hashicorp · moduli · Jan 3, 2025 · Dec 20, 2024 · Dec 19, 2024 · Jan 3, 2025
@@ -33,6 +33,97 @@ export class AuthMethodsPage extends BaseResourcePage {
     return authMethodName;
   }
 
+  /**
+   * Creates a new OIDC Auth Method. Assumes you have selected the desired scope.
+   * @param {string} issuer OIDC issuer
+   * @param {string} clientId OIDC client ID
+   * @param {string} clientSecret OIDC client secret
+   * @returns Name of the auth method
+   */
+  async createOidcAuthMethod(issuer, clientId, clientSecret, boundaryAddr) {
+    const authMethodName = 'Auth Method ' + nanoid();
+    await this.page
+      .getByRole('navigation', { name: 'IAM' })
+      .getByRole('link', { name: 'Auth Methods' })
+      .click();
+    await this.page.getByRole('button', { name: 'New' }).click();
+    await this.page.getByRole('link', { name: 'OIDC' }).click();
+    await this.page.getByLabel('Name').fill(authMethodName);
+    await this.page.getByLabel('Description').fill('OIDC Auth Method');
+    await this.page.getByLabel('Issuer').fill(issuer);
+    await this.page.getByLabel('Client ID').fill(clientId);
+    await this.page.getByLabel('Client Secret').fill(clientSecret);
+    await this.page
+      .getByRole('group', { name: 'Signing Algorithms' })
+      .getByRole('combobox')
+      .selectOption('RS256');
+    await this.page
+      .getByRole('group', { name: 'Signing Algorithms' })
+      .getByRole('button', { name: 'Add' })
+      .click();
+
+    await this.page
+      .getByRole('group', { name: 'Claims Scopes' })
+      .getByRole('textbox')
+      .last()
+      .fill('groups');
+    await this.page
+      .getByRole('group', { name: 'Claims Scopes' })
+      .getByRole('button', { name: 'Add' })
+      .click();
+    await this.page
+      .getByRole('group', { name: 'Claims Scopes' })
+      .getByRole('textbox')
+      .last()
+      .fill('user');
+    await this.page
+      .getByRole('group', { name: 'Claims Scopes' })
+      .getByRole('button', { name: 'Add' })
+      .click();
+
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByLabel('From Claim')
+      .last()
+      .fill('username');
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByLabel('To Claim')
+      .last()
+      .selectOption('name');
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByRole('button', { name: 'Add' })
+      .click();
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByLabel('From Claim')
+      .last()
+      .fill('email');
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByLabel('To Claim')
+      .last()
+      .selectOption('email');
+    await this.page
+      .getByRole('group', { name: 'Account Claim Maps' })
+      .getByRole('button', { name: 'Add' })
+      .click();
+
+    await this.page.getByLabel('Maximum Age').fill('20');
+    await this.page.getByLabel('API URL Prefix').fill(boundaryAddr);
+
+    await this.page.getByRole('button', { name: 'Save' }).click();
+    await this.dismissSuccessAlert();
+    await expect(
+      this.page
+        .getByRole('navigation', { name: 'breadcrumbs' })
+        .getByText(authMethodName),
+    ).toBeVisible();
+
+    return authMethodName;
+  }
+
   /**
    * Makes the first available auth method primary.
    * Assumes you have created new auth method.

@@ -106,8 +106,8 @@ test('Set up LDAP auth method @ce @ent @docker', async ({
     ).toBeVisible();
 
     // Change state to active-public
-    page.getByTitle('Inactive').click();
-    page.getByText('Public').click();
+    await page.getByTitle('Inactive').click();
+    await page.getByText('Public').click();
     await expect(
       page.getByRole('alert').getByText('Success', { exact: true }),
     ).toBeVisible();
@@ -190,8 +190,13 @@ test('Set up LDAP auth method @ce @ent @docker', async ({
       .click();
     await page.getByRole('link', { name: ldapAuthMethodName }).click();
     await page.getByRole('link', { name: 'Accounts' }).click();
+    await expect(
+      page
+        .getByRole('navigation', { name: 'breadcrumbs' })
+        .getByText('Accounts'),
+    ).toBeVisible();
 
-    const headersCount = await page
+    let headersCount = await page
       .getByRole('table')
       .getByRole('columnheader')
       .count();
@@ -211,21 +216,61 @@ test('Set up LDAP auth method @ce @ent @docker', async ({
     }
 
     expect(
-      await page
+      page
         .getByRole('cell', { name: ldapAccountName })
         .locator('..')
         .getByRole('cell')
-        .nth(fullNameIndex)
-        .innerText(),
-    ).toBe(ldapUserName);
+        .nth(fullNameIndex),
+    ).toHaveText(ldapUserName);
     expect(
-      await page
+      page
         .getByRole('cell', { name: ldapAccountName })
         .locator('..')
         .getByRole('cell')
-        .nth(emailIndex)
-        .innerText(),
-    ).toBe(ldapUserName + '@mail.com');
+        .nth(emailIndex),
+    ).toHaveText(ldapUserName + '@mail.com');
+
+    // View the Managed Group
+    await page.getByRole('link', { name: 'Managed Groups' }).click();
+    await page.getByRole('link', { name: ldapManagedGroupName }).click();
+    await page.getByRole('link', { name: 'Members' }).click();
+    await expect(
+      page
+        .getByRole('navigation', { name: 'breadcrumbs' })
+        .getByText('Members'),
+    ).toBeVisible();
+
+    headersCount = await page
+      .getByRole('table')
+      .getByRole('columnheader')
+      .count();
+    for (let i = 0; i < headersCount; i++) {
+      const header = await page
+        .getByRole('table')
+        .getByRole('columnheader')
+        .nth(i)
+        .innerText();
+      if (header == 'Full Name') {
+        fullNameIndex = i;
+      } else if (header == 'Email') {
+        emailIndex = i;
+      }
+    }
+
+    expect(
+      page
+        .getByRole('cell', { name: ldapAccountName })
+        .locator('..')
+        .getByRole('cell')
+        .nth(fullNameIndex),
+    ).toHaveText(ldapUserName);
+    expect(
+      page
+        .getByRole('cell', { name: ldapAccountName })
+        .locator('..')
+        .getByRole('cell')
+        .nth(emailIndex),
+    ).toHaveText(ldapUserName + '@mail.com');
 
     // View the User account and verify attributes
     await page