github.com/deis/workflow-e2e@v2.12.2-0.20180227201524-4105be7001fe+incompatible/tests/perms_test.go (about) 1 package tests 2 3 import ( 4 deis "github.com/deis/controller-sdk-go" 5 "github.com/deis/workflow-e2e/tests/cmd" 6 "github.com/deis/workflow-e2e/tests/cmd/apps" 7 "github.com/deis/workflow-e2e/tests/cmd/auth" 8 "github.com/deis/workflow-e2e/tests/cmd/perms" 9 "github.com/deis/workflow-e2e/tests/model" 10 "github.com/deis/workflow-e2e/tests/settings" 11 "github.com/deis/workflow-e2e/tests/util" 12 13 . "github.com/onsi/ginkgo" 14 . "github.com/onsi/gomega" 15 . "github.com/onsi/gomega/gbytes" 16 . "github.com/onsi/gomega/gexec" 17 ) 18 19 var _ = Describe("deis perms", func() { 20 21 Context("with an existing admin", func() { 22 23 admin := model.Admin 24 25 Specify("that admin can list admins", func() { 26 sess, err := cmd.Start("deis perms:list --admin", &admin) 27 Eventually(sess).Should(Say("=== Administrators")) 28 Eventually(sess).Should(Say(admin.Username)) 29 Expect(err).NotTo(HaveOccurred()) 30 Eventually(sess).Should(Exit(0)) 31 }) 32 33 Context("and another existing user", func() { 34 35 var otherUser model.User 36 37 BeforeEach(func() { 38 otherUser = auth.RegisterAndLogin() 39 }) 40 41 AfterEach(func() { 42 auth.Cancel(otherUser) 43 }) 44 45 Specify("that admin can grant admin permissions to the other user", func() { 46 sess, err := cmd.Start("deis perms:create %s --admin", &admin, otherUser.Username) 47 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Adding %s to system administrators... done\n", otherUser.Username)) 48 Expect(err).NotTo(HaveOccurred()) 49 Eventually(sess).Should(Exit(0)) 50 51 sess, err = cmd.Start("deis perms:list --admin", &admin) 52 Eventually(sess).Should(Say("=== Administrators")) 53 Eventually(sess).Should(Say(otherUser.Username)) 54 Expect(err).NotTo(HaveOccurred()) 55 Eventually(sess).Should(Exit(0)) 56 }) 57 58 Context("who owns an existing app", func() { 59 60 var app model.App 61 62 BeforeEach(func() { 63 app = apps.Create(otherUser, "--no-remote") 64 }) 65 66 AfterEach(func() { 67 apps.Destroy(otherUser, app) 68 }) 69 70 Specify("that admin can list permissions on the app owned by the second user", func() { 71 sess, err := cmd.Start("deis perms:list --app=%s", &admin, app.Name) 72 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 73 Expect(err).NotTo(HaveOccurred()) 74 Eventually(sess).Should(Exit(0)) 75 }) 76 77 Context("and a third user also exists", func() { 78 79 var thirdUser model.User 80 81 BeforeEach(func() { 82 thirdUser = auth.RegisterAndLogin() 83 }) 84 85 AfterEach(func() { 86 auth.Cancel(thirdUser) 87 }) 88 89 Specify("that admin can grant permissions on the app owned by the second user to the third user", func() { 90 sess, err := cmd.Start("deis perms:create %s --app=%s", &admin, thirdUser.Username, app.Name) 91 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Adding %s to %s collaborators... done\n", thirdUser.Username, app.Name)) 92 Expect(err).NotTo(HaveOccurred()) 93 Eventually(sess).Should(Exit(0)) 94 95 sess, err = cmd.Start("deis perms:list --app=%s", &admin, app.Name) 96 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 97 Eventually(sess).Should(Say("%s", thirdUser.Username)) 98 Expect(err).NotTo(HaveOccurred()) 99 Eventually(sess).Should(Exit(0)) 100 }) 101 102 Context("who has permissions on the second user's app", func() { 103 104 BeforeEach(func() { 105 sess, err := cmd.Start("deis perms:create %s --app=%s", &admin, thirdUser.Username, app.Name) 106 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Adding %s to %s collaborators... done\n", thirdUser.Username, app.Name)) 107 Expect(err).NotTo(HaveOccurred()) 108 Eventually(sess).Should(Exit(0)) 109 }) 110 111 Specify("that admin can revoke the third user's permissions to an app owned by the second user", func() { 112 sess, err := cmd.Start("deis perms:delete %s --app=%s", &admin, thirdUser.Username, app.Name) 113 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Removing %s from %s collaborators... done", thirdUser.Username, app.Name)) 114 Expect(err).NotTo(HaveOccurred()) 115 Eventually(sess).Should(Exit(0)) 116 117 sess, err = cmd.Start("deis perms:list --app=%s", &admin, app.Name) 118 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 119 Eventually(sess).ShouldNot(Say("%s", thirdUser.Username)) 120 Expect(err).NotTo(HaveOccurred()) 121 Eventually(sess).Should(Exit(0)) 122 }) 123 124 }) 125 126 }) 127 128 }) 129 130 }) 131 132 Context("and another existing admin", func() { 133 134 var otherAdmin model.User 135 136 BeforeEach(func() { 