github.com/DaAlbrecht/cf-cli@v0.0.0-20231128151943-1fe19bb400b9/integration/v7/isolated/unset_space_role_command_test.go (about)

     1  package isolated
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"code.cloudfoundry.org/cli/integration/helpers"
     7  	. "github.com/onsi/ginkgo"
     8  	. "github.com/onsi/gomega"
     9  	. "github.com/onsi/gomega/gbytes"
    10  	. "github.com/onsi/gomega/gexec"
    11  )
    12  
    13  var _ = Describe("unset-space-role command", func() {
    14  	var (
    15  		privilegedUsername string
    16  		orgName            string
    17  		spaceName          string
    18  	)
    19  
    20  	BeforeEach(func() {
    21  		privilegedUsername = helpers.LoginCF()
    22  		orgName = helpers.NewOrgName()
    23  		spaceName = helpers.NewSpaceName()
    24  		helpers.CreateOrgAndSpace(orgName, spaceName)
    25  	})
    26  
    27  	AfterEach(func() {
    28  		helpers.QuickDeleteOrg(orgName)
    29  	})
    30  
    31  	Describe("help text and argument validation", func() {
    32  		When("--help flag is unset", func() {
    33  			It("Displays command usage to output", func() {
    34  				session := helpers.CF("unset-space-role", "--help")
    35  				Eventually(session).Should(Exit(0))
    36  				Expect(session).To(Say("NAME:"))
    37  				Expect(session).To(Say("unset-space-role - Remove a space role from a user"))
    38  				Expect(session).To(Say("USAGE:"))
    39  				Expect(session).To(Say("cf unset-space-role USERNAME ORG SPACE ROLE"))
    40  				Expect(session).To(Say(`cf unset-space-role USERNAME ORG SPACE ROLE \[--client\]`))
    41  				Expect(session).To(Say(`cf unset-space-role USERNAME ORG SPACE ROLE \[--origin ORIGIN\]`))
    42  				Expect(session).To(Say("ROLES:"))
    43  				Expect(session).To(Say("SpaceManager - Invite and manage users, and enable features for a given space"))
    44  				Expect(session).To(Say("SpaceDeveloper - Create and manage apps and services, and see logs and reports"))
    45  				Expect(session).To(Say("SpaceAuditor - View logs, reports, and settings on this space"))
    46  				Expect(session).To(Say(`SpaceSupporter \[Beta role, subject to change\] - Manage app lifecycle and service bindings`))
    47  				Expect(session).To(Say("OPTIONS:"))
    48  				Expect(session).To(Say(`--client\s+Remove space role from a client-id of a \(non-user\) service account`))
    49  				Expect(session).To(Say(`--origin\s+Indicates the identity provider to be used for authentication`))
    50  				Expect(session).To(Say("SEE ALSO:"))
    51  				Expect(session).To(Say("set-space-role, space-users"))
    52  			})
    53  		})
    54  
    55  		When("the role type does not exist", func() {
    56  			It("prints a useful error, prints help text, and exits 1", func() {
    57  				session := helpers.CF("unset-space-role", "some-user", "some-org", "some-space", "NotARealRole")
    58  				Eventually(session.Err).Should(Say(`Incorrect Usage: ROLE must be "SpaceManager", "SpaceDeveloper", "SpaceAuditor" or "SpaceSupporter"`))
    59  				Eventually(session).Should(Say(`NAME:`))
    60  				Eventually(session).Should(Exit(1))
    61  			})
    62  		})
    63  
    64  		When("too few arguments are passed", func() {
    65  			It("prints a useful error, prints help text, and exits 1", func() {
    66  				session := helpers.CF("unset-space-role", "not-enough", "arguments")
    67  				Eventually(session.Err).Should(Say("Incorrect Usage: the required arguments `SPACE` and `ROLE` were not provided"))
    68  				Eventually(session).Should(Say(`NAME:`))
    69  				Eventually(session).Should(Exit(1))
    70  			})
    71  		})
    72  
    73  		When("too many arguments are passed", func() {
    74  			It("prints a useful error, prints help text, and exits 1", func() {
    75  				session := helpers.CF("unset-space-role", "some-user", "some-org", "some-space", "SpaceAuditor", "some-extra-argument")
    76  				Eventually(session.Err).Should(Say(`Incorrect Usage: unexpected argument "some-extra-argument"`))
    77  				Eventually(session).Should(Say(`NAME:`))
    78  				Eventually(session).Should(Exit(1))
    79  			})
    80  		})
    81  	})
    82  
    83  	When("logged in as a privileged user", func() {
    84  		When("the --client flag is passed", func() {
