github.com/DaAlbrecht/cf-cli@v0.0.0-20231128151943-1fe19bb400b9/integration/v7/isolated/unset_space_role_command_test.go (about) 1 package isolated 2 3 import ( 4 "fmt" 5 6 "code.cloudfoundry.org/cli/integration/helpers" 7 . "github.com/onsi/ginkgo" 8 . "github.com/onsi/gomega" 9 . "github.com/onsi/gomega/gbytes" 10 . "github.com/onsi/gomega/gexec" 11 ) 12 13 var _ = Describe("unset-space-role command", func() { 14 var ( 15 privilegedUsername string 16 orgName string 17 spaceName string 18 ) 19 20 BeforeEach(func() { 21 privilegedUsername = helpers.LoginCF() 22 orgName = helpers.NewOrgName() 23 spaceName = helpers.NewSpaceName() 24 helpers.CreateOrgAndSpace(orgName, spaceName) 25 }) 26 27 AfterEach(func() { 28 helpers.QuickDeleteOrg(orgName) 29 }) 30 31 Describe("help text and argument validation", func() { 32 When("--help flag is unset", func() { 33 It("Displays command usage to output", func() { 34 session := helpers.CF("unset-space-role", "--help") 35 Eventually(session).Should(Exit(0)) 36 Expect(session).To(Say("NAME:")) 37 Expect(session).To(Say("unset-space-role - Remove a space role from a user")) 38 Expect(session).To(Say("USAGE:")) 39 Expect(session).To(Say("cf unset-space-role USERNAME ORG SPACE ROLE")) 40 Expect(session).To(Say(`cf unset-space-role USERNAME ORG SPACE ROLE \[--client\]`)) 41 Expect(session).To(Say(`cf unset-space-role USERNAME ORG SPACE ROLE \[--origin ORIGIN\]`)) 42 Expect(session).To(Say("ROLES:")) 43 Expect(session).To(Say("SpaceManager - Invite and manage users, and enable features for a given space")) 44 Expect(session).To(Say("SpaceDeveloper - Create and manage apps and services, and see logs and reports")) 45 Expect(session).To(Say("SpaceAuditor - View logs, reports, and settings on this space")) 46 Expect(session).To(Say(`SpaceSupporter \[Beta role, subject to change\] - Manage app lifecycle and service bindings`)) 47 Expect(session).To(Say("OPTIONS:")) 48 Expect(session).To(Say(`--client\s+Remove space role from a client-id of a \(non-user\) service account`)) 49 Expect(session).To(Say(`--origin\s+Indicates the identity provider to be used for authentication`)) 50 Expect(session).To(Say("SEE ALSO:")) 51 Expect(session).To(Say("set-space-role, space-users")) 52 }) 53 }) 54 55 When("the role type does not exist", func() { 56 It("prints a useful error, prints help text, and exits 1", func() { 57 session := helpers.CF("unset-space-role", "some-user", "some-org", "some-space", "NotARealRole") 58 Eventually(session.Err).Should(Say(`Incorrect Usage: ROLE must be "SpaceManager", "SpaceDeveloper", "SpaceAuditor" or "SpaceSupporter"`)) 59 Eventually(session).Should(Say(`NAME:`)) 60 Eventually(session).Should(Exit(1)) 61 }) 62 }) 63 64 When("too few arguments are passed", func() { 65 It("prints a useful error, prints help text, and exits 1", func() { 66 session := helpers.CF("unset-space-role", "not-enough", "arguments") 67 Eventually(session.Err).Should(Say("Incorrect Usage: the required arguments `SPACE` and `ROLE` were not provided")) 68 Eventually(session).Should(Say(`NAME:`)) 69 Eventually(session).Should(Exit(1)) 70 }) 71 }) 72 73 When("too many arguments are passed", func() { 74 It("prints a useful error, prints help text, and exits 1", func() { 75 session := helpers.CF("unset-space-role", "some-user", "some-org", "some-space", "SpaceAuditor", "some-extra-argument") 76 Eventually(session.Err).Should(Say(`Incorrect Usage: unexpected argument "some-extra-argument"`)) 77 Eventually(session).Should(Say(`NAME:`)) 78 Eventually(session).Should(Exit(1)) 79 }) 80 }) 81 }) 82 83 When("logged in as a privileged user", func() { 84 When("the --client flag is passed", func() { 85 var clientID string 86 87 BeforeEach(func() { 88 clientID, _ = helpers.SkipIfClientCredentialsNotSet() 89 session := helpers.CF("curl", "-X", "POST", "v3/users", "-d", fmt.Sprintf(`{"guid":"%s"}`, clientID)) 90 Eventually(session).Should(Exit(0)) 91 }) 92 93 When("the client exists and is affiliated with the active user's org", func() { 94 BeforeEach(func() { 95 session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client") 96 Eventually(session).Should(Exit(0)) 97 privilegedUsername = helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 98 }) 99 100 It("unsets the space role for the client", func() { 101 session := helpers.CF("unset-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client") 102 Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", clientID, orgName, spaceName, privilegedUsername)) 103 Eventually(session).Should(Say("OK")) 104 Eventually(session).Should(Exit(0)) 105 }) 106 107 }) 108 109 When("the active user lacks permissions to look up clients", func() { 110 BeforeEach(func() { 111 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 112 }) 113 114 It("prints an appropriate error and exits 1", func() { 115 session := helpers.CF("unset-space-role", "cf_smoke_tests", orgName, spaceName, "SpaceAuditor", "--client") 116 Eventually(session).Should(Say("FAILED")) 117 Eventually(session.Err).Should(Say("User '%s' does not exist.", "cf_smoke_tests")) 118 Eventually(session).Should(Exit(1)) 119 }) 120 }) 121 122 When("the targeted client does not exist", func() { 123 var badClientID string 124 125 