diff --git a/testing/internal/e2e/boundary/role.go b/testing/internal/e2e/boundary/role.go index c8ad014655c..a9b2765318f 100644 --- a/testing/internal/e2e/boundary/role.go +++ b/testing/internal/e2e/boundary/role.go @@ -80,7 +80,7 @@ func AddPrincipalToRoleCli(t testing.TB, ctx context.Context, roleId string, pri ), ) require.NoError(t, output.Err, string(output.Stderr)) - t.Logf("Principle %s added to role: %s", principal, roleId) + t.Logf("Principal %s added to role: %s", principal, roleId) } // SetGrantScopesToRoleCli uses Boundary CLI to override grant scopes for the role with the provided ones. diff --git a/testing/internal/e2e/tests/base/role_multi_scope_grants_test.go b/testing/internal/e2e/tests/base/role_multi_scope_grants_test.go index 20fa0bda9ec..a6c94000920 100644 --- a/testing/internal/e2e/tests/base/role_multi_scope_grants_test.go +++ b/testing/internal/e2e/tests/base/role_multi_scope_grants_test.go @@ -22,48 +22,36 @@ func TestCliApplyGrantsForMultipleScopes(t *testing.T) { boundary.AuthenticateAdminCli(t, ctx) // Create Org and Project - newOrgId := boundary.CreateNewOrgCli(t, ctx) + orgId := boundary.CreateNewOrgCli(t, ctx) t.Cleanup(func() { ctx := context.Background() boundary.AuthenticateAdminCli(t, ctx) - output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", newOrgId)) + output := e2e.RunCommand(ctx, "boundary", e2e.WithArgs("scopes", "delete", "-id", orgId)) require.NoError(t, output.Err, string(output.Stderr)) }) - newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId) + projectId := boundary.CreateNewProjectCli(t, ctx, orgId) // Create Account acctName := "e2e-account" - newAccountId, acctPassword := boundary.CreateNewAccountCli(t, ctx, bc.AuthMethodId, acctName) + accountId, acctPassword := boundary.CreateNewAccountCli(t, ctx, bc.AuthMethodId, acctName) t.Cleanup(func() { boundary.AuthenticateAdminCli(t, ctx) output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("accounts", "delete", "-id", newAccountId), + e2e.WithArgs("accounts", "delete", "-id", accountId), ) require.NoError(t, output.Err, string(output.Stderr)) }) // Create User and set Account to it - newUserId := boundary.CreateNewUserCli(t, ctx, "global") + userId := boundary.CreateNewUserCli(t, ctx, "global") t.Cleanup(func() { boundary.AuthenticateAdminCli(t, ctx) output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("users", "delete", "-id", newUserId), + e2e.WithArgs("users", "delete", "-id", userId), ) require.NoError(t, output.Err, string(output.Stderr)) }) - boundary.SetAccountToUserCli(t, ctx, newUserId, newAccountId) - - // Create Role and add admin grants to it - newRoleId, err := boundary.CreateRoleCli(t, ctx, "global") - require.NoError(t, err) - t.Cleanup(func() { - boundary.AuthenticateAdminCli(t, ctx) - output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("roles", "delete", "-id", newRoleId), - ) - require.NoError(t, output.Err, string(output.Stderr)) - }) - boundary.AddGrantToRoleCli(t, ctx, newRoleId, "ids=*;type=*;actions=*") + boundary.SetAccountToUserCli(t, ctx, userId, accountId) // Authenticate test user and try to: // - create role in global scope: expect error @@ -74,40 +62,50 @@ func TestCliApplyGrantsForMultipleScopes(t *testing.T) { _, err = boundary.CreateRoleCli(t, ctx, "global") require.Error(t, err) - _, err = boundary.CreateRoleCli(t, ctx, newOrgId) + _, err = boundary.CreateRoleCli(t, ctx, orgId) require.Error(t, err) - _, err = boundary.CreateRoleCli(t, ctx, newProjectId) + _, err = boundary.CreateRoleCli(t, ctx, projectId) require.Error(t, err) - // Add User as a principle to the admin Role + // Create Role and add admin