    85  			var clientID string
    86  
    87  			BeforeEach(func() {
    88  				clientID, _ = helpers.SkipIfClientCredentialsNotSet()
    89  				session := helpers.CF("curl", "-X", "POST", "v3/users", "-d", fmt.Sprintf(`{"guid":"%s"}`, clientID))
    90  				Eventually(session).Should(Exit(0))
    91  			})
    92  
    93  			When("the client exists and is affiliated with the active user's org", func() {
    94  				BeforeEach(func() {
    95  					session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client")
    96  					Eventually(session).Should(Exit(0))
    97  					privilegedUsername = helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager")
    98  				})
    99  
   100  				It("unsets the space role for the client", func() {
   101  					session := helpers.CF("unset-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client")
   102  					Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", clientID, orgName, spaceName, privilegedUsername))
   103  					Eventually(session).Should(Say("OK"))
   104  					Eventually(session).Should(Exit(0))
   105  				})
   106  
   107  			})
   108  
   109  			When("the active user lacks permissions to look up clients", func() {
   110  				BeforeEach(func() {
   111  					helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager")
   112  				})
   113  
   114  				It("prints an appropriate error and exits 1", func() {
   115  					session := helpers.CF("unset-space-role", "cf_smoke_tests", orgName, spaceName, "SpaceAuditor", "--client")
   116  					Eventually(session).Should(Say("FAILED"))
   117  					Eventually(session.Err).Should(Say("User '%s' does not exist.", "cf_smoke_tests"))
   118  					Eventually(session).Should(Exit(1))
   119  				})
   120  			})
   121  
   122  			When("the targeted client does not exist", func() {
   123  				var badClientID string
   124  
   125  				BeforeEach(func() {
   126  					badClientID = helpers.NewUsername()
   127  				})
   128  
   129  				It("prints an appropriate error and exits 1", func() {
   130  					session := helpers.CF("unset-space-role", badClientID, orgName, spaceName, "SpaceAuditor")
   131  					Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", badClientID, orgName, spaceName, privilegedUsername))
   132  					Eventually(session.Err).Should(Say("User '%s' does not exist.", badClientID))
   133  					Eventually(session).Should(Say("FAILED"))
   134  					Eventually(session).Should(Exit(1))
   135  				})
   136  			})
   137  		})
   138  
   139  		When("the user exists", func() {
   140  			var username string
   141  
   142  			BeforeEach(func() {
   143  				username, _ = helpers.CreateUser()
   144  				session := helpers.CF("set-space-role", username, orgName, spaceName, "spaceauditor")
   145  				Eventually(session).Should(Exit(0))
   146  			})
   147  
   148  			When("the passed role type is lowercase", func() {
   149  				It("unsets the space role for the user", func() {
   150  					session := helpers.CF("unset-space-role", "-v", username, orgName, spaceName, "spaceauditor")
   151  					Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername))
   152  					Eventually(session).Should(Say("OK"))
   153  					Eventually(session).Should(Exit(0))
   154  				})
   155  			})
   156  
   157  			It("unsets the space role for the user", func() {
   158  				session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor")
   159  				Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername))
   160  				Eventually(session).Should(Say("OK"))
   161  				Eventually(session).Should(Exit(0))
   162  			})
   163  
   164  			When("the user does not have the role to delete", func() {
   165  				It("is idempotent", func() {
   166  					session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceDeveloper")
   167  					Eventually(session).Should(Say("Removing role SpaceDeveloper from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername))
   168  					Eventually(session).Should(Exit(0))
   169  				})
   170  			})
   171  
   172  			When("the org does not exist", func() {
   173  				It("prints an appropriate error and exits 1", func() {
   174  					session := helpers.CF("unset-space-role", username, "invalid-org", spaceName, "SpaceAuditor")
