github.com/lukasheimann/cloudfoundrycli@v7.1.0+incompatible/actor/v7action/role_test.go (about)

     1  package v7action_test
     2  
     3  import (
     4  	"errors"
     5  
     6  	"code.cloudfoundry.org/cli/actor/actionerror"
     7  	. "code.cloudfoundry.org/cli/actor/v7action"
     8  	"code.cloudfoundry.org/cli/actor/v7action/v7actionfakes"
     9  	"code.cloudfoundry.org/cli/api/cloudcontroller/ccerror"
    10  	"code.cloudfoundry.org/cli/api/cloudcontroller/ccv3"
    11  	"code.cloudfoundry.org/cli/api/cloudcontroller/ccv3/constant"
    12  	"code.cloudfoundry.org/cli/resources"
    13  	. "github.com/onsi/ginkgo"
    14  	. "github.com/onsi/gomega"
    15  )
    16  
    17  var _ = Describe("Role Actions", func() {
    18  	var (
    19  		actor                     *Actor
    20  		fakeCloudControllerClient *v7actionfakes.FakeCloudControllerClient
    21  		fakeUAAClient             *v7actionfakes.FakeUAAClient
    22  	)
    23  
    24  	BeforeEach(func() {
    25  		actor, fakeCloudControllerClient, _, _, fakeUAAClient, _, _ = NewTestActor()
    26  	})
    27  
    28  	Describe("CreateOrgRole", func() {
    29  		var (
    30  			roleType       constant.RoleType
    31  			userNameOrGUID string
    32  			userOrigin     string
    33  			orgGUID        string
    34  			isClient       bool
    35  
    36  			warnings   Warnings
    37  			executeErr error
    38  		)
    39  
    40  		BeforeEach(func() {
    41  			roleType = constant.OrgAuditorRole
    42  			orgGUID = "org-guid"
    43  		})
    44  
    45  		JustBeforeEach(func() {
    46  			warnings, executeErr = actor.CreateOrgRole(roleType, orgGUID, userNameOrGUID, userOrigin, isClient)
    47  		})
    48  
    49  		When("creating the role succeeds", func() {
    50  			BeforeEach(func() {
    51  				fakeCloudControllerClient.CreateRoleReturns(
    52  					resources.Role{
    53  						Type:     roleType,
    54  						UserGUID: "user-guid",
    55  						OrgGUID:  "org-guid",
    56  					},
    57  					ccv3.Warnings{"create-role-warning"},
    58  					nil,
    59  				)
    60  			})
    61  
    62  			When("creating a role for a client", func() {
    63  				BeforeEach(func() {
    64  					userNameOrGUID = "user-guid"
    65  					userOrigin = ""
    66  					isClient = true
    67  				})
    68  
    69  				It("returns the role and any warnings", func() {
    70  					Expect(warnings).To(ConsistOf("create-role-warning"))
    71  					Expect(executeErr).ToNot(HaveOccurred())
    72  
    73  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(1))
    74  					passedRole := fakeCloudControllerClient.CreateRoleArgsForCall(0)
    75  
    76  					Expect(passedRole).To(Equal(
    77  						resources.Role{
    78  							Type:     roleType,
    79  							UserGUID: "user-guid",
    80  							OrgGUID:  "org-guid",
    81  						},
    82  					))
    83  				})
    84  
    85  				When("the client does not exist in UAA", func() {
    86  					BeforeEach(func() {
    87  						fakeUAAClient.ValidateClientUserReturns(actionerror.UserNotFoundError{Username: "bad-client"})
    88  					})
    89  
    90  					It("returns the error", func() {
    91  						Expect(warnings).To(BeEmpty())
    92  						Expect(executeErr).To(MatchError(actionerror.UserNotFoundError{Username: "bad-client"}))
    93  					})
    94  				})
    95  			})
    96  
    97  			When("creating a role for a non-client user", func() {
    98  				BeforeEach(func() {
    99  					userNameOrGUID = "user-name"
   100  					userOrigin = "user-origin"
   101  					isClient = false
   102  				})
   103  
   104  				It("returns the role and any warnings", func() {
   105  					Expect(warnings).To(ConsistOf("create-role-warning"))
   106  					Expect(executeErr).ToNot(HaveOccurred())
   107  
   108  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(1))
   109  					passedRole := fakeCloudControllerClient.CreateRoleArgsForCall(0)
   110  
   111  					Expect(passedRole).To(Equal(
   112  						resources.Role{
   113  							Type:     roleType,
   114  							Username: "user-name",
   115  							Origin:   "user-origin",
   116  							OrgGUID:  "org-guid",
   117  						},
   118  					))
   119  				})
   120  			})
   121  		})
   122  
   123  		When("the API call to create the role returns an error", func() {
   124  			BeforeEach(func() {
   125  				fakeCloudControllerClient.CreateRoleReturns(
   126  					resources.Role{},
   127  					ccv3.Warnings{"create-role-warning"},
   128  					errors.New("create-role-error"),
   129  				)
   130  			})
   131  
   132  			It("it returns an error and warnings", func() {
   133  				Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(1))
   134  				Expect(warnings).To(ConsistOf("create-role-warning"))
   135  				Expect(executeErr).To(MatchError("create-role-error"))
   136  			})
   137  		})
   138  	})
   139  
   140  	Describe("CreateSpaceRole", func() {
   141  		var (
   142  			roleType       constant.RoleType
   143  			userNameOrGUID string
   144  			userOrigin     string
   145  			orgGUID        string
   146  			spaceGUID      string
   147  			isClient       bool
   148  
   149  			warnings   Warnings
   150  			executeErr error
   151  		)
   152  
   153  		BeforeEach(func() {
   154  			roleType = constant.SpaceDeveloperRole
   155  			orgGUID = "org-guid"
   156  			spaceGUID = "space-guid"
   157  		})
   158  
   159  		JustBeforeEach(func() {
   160  			warnings, executeErr = actor.CreateSpaceRole(roleType, orgGUID, spaceGUID, userNameOrGUID, userOrigin, isClient)
   161  		})
   162  
   163  		When("creating the role succeeds", func() {
   164  			BeforeEach(func() {
