diff --git a/organization/users.go b/organization/users.go index a20552fe..482c5b03 100644 --- a/organization/users.go +++ b/organization/users.go @@ -59,11 +59,12 @@ func (m *UserManager) UpdateOrgUsers(config *ldap.Config, uaacUsers map[string]s return err } for _, user := range ldapUsers { - err = m.updateLdapUser(config, updateUsersInput.OrgGUID, updateUsersInput.Role, updateUsersInput.OrgName, uaacUsers, user) - if err != nil { - return err - } if _, ok := orgUsers[user.UserID]; !ok { + err = m.updateLdapUser(config, updateUsersInput.OrgGUID, updateUsersInput.Role, updateUsersInput.OrgName, uaacUsers, user) + if err != nil { + return err + } + } else { delete(orgUsers, user.UserID) } } diff --git a/organization/users_test.go b/organization/users_test.go index 3f49f277..70121bdd 100644 --- a/organization/users_test.go +++ b/organization/users_test.go @@ -73,7 +73,7 @@ var _ = Describe("given UserManager", func() { _, ok := uaacUsers["user-id"] Ω(ok).Should(BeTrue()) }) - It("update ldap group users where users are not uaac", func() { + It("update ldap group users where users are in uaac", func() { config := &l.Config{ Enabled: true, Origin: "ldap", @@ -107,6 +107,38 @@ var _ = Describe("given UserManager", func() { Ω(ok).Should(BeTrue()) }) + It("update ldap group users where users are in uaac and in org", func() { + config := &l.Config{ + Enabled: true, + Origin: "ldap", + } + uaacUsers := make(map[string]string) + uaacUsers["user-id"] = "user-id" + orgUsers := make(map[string]string) + orgUsers["user-id"] = "user-id" + updateUsersInput := UpdateUsersInput{ + OrgGUID: "my-org-guid", + Role: "my-role", + LdapGroupName: "ldap-group-name", + } + + ldapGroupUsers := []l.User{l.User{ + UserDN: "user-dn", + UserID: "user-id", + Email: "user@test.com", + }} + + mockCloudController.EXPECT().GetCFUsers("my-org-guid", "organizations", "my-role").Return(orgUsers, nil) + mockLdap.EXPECT().GetUserIDs(config, "ldap-group-name").Return(ldapGroupUsers, nil) + + err := userManager.UpdateOrgUsers(config, uaacUsers, updateUsersInput) + Ω(err).Should(BeNil()) + + Ω(len(uaacUsers)).Should(BeEquivalentTo(1)) + _, ok := uaacUsers["user-id"] + Ω(ok).Should(BeTrue()) + }) + It("update ldap users where users are not in uaac", func() { config := &l.Config{ Enabled: true, @@ -225,6 +257,35 @@ var _ = Describe("given UserManager", func() { Ω(ok).Should(BeTrue()) }) + It("update users where users are in uaac and in org", func() { + config := &l.Config{ + Enabled: true, + Origin: "ldap", + } + uaacUsers := make(map[string]string) + uaacUsers["user-1"] = "user-1" + uaacUsers["user-2"] = "user-2" + orgUsers := make(map[string]string) + orgUsers["user-1"] = "user-1" + orgUsers["user-2"] = "user-2" + updateUsersInput := UpdateUsersInput{ + OrgGUID: "my-org-guid", + Role: "my-role", + Users: []string{"user-1", "user-2"}, + } + + mockCloudController.EXPECT().GetCFUsers("my-org-guid", "organizations", "my-role").Return(orgUsers, nil) + + err := userManager.UpdateOrgUsers(config, uaacUsers, updateUsersInput) + Ω(err).Should(BeNil()) + + Ω(len(uaacUsers)).Should(BeEquivalentTo(2)) + _, ok := uaacUsers["user-1"] + Ω(ok).Should(BeTrue()) + _, ok = uaacUsers["user-2"] + Ω(ok).Should(BeTrue()) + }) + It("update users where users are not in uaac", func() { config := &l.Config{ Enabled: true, diff --git a/space/users.go b/space/users.go index c8340734..f349c7f4 