github.com/deis/workflow-e2e@v2.12.2-0.20180227201524-4105be7001fe+incompatible/tests/auth_test.go (about) 1 package tests 2 3 import ( 4 "os" 5 6 "github.com/deis/workflow-e2e/tests/cmd" 7 "github.com/deis/workflow-e2e/tests/cmd/auth" 8 "github.com/deis/workflow-e2e/tests/model" 9 "github.com/deis/workflow-e2e/tests/settings" 10 11 . "github.com/onsi/ginkgo" 12 . "github.com/onsi/gomega" 13 . "github.com/onsi/gomega/gbytes" 14 . "github.com/onsi/gomega/gexec" 15 ) 16 17 var _ = Describe("deis auth", func() { 18 19 Context("with no user logged in", func() { 20 21 BeforeEach(func() { 22 // Important: All the tests use profiles. In theory, no client.json containing a token 23 // exists because of this. However, in order to future-proof this test against any fallout 24 // from any test added in the future that might deliberately or accidentally behave 25 // differently, we explicitly log out, without specifying a profile. This is meant to 26 // GUARANTEE that client.json does not exist. 27 sess, err := cmd.Start("deis auth:logout", nil) 28 Eventually(sess).Should(Say("Logged out\n")) 29 Expect(err).NotTo(HaveOccurred()) 30 Eventually(sess).Should(Exit(0)) 31 }) 32 33 Specify("information on the current user cannot be printed", func() { 34 sess, err := cmd.Start("deis auth:whoami", nil) 35 Eventually(sess.Err).Should(Say("Error: Client configuration file not found")) 36 Expect(err).NotTo(HaveOccurred()) 37 Eventually(sess).Should(Exit(1)) 38 }) 39 40 }) 41 42 Context("with a non-admin user", func() { 43 44 var user model.User 45 46 BeforeEach(func() { 47 user = model.NewUser() 48 os.Setenv("DEIS_PROFILE", user.Username) 49 }) 50 51 AfterEach(func() { 52 sess, err := cmd.Start("deis auth:cancel --username=%s --password=%s --yes", &user, user.Username, user.Password) 53 Expect(err).To(BeNil()) 54 Eventually(sess).Should(Exit(1)) 55 Expect(err).NotTo(HaveOccurred()) 56 os.Unsetenv("DEIS_PROFILE") 57 }) 58 59 Specify("that user cannot register when registration mode is 'admin_only', as is the default", func() { 60 sess, err := cmd.Start("deis auth:register %s --username=%s --password=%s --email=%s", nil, settings.DeisControllerURL, user.Username, user.Password, user.Email) 61 Expect(err).NotTo(HaveOccurred()) 62 Eventually(sess.Err).Should(Say("Registration failed: Error: You do not have permission to perform this action.")) 63 Eventually(sess).Should(Exit(1)) 64 }) 65 66 }) 67 68 Context("with an existing user", func() { 69 admin := model.Admin 70 var user model.User 71 72 BeforeEach(func() { 73 user = auth.RegisterAndLogin() 74 }) 75 76 AfterEach(func() { 77 auth.Cancel(user) 78 }) 79 80 Specify("that user can log out", func() { 81 auth.Logout(user) 82 auth.Login(user) // Log back in so cleanup won't fail. 83 }) 84 85 Specify("a new user cannot be registered using the same details", func() { 86 sess, err := cmd.Start("deis auth:register %s --username=%s --password=%s --email=%s", &admin, settings.DeisControllerURL, user.Username, user.Password, user.Email) 87 Eventually(sess.Err).Should(Say("Registration failed")) 88 Expect(err).NotTo(HaveOccurred()) 89 Eventually(sess).Should(Exit(1)) 90 }) 91 92 Specify("that user can print information about themself", func() { 93 auth.Whoami(user) 94 }) 95 96 Specify("that user can print extensive information about themself", func() { 97 auth.WhoamiAll(user) 98 }) 99 100 Specify("that user can regenerates their own token", func() { 101 auth.Regenerate(user) 102 }) 103 104 }) 105 106 Context("with an existing admin", func() { 107 108 admin := model.Admin 109 110 Specify("that admin can list admins", func() { 111 sess, err := cmd.Start("deis perms:list --admin", &admin) 112 Eventually(sess).Should(Say("=== Administrators")) 113 Eventually(sess).Should(Say(admin.Username)) 114 Expect(err).NotTo(HaveOccurred()) 115 Eventually(sess).Should(Exit(0)) 116 }) 117 118 Context("and another existing user", func() { 119 120 var otherUser model.User 121 122 BeforeEach(func() { 123 otherUser = auth.RegisterAndLogin() 124 }) 125 126 AfterEach(func() { 127 auth.Cancel(otherUser) 128 }) 129 130 Specify("that admin can regenerate the token for the other user", func() { 131 sess, err := cmd.Start("deis auth:regenerate -u %s", &admin, otherUser.Username) 132 Eventually(sess).Should(Say("Token Regenerated")) 133 Expect(err).NotTo(HaveOccurred()) 134 Eventually(sess).Should(Exit(0)) 135 auth.Login(otherUser) // Log back in so cleanup won't fail. 136 }) 137 138 }) 139 140 // TODO: This is marked pending because it resets all user auth tokens. Because we run the 141 // tests in parallel, this can wreak havoc on tests that may be in flight. We will need to 142 // reevaluate how we want to test this functionality. 143 XSpecify("that admin can regenerate the tokens of all other users", func() { 144 sess, err := cmd.Start("deis auth:regenerate --all", &admin) 145 Eventually(sess).Should(Say("Token Regenerated")) 146 Expect(err).NotTo(HaveOccurred()) 147 Eventually(sess).Should(Exit(0)) 148 }) 149 150 }) 151 152 })