   165  				fakeCloudControllerClient.CreateRoleReturnsOnCall(0,
   166  					resources.Role{
   167  						Type:     constant.OrgUserRole,
   168  						UserGUID: "user-guid",
   169  						OrgGUID:  "org-guid",
   170  					},
   171  					ccv3.Warnings{"create-org-role-warning"},
   172  					nil,
   173  				)
   174  
   175  				fakeCloudControllerClient.CreateRoleReturnsOnCall(1,
   176  					resources.Role{
   177  						Type:      roleType,
   178  						UserGUID:  "user-guid",
   179  						SpaceGUID: "space-guid",
   180  					},
   181  					ccv3.Warnings{"create-space-role-warning"},
   182  					nil,
   183  				)
   184  			})
   185  
   186  			When("creating a space role for a client", func() {
   187  				BeforeEach(func() {
   188  					userNameOrGUID = "user-guid"
   189  					userOrigin = ""
   190  					isClient = true
   191  				})
   192  
   193  				It("returns the role and any warnings", func() {
   194  					Expect(warnings).To(ConsistOf("create-org-role-warning", "create-space-role-warning"))
   195  					Expect(executeErr).ToNot(HaveOccurred())
   196  
   197  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(2))
   198  
   199  					passedOrgRole := fakeCloudControllerClient.CreateRoleArgsForCall(0)
   200  					Expect(passedOrgRole).To(Equal(
   201  						resources.Role{
   202  							Type:     constant.OrgUserRole,
   203  							UserGUID: "user-guid",
   204  							OrgGUID:  "org-guid",
   205  						},
   206  					))
   207  
   208  					passedSpaceRole := fakeCloudControllerClient.CreateRoleArgsForCall(1)
   209  					Expect(passedSpaceRole).To(Equal(
   210  						resources.Role{
   211  							Type:      roleType,
   212  							UserGUID:  "user-guid",
   213  							SpaceGUID: "space-guid",
   214  						},
   215  					))
   216  				})
   217  			})
   218  
   219  			When("creating a space role for a non-client user", func() {
   220  				BeforeEach(func() {
   221  					userNameOrGUID = "user-name"
   222  					userOrigin = "user-origin"
   223  					isClient = false
   224  				})
   225  
   226  				It("returns the role and any warnings", func() {
   227  					Expect(warnings).To(ConsistOf("create-org-role-warning", "create-space-role-warning"))
   228  					Expect(executeErr).ToNot(HaveOccurred())
   229  
   230  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(2))
   231  
   232  					passedOrgRole := fakeCloudControllerClient.CreateRoleArgsForCall(0)
   233  					Expect(passedOrgRole).To(Equal(
   234  						resources.Role{
   235  							Type:     constant.OrgUserRole,
   236  							Username: "user-name",
   237  							Origin:   "user-origin",
   238  							OrgGUID:  "org-guid",
   239  						},
   240  					))
   241  
   242  					passedSpaceRole := fakeCloudControllerClient.CreateRoleArgsForCall(1)
   243  					Expect(passedSpaceRole).To(Equal(
   244  						resources.Role{
   245  							Type:      roleType,
   246  							Username:  "user-name",
   247  							Origin:    "user-origin",
   248  							SpaceGUID: "space-guid",
   249  						},
   250  					))
   251  				})
   252  			})
   253  		})
   254  
   255  		When("the user already has an org role", func() {
   256  			BeforeEach(func() {
   257  				fakeCloudControllerClient.CreateRoleReturnsOnCall(0,
   258  					resources.Role{},
   259  					ccv3.Warnings{"create-org-role-warning"},
   260  					ccerror.RoleAlreadyExistsError{},
   261  				)
   262  			})
   263  
   264  			It("it ignores the error and creates the space role", func() {
   265  				Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(2))
   266  				Expect(warnings).To(ConsistOf("create-org-role-warning"))
   267  				Expect(executeErr).NotTo(HaveOccurred())
   268  			})
   269  		})
   270  
   271  		When("the client does not exist in UAA", func() {
   272  			BeforeEach(func() {
   273  				fakeUAAClient.ValidateClientUserReturns(actionerror.UserNotFoundError{Username: "bad-client"})
   274  			})
   275  
   276  			It("returns the error", func() {
   277  				Expect(warnings).To(BeEmpty())
   278  				Expect(executeErr).NotTo(HaveOccurred())
   279  			})
   280  		})
   281  
   282  		When("the API call to create the org role returns an error", func() {
   283  			Context("and it is not a forbidden", func() {
   284  				BeforeEach(func() {
   285  					fakeCloudControllerClient.CreateRoleReturnsOnCall(0,
   286  						resources.Role{},
   287  						ccv3.Warnings{"create-org-role-warning"},
   288  						errors.New("create-org-role-error"),
   289  					)
   290  				})
   291  
   292  				It("it returns an error and warnings", func() {
   293  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(1))
   294  					Expect(warnings).To(ConsistOf("create-org-role-warning"))
   295  					Expect(executeErr).To(MatchError("create-org-role-error"))
   296  				})
   297  			})
   298  
   299  			Context("and it is a forbidden", func() {
   300  				BeforeEach(func() {
   301  					fakeCloudControllerClient.CreateRoleReturnsOnCall(0,
   302  						resources.Role{},
   303  						ccv3.Warnings{"create-org-role-warning"},
   304  						ccerror.ForbiddenError{Message: "create-org-role-forbidden-error"},
   305  					)
   306  					fakeCloudControllerClient.CreateRoleReturnsOnCall(1,
   307  						resources.Role{},
   308  						ccv3.Warnings{"create-space-role-warning"},
   309  						ccerror.ForbiddenError{Message: "create-space-role-forbidden-error"},
   310  					)
   311  				})
   312  
   313  				It("it continues to make the call to API create space and returns the more helpful errors and warnings", func() {
   314  					Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(2))
