github.com/argoproj/argo-cd/v3@v3.2.1/test/e2e/accounts_test.go (about) 1 package e2e 2 3 import ( 4 "testing" 5 6 "github.com/spf13/cobra" 7 "github.com/stretchr/testify/assert" 8 "github.com/stretchr/testify/require" 9 "google.golang.org/grpc/codes" 10 "google.golang.org/grpc/status" 11 12 "github.com/argoproj/argo-cd/v3/cmd/argocd/commands/headless" 13 "github.com/argoproj/argo-cd/v3/pkg/apiclient/account" 14 "github.com/argoproj/argo-cd/v3/pkg/apiclient/session" 15 . "github.com/argoproj/argo-cd/v3/test/e2e/fixture" 16 accountFixture "github.com/argoproj/argo-cd/v3/test/e2e/fixture/account" 17 "github.com/argoproj/argo-cd/v3/util/errors" 18 utilio "github.com/argoproj/argo-cd/v3/util/io" 19 ) 20 21 func TestCreateAndUseAccount(t *testing.T) { 22 ctx := accountFixture.Given(t) 23 ctx. 24 Name("test"). 25 When(). 26 Create(). 27 Then(). 28 And(func(account *account.Account, _ error) { 29 assert.Equal(t, account.Name, ctx.GetName()) 30 assert.Equal(t, []string{"login"}, account.Capabilities) 31 }). 32 When(). 33 Login(). 34 Then(). 35 CurrentUser(func(user *session.GetUserInfoResponse, _ error) { 36 assert.True(t, user.LoggedIn) 37 assert.Equal(t, user.Username, ctx.GetName()) 38 }) 39 } 40 41 func TestCanIGetLogsAllow(t *testing.T) { 42 ctx := accountFixture.Given(t) 43 ctx. 44 Name("test"). 45 Project(ProjectName). 46 When(). 47 Create(). 48 Login(). 49 SetPermissions([]ACL{ 50 { 51 Resource: "logs", 52 Action: "get", 53 Scope: ProjectName + "/*", 54 }, 55 { 56 Resource: "apps", 57 Action: "get", 58 Scope: ProjectName + "/*", 59 }, 60 }, "log-viewer"). 61 CanIGetLogs(). 62 Then(). 63 AndCLIOutput(func(output string, _ error) { 64 assert.Contains(t, output, "yes") 65 }) 66 } 67 68 func TestCanIGetLogsDeny(t *testing.T) { 69 ctx := accountFixture.Given(t) 70 ctx. 71 Name("test"). 72 When(). 73 Create(). 74 Login(). 75 CanIGetLogs(). 76 Then(). 77 AndCLIOutput(func(output string, _ error) { 78 assert.Contains(t, output, "no") 79 }) 80 } 81 82 func TestCreateAndUseAccountCLI(t *testing.T) { 83 EnsureCleanState(t) 84 85 output, err := RunCli("account", "list") 86 errors.CheckError(err) 87 88 assert.Equal(t, `NAME ENABLED CAPABILITIES 89 admin true login`, output) 90 91 errors.CheckError(SetAccounts(map[string][]string{ 92 "test": {"login", "apiKey"}, 93 })) 94 95 output, err = RunCli("account", "list") 96 errors.CheckError(err) 97 98 assert.Equal(t, `NAME ENABLED CAPABILITIES 99 admin true login 100 test true login, apiKey`, output) 101 102 token, err := RunCli("account", "generate-token", "--account", "test") 103 errors.CheckError(err) 104 105 clientOpts := ArgoCDClientset.ClientOptions() 106 clientOpts.AuthToken = token 107 testAccountClientset := headless.NewClientOrDie(&clientOpts, &cobra.Command{}) 108 109 closer, client := testAccountClientset.NewSessionClientOrDie() 110 defer utilio.Close(closer) 111 112 info, err := client.GetUserInfo(t.Context(), &session.GetUserInfoRequest{}) 113 require.NoError(t, err) 114 115 assert.Equal(t, "test", info.Username) 116 } 117 118 func TestLoginBadCredentials(t *testing.T) { 119 EnsureCleanState(t) 120 121 closer, sessionClient := ArgoCDClientset.NewSessionClientOrDie() 122 defer utilio.Close(closer) 123 124 requests := []session.SessionCreateRequest{{ 125 Username: "user-does-not-exist", Password: "some-password", 126 }, { 127 Username: "admin", Password: "bad-password", 128 }} 129 130 for _, r := range requests { 131 _, err := sessionClient.Create(t.Context(), &r) 132 require.Error(t, err) 133 errStatus, ok := status.FromError(err) 134 if !assert.True(t, ok) { 135 return 136 } 137 assert.Equal(t, codes.Unauthenticated, errStatus.Code()) 138 assert.Equal(t, "Invalid username or password", errStatus.Message()) 139 } 140 }