github.com/sleungcy-sap/cli@v7.1.0+incompatible/integration/v7/isolated/unset_org_role_command_test.go (about) 1 package isolated 2 3 import ( 4 "fmt" 5 6 "code.cloudfoundry.org/cli/integration/helpers" 7 . "github.com/onsi/ginkgo" 8 . "github.com/onsi/gomega" 9 . "github.com/onsi/gomega/gbytes" 10 . "github.com/onsi/gomega/gexec" 11 ) 12 13 var _ = Describe("unset-org-role command", func() { 14 var ( 15 privilegedUsername string 16 orgName string 17 ) 18 19 BeforeEach(func() { 20 privilegedUsername = helpers.LoginCF() 21 orgName = ReadOnlyOrg 22 }) 23 24 Describe("help text and argument validation", func() { 25 When("--help flag is unset", func() { 26 It("Displays command usage to output", func() { 27 session := helpers.CF("unset-org-role", "--help") 28 Eventually(session).Should(Say("NAME:")) 29 Eventually(session).Should(Say("unset-org-role - Remove an org role from a user")) 30 Eventually(session).Should(Say("USAGE:")) 31 Eventually(session).Should(Say("cf unset-org-role USERNAME ORG ROLE")) 32 Eventually(session).Should(Say(`cf unset-org-role USERNAME ORG ROLE \[--client\]`)) 33 Eventually(session).Should(Say(`cf unset-org-role USERNAME ORG ROLE \[--origin ORIGIN\]`)) 34 Eventually(session).Should(Say("ROLES:")) 35 Eventually(session).Should(Say("OrgManager - Invite and manage users, select and change plans, and set spending limits")) 36 Eventually(session).Should(Say("BillingManager - Create and manage the billing account and payment info")) 37 Eventually(session).Should(Say("OrgAuditor - Read-only access to org info and reports")) 38 Eventually(session).Should(Say("OPTIONS:")) 39 Eventually(session).Should(Say(`--client\s+Unassign an org role for a client-id of a \(non-user\) service account`)) 40 Eventually(session).Should(Say(`--origin\s+Indicates the identity provider to be used for authentication`)) 41 Eventually(session).Should(Say("SEE ALSO:")) 42 Eventually(session).Should(Say("org-users, set-space-role")) 43 Eventually(session).Should(Exit(0)) 44 }) 45 }) 46 47 When("the role does not exist", func() { 48 It("prints a useful error, prints help text, and exits 1", func() { 49 session := helpers.CF("unset-org-role", "some-user", "some-org", "NotARealRole") 50 Eventually(session.Err).Should(Say(`Incorrect Usage: ROLE must be "OrgManager", "BillingManager" and "OrgAuditor"`)) 51 Eventually(session).Should(Say(`NAME:`)) 52 Eventually(session).Should(Exit(1)) 53 }) 54 }) 55 56 When("too few arguments are passed", func() { 57 It("prints a useful error, prints help text, and exits 1", func() { 58 session := helpers.CF("unset-org-role", "not-enough-args") 59 Eventually(session.Err).Should(Say("Incorrect Usage: the required arguments `ORG` and `ROLE` were not provided")) 60 Eventually(session).Should(Say(`NAME:`)) 61 Eventually(session).Should(Exit(1)) 62 }) 63 }) 64 65 When("too many arguments are passed", func() { 66 It("prints a useful error, prints help text, and exits 1", func() { 67 session := helpers.CF("unset-org-role", "some-user", "some-org", "OrgAuditor", "some-extra-argument") 68 Eventually(session.Err).Should(Say(`Incorrect Usage: unexpected argument "some-extra-argument"`)) 69 Eventually(session).Should(Say(`NAME:`)) 70 Eventually(session).Should(Exit(1)) 71 }) 72 }) 73 }) 74 75 When("logged in as a privileged user", func() { 76 When("the --client flag is passed", func() { 77 var clientID string 78 79 BeforeEach(func() { 80 clientID, _ = helpers.SkipIfClientCredentialsNotSet() 81 session := helpers.CF("curl", "-X", "POST", "v3/users", "-d", fmt.Sprintf(`{"guid":"%s"}`, clientID)) 82 Eventually(session).Should(Exit(0)) 83 84 session = helpers.CF("set-org-role", clientID, orgName, "OrgAuditor", "--client") 85 Eventually(session).Should(Exit(0)) 86 }) 87 88 When("the client exists", func() { 89 It("unsets the org role for the client", func() { 90 session := helpers.CF("unset-org-role", clientID, orgName, "OrgAuditor", "--client") 91 Eventually(session).Should(Say("Removing role OrgAuditor from user %s in org %s as %s...", clientID, orgName, privilegedUsername)) 92 Eventually(session).Should(Say("OK")) 93 Eventually(session).Should(Exit(0)) 94 }) 95 }) 96 97 When("the targeted client does not exist", func() { 98 var badClientID string 99 100 BeforeEach(func() { 101 badClientID = helpers.NewUsername() 102 }) 103 104 It("fails with an appropriate error message", func() { 105 session := helpers.CF("unset-org-role", badClientID, orgName, "OrgAuditor", "--client") 106 Eventually(session).Should(Say("FAILED")) 107 Eventually(session.Err).Should(Say("User '%s' does not exist.", badClientID)) 108 Eventually(session).Should(Exit(1)) 109 }) 110 }) 111 }) 112 113 