   315  					Expect(warnings).To(ConsistOf("create-space-role-warning", "create-org-role-warning"))
   316  					Expect(executeErr).To(MatchError("create-space-role-forbidden-error"))
   317  				})
   318  			})
   319  		})
   320  
   321  		When("the API call to create the space role returns an error", func() {
   322  			BeforeEach(func() {
   323  				fakeCloudControllerClient.CreateRoleReturnsOnCall(1,
   324  					resources.Role{},
   325  					ccv3.Warnings{"create-space-role-warning"},
   326  					errors.New("create-space-role-error"),
   327  				)
   328  			})
   329  
   330  			It("it returns an error and warnings", func() {
   331  				Expect(fakeCloudControllerClient.CreateRoleCallCount()).To(Equal(2))
   332  				Expect(warnings).To(ConsistOf("create-space-role-warning"))
   333  				Expect(executeErr).To(MatchError("create-space-role-error"))
   334  			})
   335  		})
   336  	})
   337  
   338  	Describe("DeleteSpaceRole", func() {
   339  		var (
   340  			roleType       constant.RoleType
   341  			userNameOrGUID string
   342  			userOrigin     string
   343  			spaceGUID      string
   344  			isClient       bool
   345  
   346  			warnings   Warnings
   347  			executeErr error
   348  		)
   349  
   350  		BeforeEach(func() {
   351  			roleType = constant.SpaceDeveloperRole
   352  			spaceGUID = "space-guid"
   353  			isClient = false
   354  		})
   355  
   356  		JustBeforeEach(func() {
   357  			warnings, executeErr = actor.DeleteSpaceRole(roleType, spaceGUID, userNameOrGUID, userOrigin, isClient)
   358  		})
   359  
   360  		When("deleting a role succeeds", func() {
   361  			BeforeEach(func() {
   362  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   363  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
   364  					ccv3.Warnings{"get-users-warning"},
   365  					nil,
   366  				)
   367  
   368  				fakeCloudControllerClient.GetUserReturnsOnCall(0,
   369  					resources.User{GUID: "user-guid"},
   370  					ccv3.Warnings{"get-user-warning"},
   371  					nil,
   372  				)
   373  
   374  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   375  					[]resources.Role{
   376  						{
   377  							GUID:      "role-guid",
   378  							Type:      roleType,
   379  							UserGUID:  "user-guid",
   380  							SpaceGUID: spaceGUID,
   381  						},
   382  					},
   383  					ccv3.IncludedResources{},
   384  					ccv3.Warnings{"get-roles-warning"},
   385  					nil,
   386  				)
   387  
   388  				fakeCloudControllerClient.DeleteRoleReturnsOnCall(0,
   389  					ccv3.JobURL("https://jobs/job_guid"),
   390  					ccv3.Warnings{"delete-role-warning"},
   391  					nil,
   392  				)
   393  
   394  				fakeCloudControllerClient.PollJobReturnsOnCall(0,
   395  					ccv3.Warnings{"poll-job-warning"},
   396  					nil,
   397  				)
   398  
   399  			})
   400  
   401  			When("deleting a space role for a client", func() {
   402  				BeforeEach(func() {
   403  					userNameOrGUID = "user-guid"
   404  					userOrigin = ""
   405  					isClient = true
   406  				})
   407  
   408  				It("delete the role and returns any warnings", func() {
   409  					Expect(warnings).To(ConsistOf("get-user-warning", "get-roles-warning", "delete-role-warning", "poll-job-warning"))
   410  					Expect(executeErr).ToNot(HaveOccurred())
   411  
   412  					Expect(fakeCloudControllerClient.GetUserCallCount()).To(Equal(1))
   413  
   414  					passedGuid := fakeCloudControllerClient.GetUserArgsForCall(0)
   415  					Expect(passedGuid).To(Equal(userNameOrGUID))
   416  
   417  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   418  					Expect(passedRolesQuery).To(Equal(
   419  						[]ccv3.Query{
   420  							{
   421  								Key:    ccv3.UserGUIDFilter,
   422  								Values: []string{userNameOrGUID},
   423  							},
   424  							{
   425  								Key:    ccv3.RoleTypesFilter,
   426  								Values: []string{string(constant.SpaceDeveloperRole)},
   427  							},
   428  							{
   429  								Key:    ccv3.SpaceGUIDFilter,
   430  								Values: []string{spaceGUID},
   431  							},
   432  						},
   433  					))
   434  					passedRoleGUID := fakeCloudControllerClient.DeleteRoleArgsForCall(0)
   435  					Expect(passedRoleGUID).To(Equal("role-guid"))
   436  
   437  					passedJobURL := fakeCloudControllerClient.PollJobArgsForCall(0)
   438  					Expect(passedJobURL).To(Equal(ccv3.JobURL("https://jobs/job_guid")))
   439  				})
   440  
   441  			})
   442  
   443  			When("deleting a space role for a non-client user", func() {
   444  				BeforeEach(func() {
   445  					userNameOrGUID = "user-name"
   446  					userOrigin = "user-origin"
   447  					isClient = false
   448  				})
   449  
   450  				It("deletes the role and returns any warnings", func() {
   451  					Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning", "delete-role-warning", "poll-job-warning"))
   452  					Expect(executeErr).ToNot(HaveOccurred())
   453  
   454  					passedQuery := fakeCloudControllerClient.GetUsersArgsForCall(0)
   455  					Expect(passedQuery).To(Equal(
   456  						[]ccv3.Query{
   457  							{
   458  								Key:    ccv3.UsernamesFilter,
   459  								Values: []string{userNameOrGUID},
   460  							},
   461  							{
   462  								Key:    ccv3.OriginsFilter,
   463  								Values: []string{userOrigin},
   464  							},
   465  						},
   466  					))
   467  
   468  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   469  					Expect(passedRolesQuery).To(Equal(
   470  						[]ccv3.Query{
   471  							{
   472  								Key:    ccv3.UserGUIDFilter,
   473  								Values: []string{"user-guid"},
   474  							},
   475  							{
