github.com/LukasHeimann/cloudfoundrycli/v8@v8.4.4/integration/v7/isolated/set_space_role_command_test.go (about) 1 package isolated 2 3 import ( 4 "github.com/LukasHeimann/cloudfoundrycli/v8/integration/helpers" 5 . "github.com/onsi/ginkgo" 6 . "github.com/onsi/gomega" 7 . "github.com/onsi/gomega/gbytes" 8 . "github.com/onsi/gomega/gexec" 9 ) 10 11 var _ = Describe("set-space-role command", func() { 12 Describe("help text and argument validation", func() { 13 When("--help flag is set", func() { 14 It("Displays command usage to output", func() { 15 session := helpers.CF("set-space-role", "--help") 16 Eventually(session).Should(Exit(0)) 17 Expect(session).To(Say("NAME:")) 18 Expect(session).To(Say("set-space-role - Assign a space role to a user")) 19 Expect(session).To(Say("USAGE:")) 20 Expect(session).To(Say("cf set-space-role USERNAME ORG SPACE ROLE")) 21 Expect(session).To(Say(`cf set-space-role USERNAME ORG SPACE ROLE \[--client\]`)) 22 Expect(session).To(Say(`cf set-space-role USERNAME ORG SPACE ROLE \[--origin ORIGIN\]`)) 23 Expect(session).To(Say("ROLES:")) 24 Expect(session).To(Say("SpaceManager - Invite and manage users, and enable features for a given space")) 25 Expect(session).To(Say("SpaceDeveloper - Create and manage apps and services, and see logs and reports")) 26 Expect(session).To(Say("SpaceAuditor - View logs, reports, and settings on this space")) 27 Expect(session).To(Say(`SpaceSupporter \[Beta role, subject to change\] - Manage app lifecycle and service bindings`)) 28 Expect(session).To(Say("OPTIONS:")) 29 Expect(session).To(Say(`--client\s+Assign a space role to a client-id of a \(non-user\) service account`)) 30 Expect(session).To(Say(`--origin\s+Indicates the identity provider to be used for authentication`)) 31 Expect(session).To(Say("SEE ALSO:")) 32 Expect(session).To(Say("space-users, unset-space-role")) 33 }) 34 }) 35 36 When("the role type is invalid", func() { 37 It("prints a useful error, prints help text, and exits 1", func() { 38 session := helpers.CF("set-space-role", "some-user", "some-org", "some-space", "NotARealRole") 39 Eventually(session.Err).Should(Say(`Incorrect Usage: ROLE must be "SpaceManager", "SpaceDeveloper", "SpaceAuditor" or "SpaceSupporter"`)) 40 Eventually(session).Should(Say(`NAME:`)) 41 Eventually(session).Should(Exit(1)) 42 }) 43 }) 44 45 When("too few arguments are passed", func() { 46 It("prints a useful error, prints help text, and exits 1", func() { 47 session := helpers.CF("set-space-role", "not-enough", "arguments") 48 Eventually(session.Err).Should(Say("Incorrect Usage: the required arguments `SPACE` and `ROLE` were not provided")) 49 Eventually(session).Should(Say(`NAME:`)) 50 Eventually(session).Should(Exit(1)) 51 }) 52 }) 53 54 When("too many arguments are passed", func() { 55 It("prints a useful error, prints help text, and exits 1", func() { 56 session := helpers.CF("set-space-role", "some-user", "some-org", "some-space", "SpaceAuditor", "some-extra-argument") 57 Eventually(session.Err).Should(Say(`Incorrect Usage: unexpected argument "some-extra-argument"`)) 58 Eventually(session).Should(Say(`NAME:`)) 59 Eventually(session).Should(Exit(1)) 60 }) 61 }) 62 }) 63 64 Describe("command behavior", func() { 65 var ( 66 privilegedUsername string 67 orgName string 68 spaceName string 69 ) 70 71 BeforeEach(func() { 72 privilegedUsername = helpers.LoginCF() 73 orgName = helpers.NewOrgName() 74 spaceName = helpers.NewSpaceName() 75 helpers.CreateOrgAndSpace(orgName, spaceName) 76 }) 77 78 AfterEach(func() { 79 helpers.QuickDeleteOrg(orgName) 80 }) 81 82 When("logged in as a privileged user", func() { 83 When("the --client flag is passed", func() { 84 var clientID string 85 86 BeforeEach(func() { 87 clientID, _ = helpers.SkipIfClientCredentialsNotSet() 88 }) 89 90 When("the client exists", func() { 91 It("sets the org role for the client", func() { 92 session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client") 93 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", clientID, orgName, spaceName, privilegedUsername)) 94 Eventually(session).Should(Say("OK")) 95 Eventually(session).Should(Exit(0)) 96 }) 97 98 When("the client is not authorized to look up clients in UAA", func() { 99 BeforeEach(func() { 100 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 101 }) 102 103 It("prints an appropriate error and exits 1", func() { 104 session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client", "-v") 105 Eventually(session).Should(Say("FAILED")) 106 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action.")) 107 Eventually(session).Should(Exit(1)) 108 }) 109 }) 110 }) 111 112 When("the targeted client does not exist", func() { 113 var badClientID string 114 115 BeforeEach(func() { 116 badClientID = "nonexistent-client" 117 }) 118 119 It("fails with an appropriate error message", func() { 120 session := helpers.CF("set-space-role", badClientID, orgName, spaceName, "SpaceAuditor", "--client") 121 Eventually(session.Err).Should(Say("Users cannot be assigned roles in a space if they do not have a role in that space's organization.")) 