github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/tests/suites/user/manage.sh (about) 1 # Granting and revoking read/write/admins rights for the users. 2 run_user_grant_revoke() { 3 # Echo out to ensure nice output to the test suite. 4 echo 5 6 # The following ensures that a bootstrap juju exists. 7 file="${TEST_DIR}/test-user-grant-revoke.log" 8 ensure "user-grant-revoke" "${file}" 9 10 echo "Check that current user is admin" 11 juju whoami --format=json | jq -r '."user"' | check "admin" 12 13 echo "Add user with read rights" 14 juju show-user readuser 2>/dev/null || juju add-user readuser 15 juju grant readuser read "user-grant-revoke" 16 17 echo "Add user with write rights" 18 juju show-user writeuser 2>/dev/null || juju add-user writeuser 19 juju grant writeuser write "user-grant-revoke" 20 21 echo "Add user with admin rights" 22 juju show-user adminuser 2>/dev/null || juju add-user adminuser 23 juju grant adminuser admin "user-grant-revoke" 24 25 echo "Check rights for added users" 26 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."readuser"."access"' | check "read" 27 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."writeuser"."access"' | check "write" 28 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."adminuser"."access"' | check "admin" 29 30 echo "Revoke rights" 31 juju revoke readuser read "user-grant-revoke" 32 juju revoke writeuser write "user-grant-revoke" 33 juju revoke adminuser admin "user-grant-revoke" 34 35 echo "Check rights for added users after revoke" 36 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."readuser"."access"' | check null 37 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."writeuser"."access"' | check "read" 38 juju show-model "user-grant-revoke" --format=json | jq -r '."user-grant-revoke"."users"."adminuser"."access"' | check "write" 39 40 destroy_model "user-grant-revoke" 41 } 42 43 # Disabling and enabling users. 44 run_user_disable_enable() { 45 # Echo out to ensure nice output to the test suite. 46 echo 47 48 # The following ensures that a bootstrap juju exists. 49 file="${TEST_DIR}/test-user-disable-enable.log" 50 ensure "user-disable-enable" "${file}" 51 52 echo "Check that current user is admin" 53 juju whoami --format=json | jq -r '."user"' | check "admin" 54 55 echo "Add testuser" 56 juju show-user testuser 2>/dev/null || juju add-user testuser 57 juju grant testuser read "user-disable-enable" 58 59 echo "Disable testuser" 60 juju disable-user testuser 61 62 echo "Check testuser is disabled" 63 juju show-user testuser --format=json | jq -r '."disabled"' | check true 64 65 echo "Enable testuser" 66 juju enable-user testuser 67 68 echo "Check testuser is enabled" 69 juju show-user testuser --format=json | jq -r '."disabled"' | check null 70 71 destroy_model "user-disable-enable" 72 } 73 74 # Granting and revoking login/add-model/superuser rights for the controller access. 75 run_user_controller_access() { 76 # Echo out to ensure nice output to the test suite. 77 echo 78 79 # The following ensures that a bootstrap juju exists. 80 file="${TEST_DIR}/test-user-controller-access.log" 81 ensure "user-controller-access" "${file}" 82 83 echo "Check that current user is admin" 84 juju whoami --format=json | jq -r '."user"' | check "admin" 85 86 echo "Add user with login rights" 87 juju show-user junioradmin 2>/dev/null || juju add-user junioradmin 88 89 echo "Add user with superuser rights" 90 juju show-user senioradmin 2>/dev/null || juju add-user senioradmin 91 juju grant senioradmin superuser 92 93 echo "Check rights for added users" 94 juju users --format=json | jq -r '.[] | select(."user-name"=="junioradmin") | ."access"' | check "login" 95 juju users --format=json | jq -r '.[] | select(."user-name"=="senioradmin") | ."access"' | check "superuser" 96 97 echo "Revoke rights" 98 juju revoke junioradmin login 99 juju revoke senioradmin superuser 100 101 echo "Check rights for added users after revoke" 102 juju users --format=json | jq -r '.[] | select(."user-name"=="junioradmin") | ."access"' | check "" 103 juju users --format=json | jq -r '.[] | select(."user-name"=="senioradmin") | ."access"' | check "login" 104 105 destroy_model "user-controller-access" 106 } 107 108 # Removing users. 109 run_user_remove() { 110 # Echo out to ensure nice output to the test suite. 111 echo 112 113 # The following ensures that a bootstrap juju exists. 114 file="${TEST_DIR}/test-user-remove.log" 115 ensure "user-remove" "${file}" 116 117 echo "Check that current user is admin" 118 juju whoami --format=json | jq -r '."user"' | check "admin" 119 120 echo "Add testuser2" 121 juju show-user testuser2 2>/dev/null || juju add-user testuser2 122 123 users=$(juju users) 124 check_contains "${users}" testuser2 125 126 echo "Remove testuser2" 127 juju remove-user -y testuser2 128 129 users=$(juju users) 130 check_not_contains "${users}" testuser2 131 132 destroy_model "user-remove" 133 } 134 135 test_user_manage() { 136 if [ -n "$(skip 'test_user_manage')" ]; then 137 echo "==> SKIP: Asked to skip user manage tests" 138 return 139 fi 140 141 ( 142 set_verbosity 143 144 cd .. || exit 145 146 run "run_user_grant_revoke" 147 run "run_user_disable_enable" 148 run "run_user_controller_access" 149 run "run_user_remove" 150 ) 151 }