   476  								Key:    ccv3.RoleTypesFilter,
   477  								Values: []string{string(constant.SpaceDeveloperRole)},
   478  							},
   479  							{
   480  								Key:    ccv3.SpaceGUIDFilter,
   481  								Values: []string{spaceGUID},
   482  							},
   483  						},
   484  					))
   485  
   486  					passedRoleGUID := fakeCloudControllerClient.DeleteRoleArgsForCall(0)
   487  					Expect(passedRoleGUID).To(Equal("role-guid"))
   488  
   489  					passedJobURL := fakeCloudControllerClient.PollJobArgsForCall(0)
   490  					Expect(passedJobURL).To(Equal(ccv3.JobURL("https://jobs/job_guid")))
   491  				})
   492  			})
   493  		})
   494  
   495  		When("the user does not have the space role to delete", func() {
   496  			BeforeEach(func() {
   497  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   498  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
   499  					ccv3.Warnings{"get-users-warning"},
   500  					nil,
   501  				)
   502  
   503  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   504  					[]resources.Role{},
   505  					ccv3.IncludedResources{},
   506  					ccv3.Warnings{"get-roles-warning"},
   507  					nil,
   508  				)
   509  
   510  			})
   511  
   512  			It("it gets an empty list of roles and exits after the request", func() {
   513  				Expect(fakeCloudControllerClient.GetUsersCallCount()).To(Equal(1))
   514  				Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
   515  				Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(0))
   516  				Expect(fakeCloudControllerClient.PollJobCallCount()).To(Equal(0))
   517  
   518  				Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning"))
   519  				Expect(executeErr).NotTo(HaveOccurred())
   520  			})
   521  		})
   522  
   523  		Context("the user is not found", func() {
   524  			When("The user is not a client", func() {
   525  				BeforeEach(func() {
   526  					fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   527  						[]resources.User{},
   528  						ccv3.Warnings{"get-users-warning"},
   529  						nil,
   530  					)
   531  					userOrigin = "uaa"
   532  				})
   533  				It("returns a user not found error and warnings", func() {
   534  					Expect(fakeCloudControllerClient.GetUsersCallCount()).To(Equal(1))
   535  					passedQuery := fakeCloudControllerClient.GetUsersArgsForCall(0)
   536  					Expect(passedQuery).To(Equal(
   537  						[]ccv3.Query{
   538  							{
   539  								Key:    ccv3.UsernamesFilter,
   540  								Values: []string{userNameOrGUID},
   541  							},
   542  							{
   543  								Key:    ccv3.OriginsFilter,
   544  								Values: []string{userOrigin},
   545  							},
   546  						},
   547  					))
   548  					Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(0))
   549  					Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(0))
   550  					Expect(fakeCloudControllerClient.PollJobCallCount()).To(Equal(0))
   551  
   552  					Expect(executeErr).To(MatchError(actionerror.UserNotFoundError{Username: userNameOrGUID, Origin: userOrigin}))
   553  				})
   554  			})
   555  
   556  			When("The user is a client", func() {
   557  				BeforeEach(func() {
   558  					userNameOrGUID = "user-guid"
   559  					userOrigin = ""
   560  					isClient = true
   561  					fakeCloudControllerClient.GetUserReturnsOnCall(0,
   562  						resources.User{},
   563  						ccv3.Warnings{"get-users-warning"},
   564  						ccerror.UserNotFoundError{},
   565  					)
   566  				})
   567  
   568  				It("returns a user not found error and warnings", func() {
   569  					Expect(fakeCloudControllerClient.GetUserCallCount()).To(Equal(1))
   570  					guid := fakeCloudControllerClient.GetUserArgsForCall(0)
   571  					Expect(guid).To(Equal(userNameOrGUID))
   572  					Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(0))
   573  					Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(0))
   574  					Expect(fakeCloudControllerClient.PollJobCallCount()).To(Equal(0))
   575  
   576  					Expect(executeErr).To(MatchError(actionerror.UserNotFoundError{Username: userNameOrGUID}))
   577  				})
   578  			})
   579  		})
   580  
   581  		When("the multiple users are found with different origins", func() {
   582  			BeforeEach(func() {
   583  				userOrigin = ""
   584  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   585  					[]resources.User{
   586  						{Username: userNameOrGUID, GUID: "user-guid1", Origin: "uaa"},
   587  						{Username: userNameOrGUID, GUID: "user-guid2", Origin: "ldap"},
   588  					},
   589  					ccv3.Warnings{"get-users-warning"},
   590  					nil,
   591  				)
   592  			})
   593  
   594  			It("it does not use the origin filter", func() {
   595  				Expect(executeErr).To(MatchError(actionerror.AmbiguousUserError{
   596  					Username: userNameOrGUID,
   597  					Origins:  []string{"uaa", "ldap"},
   598  				}))
   599  
   600  				passedQuery := fakeCloudControllerClient.GetUsersArgsForCall(0)
   601  				Expect(passedQuery).To(Equal(
   602  					[]ccv3.Query{
   603  						{
   604  							Key:    ccv3.UsernamesFilter,
   605  							Values: []string{userNameOrGUID},
   606  						},
   607  					},
   608  				))
   609  			})
   610  		})
   611  
   612  		When("the API call to delete the space role returns an error", func() {
   613  			BeforeEach(func() {
   614  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   615  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
   616  					ccv3.Warnings{"get-users-warning"},
   617  					nil,
   618  				)
   619  
   620  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   621  					[]resources.Role{
   622  						{
   623  							GUID:      "role-guid",
