github.com/argoproj/argo-cd/v2@v2.10.5/test/e2e/accounts_test.go (about)

     1  package e2e
     2  
     3  import (
     4  	"context"
     5  	"strings"
     6  	"testing"
     7  
     8  	"github.com/argoproj/pkg/errors"
     9  	"github.com/spf13/cobra"
    10  	"github.com/stretchr/testify/assert"
    11  	"google.golang.org/grpc/codes"
    12  	"google.golang.org/grpc/status"
    13  
    14  	"github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless"
    15  	"github.com/argoproj/argo-cd/v2/pkg/apiclient/account"
    16  	"github.com/argoproj/argo-cd/v2/pkg/apiclient/session"
    17  	. "github.com/argoproj/argo-cd/v2/test/e2e/fixture"
    18  	accountFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/account"
    19  	"github.com/argoproj/argo-cd/v2/util/io"
    20  )
    21  
    22  func TestCreateAndUseAccount(t *testing.T) {
    23  	ctx := accountFixture.Given(t)
    24  	ctx.
    25  		Name("test").
    26  		When().
    27  		Create().
    28  		Then().
    29  		And(func(account *account.Account, err error) {
    30  			assert.Equal(t, account.Name, ctx.GetName())
    31  			assert.Equal(t, account.Capabilities, []string{"login"})
    32  		}).
    33  		When().
    34  		Login().
    35  		Then().
    36  		CurrentUser(func(user *session.GetUserInfoResponse, err error) {
    37  			assert.Equal(t, user.LoggedIn, true)
    38  			assert.Equal(t, user.Username, ctx.GetName())
    39  		})
    40  }
    41  
    42  func TestCanIGetLogsAllowNoSwitch(t *testing.T) {
    43  	ctx := accountFixture.Given(t)
    44  	ctx.
    45  		Name("test").
    46  		When().
    47  		Create().
    48  		Login().
    49  		CanIGetLogs().
    50  		Then().
    51  		AndCLIOutput(func(output string, err error) {
    52  			assert.True(t, strings.Contains(output, "yes"))
    53  		})
    54  }
    55  
    56  func TestCanIGetLogsDenySwitchOn(t *testing.T) {
    57  	ctx := accountFixture.Given(t)
    58  	ctx.
    59  		Name("test").
    60  		When().
    61  		Create().
    62  		Login().
    63  		SetParamInSettingConfigMap("server.rbac.log.enforce.enable", "true").
    64  		CanIGetLogs().
    65  		Then().
    66  		AndCLIOutput(func(output string, err error) {
    67  			assert.True(t, strings.Contains(output, "no"))
    68  		})
    69  }
    70  
    71  func TestCanIGetLogsAllowSwitchOn(t *testing.T) {
    72  	ctx := accountFixture.Given(t)
    73  	ctx.
    74  		Name("test").
    75  		Project(ProjectName).
    76  		When().
    77  		Create().
    78  		Login().
    79  		SetPermissions([]ACL{
    80  			{
    81  				Resource: "logs",
    82  				Action:   "get",
    83  				Scope:    ProjectName + "/*",
    84  			},
    85  			{
    86  				Resource: "apps",
    87  				Action:   "get",
    88  				Scope:    ProjectName + "/*",
    89  			},
    90  		}, "log-viewer").
    91  		SetParamInSettingConfigMap("server.rbac.log.enforce.enable", "true").
    92  		CanIGetLogs().
    93  		Then().
    94  		AndCLIOutput(func(output string, err error) {
    95  			assert.True(t, strings.Contains(output, "yes"))
    96  		})
    97  }
    98  
    99  func TestCanIGetLogsAllowSwitchOff(t *testing.T) {
   100  	ctx := accountFixture.Given(t)
   101  	ctx.
   102  		Name("test").
   103  		When().
   104  		Create().
   105  		Login().
   106  		SetParamInSettingConfigMap("server.rbac.log.enforce.enable", "false").
   107  		CanIGetLogs().
   108  		Then().
   109  		AndCLIOutput(func(output string, err error) {
   110  			assert.True(t, strings.Contains(output, "yes"))
   111  		})
   112  }
   113  
   114  func TestCreateAndUseAccountCLI(t *testing.T) {
   115  	EnsureCleanState(t)
   116  
   117  	output, err := RunCli("account", "list")
   118  	errors.CheckError(err)
   119  
   120  	assert.Equal(t, `NAME   ENABLED  CAPABILITIES
   121  admin  true     login`, output)
   122  
   123  	SetAccounts(map[string][]string{
   124  		"test": {"login", "apiKey"},
   125  	})
   126  
   127  	output, err = RunCli("account", "list")
   128  	errors.CheckError(err)
   129  
   130  	assert.Equal(t, `NAME   ENABLED  CAPABILITIES
   131  admin  true     login
   132  test   true     login, apiKey`, output)
   133  
   134  	token, err := RunCli("account", "generate-token", "--account", "test")
   135  	errors.CheckError(err)
   136  
   137  	clientOpts := ArgoCDClientset.ClientOptions()
   138  	clientOpts.AuthToken = token
   139  	testAccountClientset := headless.NewClientOrDie(&clientOpts, &cobra.Command{})
   140  
   141  	closer, client := testAccountClientset.NewSessionClientOrDie()
   142  	defer io.Close(closer)
   143  
   144  	info, err := client.GetUserInfo(context.Background(), &session.GetUserInfoRequest{})
   145  	assert.NoError(t, err)
   146  
   147  	assert.Equal(t, info.Username, "test")
   148  }
   149  
   150  func TestLoginBadCredentials(t *testing.T) {
   151  	EnsureCleanState(t)
   152  
   153  	closer, sessionClient := ArgoCDClientset.NewSessionClientOrDie()
   154  	defer io.Close(closer)
   155  
   156  	requests := []session.SessionCreateRequest{{
   157  		Username: "user-does-not-exist", Password: "some-password",
   158  	}, {
   159  		Username: "admin", Password: "bad-password",
   160  	}}
   161  
   162  	for _, r := range requests {
   163  		_, err := sessionClient.Create(context.Background(), &r)
   164  		if !assert.Error(t, err) {
   165  			return
   166  		}
   167  		errStatus, ok := status.FromError(err)
   168  		if !assert.True(t, ok) {
   169  			return
   170  		}
   171  		assert.Equal(t, codes.Unauthenticated, errStatus.Code())
   172  		assert.Equal(t, "Invalid username or password", errStatus.Message())
   173  	}
   174  }