summaryrefslogtreecommitdiff
path: root/knife/spec/unit/user_delete_spec.rb
blob: 4dd2665cdaa07fa6cae2ce7a85a05683de84af9b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

#
# Author:: Steven Danna (<steve@chef.io>)
# Copyright:: Copyright (c) Chef Software Inc.
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

require "spec_helper"
require "chef/org"

Chef::Knife::UserDelete.load_deps

describe Chef::Knife::UserDelete do
  subject(:knife) { Chef::Knife::UserDelete.new }

  let(:non_admin_member_org) { Chef::Org.new("non-admin-member") }
  let(:solo_admin_member_org) { Chef::Org.new("solo-admin-member") }
  let(:shared_admin_member_org) { Chef::Org.new("shared-admin-member") }

  let(:removable_orgs) { [non_admin_member_org, shared_admin_member_org] }
  let(:non_removable_orgs) { [solo_admin_member_org] }

  let(:admin_memberships) { [ removable_orgs, non_removable_orgs ] }
  let(:username) { "test_user" }

  let(:rest) { double("Chef::ServerAPI") }
  let(:orgs) { [non_admin_member_org, solo_admin_member_org, shared_admin_member_org] }
  let(:knife) { Chef::Knife::UserDelete.new }

  let(:orgs_data) do
    [{ "organization" => { "name" => "non-admin-member" } },
     { "organization" => { "name" => "solo-admin-member" } },
     { "organization" => { "name" => "shared-admin-member" } },
  ]
  end

  before(:each) do
    allow(Chef::ServerAPI).to receive(:new).and_return(rest)
    knife.name_args << username
    knife.config[:yes] = true
  end

  context "when invoked" do
    before do
      allow(knife).to receive(:admin_group_memberships).and_return(admin_memberships)
    end

    context "with --no-disassociate-user" do
      before(:each) do
        knife.config[:no_disassociate_user] = true
      end

      it "should bypass all checks and go directly to user deletion" do
        expect(knife).to receive(:delete_user).with(username)
        knife.run
      end
    end

    context "without --no-disassociate-user" do
      before do
        allow(knife).to receive(:org_memberships).and_return(orgs)
      end

      context "and with --remove-from-admin-groups" do
        let(:non_removable_orgs) { [ solo_admin_member_org ] }
        before(:each) do
          knife.config[:remove_from_admin_groups] = true
        end

        context "when an associated user the only organization admin" do
          let(:non_removable_orgs) { [ solo_admin_member_org ] }

          it "refuses to proceed with because the user is the only admin" do
            expect(knife).to receive(:error_exit_cant_remove_admin_membership!).and_call_original
            expect { knife.run }.to raise_error SystemExit
          end
        end

        context "when an associated user is one of many organization admins" do
          let(:non_removable_orgs) { [] }

          it "should remove the user from the group, the org, and then and delete the user" do
            expect(knife).to receive(:disassociate_user)
            expect(knife).to receive(:remove_from_admin_groups)
            expect(knife).to receive(:delete_user)
            expect(knife).to receive(:error_exit_cant_remove_admin_membership!).exactly(0).times
            expect(knife).to receive(:error_exit_admin_group_member!).exactly(0).times
            knife.run
          end

        end
      end

      context "and without --remove-from-admin-groups" do
        before(:each) do
          knife.config[:remove_from_admin_groups] = false
        end

        context "when an associated user is in admins group" do
          let(:removable_orgs) { [ shared_admin_member_org ] }
          let(:non_removable_orgs) { [ ] }
          it "refuses to proceed with because the user is an admin" do
            # Default setup
            expect(knife).to receive(:error_exit_admin_group_member!).and_call_original
            expect { knife.run }.to raise_error SystemExit
          end
        end
      end

    end
  end

  context "#admin_group_memberships" do
    before do
      expect(non_admin_member_org).to receive(:user_member_of_group?).and_return false

      expect(solo_admin_member_org).to receive(:user_member_of_group?).and_return true
      expect(solo_admin_member_org).to receive(:actor_delete_would_leave_admins_empty?).and_return true

      expect(shared_admin_member_org).to receive(:user_member_of_group?).and_return true
      expect(shared_admin_member_org).to receive(:actor_delete_would_leave_admins_empty?).and_return false

    end

    it "returns an array of organizations in which the user is an admin, and an array of orgs which block removal" do
      expect(knife.admin_group_memberships(orgs, username)).to eq [ [solo_admin_member_org, shared_admin_member_org], [solo_admin_member_org]]
    end
  end

  context "#delete_user" do
    it "attempts to delete the user from the system via DELETE to the /users endpoint" do
      expect(rest).to receive(:delete).with("users/#{username}")
      knife.delete_user(username)
    end
  end

  context "#disassociate_user" do
    it "attempts to remove dissociate the user from each org" do
      removable_orgs.each { |org| expect(org).to receive(:dissociate_user).with(username) }
      knife.disassociate_user(removable_orgs, username)
    end
  end

  context "#remove_from_admin_groups" do
    it "attempts to remove the given user from the organizations' groups" do
      removable_orgs.each { |org| expect(org).to receive(:remove_user_from_group).with("admins", username) }
      knife.remove_from_admin_groups(removable_orgs, username)
    end
  end

  context "#org_memberships" do
    it "should make a REST request to return the list of organizations that the user is a member of" do
      expect(rest).to receive(:get).with("users/test_user/organizations").and_return orgs_data
      result = knife.org_memberships(username)
      result.each_with_index do |v, x|
        expect(v.to_hash).to eq(orgs[x].to_hash)
      end
    end
  end
end
View Lorry Controller Status