From 6d7c042bc1de8fd1cda59fdd1c9fd6b4c4f848dd Mon Sep 17 00:00:00 2001
From: dahn <daan@onecht.net>
Date: Tue, 25 Jun 2024 21:56:28 +0200
Subject: [PATCH] Accept a role ID on linking an account to LDAP (#8236)

* accept role on link account to ldap

* reformat tests

* validation

* Update plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkAccountToLdapCmd.java

Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
---
 .../api/command/LinkAccountToLdapCmd.java     | 17 +++++++++++++---
 .../cloudstack/ldap/LdapManagerImpl.java      |  3 ++-
 test/integration/component/test_ldap.py       |  7 +------
 test/integration/plugins/ldap/test_ldap.py    | 20 +++++++++----------
 4 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkAccountToLdapCmd.java b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkAccountToLdapCmd.java
index af5420ef488c..16f68b014688 100644
--- a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkAccountToLdapCmd.java
+++ b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkAccountToLdapCmd.java
@@ -33,6 +33,7 @@
 import org.apache.cloudstack.api.response.DomainResponse;
 import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
 import org.apache.cloudstack.api.response.LinkDomainToLdapResponse;
+import org.apache.cloudstack.api.response.RoleResponse;
 import org.apache.cloudstack.ldap.LdapManager;
 import org.apache.cloudstack.ldap.LdapUser;
 import org.apache.cloudstack.ldap.NoLdapUserMatchingQueryException;
@@ -63,9 +64,12 @@ public class LinkAccountToLdapCmd extends BaseCmd {
     @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")
     private String admin;
 
-    @Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.INTEGER, required = true, description = "Type of the account to auto import. Specify 0 for user and 2 for "
+    @Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.INTEGER, required = false, description = "Type of the account to auto import. Specify 0 for user and 2 for "
             + "domain admin")
-    private int accountType;
+    private Integer accountType;
+
+    @Parameter(name = ApiConstants.ROLE_ID, type = CommandType.UUID, entityType = RoleResponse.class, required = false, description = "Creates the account under the specified role.", since="4.19.1")
+    private Long roleId;
 
     @Inject
     private LdapManager _ldapManager;
@@ -134,7 +138,14 @@ public String getAdmin() {
     }
 
     public Account.Type getAccountType() {
-        return Account.Type.getFromValue(accountType);
+        if (accountType == null) {
+            return RoleType.getAccountTypeByRole(roleService.findRole(roleId), null);
+        }
+        return RoleType.getAccountTypeByRole(roleService.findRole(roleId), Account.Type.getFromValue(accountType.intValue()));
+    }
+
+    public Long getRoleId() {
+        return RoleType.getRoleByAccountType(roleId, getAccountType());
     }
 
     @Override
diff --git a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
index b5b67c0c0a53..6ed79a0c69ff 100644
--- a/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
+++ b/plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java
@@ -451,11 +451,12 @@ public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) {
         Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name");
         Validate.notNull(cmd.getType(), "type cannot be null. It should either be GROUP or OU");
         Validate.notEmpty(cmd.getLdapDomain(), "GROUP or OU name cannot be empty");
+        Validate.isTrue(cmd.getAccountType() != null || cmd.getRoleId() != null, "Either account type or role ID must be given");
 
         LinkType linkType = LdapManager.LinkType.valueOf(cmd.getType().toUpperCase());
         Account account = accountDao.findActiveAccount(cmd.getAccountName(),cmd.getDomainId());
         if (account == null) {
-            account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), UUID.randomUUID().toString());
+            account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), cmd.getRoleId(), UUID.randomUUID().toString());
             accountDao.persist((AccountVO)account);
         }
 
diff --git a/test/integration/component/test_ldap.py b/test/integration/component/test_ldap.py
index 6c6179e292b8..8a9fd4cf5e6c 100644
--- a/test/integration/component/test_ldap.py
+++ b/test/integration/component/test_ldap.py
@@ -52,12 +52,7 @@ def setUpClass(cls):
 
     @classmethod
     def tearDownClass(cls):
-        try:
-            cleanup_resources(cls.api_client, cls._cleanup)
-
-        except Exception as tde:
-            raise Exception("Warning: Exception during cleanup : %s" % tde)
-        return
+        super(TestLdap, cls).tearDownClass()
 
     def setUp(self):
 
diff --git a/test/integration/plugins/ldap/test_ldap.py b/test/integration/plugins/ldap/test_ldap.py
index fd0aecfab45c..6746f3289f7e 100644
--- a/test/integration/plugins/ldap/test_ldap.py
+++ b/test/integration/plugins/ldap/test_ldap.py
@@ -101,11 +101,13 @@ def setUpClass(cls):
     def tearDownClass(cls):
         cls.logger.info("Tearing Down Class")
         try:
-            cleanup_resources(cls.apiclient, reversed(cls._cleanup))
-            cls.remove_ldap_configuration_for_domains()
-            cls.logger.debug("done cleaning up resources in tearDownClass(cls) %s")
-        except Exception as e:
-            cls.logger.debug("Exception in tearDownClass(cls): %s" % e)
+            super(TestLDAP, cls).tearDownClass()
+        finally:
+            try:
+                cls.remove_ldap_configuration_for_domains()
+                cls.logger.debug("done cleaning up resources in tearDownClass(cls) %s")
+            except Exception as e:
+                cls.logger.debug("Exception in tearDownClass(cls): %s" % e)
 
     def setUp(self):
         self.cleanup = []
@@ -116,11 +118,7 @@ def setUp(self):
         return
 
     def tearDown(self):
-        try:
-            cleanup_resources(self.apiclient, self.cleanup)
-        except Exception as e:
-            raise Exception("Warning: Exception during cleanup : %s" % e)
-        return
+        super(TestLDAP, self).tearDown()
 
     @attr(tags=["smoke", "advanced"], required_hardware="false")
     def test_01_manual(self):
@@ -349,8 +347,8 @@ def create_domain(cls, domain_to_create, parent_domain = None):
         if parent_domain:
             domain_to_create["parentdomainid"] = parent_domain
         tmpDomain = Domain.create(cls.apiclient, domain_to_create)
-        cls.logger.debug("Created domain %s with id %s " % (tmpDomain.name, tmpDomain.id))
         cls._cleanup.append(tmpDomain)
+        cls.logger.debug("Created domain %s with id %s " % (tmpDomain.name, tmpDomain.id))
         return tmpDomain
 
     @classmethod