roleMapping := range roleMappings.GetResults() {
-					GinkgoWriter.Println("DELETING ROLE MAPPING", roleMapping.GetId())
-					_, err := atlasClient.FederatedAuthenticationApi.
-						DeleteRoleMapping(ctx, originalFederationSettings.GetId(), roleMapping.GetId(), orgID).
-						Execute()
-					Expect(err).ToNot(HaveOccurred())
+			// Delete role mapping added for test
+			roleMappings := make([]akov2.RoleMapping, 0, len(fedAuth.Spec.RoleMappings))
+			for _, roleMap := range fedAuth.Spec.RoleMappings {
+				if roleMap.ExternalGroupName != newRoleMapName {
+					roleMappings = append(roleMappings, roleMap)
 				}
 			}
+			fedAuth.Spec.RoleMappings = roleMappings
 
 			Expect(k8sClient.Update(ctx, fedAuth)).NotTo(HaveOccurred())
 		})