BeforeEach(func() { 126 badClientID = helpers.NewUsername() 127 }) 128 129 It("prints an appropriate error and exits 1", func() { 130 session := helpers.CF("unset-space-role", badClientID, orgName, spaceName, "SpaceAuditor") 131 Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", badClientID, orgName, spaceName, privilegedUsername)) 132 Eventually(session.Err).Should(Say("User '%s' does not exist.", badClientID)) 133 Eventually(session).Should(Say("FAILED")) 134 Eventually(session).Should(Exit(1)) 135 }) 136 }) 137 }) 138 139 When("the user exists", func() { 140 var username string 141 142 BeforeEach(func() { 143 username, _ = helpers.CreateUser() 144 session := helpers.CF("set-space-role", username, orgName, spaceName, "spaceauditor") 145 Eventually(session).Should(Exit(0)) 146 }) 147 148 When("the passed role type is lowercase", func() { 149 It("unsets the space role for the user", func() { 150 session := helpers.CF("unset-space-role", "-v", username, orgName, spaceName, "spaceauditor") 151 Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 152 Eventually(session).Should(Say("OK")) 153 Eventually(session).Should(Exit(0)) 154 }) 155 }) 156 157 It("unsets the space role for the user", func() { 158 session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor") 159 Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 160 Eventually(session).Should(Say("OK")) 161 Eventually(session).Should(Exit(0)) 162 }) 163 164 When("the user does not have the role to delete", func() { 165 It("is idempotent", func() { 166 session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceDeveloper") 167 Eventually(session).Should(Say("Removing role SpaceDeveloper from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 168 Eventually(session).Should(Exit(0)) 169 }) 170 }) 171 172 When("the org does not exist", func() { 173 It("prints an appropriate error and exits 1", func() { 174 session := helpers.CF("unset-space-role", username, "invalid-org", spaceName, "SpaceAuditor") 175 Eventually(session).Should(Say("FAILED")) 176 Eventually(session.Err).Should(Say("Organization 'invalid-org' not found.")) 177 Eventually(session).Should(Exit(1)) 178 }) 179 }) 180 181 When("the space does not exist", func() { 182 It("prints an appropriate error and exits 1", func() { 183 session := helpers.CF("unset-space-role", username, orgName, "invalid-space", "SpaceAuditor") 184 Eventually(session).Should(Say("FAILED")) 185 Eventually(session.Err).Should(Say("Space 'invalid-space' not found.")) 186 Eventually(session).Should(Exit(1)) 187 }) 188 }) 189 190 When("there are multiple users with the same username but different origins", func() { 191 BeforeEach(func() { 192 session := helpers.CF("create-user", username, "--origin", helpers.NonUAAOrigin) 193 Eventually(session).Should(Exit(0)) 194 }) 195 196 AfterEach(func() { 197 session := helpers.CF("delete-user", username, "--origin", helpers.NonUAAOrigin, "-f") 198 Eventually(session).Should(Exit(0)) 199 }) 200 201 It("returns an error and asks the user to use the --origin flag", func() { 202 session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor") 203 Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 204 Eventually(session.Err).Should(Say("Ambiguous user. User with username '%s' exists in the following origins: cli-oidc-provider, uaa. Specify an origin to disambiguate.", username)) 205 Eventually(session).Should(Exit(1)) 206 }) 207 }) 208 }) 209 210 When("the user does not exist", func() { 211 It("prints an appropriate error and exits 1", func() { 212 session := helpers.CF("unset-space-role", "not-exists", orgName, spaceName, "SpaceAuditor") 213 Eventually(session).Should(Say("Removing role SpaceAuditor from user not-exists in org %s / space %s as %s...", orgName, spaceName, privilegedUsername)) 214 Eventually(session.Err).Should(Say("User 'not-exists' does not exist.")) 215 Eventually(session).Should(Say("FAILED")) 216 Eventually(session).Should(Exit(1)) 217 }) 218 }) 219 }) 220 221 When("the logged in user does not have permission to write to the space", func() { 222 var username string 223 224 BeforeEach(func() { 225 username, _ = helpers.CreateUser() 226 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor") 227 Eventually(session).Should(Exit(0)) 228 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor") 229 }) 230 231 It("prints out the error message from CC API and exits 1", func() { 232 session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor") 233 Eventually(session).Should(Say("FAILED")) 234 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action")) 235 Eventually(session).Should(Exit(1)) 236 }) 237 }) 238 239 When("the logged in user has insufficient permissions to see the user", func() { 240 var username string 241 242 BeforeEach(func() { 243 username, _ = helpers.CreateUser() 244 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 245 }) 246 247 It("prints out the error message from CC API and exits 1", func() { 248 session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor", "-v") 249 Eventually(session).Should(Say("FAILED")) 250 Eventually(session.Err).Should(Say("User '%s' does not exist.", username)) 251 Eventually(session).Should(Exit(1)) 252 }) 253 }) 254 })