When("the user exists", func() { 114 var username string 115 116 BeforeEach(func() { 117 username, _ = helpers.CreateUser() 118 session := helpers.CF("set-org-role", username, orgName, "orgauditor") 119 Eventually(session).Should(Exit(0)) 120 }) 121 122 When("the passed role is lowercase", func() { 123 It("unsets the org role for the user", func() { 124 session := helpers.CF("unset-org-role", "-v", username, orgName, "orgauditor") 125 Eventually(session).Should(Say("Removing role OrgAuditor from user %s in org %s as %s...", username, orgName, privilegedUsername)) 126 Eventually(session).Should(Say("OK")) 127 Eventually(session).Should(Exit(0)) 128 }) 129 }) 130 131 It("unsets the org role for the user", func() { 132 session := helpers.CF("unset-org-role", username, orgName, "OrgAuditor") 133 Eventually(session).Should(Say("Removing role OrgAuditor from user %s in org %s as %s...", username, orgName, privilegedUsername)) 134 Eventually(session).Should(Say("OK")) 135 Eventually(session).Should(Exit(0)) 136 }) 137 138 When("the user does not have the role to delete", func() { 139 It("is idempotent", func() { 140 session := helpers.CF("unset-org-role", username, orgName, "BillingManager") 141 Eventually(session).Should(Say("Removing role BillingManager from user %s in org %s as %s...", username, orgName, privilegedUsername)) 142 Eventually(session).Should(Exit(0)) 143 }) 144 }) 145 146 When("the org does not exist", func() { 147 It("prints an appropriate error and exits 1", func() { 148 session := helpers.CF("unset-org-role", username, "invalid-org", "OrgAuditor") 149 Eventually(session).Should(Say("FAILED")) 150 Eventually(session.Err).Should(Say("Organization 'invalid-org' not found.")) 151 Eventually(session).Should(Exit(1)) 152 }) 153 }) 154 155 When("there are multiple users with the same username but different origins", func() { 156 BeforeEach(func() { 157 session := helpers.CF("create-user", username, "--origin", helpers.NonUAAOrigin, "-v") 158 Eventually(session).Should(Exit(0)) 159 session = helpers.CF("set-org-role", username, orgName, "orgauditor", "--origin", helpers.NonUAAOrigin) 160 Eventually(session).Should(Exit(0)) 161 }) 162 163 AfterEach(func() { 164 session := helpers.CF("delete-user", username, "--origin", helpers.NonUAAOrigin, "-f") 165 Eventually(session).Should(Exit(0)) 166 }) 167 168 It("returns an error and asks the user to use the --origin flag", func() { 169 session := helpers.CF("unset-org-role", username, orgName, "OrgAuditor") 170 Eventually(session).Should(Say("Removing role OrgAuditor from user %s in org %s as %s...", username, orgName, privilegedUsername)) 171 Eventually(session.Err).Should(Say("Ambiguous user. User with username '%s' exists in the following origins: cli-oidc-provider, uaa. Specify an origin to disambiguate.", username)) 172 Eventually(session).Should(Exit(1)) 173 }) 174 }) 175 }) 176 177 When("the user does not exist", func() { 178 var badUsername string 179 180 BeforeEach(func() { 181 badUsername = helpers.NewUsername() 182 }) 183 184 It("prints an appropriate error and exits 1", func() { 185 session := helpers.CF("unset-org-role", badUsername, orgName, "OrgAuditor") 186 Eventually(session).Should(Say("Removing role OrgAuditor from user %s in org %s as %s...", badUsername, orgName, privilegedUsername)) 187 Eventually(session.Err).Should(Say("User '%s' does not exist.", badUsername)) 188 Eventually(session).Should(Say("FAILED")) 189 Eventually(session).Should(Exit(1)) 190 }) 191 }) 192 }) 193 194 When("the logged in user does not have permission to write to the org", func() { 195 var username string 196 197 BeforeEach(func() { 198 username, _ = helpers.CreateUser() 199 helpers.SwitchToOrgRole(orgName, "OrgAuditor") 200 }) 201 202 It("prints out the error message from CC API and exits 1", func() { 203 session := helpers.CF("unset-org-role", username, orgName, "OrgAuditor") 204 Eventually(session).Should(Say("FAILED")) 205 Eventually(session.Err).Should(Say(`User '%s' does not exist.`, username)) 206 Eventually(session).Should(Exit(1)) 207 }) 208 }) 209 210 When("the logged in user has insufficient permissions to see the user", func() { 211 var username string 212 213 BeforeEach(func() { 214 username, _ = helpers.CreateUser() 215 helpers.SwitchToOrgRole(orgName, "OrgManager") 216 }) 217 218 It("prints out the error message from CC API and exits 1", func() { 219 session := helpers.CF("unset-org-role", username, orgName, "OrgAuditor", "-v") 220 Eventually(session).Should(Say("FAILED")) 221 Eventually(session.Err).Should(Say("User '%s' does not exist.", username)) 222 Eventually(session).Should(Exit(1)) 223 }) 224 }) 225 })