diff --git a/internal/tests/cli/boundary/_authorized_actions.bash b/internal/tests/cli/boundary/_authorized_actions.bash new file mode 100644 index 0000000000..87201afbd7 --- /dev/null +++ b/internal/tests/cli/boundary/_authorized_actions.bash @@ -0,0 +1,8 @@ +function has_authorized_action() { + # accepts the output of a read on a arbitrary resource that has authorized_actions in its + # output and the action to expect in the list as the second argument: + # has_authorized_action $out authorize-session + local out=$1 + local action=$2 + echo $out | jq -c ".authorized_actions | contains([\"$action\"])" +} diff --git a/internal/tests/cli/boundary/_groups.bash b/internal/tests/cli/boundary/_groups.bash index 29e18a9204..c50841f32e 100644 --- a/internal/tests/cli/boundary/_groups.bash +++ b/internal/tests/cli/boundary/_groups.bash @@ -1,9 +1,11 @@ +load _authorized_actions + function create_group() { boundary groups create -scope-id global -name $1 -description 'test group' } function read_group() { - boundary groups read -id $1 + boundary groups read -id $1 -format json } function delete_group() { @@ -39,3 +41,16 @@ function group_has_member_id() { done return 1 } + +function has_default_group_actions() { + # tests that the group resource contains default actions + local out=$1 + local actions=('read' 'update' 'delete' 'add-members' 'set-members' 'remove-members') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_host_catalogs.bash b/internal/tests/cli/boundary/_host_catalogs.bash index f960dc998c..39fac394ac 100644 --- a/internal/tests/cli/boundary/_host_catalogs.bash +++ b/internal/tests/cli/boundary/_host_catalogs.bash @@ -1,3 +1,5 @@ +load _authorized_actions + function create_host_catalog() { local name=$1 local sid=$2 @@ -9,7 +11,7 @@ function create_host_catalog() { } function read_host_catalog() { - boundary host-catalogs read -id $1 + boundary host-catalogs read -id $1 -format json } function delete_host_catalog() { @@ -25,3 +27,15 @@ function host_catalog_id() { local sid=$2 strip $(list_host_catalogs $sid | jq -c ".[] | select(.name | contains(\"$id\")) | .[\"id\"]") } + +function has_default_host_catalog_actions() { + local out=$1 + local actions=('read' 'update' 'delete') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_host_sets.bash b/internal/tests/cli/boundary/_host_sets.bash index 44ae504501..00d2355e86 100644 --- a/internal/tests/cli/boundary/_host_sets.bash +++ b/internal/tests/cli/boundary/_host_sets.bash @@ -1,3 +1,5 @@ +load _authorized_actions + function create_host_set() { local hcid=$1 local name=$2 @@ -47,3 +49,15 @@ function host_set_has_host_id() { done return 1 } + +function has_default_host_set_actions() { + local out=$1 + local actions=('read' 'update' 'delete' 'add-hosts' 'set-hosts' 'remove-hosts') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_hosts.bash b/internal/tests/cli/boundary/_hosts.bash index e8cadd1b25..d9e4ad736a 100644 --- a/internal/tests/cli/boundary/_hosts.bash +++ b/internal/tests/cli/boundary/_hosts.bash @@ -1,3 +1,5 @@ +load _authorized_actions + function create_host() { local name=$1 local hcid=$2 @@ -10,7 +12,7 @@ function create_host() { } function read_host() { - boundary hosts read -id $1 + boundary hosts read -id $1 -format json } function delete_host() { @@ -27,3 +29,15 @@ function host_id() { strip $(list_hosts $hcid | jq -c ".[] | select(.name | contains(\"$name\")) | .