100644 --- a/space/users.go +++ b/space/users.go @@ -60,11 +60,12 @@ func (m *UserManager) UpdateSpaceUsers(config *ldap.Config, uaacUsers map[string return err } for _, user := range ldapUsers { - err = m.updateLdapUser(config, updateUsersInput.SpaceGUID, updateUsersInput.OrgGUID, updateUsersInput.Role, updateUsersInput.OrgName, updateUsersInput.SpaceName, uaacUsers, user) - if err != nil { - return err - } if _, ok := spaceUsers[user.UserID]; !ok { + err = m.updateLdapUser(config, updateUsersInput.SpaceGUID, updateUsersInput.OrgGUID, updateUsersInput.Role, updateUsersInput.OrgName, updateUsersInput.SpaceName, uaacUsers, user) + if err != nil { + return err + } + } else { delete(spaceUsers, user.UserID) } } diff --git a/space/users_test.go b/space/users_test.go index f8d32408..a50913de 100644 --- a/space/users_test.go +++ b/space/users_test.go @@ -74,7 +74,7 @@ var _ = Describe("given SpaceManager", func() { _, ok := uaacUsers["user-id"] Ω(ok).Should(BeTrue()) }) - It("update ldap group users where users are not uaac", func() { + It("update ldap group users where users are in uaac", func() { config := &l.Config{ Enabled: true, Origin: "ldap", @@ -108,6 +108,38 @@ var _ = Describe("given SpaceManager", func() { Ω(ok).Should(BeTrue()) }) + It("update ldap group users where users are in uaac and already in space", func() { + config := &l.Config{ + Enabled: true, + Origin: "ldap", + } + uaacUsers := make(map[string]string) + uaacUsers["user-id"] = "user-id" + spaceUsers := make(map[string]string) + spaceUsers["user-id"] = "user-id" + updateUsersInput := UpdateUsersInput{ + SpaceGUID: "my-space-guid", + OrgGUID: "my-org-guid", + Role: "my-role", + LdapGroupName: "ldap-group-name", + } + + ldapGroupUsers := []l.User{l.User{ + UserDN: "user-dn", + UserID: "user-id", + Email: "user@test.com", + }} + + mockCloudController.EXPECT().GetCFUsers("my-space-guid", "spaces", "my-role").Return(spaceUsers, nil) + mockLdap.EXPECT().GetUserIDs(config, "ldap-group-name").Return(ldapGroupUsers, nil) + + err := userManager.UpdateSpaceUsers(config, uaacUsers, updateUsersInput) + Ω(err).Should(BeNil()) + Ω(len(uaacUsers)).Should(BeEquivalentTo(1)) + _, ok := uaacUsers["user-id"] + Ω(ok).Should(BeTrue()) + }) + It("update ldap users where users are not in uaac", func() { config := &l.Config{ Enabled: true, @@ -228,6 +260,36 @@ var _ = Describe("given SpaceManager", func() { Ω(ok).Should(BeTrue()) }) + It("update users where users are in uaac and in a space", func() { + config := &l.Config{ + Enabled: true, + Origin: "ldap", + } + uaacUsers := make(map[string]string) + uaacUsers["user-1"] = "user-1" + uaacUsers["user-2"] = "user-2" + spaceUsers := make(map[string]string) + spaceUsers["user-1"] = "user-1" + spaceUsers["user-2"] = "user-2" + updateUsersInput := UpdateUsersInput{ + SpaceGUID: "my-space-guid", + OrgGUID: "my-org-guid", + Role: "my-role", + Users: []string{"user-1", "user-2"}, + } + + mockCloudController.EXPECT().GetCFUsers("my-space-guid", "spaces", "my-role").Return(spaceUsers, nil) + + err := userManager.UpdateSpaceUsers(config, uaacUsers, updateUsersInput) + Ω(err).Should(BeNil()) + + Ω(len(uaacUsers)).Should(BeEquivalentTo(2)) + _, ok := uaacUsers["user-1"] + Ω(ok).Should(BeTrue()) + _, ok = uaacUsers["user-2"] + Ω(ok).Should(BeTrue()) + }) + It("update users where users are not in uaac", func() { config := &l.Config{ Enabled: true,