Add uaa client for creating shadow users

svkrieger · svkrieger · commit 3670d31c1228 · 2024-11-28T13:03:20.000+01:00
diff --git a/lib/cloud_controller/config_schemas/base/api_schema.rb b/lib/cloud_controller/config_schemas/base/api_schema.rb
@@ -58,7 +58,14 @@ class ApiSchema < VCAP::Config
               optional(:ca_file) => String,
               :client_timeout => Integer,
               optional(:symmetric_secret) => String,
-              optional(:symmetric_secret2) => String
+              optional(:symmetric_secret2) => String,
+              optional(:clients) => [
+                {
+                  'name' => String,
+                  'id' => String,
+                  'secret' => String
+                }
+              ]
             },
 
             logging: {
diff --git a/lib/cloud_controller/dependency_locator.rb b/lib/cloud_controller/dependency_locator.rb
@@ -288,6 +288,19 @@ def uaa_username_lookup_client
       )
     end
 
+    def uaa_shadow_user_creation_client
+      client = config.get(:uaa, :clients)&.find { |client| client['name'] == 'cloud_controller_shadow_user_creation' }
+
+      return unless client
+
+      UaaClient.new(
+        uaa_target: config.get(:uaa, :internal_url),
+        client_id: client['id'],
+        secret: client['secret'],
+        ca_file: config.get(:uaa, :ca_file)
+      )
+    end
+
     def routing_api_client
       return RoutingApi::DisabledClient.new if config.get(:routing_api).nil?
 
diff --git a/spec/unit/lib/cloud_controller/dependency_locator_spec.rb b/spec/unit/lib/cloud_controller/dependency_locator_spec.rb
@@ -568,4 +568,46 @@
       locator.bbs_task_client
     end
   end
+
+  describe 'uaa_shadow_user_creation_client' do
+    before do
+      TestConfig.override(
+        uaa: {
+          internal_url: 'https:/uaa.local',
+          ca_file: '/var/vcap/uaa.cert',
+          clients: [
+            {
+              'name' => 'cloud_controller_shadow_user_creation',
+              'id' => 'shadow_user_creation_client_id',
+              'secret' => 'shadow_user_creation_client_secret'
+            }
+          ]
+        }
+      )
+    end
+
+    it 'creates a new UAA client' do
+      client = locator.uaa_shadow_user_creation_client
+      expect(client).to be_an_instance_of(VCAP::CloudController::UaaClient)
+      expect(client.uaa_target).to eq('https:/uaa.local')
+      expect(client.ca_file).to eq('/var/vcap/uaa.cert')
+      expect(client.client_id).to eq('shadow_user_creation_client_id')
+      expect(client.secret).to eq('shadow_user_creation_client_secret')
+    end
+
+    context 'when the client does not exist in config' do
+      before do
+        TestConfig.override(
+          uaa: {
+            internal_url: 'https:/uaa.local',
+            ca_file: '/var/vcap/uaa.cert'
+          }
+        )
+      end
+
+      it 'returns nil' do
+        expect(locator.uaa_shadow_user_creation_client).to be_nil
+      end
+    end
+  end
 end
