hashicorp · bosorawis · Dec 17, 2024 · Dec 18, 2024 · Dec 19, 2024 · Dec 20, 2024
@@ -20,6 +20,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/boundary/internal/db"
+	"github.com/hashicorp/boundary/internal/kms"
 	wrapping "github.com/hashicorp/go-kms-wrapping/v2"
 	"github.com/stretchr/testify/require"
 )
@@ -175,6 +176,21 @@ func TestAccount(t testing.TB, conn *db.DB, am *AuthMethod, loginName string, op
 	return a
 }
 
+// TestAccountFunc returns a function that creates an LDAP auth method, a managed group, and an account in that method which
+// is also a member of the created ManagedGroup. The function returns the public ID of the managed group and the account.
+func TestAccountFunc(t *testing.T, conn *db.DB, kmsCache *kms.Kms, scopeID string) func() (managedGroupID string, accountID string) {
+	return func() (string, string) {
+		t.Helper()
+		ctx := context.Background()
+		databaseWrapper, err := kmsCache.GetWrapper(context.Background(), scopeID, kms.KeyPurposeDatabase)
+		require.NoError(t, err)
+		am := TestAuthMethod(t, conn, databaseWrapper, scopeID, []string{"ldap://testldap"})
+		managedGroup := TestManagedGroup(t, conn, am, []string{"test-group"})
+		acct := TestAccount(t, conn, am, "testacct", WithMemberOfGroups(ctx, "test-group"))
+		return managedGroup.PublicId, acct.PublicId
+	}
+}
+
 // TestManagedGroup creates a test ldap managed group.
 func TestManagedGroup(t testing.TB, conn *db.DB, am *AuthMethod, grpNames []string, opt ...Option) *ManagedGroup {
 	t.Helper()

@@ -192,6 +192,25 @@ func TestAccount(t testing.TB, conn *db.DB, am *AuthMethod, subject string, opt
 	return a
 }
 
+// TestAccountFunc returns a function that creates an OIDC auth method, an account on that auth method, and an OIDC managed group
+// which has a filter that matches the account's subject. The function returns the managed group's public ID and the account's public ID.
+func TestAccountFunc(t *testing.T, conn *db.DB, kmsCache *kms.Kms, scopeID string) func() (managedGroupID string, accountID string) {
+	return func() (string, string) {
+		t.Helper()
+		databaseWrapper, err := kmsCache.GetWrapper(context.Background(), scopeID, kms.KeyPurposeDatabase)
+		require.NoError(t, err)
+		testAuthMethod := TestAuthMethod(t, conn, databaseWrapper, scopeID, ActivePublicState,
+			"alice-rp", "fido",
+			WithIssuer(TestConvertToUrls(t, "https://alice.com")[0]),
+			WithSigningAlgs(Alg(oidc.RS256)),
+			WithApiUrl(TestConvertToUrls(t, "https://alice.com/callback")[0]))
+		account := TestAccount(t, conn, testAuthMethod, "testacct")
+		managedGroup := TestManagedGroup(t, conn, testAuthMethod, `"/token/sub" matches ".*"`)
+		TestManagedGroupMember(t, conn, managedGroup.PublicId, account.PublicId)
+		return managedGroup.PublicId, account.PublicId
+	}
+}
+
 // TestManagedGroup creates a test oidc managed group.
 func TestManagedGroup(t testing.TB, conn *db.DB, am *AuthMethod, filter string, opt ...Option) *ManagedGroup {
 	t.Helper()

@@ -8,7 +8,9 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/hashicorp/boundary/globals"
 	"github.com/hashicorp/boundary/internal/db"
+	"github.com/hashicorp/go-uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -71,6 +73,19 @@ func TestMultipleAccounts(t testing.TB, conn *db.DB, authMethodId string, count
 	return auts
 }
 
+// TestAccountFunc returns a function that creates auth method and an account in that auth method
+// which returns the created account ID in a slice
+// This is used to normalize account creation across multiple auth method types
+func TestAccountFunc(t testing.TB, conn *db.DB) func() string {
+	return func() string {
+		authMethod := TestAuthMethod(t, conn, globals.GlobalPrefix)
+		loginName, err := uuid.GenerateUUID()
+		require.NoError(t, err)
+		acct := TestAccount(t, conn, authMethod.GetPublicId(), loginName)
+		return acct.PublicId
+	}
+}
+
 // TestAccount creates a password account to the provided DB with the provided
 // auth method id and loginName.  The auth method must have been created
 // previously. See password.NewAccount(...) for a list of supported options.