137 otherAdmin = auth.RegisterAndLogin() 138 sess, err := cmd.Start("deis perms:create %s --admin", &admin, otherAdmin.Username) 139 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Adding %s to system administrators... done\n", otherAdmin.Username)) 140 Expect(err).NotTo(HaveOccurred()) 141 Eventually(sess).Should(Exit(0)) 142 }) 143 144 AfterEach(func() { 145 auth.Cancel(otherAdmin) 146 }) 147 148 Specify("the first admin can delete admin permissions from the second", func() { 149 sess, err := cmd.Start("deis perms:delete %s --admin", &admin, otherAdmin.Username) 150 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Removing %s from system administrators... done", otherAdmin.Username)) 151 Expect(err).NotTo(HaveOccurred()) 152 Eventually(sess).Should(Exit(0)) 153 154 sess, err = cmd.Start("deis perms:list --admin", &admin) 155 Eventually(sess).Should(Say("=== Administrators")) 156 Expect(sess).ShouldNot(Say(otherAdmin.Username)) 157 Expect(err).NotTo(HaveOccurred()) 158 Eventually(sess).Should(Exit(0)) 159 }) 160 161 }) 162 163 }) 164 165 Context("with an existing non-admin user", func() { 166 167 var user model.User 168 169 BeforeEach(func() { 170 user = auth.RegisterAndLogin() 171 }) 172 173 AfterEach(func() { 174 auth.Cancel(user) 175 }) 176 177 Specify("that user cannot list admin permissions", func() { 178 sess, err := cmd.Start("deis perms:list --admin", &user) 179 Eventually(sess.Err).Should(Say(util.PrependError(deis.ErrForbidden))) 180 Expect(err).NotTo(HaveOccurred()) 181 Eventually(sess).Should(Exit(1)) 182 }) 183 184 Specify("that user cannot create admin permissions", func() { 185 sess, err := cmd.Start("deis perms:create %s --admin", &user, user.Username) 186 Eventually(sess, settings.MaxEventuallyTimeout).Should(Say("Adding %s to system administrators...", user.Username)) 187 Eventually(sess.Err).Should(Say(util.PrependError(deis.ErrForbidden))) 188 Expect(err).NotTo(HaveOccurred()) 189 Eventually(sess).Should(Exit(1)) 190 }) 191 192 Context("and an existing admin", func() { 193 194 admin := model.Admin 195 196 Specify("the non-admin user cannot delete the admin's admin permissions", func() { 197 sess, err := cmd.Start("deis perms:delete %s --admin", &user, admin.Username) 198 Eventually(sess.Err, settings.MaxEventuallyTimeout).Should(Say(util.PrependError(deis.ErrForbidden))) 199 Expect(err).NotTo(HaveOccurred()) 200 Eventually(sess).Should(Exit(1)) 201 }) 202 203 }) 204 205 Context("and an existing app belonging to that user", func() { 206 207 var app model.App 208 209 BeforeEach(func() { 210 app = apps.Create(user, "--no-remote") 211 }) 212 213 AfterEach(func() { 214 apps.Destroy(user, app) 215 }) 216 217 Specify("that user can list permissions for that app", func() { 218 sess, err := cmd.Start("deis perms:list --app=%s", &user, app.Name) 219 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 220 Expect(err).NotTo(HaveOccurred()) 221 Eventually(sess).Should(Exit(0)) 222 }) 223 224 Context("and another existing non-admin user also exists", func() { 225 226 var otherUser model.User 227 228 BeforeEach(func() { 229 otherUser = auth.RegisterAndLogin() 230 }) 231 232 AfterEach(func() { 233 auth.Cancel(otherUser) 234 }) 235 236 Specify("that first user can grant permissions on that app to the second user", func() { 237 perms.Create(user, app, otherUser) 238 sess, err := cmd.Start("deis perms:list --app=%s", &user, app.Name) 239 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 240 Eventually(sess).Should(Say("%s", otherUser.Username)) 241 Expect(err).NotTo(HaveOccurred()) 242 Eventually(sess).Should(Exit(0)) 243 }) 244 245 Context("who has already been granted permissions on that app", func() { 246 247 BeforeEach(func() { 248 perms.Create(user, app, otherUser) 249 }) 250 251 Specify("that first user can list permissions for that app", func() { 252 sess, err := cmd.Start("deis perms:list --app=%s", &user, app.Name) 253 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 254 Eventually(sess).Should(Say("%s", otherUser.Username)) 255 Expect(err).NotTo(HaveOccurred()) 256 Eventually(sess).Should(Exit(0)) 257 }) 258 259 Specify("that first user can revoke permissions on that app", func() { 260 perms.Delete(user, app, otherUser) 261 sess, err := cmd.Start("deis perms:list --app=%s", &user, app.Name) 262 Eventually(sess).Should(Say("=== %s's Users", app.Name)) 263 Eventually(sess).ShouldNot(Say("%s", otherUser.Username)) 264 Expect(err).NotTo(HaveOccurred()) 265 Eventually(sess).Should(Exit(0)) 266 }) 267 268 }) 269 270 }) 271 272 }) 273 274 }) 275 276 })