CLOUDP-246401: Add dbusers e2e test as we have IDPs now (#2913)

blva · web-flow · commit b2cc7471206c · 2024-05-01T16:27:15.000+01:00
diff --git a/build/ci/evergreen.yml b/build/ci/evergreen.yml
@@ -84,6 +84,7 @@ functions:
           - E2E_TIMEOUT
           - E2E_SERVERLESS_INSTANCE_NAME
           - E2E_PARALLEL
+          - IDENTITY_PROVIDER_ID
           - revision
         env:
           <<: *go_env
@@ -218,6 +219,7 @@ tasks:
           MCLI_OPS_MANAGER_URL: ${mcli_ops_manager_url}
           MCLI_SERVICE: cloud
           E2E_TAGS: atlas,generic
+          IDENTITY_PROVIDER_ID: ${identity_provider_id}
   - name: atlas_gov_generic_e2e
     tags: ["e2e","generic","atlas"]
     must_have_test_results: true
@@ -236,6 +238,7 @@ tasks:
           MCLI_OPS_MANAGER_URL: ${mcli_cloud_gov_ops_manager_url}
           MCLI_SERVICE: cloudgov
           E2E_TAGS: atlas,generic
+          IDENTITY_PROVIDER_ID: ${identity_provider_id}
   # This is all about cluster which tends to be slow to get a healthy one
   - name: atlas_clusters_flags_e2e
     tags: ["e2e","clusters","atlas"]
diff --git a/docs/command/atlas-dbusers-create.txt b/docs/command/atlas-dbusers-create.txt
@@ -14,7 +14,7 @@ atlas dbusers create
 
 Create a database user for your project.
 
-If you set --ldapType, --x509Type, and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
+If you set --ldapType, --x509Type, --oidcType and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
 
 To use this command, you must authenticate with a user account or an API key with the Project Owner role.
 
diff --git a/internal/cli/dbusers/create.go b/internal/cli/dbusers/create.go
@@ -83,7 +83,7 @@ func (opts *CreateOpts) isOIDCSet() bool {
 }
 
 func (opts *CreateOpts) isExternal() bool {
-	return opts.isX509Set() || opts.isAWSIAMSet() || opts.isLDAPSet() || opts.isOIDCSet()
+	return opts.isX509Set() || opts.isAWSIAMSet() || opts.isLDAPSet()
 }
 
 func (opts *CreateOpts) initStore(ctx context.Context) func() error {
@@ -144,7 +144,7 @@ func (opts *CreateOpts) newDatabaseUser() *atlasv2.CloudDatabaseUser {
 }
 
 func (opts *CreateOpts) Prompt() error {
-	if opts.isExternal() || opts.password != "" {
+	if opts.isExternal() || opts.isOIDCSet() || opts.password != "" {
 		return nil
 	}
 
@@ -197,7 +197,7 @@ func CreateBuilder() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "create [builtInRole]...",
 		Short: "Create a database user for your project.",
-		Long: `If you set --ldapType, --x509Type, and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
+		Long: `If you set --ldapType, --x509Type, --oidcType and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
 
 ` + fmt.Sprintf(usage.RequiredRole, "Project Owner"),
 		Example: `  # Create an Atlas database admin user named myAdmin for the project with ID 5e2211c17a3e5a48f5497de3:
diff --git a/test/e2e/atlas/dbusers_test.go b/test/e2e/atlas/dbusers_test.go
@@ -133,6 +133,10 @@ func TestDBUsersWithStdin(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
+	idpID, _ := os.LookupEnv("IDENTITY_PROVIDER_ID")
+	require.NotEmpty(t, idpID)
+	oidcUsername := idpID + "/" + username
+
 	cliPath, err := e2e.AtlasCLIBin()
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@@ -156,8 +160,24 @@ func TestDBUsersWithStdin(t *testing.T) {
 		testCreateUserCmd(t, cmd, username)
 	})
 
+	t.Run("Create OIDC user", func(t *testing.T) {
+		cmd := exec.Command(cliPath,
+			dbusersEntity,
+			"create",
+			"atlasAdmin",
+			"--username", oidcUsername,
+			"--oidcType",
+			"IDP_GROUP",
+			"--scope", scopeClusterDataLake,
+			"-o=json",
+		)
+
+		testCreateUserCmd(t, cmd, oidcUsername)
+	})
+
 	t.Run("Describe", func(t *testing.T) {
 		testDescribeUser(t, cliPath, username)
+		testDescribeUser(t, cliPath, oidcUsername)
 	})
 
 	t.Run("Update", func(t *testing.T) {
@@ -176,6 +196,7 @@ func TestDBUsersWithStdin(t *testing.T) {
 
 	t.Run("Delete", func(t *testing.T) {
 		testDeleteUser(t, cliPath, dbusersEntity, username)
+		testDeleteUser(t, cliPath, dbusersEntity, oidcUsername)
 	})
 }
 

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ func (opts *CreateOpts) isOIDCSet() bool {`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`func (opts *CreateOpts) isExternal() bool {`
`86`		`- return opts.isX509Set() \|\| opts.isAWSIAMSet() \|\| opts.isLDAPSet() \|\| opts.isOIDCSet()`
	`86`	`+ return opts.isX509Set() \|\| opts.isAWSIAMSet() \|\| opts.isLDAPSet()`
`87`	`87`	`}`
`88`	`88`
`89`	`89`	`func (opts *CreateOpts) initStore(ctx context.Context) func() error {`
`@@ -144,7 +144,7 @@ func (opts CreateOpts) newDatabaseUser() atlasv2.CloudDatabaseUser {`
`144`	`144`	`}`
`145`	`145`
`146`	`146`	`func (opts *CreateOpts) Prompt() error {`
`147`		`- if opts.isExternal() \|\| opts.password != "" {`
	`147`	`+ if opts.isExternal() \|\| opts.isOIDCSet() \|\| opts.password != "" {`
`148`	`148`	`return nil`
`149`	`149`	`}`
`150`	`150`
`@@ -197,7 +197,7 @@ func CreateBuilder() *cobra.Command {`
`197`	`197`	`cmd := &cobra.Command{`
`198`	`198`	`Use: "create [builtInRole]...",`
`199`	`199`	`Short: "Create a database user for your project.",`
`200`		- Long: `If you set --ldapType, --x509Type, and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
	`200`	+ Long: `If you set --ldapType, --x509Type, --oidcType and --awsIAMType to NONE, Atlas authenticates this user through SCRAM-SHA. To learn more, see https://www.mongodb.com/docs/manual/core/security-scram/.
`201`	`201`
`202`	`202`	` + fmt.Sprintf(usage.RequiredRole, "Project Owner"),
`203`	`203`	Example: ` # Create an Atlas database admin user named myAdmin for the project with ID 5e2211c17a3e5a48f5497de3: