diff --git a/pkg/cmd/generate/admin-manifests.go b/pkg/cmd/generate/admin-manifests.go index 1ac5c41..5037cf1 100644 --- a/pkg/cmd/generate/admin-manifests.go +++ b/pkg/cmd/generate/admin-manifests.go @@ -16,8 +16,8 @@ import ( ) type adminManifestsFlags struct { - kubeSawAdminsFile, outDir, hostRootDir, memberRootDir string - singleCluster bool + kubeSawAdminsFile, outDir, hostRootDir, memberRootDir, idpName string + singleCluster bool } func NewAdminManifestsCmd() *cobra.Command { @@ -39,6 +39,7 @@ ksctl generate admin-manifests ./path/to/kubesaw-stage.openshiftapps.com/kubesaw command.Flags().BoolVarP(&f.singleCluster, "single-cluster", "s", false, "If host and member are deployed to the same cluster. Cannot be used with separateKustomizeComponent set in one of the members.") command.Flags().StringVar(&f.hostRootDir, "host-root-dir", "host", "The root directory name for host manifests") command.Flags().StringVar(&f.memberRootDir, "member-root-dir", "member", "The root directory name for member manifests") + command.Flags().StringVar(&f.idpName, "idp-name", "KubeSaw", "Identity provider name to be used in Identity CRs") flags.MustMarkRequired(command, "kubesaw-admins") flags.MustMarkRequired(command, "out-dir") diff --git a/pkg/cmd/generate/admin-manifests_test.go b/pkg/cmd/generate/admin-manifests_test.go index e6bfc84..17792ad 100644 --- a/pkg/cmd/generate/admin-manifests_test.go +++ b/pkg/cmd/generate/admin-manifests_test.go @@ -385,6 +385,7 @@ func newAdminManifestsFlags(adminManifestsFlagsOptions ...adminManifestsFlagsOpt flags := adminManifestsFlags{ hostRootDir: "host", memberRootDir: "member", + idpName: "KubeSaw", } for _, applyOption := range adminManifestsFlagsOptions { applyOption(&flags) diff --git a/pkg/cmd/generate/assertion_test.go b/pkg/cmd/generate/assertion_test.go index fd27446..7a394cd 100644 --- a/pkg/cmd/generate/assertion_test.go +++ b/pkg/cmd/generate/assertion_test.go @@ -306,7 +306,10 @@ func (a *storageAssertionImpl) assertUser(name string) userAssertion { } func (a userAssertion) hasIdentity(ID string) userAssertion { - ins := commonidentity.NewIdentityNamingStandard(ID, "DevSandbox") + return a.hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard(ID, "KubeSaw")) +} + +func (a userAssertion) hasIdentityWithIdentityStandard(ins commonidentity.NamingStandard) userAssertion { src := &userv1.Identity{} ins.ApplyToIdentity(src) diff --git a/pkg/cmd/generate/mock_test.go b/pkg/cmd/generate/mock_test.go index 9eb01d6..2df5a49 100644 --- a/pkg/cmd/generate/mock_test.go +++ b/pkg/cmd/generate/mock_test.go @@ -59,6 +59,7 @@ func newAdminManifestsContext(t *testing.T, config *assets.KubeSawAdmins, files outDir: temp, memberRootDir: "member", hostRootDir: "host", + idpName: "KubeSaw", }, } } diff --git a/pkg/cmd/generate/permissions.go b/pkg/cmd/generate/permissions.go index 43dce40..8563d5f 100644 --- a/pkg/cmd/generate/permissions.go +++ b/pkg/cmd/generate/permissions.go @@ -190,7 +190,7 @@ func ensureUserIdentityAndGroups(IDs []string, groups []string) newSubjectFunc { // Create identities and identity mappings for _, id := range IDs { - ins := commonidentity.NewIdentityNamingStandard(id, "DevSandbox") + ins := commonidentity.NewIdentityNamingStandard(id, ctx.idpName) // create identity identity := &userv1.Identity{ diff --git a/pkg/cmd/generate/permissions_test.go b/pkg/cmd/generate/permissions_test.go index 92fd669..eb6a4c4 100644 --- a/pkg/cmd/generate/permissions_test.go +++ b/pkg/cmd/generate/permissions_test.go @@ -4,6 +4,7 @@ import ( "fmt" "testing" + commonidentity "github.com/codeready-toolchain/toolchain-common/pkg/identity" commontest "github.com/codeready-toolchain/toolchain-common/pkg/test" "github.com/kubesaw/ksctl/pkg/assets" "github.com/kubesaw/ksctl/pkg/client" @@ -148,6 +149,26 @@ func TestEnsureUserAndIdentity(t *testing.T) { assert.Empty(t, subject.Namespace) }) + t.Run("create user & identity with custom IdP", func(t *testing.T) { + // given + ctx := newFakeClusterContext(newAdminManifestsContextWithDefaultFiles(t, nil), configuration.Host) + ctx.idpName = "MyIdP" + cache := objectsCache{} + + // when + subject, err := ensureUserIdentityAndGroups([]string{"12345", "abc:19944:FZZ"}, []string{})(ctx, cache, "john-crtadmin", commontest.HostOperatorNs, labels) + + // then + require.NoError(t, err) + inObjectCache(t, ctx.outDir, "host", cache). + assertUser("john-crtadmin"). + hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard("12345", "MyIdP")). + hasIdentityWithIdentityStandard(commonidentity.NewIdentityNamingStandard("abc:19944:FZZ", "MyIdP")) + assert.Equal(t, "User", subject.Kind) + assert.Equal(t, "john-crtadmin", subject.Name) + assert.Empty(t, subject.Namespace) + }) + t.Run("don't create any group", func(t *testing.T) { // given ctx := newFakeClusterContext(newAdminManifestsContextWithDefaultFiles(t, nil), configuration.Host)