   624  							Type:      roleType,
   625  							UserGUID:  "user-guid",
   626  							SpaceGUID: spaceGUID,
   627  						},
   628  					},
   629  					ccv3.IncludedResources{},
   630  					ccv3.Warnings{"get-roles-warning"},
   631  					nil,
   632  				)
   633  
   634  				fakeCloudControllerClient.DeleteRoleReturnsOnCall(0,
   635  					ccv3.JobURL(""),
   636  					ccv3.Warnings{"delete-space-role-warning"},
   637  					errors.New("delete-space-role-error"),
   638  				)
   639  			})
   640  
   641  			It("it returns an error and warnings", func() {
   642  				Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(1))
   643  				Expect(executeErr).To(MatchError("delete-space-role-error"))
   644  				Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning", "delete-space-role-warning"))
   645  			})
   646  		})
   647  	})
   648  
   649  	Describe("GetRoleGUID", func() {
   650  		var (
   651  			roleType       constant.RoleType
   652  			userGUID       string
   653  			orgOrSpaceGUID string
   654  			roleGUID       string
   655  			queryKey       ccv3.QueryKey
   656  
   657  			warnings   Warnings
   658  			executeErr error
   659  		)
   660  
   661  		BeforeEach(func() {
   662  			roleType = constant.SpaceDeveloperRole
   663  			queryKey = ccv3.SpaceGUIDFilter
   664  			orgOrSpaceGUID = "space-guid"
   665  			userGUID = "user-guid"
   666  		})
   667  
   668  		JustBeforeEach(func() {
   669  			roleGUID, warnings, executeErr = actor.GetRoleGUID(queryKey, orgOrSpaceGUID, userGUID, roleType)
   670  		})
   671  
   672  		When("the role exists and no errors occur", func() {
   673  
   674  			When("the role is a space role", func() {
   675  				BeforeEach(func() {
   676  					fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   677  						[]resources.Role{
   678  							{
   679  								GUID:      "role-guid",
   680  								Type:      roleType,
   681  								UserGUID:  userGUID,
   682  								SpaceGUID: orgOrSpaceGUID,
   683  							},
   684  						},
   685  						ccv3.IncludedResources{},
   686  						ccv3.Warnings{"get-roles-warning"},
   687  						nil,
   688  					)
   689  				})
   690  				It("it gets role guid and no errors", func() {
   691  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   692  					Expect(passedRolesQuery).To(Equal(
   693  						[]ccv3.Query{
   694  							{
   695  								Key:    ccv3.UserGUIDFilter,
   696  								Values: []string{userGUID},
   697  							},
   698  							{
   699  								Key:    ccv3.RoleTypesFilter,
   700  								Values: []string{string(constant.SpaceDeveloperRole)},
   701  							},
   702  							{
   703  								Key:    ccv3.SpaceGUIDFilter,
   704  								Values: []string{orgOrSpaceGUID},
   705  							},
   706  						},
   707  					))
   708  					Expect(warnings).To(ConsistOf("get-roles-warning"))
   709  					Expect(executeErr).NotTo(HaveOccurred())
   710  					Expect(roleGUID).To(Equal("role-guid"))
   711  				})
   712  			})
   713  			When("the role is an org role", func() {
   714  				BeforeEach(func() {
   715  					orgOrSpaceGUID = "org-guid"
   716  					queryKey = ccv3.OrganizationGUIDFilter
   717  					fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   718  						[]resources.Role{
   719  							{
   720  								GUID:     "role-guid",
   721  								Type:     roleType,
   722  								UserGUID: userGUID,
   723  								OrgGUID:  orgOrSpaceGUID,
   724  							},
   725  						},
   726  						ccv3.IncludedResources{},
   727  						ccv3.Warnings{"get-roles-warning"},
   728  						nil,
   729  					)
   730  				})
   731  				It("it gets role guid and no errors", func() {
   732  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   733  					Expect(passedRolesQuery).To(Equal(
   734  						[]ccv3.Query{
   735  							{
   736  								Key:    ccv3.UserGUIDFilter,
   737  								Values: []string{userGUID},
   738  							},
   739  							{
   740  								Key:    ccv3.RoleTypesFilter,
   741  								Values: []string{string(constant.SpaceDeveloperRole)},
   742  							},
   743  							{
   744  								Key:    ccv3.OrganizationGUIDFilter,
   745  								Values: []string{orgOrSpaceGUID},
   746  							},
   747  						},
   748  					))
   749  					Expect(warnings).To(ConsistOf("get-roles-warning"))
   750  					Expect(executeErr).NotTo(HaveOccurred())
   751  					Expect(roleGUID).To(Equal("role-guid"))
   752  				})
   753  			})
   754  		})
   755  
   756  		When("the role does not exist and no errors occur", func() {
   757  			BeforeEach(func() {
   758  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   759  					[]resources.Role{},
   760  					ccv3.IncludedResources{},
   761  					ccv3.Warnings{"get-roles-warning"},
   762  					nil,
   763  				)
   764  			})
   765  			It("it gets an empty string and no errors", func() {
   766  				passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   767  				Expect(passedRolesQuery).To(Equal(
   768  					[]ccv3.Query{
   769  						{
   770  							Key:    ccv3.UserGUIDFilter,
   771  							Values: []string{"user-guid"},
   772  						},
   773  						{
   774  							Key:    ccv3.RoleTypesFilter,
   775  							Values: []string{string(constant.SpaceDeveloperRole)},
   776  						},
   777  						{
   778  							Key:    ccv3.SpaceGUIDFilter,
   779  							Values: []string{orgOrSpaceGUID},
   780  						},
   781  					},
   782  				))
   783  				Expect(warnings).To(ConsistOf("get-roles-warning"))
   784  				Expect(executeErr).NotTo(HaveOccurred())
   785  				Expect(roleGUID).To(Equal(""))
   786  			})
   787  		})
   788  
   789  		When("the cloudcontroller returns an error", func() {
