Merge pull request rancher#47490 from rancher/ak-fix-reset-auth-config

saml logoutall - retain `logoutAllSupported` flag when resetting an auth config back to unused when it is disabled.
crobby · Oct 17, 2024 · 1722103 · 1722103
2 parents 4ecdc5d + 8e16a26
commit 1722103
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/pkg/controllers/management/auth/auth_config.go b/pkg/controllers/management/auth/auth_config.go
@@ -194,7 +194,13 @@ func (ac *authConfigController) refreshUsers(obj *v3.AuthConfig) error {
 
 // resetAuthConfig takes an Auth Config as a map and deletes all entries except those with basic metadata fields.
 func resetAuthConfig(cfg map[string]any) {
-	retainFields := map[string]bool{"apiVersion": true, "kind": true, "metadata": true, "type": true}
+	retainFields := map[string]bool{
+		"apiVersion":         true,
+		"kind":               true,
+		"metadata":           true,
+		"type":               true,
+		"logoutAllSupported": true,
+	}
 	for field := range cfg {
 		if !retainFields[field] {
 			delete(cfg, field)

diff --git a/pkg/controllers/management/auth/auth_config_test.go b/pkg/controllers/management/auth/auth_config_test.go
@@ -124,8 +124,8 @@ func TestCleanupRuns(t *testing.T) {
 func TestAuthConfigReset(t *testing.T) {
 	t.Parallel()
 
-	allFields := []string{"accessMode", "allowedPrincipalIds", "apiVersion", "kind", "metadata", "type", "status"}
-	postResetFields := []string{"apiVersion", "kind", "metadata", "type", "status"}
+	allFields := []string{"accessMode", "allowedPrincipalIds", "apiVersion", "kind", "metadata", "type", "status", "logoutAllSupported"}
+	postResetFields := []string{"apiVersion", "kind", "metadata", "type", "status", "logoutAllSupported"}
 
 	tests := []struct {
 		annotationValue string
@@ -153,6 +153,7 @@ func TestAuthConfigReset(t *testing.T) {
 				Enabled:             false,
 				AccessMode:          "unrestricted",
 				AllowedPrincipalIDs: []string{"user1", "user2"},
+				LogoutAllSupported:  true,
 			}
 
 			mockUsers := newMockUserLister()