[\"id\"]") } + +function has_default_host_actions() { + local out=$1 + local actions=('read' 'update' 'delete') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_roles.bash b/internal/tests/cli/boundary/_roles.bash index 5f1284d1ba..04ce78eb18 100644 --- a/internal/tests/cli/boundary/_roles.bash +++ b/internal/tests/cli/boundary/_roles.bash @@ -1,3 +1,5 @@ +load _authorized_actions + function create_role() { local sid=$1 local name=$2 @@ -89,3 +91,15 @@ function role_has_grant() { done return 1 } + +function has_default_role_actions() { + local out=$1 + local actions=('read' 'update' 'delete' 'add-principals' 'set-principals' 'remove-principals' 'add-grants' 'set-grants' 'remove-grants') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_scopes.bash b/internal/tests/cli/boundary/_scopes.bash index 7fc02a0534..2d595a2e24 100644 --- a/internal/tests/cli/boundary/_scopes.bash +++ b/internal/tests/cli/boundary/_scopes.bash @@ -1,3 +1,5 @@ +load _authorized_actions + function create_scope() { local parent=$1 local name=$2 @@ -27,3 +29,15 @@ function scope_id() { strip $(list_scopes $sid | jq -c ".[] | select(.name | contains(\"$name\")) | .[\"id\"]") } + +function has_default_scope_actions() { + local out=$1 + local actions=('read' 'update' 'delete') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_targets.bash b/internal/tests/cli/boundary/_targets.bash index be69148772..b0bd797923 100644 --- a/internal/tests/cli/boundary/_targets.bash +++ b/internal/tests/cli/boundary/_targets.bash @@ -1,3 +1,5 @@ +load _authorized_actions + export TGT_NAME='test' function create_tcp_target() { @@ -12,7 +14,7 @@ function create_tcp_target() { } function read_target() { - boundary targets read -id $1 + boundary targets read -id $1 -format json } function delete_target() { @@ -52,3 +54,15 @@ function target_has_host_set_id() { done return 1 } + +function has_default_target_actions() { + local out=$1 + local actions=('read' 'update' 'delete' 'add-host-sets' 'set-host-sets' 'remove-host-sets' 'authorize-session') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} diff --git a/internal/tests/cli/boundary/_users.bash b/internal/tests/cli/boundary/_users.bash index 21c891b945..7a29ec87ef 100644 --- a/internal/tests/cli/boundary/_users.bash +++ b/internal/tests/cli/boundary/_users.bash @@ -1,9 +1,11 @@ +load _authorized_actions + function create_user() { boundary users create -scope-id global -name $1 -description 'test user' } function read_user() { - boundary users read -id $1 + boundary users read -id $1 -format json } function delete_user() { @@ -18,6 +20,19 @@ function assoc_user_acct() { boundary users add-accounts -account $1 -id $2 } +function has_default_user_actions() { + # tests that the user resource contains default actions + local out=$1 + local actions=('read' 'update' 'delete' 'add-accounts' 'set-accounts' 'remove-accounts') + + for action in ${actions[@]}; do + $(has_authorized_action "$out" "$action") || { + echo "failed to find $action action in output: $out" + return 1 + } + done +} + function user_id() { local user=$1 strip $(list_users | jq -c ".[] | select(.name | contains(\"$user\")) | .[\"id\"]") diff --git a/internal/tests/cli/boundary/groups.bats b/internal/tests/cli/boundary/groups.bats index b8bb9c6eb5..51b6506719 100644 --- a/internal/tests/cli/boundary/groups.bats +++ b/internal/tests/cli/boundary/groups.bats @@ -32,6 +32,15 @@ export NEW_GROUP='test' [ "$status" -eq 0 ] } +@test "boundary/groups: the $NEW_GROUP group contains default authorized-actions" { + local gid=$(group_id $NEW_GROUP) + local out=$(read_group $gid) + + run has_default_group_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/group/add-members: can associate $NEW_GROUP group with default user" { local gid=$(group_id $NEW_GROUP) run assoc_group_acct 'u_1234567890' $gid diff --git a/internal/tests/cli/boundary/host_catalogs.bats b/internal/tests/cli/boundary/host_catalogs.bats index b7f438e3a9..4a29e44cc4 