   790  			BeforeEach(func() {
   791  				apiError := errors.New("api-get-roles-error")
   792  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   793  					[]resources.Role{},
   794  					ccv3.IncludedResources{},
   795  					ccv3.Warnings{"get-roles-warning"},
   796  					apiError,
   797  				)
   798  			})
   799  			It("it gets role guid and no errors", func() {
   800  				Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
   801  
   802  				Expect(executeErr).To(MatchError("api-get-roles-error"))
   803  			})
   804  		})
   805  	})
   806  
   807  	Describe("DeleteOrgRole", func() {
   808  		var (
   809  			roleType       constant.RoleType
   810  			userNameOrGUID string
   811  			userOrigin     string
   812  			orgGUID        string
   813  			isClient       bool
   814  
   815  			warnings   Warnings
   816  			executeErr error
   817  		)
   818  
   819  		BeforeEach(func() {
   820  			roleType = constant.OrgBillingManagerRole
   821  			orgGUID = "org-guid"
   822  			isClient = false
   823  		})
   824  
   825  		JustBeforeEach(func() {
   826  			warnings, executeErr = actor.DeleteOrgRole(roleType, orgGUID, userNameOrGUID, userOrigin, isClient)
   827  		})
   828  
   829  		When("deleting a role succeeds", func() {
   830  			BeforeEach(func() {
   831  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   832  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
   833  					ccv3.Warnings{"get-users-warning"},
   834  					nil,
   835  				)
   836  
   837  				fakeCloudControllerClient.GetUserReturnsOnCall(0,
   838  					resources.User{GUID: "user-guid"},
   839  					ccv3.Warnings{"get-user-warning"},
   840  					nil,
   841  				)
   842  
   843  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   844  					[]resources.Role{
   845  						{
   846  							GUID:     "role-guid",
   847  							Type:     roleType,
   848  							UserGUID: "user-guid",
   849  							OrgGUID:  orgGUID,
   850  						},
   851  					},
   852  					ccv3.IncludedResources{},
   853  					ccv3.Warnings{"get-roles-warning"},
   854  					nil,
   855  				)
   856  
   857  				fakeCloudControllerClient.DeleteRoleReturnsOnCall(0,
   858  					ccv3.JobURL("https://jobs/job_guid"),
   859  					ccv3.Warnings{"delete-role-warning"},
   860  					nil,
   861  				)
   862  
   863  				fakeCloudControllerClient.PollJobReturnsOnCall(0,
   864  					ccv3.Warnings{"poll-job-warning"},
   865  					nil,
   866  				)
   867  
   868  			})
   869  
   870  			When("deleting an org role for a client", func() {
   871  				BeforeEach(func() {
   872  					userNameOrGUID = "user-guid"
   873  					userOrigin = ""
   874  					isClient = true
   875  				})
   876  
   877  				It("deletes the role and returns any warnings", func() {
   878  					Expect(warnings).To(ConsistOf("get-user-warning", "get-roles-warning", "delete-role-warning", "poll-job-warning"))
   879  					Expect(executeErr).ToNot(HaveOccurred())
   880  
   881  					Expect(fakeCloudControllerClient.GetUsersCallCount()).To(Equal(0))
   882  
   883  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   884  					Expect(passedRolesQuery).To(Equal(
   885  						[]ccv3.Query{
   886  							{
   887  								Key:    ccv3.UserGUIDFilter,
   888  								Values: []string{userNameOrGUID},
   889  							},
   890  							{
   891  								Key:    ccv3.RoleTypesFilter,
   892  								Values: []string{string(constant.OrgBillingManagerRole)},
   893  							},
   894  							{
   895  								Key:    ccv3.OrganizationGUIDFilter,
   896  								Values: []string{orgGUID},
   897  							},
   898  						},
   899  					))
   900  					passedRoleGUID := fakeCloudControllerClient.DeleteRoleArgsForCall(0)
   901  					Expect(passedRoleGUID).To(Equal("role-guid"))
   902  
   903  					passedJobURL := fakeCloudControllerClient.PollJobArgsForCall(0)
   904  					Expect(passedJobURL).To(Equal(ccv3.JobURL("https://jobs/job_guid")))
   905  				})
   906  
   907  			})
   908  
   909  			When("deleting an org role for a non-client user", func() {
   910  				BeforeEach(func() {
   911  					userNameOrGUID = "user-name"
   912  					userOrigin = "user-origin"
   913  					isClient = false
   914  				})
   915  
   916  				It("deletes the role and returns any warnings", func() {
   917  					Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning", "delete-role-warning", "poll-job-warning"))
   918  					Expect(executeErr).ToNot(HaveOccurred())
   919  
   920  					passedQuery := fakeCloudControllerClient.GetUsersArgsForCall(0)
   921  					Expect(passedQuery).To(Equal(
   922  						[]ccv3.Query{
   923  							{
   924  								Key:    ccv3.UsernamesFilter,
   925  								Values: []string{userNameOrGUID},
   926  							},
   927  							{
   928  								Key:    ccv3.OriginsFilter,
   929  								Values: []string{userOrigin},
   930  							},
   931  						},
   932  					))
   933  
   934  					passedRolesQuery := fakeCloudControllerClient.GetRolesArgsForCall(0)
   935  					Expect(passedRolesQuery).To(Equal(
   936  						[]ccv3.Query{
   937  							{
   938  								Key:    ccv3.UserGUIDFilter,
   939  								Values: []string{"user-guid"},
   940  							},
   941  							{
   942  								Key:    ccv3.RoleTypesFilter,
   943  								Values: []string{string(constant.OrgBillingManagerRole)},
   944  							},
   945  							{
   946  								Key:    ccv3.OrganizationGUIDFilter,
   947  								Values: []string{orgGUID},
   948  							},
   949  						},
   950  					))
   951  
   952  					passedRoleGUID := fakeCloudControllerClient.DeleteRoleArgsForCall(0)
   953  					Expect(passedRoleGUID).To(Equal("role-guid"))
