path: root/testing/02-commands-group.yarn

<!-- -*- markdown -*- -->

Managing groups
===============

Gitano has users and users can be in groups.  Groups are there primarily as a
way to manage access control since it's a lot easier to grant access to a group
and then manage the group, than to keep writing new ACLs for each user you want
to grant access to.

Groups have a name and a description, and then a list of members.  In addition
groups may contain other groups and membership is transitive across that
relationship.

Group creation, listing, and removal
------------------------------------

    SCENARIO basic group operation

Initially there is one group, the `gitano-admin` group.

    GIVEN a standard instance
     WHEN testinstance adminkey runs group list
     THEN stdout contains gitano-admin

We can add a group...

    WHEN testinstance adminkey runs group add newgroup simple description
     AND testinstance adminkey runs group list
    THEN stdout contains newgroup
     AND stdout contains simple description

We can remove a group...

    WHEN testinstance adminkey runs group del newgroup --force
     AND testinstance adminkey runs group list
    THEN stdout does not contain newgroup

    FINALLY the instance is torn down

Examining and manipulating groups
---------------------------------

    SCENARIO group description

Initially the `gitano-admin` group has one user in it, and has a basic
description.

    GIVEN a standard instance
     WHEN testinstance adminkey runs group show gitano-admin
     THEN stdout contains gitano-admin:Gitano\ Instance\ Administrators
      AND stdout contains =>\ admin

We can change that description though.

    WHEN testinstance adminkey runs group description gitano-admin Jeffrey
     AND testinstance adminkey runs group show gitano-admin
    THEN stdout contains gitano-admin:Jeffrey

    FINALLY the instance is torn down

Renaming groups
---------------

    SCENARIO group renaming

Groups, like users and repositories, can be renamed.  This is a moderately
destructive operation since ACLs are often based on group names, and as such
it also takes a token.  After renaming a group, the old group name does not
exist.

    GIVEN a standard instance
     WHEN testinstance adminkey runs group add foo bar
      AND testinstance adminkey runs group rename foo b.az --force
      AND testinstance adminkey runs group list
     THEN stdout does not contain foo:bar
      AND stdout contains b.az:bar

    FINALLY the instance is torn down

Group membership
----------------

    SCENARIO group membership
    GIVEN a standard instance
      AND testinstance, using adminkey, adds a new user alice, with a key called main

Group membership of users is managed using the `adduser` and `deluser`
subcommands in the `group` command

    WHEN testinstance adminkey runs group add foo bar
     AND testinstance adminkey runs group adduser foo alice
     AND testinstance adminkey runs group show foo
    THEN stdout contains =>\ alice
    WHEN testinstance adminkey runs group deluser foo alice --force
     AND testinstance adminkey runs group show foo
    THEN stdout does not contain alice

Group membership of groups is managed with `addgroup` and `delgroup`
subcommands.

    WHEN testinstance adminkey runs group show gitano-admin
    THEN stdout does not contain foo
    WHEN testinstance adminkey runs group addgroup gitano-admin foo
     AND testinstance adminkey runs group show gitano-admin
    THEN stdout contains \[\]\ foo
    WHEN testinstance adminkey runs group delgroup gitano-admin foo --force
     AND testinstance adminkey runs group show gitano-admin
    THEN stdout does not contain foo

    FINALLY the instance is torn down

Membership works across renames
===============================

A critical component of users and groups is that they continue to work across
renames.

    SCENARIO group and user rename continuity

    GIVEN a standard instance
      AND testinstance, using adminkey, adds a new user alice, with a key called main
     WHEN testinstance adminkey runs group add foo foodesc
      AND testinstance adminkey runs group add bar bardesc
      AND testinstance adminkey runs group adduser foo alice
      AND testinstance adminkey runs group addgroup bar foo

Firstly we demonstrate that transitive membership turns up in whoami...

    WHEN alice main runs whoami
    THEN stdout contains foodesc
     AND stdout contains bardesc
     AND stdout contains \(via foo\)

Next, if we rename the alice user we want to know that the user membership
of group foo continues to work.

    WHEN testinstance adminkey runs user rename alice betty --force
    WHEN testinstance adminkey runs group show foo
    THEN stdout does not contain alice
     AND stdout contains betty
    WHEN alice main runs whoami
    THEN stdout contains foodesc
     AND stdout contains bardesc
     AND stdout contains \(via foo\)

And, of course, if we rename either group, then the membership persists.

    WHEN testinstance adminkey runs group rename foo baz --force
     AND testinstance adminkey runs group rename bar meta --force
     AND alice main runs whoami
    THEN stdout contains foodesc
     AND stdout contains bardesc
     AND stdout contains \(via baz\)

    FINALLY the instance is torn down

regression tests
================

At one point it was possible to run `group add` and pass a group name with a
slash in it which would really confuse Gitano subsequently.  This ensures that
can never happen again.

    SCENARIO group add with slashes causes error

    GIVEN a standard instance
     WHEN testinstance adminkey, expecting failure, runs group add foo/bar bananas
     THEN stderr contains group name .foo/bar. not valid

    FINALLY the instance is torn down