100644 --- a/internal/tests/cli/boundary/host_catalogs.bats +++ b/internal/tests/cli/boundary/host_catalogs.bats @@ -12,40 +12,49 @@ export NEW_HOST_CATALOG='test' [ "$status" -eq 0 ] } -@test "boundary/hosts-catalogs: can create $NEW_HOST_CATALOG host catalog in default project scope" { +@test "boundary/host-catalogs: can create $NEW_HOST_CATALOG host catalog in default project scope" { run create_host_catalog $NEW_HOST_CATALOG $DEFAULT_P_ID echo "$output" [ "$status" -eq 0 ] } -@test "boundary/hosts: can not create already created $NEW_HOST_CATALOG host catalog in default project scope" { +@test "boundary/host-catalogs: can not create already created $NEW_HOST_CATALOG host catalog in default project scope" { run create_host_catalog $NEW_HOST_CATALOG echo "$output" [ "$status" -eq 1 ] } -@test "boundary/hosts: can read $NEW_HOST_CATALOG host catalog in default project scope" { +@test "boundary/host-catalogs: can read $NEW_HOST_CATALOG host catalog in default project scope" { local hid=$(host_catalog_id $NEW_HOST_CATALOG $DEFAULT_P_ID) run read_host_catalog $hid echo "$output" [ "$status" -eq 0 ] } -@test "boundary/host: can delete $NEW_HOST_CATALOG host in default project scope" { +@test "boundary/host-catalogs: the $NEW_HOST_CATALOG host catalog contains default authorized-actions" { + local hid=$(host_catalog_id $NEW_HOST_CATALOG $DEFAULT_P_ID) + local out=$(read_host_catalog $hid) + + run has_default_host_catalog_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + +@test "boundary/host-catalogs: can delete $NEW_HOST_CATALOG host in default project scope" { local hid=$(host_catalog_id $NEW_HOST_CATALOG $DEFAULT_P_ID) run delete_host_catalog $hid echo "$output" [ "$status" -eq 0 ] } -@test "boundary/host: can not delete already deleted $NEW_HOST_CATALOG host in default project scope" { +@test "boundary/host-catalogs: can not delete already deleted $NEW_HOST_CATALOG host in default project scope" { local hid=$(host_catalog_id $NEW_HOST_CATALOG $DEFAULT_P_ID) run delete_host_catalog $hid echo "$output" [ "$status" -eq 1 ] } -@test "boundary/hosts: can not read deleted $NEW_HOST_CATALOG host in default project scope" { +@test "boundary/host-catalogs: can not read deleted $NEW_HOST_CATALOG host in default project scope" { local hid=$(host_catalog_id $NEW_HOST_CATALOG $DEFAULT_P_ID) run read_host_catalog $hid echo "$output" diff --git a/internal/tests/cli/boundary/host_sets.bats b/internal/tests/cli/boundary/host_sets.bats index 099f782047..4f1a176674 100644 --- a/internal/tests/cli/boundary/host_sets.bats +++ b/internal/tests/cli/boundary/host_sets.bats @@ -31,6 +31,15 @@ export NEW_HOST_SET='test' [ "$status" -eq 0 ] } +@test "boundary/host-sets: the $NEW_HOST_SET host set contains default authorized-actions" { + local hsid=$(host_set_id $NEW_HOST_SET $DEFAULT_HOST_CATALOG) + local out=$(read_host_set $hsid) + + run has_default_host_set_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/host-set/add-host: can associate $NEW_HOST_SET host set with default host" { local hsid=$(host_set_id $NEW_HOST_SET $DEFAULT_HOST_CATALOG) run assoc_host_set_host $DEFAULT_HOST $hsid diff --git a/internal/tests/cli/boundary/hosts.bats b/internal/tests/cli/boundary/hosts.bats index 1f72bd644b..93ede705a4 100644 --- a/internal/tests/cli/boundary/hosts.bats +++ b/internal/tests/cli/boundary/hosts.bats @@ -31,6 +31,15 @@ export NEW_HOST='test' [ "$status" -eq 0 ] } +@test "boundary/hosts: the $NEW_HOST host contains default authorized-actions" { + local hid=$(host_id $NEW_HOST $DEFAULT_HOST_CATALOG) + local out=$(read_host $hid) + + run has_default_host_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/host: can delete $NEW_HOST