   954  
   955  					passedJobURL := fakeCloudControllerClient.PollJobArgsForCall(0)
   956  					Expect(passedJobURL).To(Equal(ccv3.JobURL("https://jobs/job_guid")))
   957  				})
   958  			})
   959  		})
   960  
   961  		When("the user does not have the org role to delete", func() {
   962  			BeforeEach(func() {
   963  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   964  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
   965  					ccv3.Warnings{"get-users-warning"},
   966  					nil,
   967  				)
   968  
   969  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
   970  					[]resources.Role{},
   971  					ccv3.IncludedResources{},
   972  					ccv3.Warnings{"get-roles-warning"},
   973  					nil,
   974  				)
   975  
   976  			})
   977  
   978  			It("it gets an empty list of roles and exits after the request", func() {
   979  				Expect(fakeCloudControllerClient.GetUsersCallCount()).To(Equal(1))
   980  				Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
   981  				Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(0))
   982  				Expect(fakeCloudControllerClient.PollJobCallCount()).To(Equal(0))
   983  
   984  				Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning"))
   985  				Expect(executeErr).NotTo(HaveOccurred())
   986  			})
   987  		})
   988  
   989  		Context("the user is not found", func() {
   990  			When("The user is not a client", func() {
   991  				BeforeEach(func() {
   992  					fakeCloudControllerClient.GetUsersReturnsOnCall(0,
   993  						[]resources.User{},
   994  						ccv3.Warnings{"get-users-warning"},
   995  						nil,
   996  					)
   997  				})
   998  				It("returns a user not found error and warnings", func() {
   999  					Expect(fakeCloudControllerClient.GetUsersCallCount()).To(Equal(1))
  1000  					Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(0))
  1001  					Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(0))
  1002  					Expect(fakeCloudControllerClient.PollJobCallCount()).To(Equal(0))
  1003  
  1004  					Expect(executeErr).To(MatchError(actionerror.UserNotFoundError{Username: userNameOrGUID, Origin: userOrigin}))
  1005  				})
  1006  			})
  1007  		})
  1008  
  1009  		When("the API call to delete the org role returns an error", func() {
  1010  			BeforeEach(func() {
  1011  				fakeCloudControllerClient.GetUsersReturnsOnCall(0,
  1012  					[]resources.User{{Username: userNameOrGUID, GUID: "user-guid"}},
  1013  					ccv3.Warnings{"get-users-warning"},
  1014  					nil,
  1015  				)
  1016  
  1017  				fakeCloudControllerClient.GetRolesReturnsOnCall(0,
  1018  					[]resources.Role{
  1019  						{
  1020  							GUID:     "role-guid",
  1021  							Type:     roleType,
  1022  							UserGUID: "user-guid",
  1023  							OrgGUID:  orgGUID,
  1024  						},
  1025  					},
  1026  					ccv3.IncludedResources{},
  1027  					ccv3.Warnings{"get-roles-warning"},
  1028  					nil,
  1029  				)
  1030  
  1031  				fakeCloudControllerClient.DeleteRoleReturnsOnCall(0,
  1032  					ccv3.JobURL(""),
  1033  					ccv3.Warnings{"delete-org-role-warning"},
  1034  					errors.New("delete-org-role-error"),
  1035  				)
  1036  			})
  1037  
  1038  			It("it returns an error and warnings", func() {
  1039  				Expect(fakeCloudControllerClient.DeleteRoleCallCount()).To(Equal(1))
  1040  				Expect(warnings).To(ConsistOf("get-users-warning", "get-roles-warning", "delete-org-role-warning"))
  1041  				Expect(executeErr).To(MatchError("delete-org-role-error"))
  1042  			})
  1043  		})
  1044  	})
  1045  
  1046  	Describe("GetOrgUsersByRoleType", func() {
  1047  		var (
  1048  			usersByType map[constant.RoleType][]resources.User
  1049  			actualErr   error
  1050  			warnings    Warnings
  1051  		)
  1052  
  1053  		JustBeforeEach(func() {
  1054  			usersByType, warnings, actualErr = actor.GetOrgUsersByRoleType("some-org-guid")
  1055  		})
  1056  
  1057  		When("when the API returns a success response", func() {
  1058  			When("the API returns 2 users", func() {
  1059  				BeforeEach(func() {
  1060  					fakeCloudControllerClient.GetRolesReturns(
  1061  						[]resources.Role{
  1062  							{
  1063  								GUID:     "multiple-user-roleGUID",
  1064  								OrgGUID:  "some-org-guid",
  1065  								UserGUID: "multi-role-userGUID",
  1066  								Type:     constant.OrgUserRole,
  1067  							},
  1068  							{
  1069  								GUID:     "multiple-user-manager-roleGUID",
  1070  								OrgGUID:  "some-org-guid",
  1071  								UserGUID: "multi-role-userGUID",
  1072  								Type:     constant.OrgManagerRole,
  1073  							},
  1074  							{
  1075  								GUID:     "single-user-roleGUID",
  1076  								OrgGUID:  "some-org-guid",
  1077  								UserGUID: "single-role-userGUID",
  1078  								Type:     constant.OrgUserRole,
  1079  							},
  1080  						},
  1081  						ccv3.IncludedResources{
  1082  							Users: []resources.User{
  1083  								{
  1084  									Origin:   "uaa",
  1085  									Username: "i-have-many-roles",
  1086  									GUID:     "multi-role-userGUID",
  1087  								},
  1088  								{
  1089  									Origin:   "uaa",
  1090  									Username: "i-have-one-role",
  1091  									GUID:     "single-role-userGUID",
  1092  								},
  1093  							},
  1094  						},
  1095  						ccv3.Warnings{"some-api-warning"},
  1096  						nil,
  1097  					)
  1098  				})
  1099  
  1100  				It("returns the 2 users", func() {
  1101  					Expect(actualErr).NotTo(HaveOccurred())
  1102  					Expect(usersByType[constant.OrgUserRole]).To(Equal([]resources.User{
  1103  						{
  1104  							Origin:   "uaa",