122 Eventually(session).Should(Say("FAILED")) 123 Eventually(session).Should(Exit(1)) 124 }) 125 }) 126 }) 127 128 When("the user exists", func() { 129 var username string 130 131 BeforeEach(func() { 132 username, _ = helpers.CreateUser() 133 }) 134 135 When("the passed role is lowercase", func() { 136 It("sets the space role for the user", func() { 137 session := helpers.CF("set-space-role", username, orgName, spaceName, "spaceauditor") 138 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 139 Eventually(session).Should(Say("OK")) 140 Eventually(session).Should(Exit(0)) 141 }) 142 }) 143 144 It("sets the space role for the user", func() { 145 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor") 146 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 147 Eventually(session).Should(Say("OK")) 148 Eventually(session).Should(Exit(0)) 149 }) 150 151 When("the user already has the desired role", func() { 152 BeforeEach(func() { 153 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceDeveloper") 154 Eventually(session).Should(Say("Assigning role SpaceDeveloper to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 155 Eventually(session).Should(Exit(0)) 156 }) 157 158 It("is idempotent", func() { 159 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceDeveloper") 160 Eventually(session).Should(Say("Assigning role SpaceDeveloper to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 161 Eventually(session).Should(Exit(0)) 162 }) 163 }) 164 165 When("the org does not exist", func() { 166 It("prints an appropriate error and exits 1", func() { 167 session := helpers.CF("set-space-role", username, "invalid-org", spaceName, "SpaceAuditor") 168 Eventually(session).Should(Say("FAILED")) 169 Eventually(session.Err).Should(Say("Organization 'invalid-org' not found.")) 170 Eventually(session).Should(Exit(1)) 171 }) 172 }) 173 174 When("the space does not exist", func() { 175 It("prints an appropriate error and exits 1", func() { 176 session := helpers.CF("set-space-role", username, orgName, "invalid-space", "SpaceAuditor") 177 Eventually(session).Should(Say("FAILED")) 178 Eventually(session.Err).Should(Say("Space 'invalid-space' not found.")) 179 Eventually(session).Should(Exit(1)) 180 }) 181 }) 182 183 When("there are multiple users with the same username but different origins", func() { 184 BeforeEach(func() { 185 session := helpers.CF("create-user", username, "--origin", helpers.NonUAAOrigin) 186 Eventually(session).Should(Exit(0)) 187 }) 188 189 AfterEach(func() { 190 session := helpers.CF("delete-user", username, "--origin", helpers.NonUAAOrigin, "-f") 191 Eventually(session).Should(Exit(0)) 192 }) 193 194 It("returns an error and asks the user to use the --origin flag", func() { 195 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceManager") 196 Eventually(session).Should(Say("Assigning role SpaceManager to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 197 Eventually(session.Err).Should(Say("Ambiguous user. User with username '%s' exists in the following origins: cli-oidc-provider, uaa. Specify an origin to disambiguate.", username)) 198 Eventually(session).Should(Exit(1)) 199 }) 200 }) 201 }) 202 203 When("the user does not exist", func() { 204 It("prints an appropriate error and exits 1", func() { 205 session := helpers.CF("set-space-role", "not-exists", orgName, spaceName, "SpaceAuditor") 206 Eventually(session).Should(Say("Assigning role SpaceAuditor to user not-exists in org %s / space %s as %s...", orgName, spaceName, privilegedUsername)) 207 Eventually(session).Should(Say("FAILED")) 208 Eventually(session.Err).Should(Say("No user exists with the username 'not-exists'.")) 209 Eventually(session).Should(Exit(1)) 210 }) 211 }) 212 }) 213 214 When("the logged in user does not have permission to write to the space", func() { 215 var username string 216 217 BeforeEach(func() { 218 username, _ = helpers.CreateUser() 219 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor") 220 }) 221 222 It("prints out the error message from CC API and exits 1", func() { 223 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor") 224 Eventually(session).Should(Say("FAILED")) 225 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action")) 226 Eventually(session).Should(Exit(1)) 227 }) 228 }) 229 230 When("the logged in user has insufficient permissions to see the user", func() { 231 var username string 232 233 BeforeEach(func() { 234 username, _ = helpers.CreateUser() 235 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 236 }) 237 238 It("prints out the error message from CC API and exits 1", func() { 239 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor", "-v") 240 Eventually(session).Should(Say("FAILED")) 241 Eventually(session.Err).Should(Say("Users cannot be assigned roles in a space if they do not have a role in that space's organization.")) 242 Eventually(session).Should(Exit(1)) 243 }) 244 }) 245 246 When("the logged in user has insufficient permissions to create roles in the space", func() { 247 var userInOrg string 248 249 BeforeEach(func() { 250 userInOrg, _ = helpers.CreateUser() 251 Eventually(helpers.CF("set-org-role", userInOrg, orgName, "OrgAuditor")).Should(Exit(0)) 252 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor") 253 }) 254 255 It("prints out the error message from CC API and exits 1", func() { 256 session := helpers.CF("set-space-role", userInOrg, orgName, spaceName, "SpaceAuditor") 257 Eventually(session).Should(Say("FAILED")) 258 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action")) 259 Eventually(session).Should(Exit(1)) 260 }) 261 }) 262 }) 263 })