Temporal fix for AC

Author: MaciejKaras

controllers/om/automation_config.go

@@ -21,10 +21,11 @@ import (
 // configuration which are merged into the `Deployment` object before sending it back to Ops Manager.
 // As of right now only support configuring LogRotate for monitoring and backup via dedicated endpoints.
 type AutomationConfig struct {
-	Auth       *Auth
-	AgentSSL   *AgentSSL
-	Deployment Deployment
-	Ldap       *ldap.Ldap
+	Auth                *Auth
+	AgentSSL            *AgentSSL
+	Deployment          Deployment
+	Ldap                *ldap.Ldap
+	OIDCProviderConfigs []oidc.ProviderConfig
 }
 
 // Apply merges the state of all concrete structs into the Deployment (map[string]interface{})
@@ -60,6 +61,21 @@ func applyInto(a AutomationConfig, into *Deployment) error {
 		(*into)["ldap"] = mergedLdap
 	}
 
+	if _, ok := a.Deployment["oidcProviderConfigs"]; ok || len(a.OIDCProviderConfigs) > 0 {
+		// TODO: this is not merged yet, but only overridden
+		bytes, err := json.Marshal(a.OIDCProviderConfigs)
+		if err != nil {
+			return err
+		}
+
+		dst := make([]map[string]interface{}, 0)
+		err = json.Unmarshal(bytes, &dst)
+		if err != nil {
+			return err
+		}
+		(*into)["oidcProviderConfigs"] = dst
+	}
+
 	return nil
 }
 
@@ -228,8 +244,6 @@ type Auth struct {
 	NewAutoPwd string `json:"newAutoPwd,omitempty"`
 	// LdapGroupDN is required when enabling LDAP authz and agents authentication on $external
 	LdapGroupDN string `json:"autoLdapGroupDN,omitempty"`
-	// OIDCProviderConfigs is a list of OIDC provider configurations
-	OIDCProviderConfigs []oidc.ProviderConfig `json:"oidcProviderConfigs,omitempty"`
 }
 
 // IsEnabled is a convenience function to aid readability
@@ -436,6 +450,19 @@ func BuildAutomationConfigFromDeployment(deployment Deployment) (*AutomationConf
 		finalAutomationConfig.Ldap = acLdap
 	}
 
+	oidcSlice, ok := deployment["oidcProviderConfigs"]
+	if ok {
+		oidcMarshalled, err := json.Marshal(oidcSlice)
+		if err != nil {
+			return nil, err
+		}
+		providerConfigs := make([]oidc.ProviderConfig, 0)
+		if err := json.Unmarshal(oidcMarshalled, &providerConfigs); err != nil {
+			return nil, err
+		}
+		finalAutomationConfig.OIDCProviderConfigs = providerConfigs
+	}
+
 	return finalAutomationConfig, nil
 }
 

controllers/operator/authentication/oidc.go

@@ -36,7 +36,7 @@ func (o *oidcAuthMechanism) EnableDeploymentAuthentication(conn om.Connection, o
 			ac.Auth.DeploymentAuthMechanisms = append(ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC))
 		}
 		// TODO merge configs with existing ones, and don't overwrite read only values
-		ac.Auth.OIDCProviderConfigs = opts.OIDCProviderConfigs
+		ac.OIDCProviderConfigs = opts.OIDCProviderConfigs
 
 		return nil
 	}, log)
@@ -45,7 +45,7 @@ func (o *oidcAuthMechanism) EnableDeploymentAuthentication(conn om.Connection, o
 func (o *oidcAuthMechanism) DisableDeploymentAuthentication(conn om.Connection, log *zap.SugaredLogger) error {
 	return conn.ReadUpdateAutomationConfig(func(ac *om.AutomationConfig) error {
 		ac.Auth.DeploymentAuthMechanisms = stringutil.Remove(ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC))
-		ac.Auth.OIDCProviderConfigs = nil
+		ac.OIDCProviderConfigs = nil
 
 		return nil
 	}, log)
@@ -56,7 +56,7 @@ func (o *oidcAuthMechanism) IsAgentAuthenticationConfigured(*om.AutomationConfig
 }
 
 func (o *oidcAuthMechanism) IsDeploymentAuthenticationConfigured(ac *om.AutomationConfig, opts Options) bool {
-	return stringutil.Contains(ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC)) && oidcProviderConfigsEqual(ac.Auth.OIDCProviderConfigs, opts.OIDCProviderConfigs)
+	return stringutil.Contains(ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC)) && oidcProviderConfigsEqual(ac.OIDCProviderConfigs, opts.OIDCProviderConfigs)
 }
 
 func oidcProviderConfigsEqual(lhs []oidc.ProviderConfig, rhs []oidc.ProviderConfig) bool {

controllers/operator/authentication/oidc_test.go

@@ -15,7 +15,7 @@ func TestOIDC_EnableDeploymentAuthentication(t *testing.T) {
 	conn := om.NewMockedOmConnection(om.NewDeployment())
 	ac, err := conn.ReadAutomationConfig()
 	require.NoError(t, err)
-	assert.Empty(t, ac.Auth.OIDCProviderConfigs)
+	assert.Empty(t, ac.OIDCProviderConfigs)
 	assert.Empty(t, ac.Auth.DeploymentAuthMechanisms)
 
 	providerConfigs := []oidc.ProviderConfig{
@@ -55,7 +55,7 @@ func TestOIDC_EnableDeploymentAuthentication(t *testing.T) {
 	ac, err = conn.ReadAutomationConfig()
 	require.NoError(t, err)
 	assert.Contains(t, ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC))
-	assert.Equal(t, providerConfigs, ac.Auth.OIDCProviderConfigs)
+	assert.Equal(t, providerConfigs, ac.OIDCProviderConfigs)
 
 	configured = MongoDBOIDCMechanism.IsDeploymentAuthenticationConfigured(ac, opts)
 	assert.True(t, configured)
@@ -70,7 +70,7 @@ func TestOIDC_EnableDeploymentAuthentication(t *testing.T) {
 	assert.False(t, configured)
 
 	assert.NotContains(t, ac.Auth.DeploymentAuthMechanisms, string(MongoDBOIDC))
-	assert.Empty(t, ac.Auth.OIDCProviderConfigs)
+	assert.Empty(t, ac.OIDCProviderConfigs)
 }
 
 func TestOIDC_EnableAgentAuthentication(t *testing.T) {