host" { local hid=$(host_id $NEW_HOST $DEFAULT_HOST_CATALOG) run delete_host $hid diff --git a/internal/tests/cli/boundary/roles.bats b/internal/tests/cli/boundary/roles.bats index 9084123520..7eaa2ed8bb 100644 --- a/internal/tests/cli/boundary/roles.bats +++ b/internal/tests/cli/boundary/roles.bats @@ -28,12 +28,20 @@ export NEW_GRANT='id=*;type=*;actions=create,read,update,delete,list' @test "boundary/roles: can read $NEW_ROLE role" { local rid=$(role_id $NEW_ROLE $DEFAULT_GLOBAL) - echo "rid $rid" run read_role $rid echo "$output" [ "$status" -eq 0 ] } +@test "boundary/roles: the $NEW_ROLE role contains default authorized-actions" { + local rid=$(role_id $NEW_ROLE $DEFAULT_GLOBAL) + local out=$(read_role $rid) + + run has_default_role_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/role/add-principals: can associate $NEW_ROLE role with default principal" { local rid=$(role_id $NEW_ROLE $DEFAULT_GLOBAL) run assoc_role_principal $DEFAULT_USER $rid diff --git a/internal/tests/cli/boundary/scopes.bats b/internal/tests/cli/boundary/scopes.bats index 2d82c771b3..af7ece028c 100644 --- a/internal/tests/cli/boundary/scopes.bats +++ b/internal/tests/cli/boundary/scopes.bats @@ -4,8 +4,8 @@ load _auth load _scopes load _helpers -export NEW_PROJECT='test_project' export NEW_ORG='test_org' +export NEW_PROJECT='test_project' @test "boundary/login: can login as default user" { run login $DEFAULT_LOGIN @@ -25,6 +25,15 @@ export NEW_ORG='test_org' [ "$status" -eq 0 ] } +@test "boundary/scopes: the $NEW_ORG scope contains default org authorized-actions" { + local sid=$(scope_id $NEW_ORG $DEFAULT_GLOBAL) + local out=$(read_scope $sid) + + run has_default_scope_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/scopes: can create $NEW_PROJECT project level scope" { local parent=$(scope_id $NEW_ORG $DEFAULT_GLOBAL) run create_scope $parent $NEW_PROJECT @@ -40,6 +49,16 @@ export NEW_ORG='test_org' [ "$status" -eq 0 ] } +@test "boundary/scopes: the $NEW_PROJECT scope contains default project authorized-actions" { + local parent=$(scope_id $NEW_ORG $DEFAULT_GLOBAL) + local sid=$(scope_id $NEW_PROJECT $parent) + local out=$(read_scope $sid) + + run has_default_scope_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/scopes: can delete $NEW_PROJECT project level scope" { local parent=$(scope_id $NEW_ORG $DEFAULT_GLOBAL) local sid=$(scope_id $NEW_PROJECT $parent) diff --git a/internal/tests/cli/boundary/target.bats b/internal/tests/cli/boundary/target.bats index 18a831f14b..0f18d95f8e 100644 --- a/internal/tests/cli/boundary/target.bats +++ b/internal/tests/cli/boundary/target.bats @@ -33,6 +33,15 @@ load _helpers [ "$status" -eq 0 ] } +@test "boundary/target: the $TGT_NAME target contains default authorized-actions" { + local id=$(target_id $DEFAULT_P_ID $TGT_NAME) + local out=$(read_target $id) + + run has_default_target_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/target: default user can add default host set to created target" { local id=$(target_id $DEFAULT_P_ID $TGT_NAME) run assoc_host_sets $id $DEFAULT_HOST_SET diff --git a/internal/tests/cli/boundary/user.bats b/internal/tests/cli/boundary/user.bats index c14e2ec32d..6be001a533 100644 --- a/internal/tests/cli/boundary/user.bats +++ b/internal/tests/cli/boundary/user.bats @@ -28,6 +28,15 @@ export NEW_USER='test' [ "$status" -eq 0 ] } +@test "boundary/users: the $NEW_USER user contains default authorized-actions" { + local uid=$(user_id $NEW_USER) + local out=$(read_user $uid) + + run has_default_user_actions "$out" + echo "$output" + [ "$status" -eq 0 ] +} + @test "boundary/account/password: can add $NEW_USER account" { run create_account $NEW_USER [ "$status" -eq 0 ]