  1105  							Username: "i-have-many-roles",
  1106  							GUID:     "multi-role-userGUID",
  1107  						},
  1108  						{
  1109  							Origin:   "uaa",
  1110  							Username: "i-have-one-role",
  1111  							GUID:     "single-role-userGUID",
  1112  						},
  1113  					}))
  1114  
  1115  					Expect(usersByType[constant.OrgManagerRole]).To(Equal([]resources.User{
  1116  						{
  1117  							Origin:   "uaa",
  1118  							Username: "i-have-many-roles",
  1119  							GUID:     "multi-role-userGUID",
  1120  						},
  1121  					}))
  1122  
  1123  					Expect(warnings).To(ConsistOf("some-api-warning"))
  1124  
  1125  					Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
  1126  					query := fakeCloudControllerClient.GetRolesArgsForCall(0)
  1127  					Expect(query[0]).To(Equal(ccv3.Query{
  1128  						Key:    ccv3.OrganizationGUIDFilter,
  1129  						Values: []string{"some-org-guid"},
  1130  					}))
  1131  					Expect(query[1]).To(Equal(ccv3.Query{
  1132  						Key:    ccv3.Include,
  1133  						Values: []string{"user"},
  1134  					}))
  1135  				})
  1136  			})
  1137  		})
  1138  
  1139  		When("the API returns an error", func() {
  1140  			var apiError error
  1141  
  1142  			BeforeEach(func() {
  1143  				apiError = errors.New("api-get-roles-error")
  1144  				fakeCloudControllerClient.GetRolesReturns(
  1145  					[]resources.Role{},
  1146  					ccv3.IncludedResources{},
  1147  					ccv3.Warnings{"some-warning"},
  1148  					apiError,
  1149  				)
  1150  			})
  1151  
  1152  			It("returns error coming from the API", func() {
  1153  				Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
  1154  
  1155  				Expect(actualErr).To(MatchError("api-get-roles-error"))
  1156  				Expect(warnings).To(ConsistOf("some-warning"))
  1157  
  1158  			})
  1159  		})
  1160  	})
  1161  
  1162  	Describe("GetSpaceUsersByRoleType", func() {
  1163  		var (
  1164  			usersByType map[constant.RoleType][]resources.User
  1165  			actualErr   error
  1166  			warnings    Warnings
  1167  		)
  1168  
  1169  		JustBeforeEach(func() {
  1170  			usersByType, warnings, actualErr = actor.GetSpaceUsersByRoleType("some-space-guid")
  1171  		})
  1172  
  1173  		When("when the API returns a success response", func() {
  1174  			When("the API returns 2 users", func() {
  1175  				BeforeEach(func() {
  1176  					fakeCloudControllerClient.GetRolesReturns(
  1177  						[]resources.Role{
  1178  							{
  1179  								GUID:     "multiple-user-roleGUID",
  1180  								UserGUID: "multi-role-userGUID",
  1181  								Type:     constant.SpaceDeveloperRole,
  1182  							},
  1183  							{
  1184  								GUID:     "multiple-user-manager-roleGUID",
  1185  								UserGUID: "multi-role-userGUID",
  1186  								Type:     constant.SpaceManagerRole,
  1187  							},
  1188  							{
  1189  								GUID:     "single-user-roleGUID",
  1190  								UserGUID: "single-role-userGUID",
  1191  								Type:     constant.SpaceDeveloperRole,
  1192  							},
  1193  						},
  1194  						ccv3.IncludedResources{
  1195  							Users: []resources.User{
  1196  								{
  1197  									Origin:   "uaa",
  1198  									Username: "i-have-many-roles",
  1199  									GUID:     "multi-role-userGUID",
  1200  								},
  1201  								{
  1202  									Origin:   "uaa",
  1203  									Username: "i-have-one-role",
  1204  									GUID:     "single-role-userGUID",
  1205  								},
  1206  							},
  1207  						},
  1208  						ccv3.Warnings{"some-api-warning"},
  1209  						nil,
  1210  					)
  1211  				})
  1212  
  1213  				It("returns the 2 users", func() {
  1214  					Expect(actualErr).NotTo(HaveOccurred())
  1215  					Expect(usersByType[constant.SpaceDeveloperRole]).To(Equal([]resources.User{
  1216  						{
  1217  							Origin:   "uaa",
  1218  							Username: "i-have-many-roles",
  1219  							GUID:     "multi-role-userGUID",
  1220  						},
  1221  						{
  1222  							Origin:   "uaa",
  1223  							Username: "i-have-one-role",
  1224  							GUID:     "single-role-userGUID",
  1225  						},
  1226  					}))
  1227  
  1228  					Expect(usersByType[constant.SpaceManagerRole]).To(Equal([]resources.User{
  1229  						{
  1230  							Origin:   "uaa",
  1231  							Username: "i-have-many-roles",
  1232  							GUID:     "multi-role-userGUID",
  1233  						},
  1234  					}))
  1235  
  1236  					Expect(warnings).To(ConsistOf("some-api-warning"))
  1237  
  1238  					Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
  1239  					query := fakeCloudControllerClient.GetRolesArgsForCall(0)
  1240  					Expect(query[0]).To(Equal(ccv3.Query{
  1241  						Key:    ccv3.SpaceGUIDFilter,
  1242  						Values: []string{"some-space-guid"},
  1243  					}))
  1244  					Expect(query[1]).To(Equal(ccv3.Query{
  1245  						Key:    ccv3.Include,
  1246  						Values: []string{"user"},
  1247  					}))
  1248  				})
  1249  			})
  1250  		})
  1251  
  1252  		When("the API returns an error", func() {
  1253  			var apiError error
  1254  
  1255  			BeforeEach(func() {
  1256  				apiError = errors.New("api-get-roles-error")
  1257  				fakeCloudControllerClient.GetRolesReturns(
  1258  					[]resources.Role{},
  1259  					ccv3.IncludedResources{},
  1260  					ccv3.Warnings{"some-warning"},
  1261  					apiError,
  1262  				)
  1263  			})
  1264  
  1265  			It("returns error coming from the API", func() {
  1266  				Expect(fakeCloudControllerClient.GetRolesCallCount()).To(Equal(1))
  1267  
  1268  				Expect(actualErr).To(MatchError("api-get-roles-error"))
  1269  				Expect(warnings).To(ConsistOf("some-warning"))
  1270  
  1271  			})
  1272  		})
  1273  	})
  1274  })