github.com/sleungcy-sap/cli@v7.1.0+incompatible/integration/v7/isolated/set_space_role_command_test.go (about) 1 package isolated 2 3 import ( 4 "code.cloudfoundry.org/cli/integration/helpers" 5 . "github.com/onsi/ginkgo" 6 . "github.com/onsi/gomega" 7 . "github.com/onsi/gomega/gbytes" 8 . "github.com/onsi/gomega/gexec" 9 ) 10 11 var _ = Describe("set-space-role command", func() { 12 Describe("help text and argument validation", func() { 13 When("--help flag is set", func() { 14 It("Displays command usage to output", func() { 15 session := helpers.CF("set-space-role", "--help") 16 Eventually(session).Should(Say("NAME:")) 17 Eventually(session).Should(Say("set-space-role - Assign a space role to a user")) 18 Eventually(session).Should(Say("USAGE:")) 19 Eventually(session).Should(Say("cf set-space-role USERNAME ORG SPACE ROLE")) 20 Eventually(session).Should(Say(`cf set-space-role USERNAME ORG SPACE ROLE \[--client\]`)) 21 Eventually(session).Should(Say(`cf set-space-role USERNAME ORG SPACE ROLE \[--origin ORIGIN\]`)) 22 Eventually(session).Should(Say("ROLES:")) 23 Eventually(session).Should(Say("SpaceManager - Invite and manage users, and enable features for a given space")) 24 Eventually(session).Should(Say("SpaceDeveloper - Create and manage apps and services, and see logs and reports")) 25 Eventually(session).Should(Say("SpaceAuditor - View logs, reports, and settings on this space")) 26 Eventually(session).Should(Say("OPTIONS:")) 27 Eventually(session).Should(Say(`--client\s+Assign a space role to a client-id of a \(non-user\) service account`)) 28 Eventually(session).Should(Say(`--origin\s+Indicates the identity provider to be used for authentication`)) 29 Eventually(session).Should(Say("SEE ALSO:")) 30 Eventually(session).Should(Say("space-users, unset-space-role")) 31 Eventually(session).Should(Exit(0)) 32 }) 33 }) 34 35 When("the role type is invalid", func() { 36 It("prints a useful error, prints help text, and exits 1", func() { 37 session := helpers.CF("set-space-role", "some-user", "some-org", "some-space", "NotARealRole") 38 Eventually(session.Err).Should(Say(`Incorrect Usage: ROLE must be "SpaceManager", "SpaceDeveloper" and "SpaceAuditor"`)) 39 Eventually(session).Should(Say(`NAME:`)) 40 Eventually(session).Should(Exit(1)) 41 }) 42 }) 43 44 When("too few arguments are passed", func() { 45 It("prints a useful error, prints help text, and exits 1", func() { 46 session := helpers.CF("set-space-role", "not-enough", "arguments") 47 Eventually(session.Err).Should(Say("Incorrect Usage: the required arguments `SPACE` and `ROLE` were not provided")) 48 Eventually(session).Should(Say(`NAME:`)) 49 Eventually(session).Should(Exit(1)) 50 }) 51 }) 52 53 When("too many arguments are passed", func() { 54 It("prints a useful error, prints help text, and exits 1", func() { 55 session := helpers.CF("set-space-role", "some-user", "some-org", "some-space", "SpaceAuditor", "some-extra-argument") 56 Eventually(session.Err).Should(Say(`Incorrect Usage: unexpected argument "some-extra-argument"`)) 57 Eventually(session).Should(Say(`NAME:`)) 58 Eventually(session).Should(Exit(1)) 59 }) 60 }) 61 }) 62 63 Describe("command behavior", func() { 64 var ( 65 privilegedUsername string 66 orgName string 67 spaceName string 68 ) 69 70 BeforeEach(func() { 71 privilegedUsername = helpers.LoginCF() 72 orgName = helpers.NewOrgName() 73 spaceName = helpers.NewSpaceName() 74 helpers.CreateOrgAndSpace(orgName, spaceName) 75 }) 76 77 AfterEach(func() { 78 helpers.QuickDeleteOrg(orgName) 79 }) 80 81 When("logged in as a privileged user", func() { 82 When("the --client flag is passed", func() { 83 var clientID string 84 85 BeforeEach(func() { 86 clientID, _ = helpers.SkipIfClientCredentialsNotSet() 87 }) 88 89 When("the client exists", func() { 90 It("sets the org role for the client", func() { 91 session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client") 92 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", clientID, orgName, spaceName, privilegedUsername)) 93 Eventually(session).Should(Say("OK")) 94 Eventually(session).Should(Exit(0)) 95 }) 96 97 When("the client is not authorized to look up clients in UAA", func() { 98 BeforeEach(func() { 99 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 100 }) 101 102 It("prints an appropriate error and exits 1", func() { 103 session := helpers.CF("set-space-role", clientID, orgName, spaceName, "SpaceAuditor", "--client", "-v") 104 Eventually(session).Should(Say("FAILED")) 105 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action.")) 106 Eventually(session).Should(Exit(1)) 107 }) 108 }) 109 }) 110 111 When("the targeted client does not exist", func() { 112 var badClientID string 113 114 BeforeEach(func() { 115 badClientID = "nonexistent-client" 116 }) 117 118 It("fails with an appropriate error message", func() { 119 session := helpers.CF("set-space-role", badClientID, orgName, spaceName, "SpaceAuditor", "--client") 120 Eventually(session.Err).Should(Say("Users cannot be assigned roles in a space if they do not have a role in that space's organization.")) 