Managing groups =============== Gitano has users and users can be in groups. Groups are there primarily as a way to manage access control since it's a lot easier to grant access to a group and then manage the group, than to keep writing new ACLs for each user you want to grant access to. Groups have a name and a description, and then a list of members. In addition groups may contain other groups and membership is transitive across that relationship. Group creation, listing, and removal ------------------------------------ SCENARIO basic group operation Initially there is one group, the `gitano-admin` group. GIVEN a standard instance WHEN testinstance adminkey runs group list THEN stdout contains gitano-admin We can add a group... WHEN testinstance adminkey runs group add newgroup simple description AND testinstance adminkey runs group list THEN stdout contains newgroup AND stdout contains simple description We can remove a group... WHEN testinstance adminkey runs group del newgroup --force AND testinstance adminkey runs group list THEN stdout does not contain newgroup FINALLY the instance is torn down Examining and manipulating groups --------------------------------- SCENARIO group description Initially the `gitano-admin` group has one user in it, and has a basic description. GIVEN a standard instance WHEN testinstance adminkey runs group show gitano-admin THEN stdout contains gitano-admin:Gitano\ Instance\ Administrators AND stdout contains =>\ admin We can change that description though. WHEN testinstance adminkey runs group description gitano-admin Jeffrey AND testinstance adminkey runs group show gitano-admin THEN stdout contains gitano-admin:Jeffrey FINALLY the instance is torn down Renaming groups --------------- SCENARIO group renaming Groups, like users and repositories, can be renamed. This is a moderately destructive operation since ACLs are often based on group names, and as such it also takes a token. After renaming a group, the old group name does not exist. GIVEN a standard instance WHEN testinstance adminkey runs group add foo bar AND testinstance adminkey runs group rename foo b.az --force AND testinstance adminkey runs group list THEN stdout does not contain foo:bar AND stdout contains b.az:bar FINALLY the instance is torn down Group membership ---------------- SCENARIO group membership GIVEN a standard instance AND testinstance, using adminkey, adds a new user alice, with a key called main Group membership of users is managed using the `adduser` and `deluser` subcommands in the `group` command WHEN testinstance adminkey runs group add foo bar AND testinstance adminkey runs group adduser foo alice AND testinstance adminkey runs group show foo THEN stdout contains =>\ alice WHEN testinstance adminkey runs group deluser foo alice --force AND testinstance adminkey runs group show foo THEN stdout does not contain alice Group membership of groups is managed with `addgroup` and `delgroup` subcommands. WHEN testinstance adminkey runs group show gitano-admin THEN stdout does not contain foo WHEN testinstance adminkey runs group addgroup gitano-admin foo AND testinstance adminkey runs group show gitano-admin THEN stdout contains \[\]\ foo WHEN testinstance adminkey runs group delgroup gitano-admin foo --force AND testinstance adminkey runs group show gitano-admin THEN stdout does not contain foo FINALLY the instance is torn down Membership works across renames =============================== A critical component of users and groups is that they continue to work across renames. SCENARIO group and user rename continuity GIVEN a standard instance AND testinstance, using adminkey, adds a new user alice, with a key called main WHEN testinstance adminkey runs group add foo foodesc AND testinstance adminkey runs group add bar bardesc AND testinstance adminkey runs group adduser foo alice AND testinstance adminkey runs group addgroup bar foo Firstly we demonstrate that transitive membership turns up in whoami... WHEN alice main runs whoami THEN stdout contains foodesc AND stdout contains bardesc AND stdout contains \(via foo\) Next, if we rename the alice user we want to know that the user membership of group foo continues to work. WHEN testinstance adminkey runs user rename alice betty --force WHEN testinstance adminkey runs group show foo THEN stdout does not contain alice AND stdout contains betty WHEN alice main runs whoami THEN stdout contains foodesc AND stdout contains bardesc AND stdout contains \(via foo\) And, of course, if we rename either group, then the membership persists. WHEN testinstance adminkey runs group rename foo baz --force AND testinstance adminkey runs group rename bar meta --force AND alice main runs whoami THEN stdout contains foodesc AND stdout contains bardesc AND stdout contains \(via baz\) FINALLY the instance is torn down regression tests ================ At one point it was possible to run `group add` and pass a group name with a slash in it which would really confuse Gitano subsequently. This ensures that can never happen again. SCENARIO group add with slashes causes error GIVEN a standard instance WHEN testinstance adminkey, expecting failure, runs group add foo/bar bananas THEN stderr contains group name .foo/bar. not valid FINALLY the instance is torn down