   175  					Eventually(session).Should(Say("FAILED"))
   176  					Eventually(session.Err).Should(Say("Organization 'invalid-org' not found."))
   177  					Eventually(session).Should(Exit(1))
   178  				})
   179  			})
   180  
   181  			When("the space does not exist", func() {
   182  				It("prints an appropriate error and exits 1", func() {
   183  					session := helpers.CF("unset-space-role", username, orgName, "invalid-space", "SpaceAuditor")
   184  					Eventually(session).Should(Say("FAILED"))
   185  					Eventually(session.Err).Should(Say("Space 'invalid-space' not found."))
   186  					Eventually(session).Should(Exit(1))
   187  				})
   188  			})
   189  
   190  			When("there are multiple users with the same username but different origins", func() {
   191  				BeforeEach(func() {
   192  					session := helpers.CF("create-user", username, "--origin", helpers.NonUAAOrigin)
   193  					Eventually(session).Should(Exit(0))
   194  				})
   195  
   196  				AfterEach(func() {
   197  					session := helpers.CF("delete-user", username, "--origin", helpers.NonUAAOrigin, "-f")
   198  					Eventually(session).Should(Exit(0))
   199  				})
   200  
   201  				It("returns an error and asks the user to use the --origin flag", func() {
   202  					session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor")
   203  					Eventually(session).Should(Say("Removing role SpaceAuditor from user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername))
   204  					Eventually(session.Err).Should(Say("Ambiguous user. User with username '%s' exists in the following origins: cli-oidc-provider, uaa. Specify an origin to disambiguate.", username))
   205  					Eventually(session).Should(Exit(1))
   206  				})
   207  			})
   208  		})
   209  
   210  		When("the user does not exist", func() {
   211  			It("prints an appropriate error and exits 1", func() {
   212  				session := helpers.CF("unset-space-role", "not-exists", orgName, spaceName, "SpaceAuditor")
   213  				Eventually(session).Should(Say("Removing role SpaceAuditor from user not-exists in org %s / space %s as %s...", orgName, spaceName, privilegedUsername))
   214  				Eventually(session.Err).Should(Say("User 'not-exists' does not exist."))
   215  				Eventually(session).Should(Say("FAILED"))
   216  				Eventually(session).Should(Exit(1))
   217  			})
   218  		})
   219  	})
   220  
   221  	When("the logged in user does not have permission to write to the space", func() {
   222  		var username string
   223  
   224  		BeforeEach(func() {
   225  			username, _ = helpers.CreateUser()
   226  			session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor")
   227  			Eventually(session).Should(Exit(0))
   228  			helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor")
   229  		})
   230  
   231  		It("prints out the error message from CC API and exits 1", func() {
   232  			session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor")
   233  			Eventually(session).Should(Say("FAILED"))
   234  			Eventually(session.Err).Should(Say("You are not authorized to perform the requested action"))
   235  			Eventually(session).Should(Exit(1))
   236  		})
   237  	})
   238  
   239  	When("the logged in user has insufficient permissions to see the user", func() {
   240  		var username string
   241  
   242  		BeforeEach(func() {
   243  			username, _ = helpers.CreateUser()
   244  			helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager")
   245  		})
   246  
   247  		It("prints out the error message from CC API and exits 1", func() {
   248  			session := helpers.CF("unset-space-role", username, orgName, spaceName, "SpaceAuditor", "-v")
   249  			Eventually(session).Should(Say("FAILED"))
   250  			Eventually(session.Err).Should(Say("User '%s' does not exist.", username))
   251  			Eventually(session).Should(Exit(1))
   252  		})
   253  	})
   254  })