121 Eventually(session).Should(Say("FAILED")) 122 Eventually(session).Should(Exit(1)) 123 }) 124 }) 125 }) 126 127 When("the user exists", func() { 128 var username string 129 130 BeforeEach(func() { 131 username, _ = helpers.CreateUser() 132 }) 133 134 When("the passed role is lowercase", func() { 135 It("sets the space role for the user", func() { 136 session := helpers.CF("set-space-role", username, orgName, spaceName, "spaceauditor") 137 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 138 Eventually(session).Should(Say("OK")) 139 Eventually(session).Should(Exit(0)) 140 }) 141 }) 142 143 It("sets the space role for the user", func() { 144 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor") 145 Eventually(session).Should(Say("Assigning role SpaceAuditor to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 146 Eventually(session).Should(Say("OK")) 147 Eventually(session).Should(Exit(0)) 148 }) 149 150 When("the user already has the desired role", func() { 151 BeforeEach(func() { 152 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceDeveloper") 153 Eventually(session).Should(Say("Assigning role SpaceDeveloper to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 154 Eventually(session).Should(Exit(0)) 155 }) 156 157 It("is idempotent", func() { 158 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceDeveloper") 159 Eventually(session).Should(Say("Assigning role SpaceDeveloper to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 160 Eventually(session).Should(Exit(0)) 161 }) 162 }) 163 164 When("the org does not exist", func() { 165 It("prints an appropriate error and exits 1", func() { 166 session := helpers.CF("set-space-role", username, "invalid-org", spaceName, "SpaceAuditor") 167 Eventually(session).Should(Say("FAILED")) 168 Eventually(session.Err).Should(Say("Organization 'invalid-org' not found.")) 169 Eventually(session).Should(Exit(1)) 170 }) 171 }) 172 173 When("the space does not exist", func() { 174 It("prints an appropriate error and exits 1", func() { 175 session := helpers.CF("set-space-role", username, orgName, "invalid-space", "SpaceAuditor") 176 Eventually(session).Should(Say("FAILED")) 177 Eventually(session.Err).Should(Say("Space 'invalid-space' not found.")) 178 Eventually(session).Should(Exit(1)) 179 }) 180 }) 181 182 When("there are multiple users with the same username but different origins", func() { 183 BeforeEach(func() { 184 session := helpers.CF("create-user", username, "--origin", helpers.NonUAAOrigin) 185 Eventually(session).Should(Exit(0)) 186 }) 187 188 AfterEach(func() { 189 session := helpers.CF("delete-user", username, "--origin", helpers.NonUAAOrigin, "-f") 190 Eventually(session).Should(Exit(0)) 191 }) 192 193 It("returns an error and asks the user to use the --origin flag", func() { 194 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceManager") 195 Eventually(session).Should(Say("Assigning role SpaceManager to user %s in org %s / space %s as %s...", username, orgName, spaceName, privilegedUsername)) 196 Eventually(session.Err).Should(Say("Ambiguous user. User with username '%s' exists in the following origins: cli-oidc-provider, uaa. Specify an origin to disambiguate.", username)) 197 Eventually(session).Should(Exit(1)) 198 }) 199 }) 200 }) 201 202 When("the user does not exist", func() { 203 It("prints an appropriate error and exits 1", func() { 204 session := helpers.CF("set-space-role", "not-exists", orgName, spaceName, "SpaceAuditor") 205 Eventually(session).Should(Say("Assigning role SpaceAuditor to user not-exists in org %s / space %s as %s...", orgName, spaceName, privilegedUsername)) 206 Eventually(session).Should(Say("FAILED")) 207 Eventually(session.Err).Should(Say("No user exists with the username 'not-exists'.")) 208 Eventually(session).Should(Exit(1)) 209 }) 210 }) 211 }) 212 213 When("the logged in user does not have permission to write to the space", func() { 214 var username string 215 216 BeforeEach(func() { 217 username, _ = helpers.CreateUser() 218 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor") 219 }) 220 221 It("prints out the error message from CC API and exits 1", func() { 222 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor") 223 Eventually(session).Should(Say("FAILED")) 224 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action")) 225 Eventually(session).Should(Exit(1)) 226 }) 227 }) 228 229 When("the logged in user has insufficient permissions to see the user", func() { 230 var username string 231 232 BeforeEach(func() { 233 username, _ = helpers.CreateUser() 234 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceManager") 235 }) 236 237 It("prints out the error message from CC API and exits 1", func() { 238 session := helpers.CF("set-space-role", username, orgName, spaceName, "SpaceAuditor", "-v") 239 Eventually(session).Should(Say("FAILED")) 240 Eventually(session.Err).Should(Say("Users cannot be assigned roles in a space if they do not have a role in that space's organization.")) 241 Eventually(session).Should(Exit(1)) 242 }) 243 }) 244 245 When("the logged in user has insufficient permissions to create roles in the space", func() { 246 var userInOrg string 247 248 BeforeEach(func() { 249 userInOrg, _ = helpers.CreateUser() 250 Eventually(helpers.CF("set-org-role", userInOrg, orgName, "OrgAuditor")).Should(Exit(0)) 251 helpers.SwitchToSpaceRole(orgName, spaceName, "SpaceAuditor") 252 }) 253 254 It("prints out the error message from CC API and exits 1", func() { 255 session := helpers.CF("set-space-role", userInOrg, orgName, spaceName, "SpaceAuditor") 256 Eventually(session).Should(Say("FAILED")) 257 Eventually(session.Err).Should(Say("You are not authorized to perform the requested action")) 258 Eventually(session).Should(Exit(1)) 259 }) 260 }) 261 }) 262 })