From 32a0ef9ca17ed6e507f96a6d4fed70db24aca1f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <t.maat@famedly.com>
Date: Tue, 23 Jul 2024 12:39:15 +0200
Subject: [PATCH] test: Clean up Zitadel org before running the tests

---
 tests/environment/docker-compose.yaml   | 18 +++++--
 tests/environment/ldap/ldap-setup.sh    | 70 +++++++++++++++++++++++++
 tests/environment/ldap/testorg.ldif     |  3 ++
 tests/environment/test-setup/Dockerfile | 11 ++++
 4 files changed, 97 insertions(+), 5 deletions(-)
 create mode 100755 tests/environment/ldap/ldap-setup.sh
 create mode 100644 tests/environment/ldap/testorg.ldif
 create mode 100644 tests/environment/test-setup/Dockerfile

diff --git a/tests/environment/docker-compose.yaml b/tests/environment/docker-compose.yaml
index ba64c53..75ea3d3 100644
--- a/tests/environment/docker-compose.yaml
+++ b/tests/environment/docker-compose.yaml
@@ -15,13 +15,19 @@ services:
         target: /certs
         read_only: true
 
-  ldap-setup:
-    image: bitnami/openldap:latest
-    entrypoint: /ldap-setup/ldap-setup.sh
+  test-setup:
+    image: famedly/ldap-sync-testenv
+    build:
+      context: ./test-setup
+    entrypoint: /ldap/ldap-setup.sh
     volumes:
       - type: bind
-        source: ./ldap-setup
-        target: /ldap-setup
+        source: ./ldap
+        target: /ldap
+        read_only: true
+      - type: bind
+        source: ./zitadel/service-user.json
+        target: /zitadel-service-user.json
         read_only: true
     healthcheck:
       test: ["CMD", "test", "-f", "/tmp/ready"]
@@ -32,6 +38,8 @@ services:
     depends_on:
       ldap:
         condition: 'service_started'
+      zitadel:
+        condition: 'service_healthy'
 
   zitadel:
     image: ghcr.io/zitadel/zitadel:latest
diff --git a/tests/environment/ldap/ldap-setup.sh b/tests/environment/ldap/ldap-setup.sh
new file mode 100755
index 0000000..95f13ac
--- /dev/null
+++ b/tests/environment/ldap/ldap-setup.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+set -eu
+
+# Script to wait for an ldap server to be up, clean up any existing
+# data and then to do some basic initialization.
+#
+# This is intended for test suite setup, don't use this in production.
+
+LDAP_HOST='ldap://ldap:1389'
+LDAP_BASE='dc=example,dc=org'
+LDAP_ADMIN='cn=admin,dc=example,dc=org'
+LDAP_PASSWORD='adminpassword'
+
+ZITADEL_HOST="http://zitadel:8080"
+
+# echo "Waiting for LDAP to be ready"
+
+# retries=5
+
+# while [ $retries -gt 0 ]; do
+# 	sleep 5
+# 	retries=$((retries - 1))
+
+# 	if ldapsearch -D "${LDAP_ADMIN}" -w "${LDAP_PASSWORD}" -H "${LDAP_HOST}" -b "${LDAP_BASE}" 'objectclass=*'; then
+# 		break
+# 	fi
+# done
+
+echo "Authenticating to Zitadel"
+zitadel-tools key2jwt --audience="http://localhost" --key=/zitadel-service-user.json --output=/tmp/jwt.txt
+zitadel_token="$(curl \
+	--request POST \
+	--url "${ZITADEL_HOST}/oauth/v2/token" \
+	--header 'Content-Type: application/x-www-form-urlencoded' \
+	--header 'Host: localhost' \
+	--data grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer \
+	--data scope=openid \
+	--data scope=urn:zitadel:iam:org:project:id:zitadel:aud \
+	--data assertion="$(cat /tmp/jwt.txt)")"
+zitadel_token="$(echo "${zitadel_token}" | jq --raw-output .access_token | tr -d '\n')"
+
+echo "Deleting Zitadel users"
+zitadel_users="$(curl \
+	 --request POST \
+	 --url "${ZITADEL_HOST}/management/v1/users/_search" \
+	 --header "Authorization: Bearer ${zitadel_token}" \
+	 --header 'Host: localhost')"
+
+echo "$zitadel_users"
+
+zitadel_users="$(echo "$zitadel_users" | jq --raw-output '.result[]? | select(.userName | startswith("zitadel-admin")) | .id')"
+
+for id in $zitadel_users; do
+	echo "Deleting user $id"
+	curl --request DELETE --url "${ZITADEL_HOST}/management/v1/users/$id" \
+		 --header "Authorization: Bearer ${zitadel_token}" \
+		 --header 'Host: localhost'
+done
+
+# echo "Deleting LDAP test data"
+# ldapdelete -D "${LDAP_ADMIN}" -w "${LDAP_PASSWORD}" -H "${LDAP_HOST}" -r 'ou=testorg,dc=example,dc=org' || true
+
+# echo "Add LDAP test organizatino"
+# ldapadd -D "${LDAP_ADMIN}" -w "${LDAP_PASSWORD}" -H "${LDAP_HOST}" -f /ldap/testorg.ldif
+
+# Signify that the script has completed
+echo "ready" > /tmp/ready
+
+sleep 5
diff --git a/tests/environment/ldap/testorg.ldif b/tests/environment/ldap/testorg.ldif
new file mode 100644
index 0000000..241c150
--- /dev/null
+++ b/tests/environment/ldap/testorg.ldif
@@ -0,0 +1,3 @@
+dn: ou=testorg,dc=example,dc=org
+objectClass: organizationalUnit
+ou: testorg
\ No newline at end of file
diff --git a/tests/environment/test-setup/Dockerfile b/tests/environment/test-setup/Dockerfile
new file mode 100644
index 0000000..96ac2e5
--- /dev/null
+++ b/tests/environment/test-setup/Dockerfile
@@ -0,0 +1,11 @@
+FROM bitnami/openldap:latest
+
+USER root
+
+RUN apt-get update && apt-get upgrade -y && \
+	apt-get install --yes curl golang-go jq && \
+	apt-get clean && rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+RUN GOPATH=/ go install github.com/zitadel/zitadel-tools@latest
+
+USER 1001