grants, and principal to it boundary.AuthenticateAdminCli(t, ctx) - boundary.AddPrincipalToRoleCli(t, ctx, newRoleId, newUserId) + roleId, err := boundary.CreateRoleCli(t, ctx, "global") + require.NoError(t, err) + t.Cleanup(func() { + boundary.AuthenticateAdminCli(t, ctx) + output := e2e.RunCommand(ctx, "boundary", + e2e.WithArgs("roles", "delete", "-id", roleId), + ) + require.NoError(t, output.Err, string(output.Stderr)) + }) + boundary.AddGrantToRoleCli(t, ctx, roleId, "ids=*;type=*;actions=*") + boundary.AddPrincipalToRoleCli(t, ctx, roleId, userId) // Authenticate User and try to: // - create Role in global scope: expect success // - create Role in org scope: expect error // - create Role in proj scope: expect error boundary.AuthenticateCli(t, ctx, bc.AuthMethodId, acctName, acctPassword) - newGlobalRoleId2, err := boundary.CreateRoleCli(t, ctx, "global") + globalRoleId2, err := boundary.CreateRoleCli(t, ctx, "global") require.NoError(t, err) t.Cleanup(func() { boundary.AuthenticateAdminCli(t, ctx) output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("roles", "delete", "-id", newGlobalRoleId2), + e2e.WithArgs("roles", "delete", "-id", globalRoleId2), ) require.NoError(t, output.Err, string(output.Stderr)) }) - _, err = boundary.CreateRoleCli(t, ctx, newOrgId) + _, err = boundary.CreateRoleCli(t, ctx, orgId) require.Error(t, err) - _, err = boundary.CreateRoleCli(t, ctx, newProjectId) + _, err = boundary.CreateRoleCli(t, ctx, projectId) require.Error(t, err) // Set Grant Scopes to Role: this, children boundary.AuthenticateAdminCli(t, ctx) - err = boundary.SetGrantScopesToRoleCli(t, ctx, newRoleId, + err = boundary.SetGrantScopesToRoleCli(t, ctx, roleId, boundary.WithGrantScopeId("this"), boundary.WithGrantScopeId("children"), ) @@ -118,25 +116,25 @@ func TestCliApplyGrantsForMultipleScopes(t *testing.T) { // - create Role in org scope: expect success // - create Role in proj scope: expect error boundary.AuthenticateCli(t, ctx, bc.AuthMethodId, acctName, acctPassword) - newGlobalRoleId3, err := boundary.CreateRoleCli(t, ctx, "global") + globalRoleId3, err := boundary.CreateRoleCli(t, ctx, "global") require.NoError(t, err) t.Cleanup(func() { boundary.AuthenticateAdminCli(t, ctx) output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("roles", "delete", "-id", newGlobalRoleId3), + e2e.WithArgs("roles", "delete", "-id", globalRoleId3), ) require.NoError(t, output.Err, string(output.Stderr)) }) - _, err = boundary.CreateRoleCli(t, ctx, newOrgId) + _, err = boundary.CreateRoleCli(t, ctx, orgId) require.NoError(t, err) - _, err = boundary.CreateRoleCli(t, ctx, newProjectId) + _, err = boundary.CreateRoleCli(t, ctx, projectId) require.Error(t, err) // Set Grant Scopes to Role: this, descendants boundary.AuthenticateAdminCli(t, ctx) - err = boundary.SetGrantScopesToRoleCli(t, ctx, newRoleId, + err = boundary.SetGrantScopesToRoleCli(t, ctx, roleId, boundary.WithGrantScopeId("this"), boundary.WithGrantScopeId("descendants"), ) @@ -147,19 +145,19 @@ func TestCliApplyGrantsForMultipleScopes(t *testing.T) { // - create Role in org scope: expect success // - create Role in proj scope: expect success boundary.AuthenticateCli(t, ctx, bc.AuthMethodId, acctName, acctPassword) - newGlobalRoleId4, err := boundary.CreateRoleCli(t, ctx, "global") + globalRoleId4, err := boundary.CreateRoleCli(t, ctx, "global") require.NoError(t, err) t.Cleanup(func() { boundary.AuthenticateAdminCli(t, ctx) output := e2e.RunCommand(ctx, "boundary", - e2e.WithArgs("roles", "delete", "-id", newGlobalRoleId4), + e2e.WithArgs("roles", "delete", "-id", globalRoleId4), ) require.NoError(t, output.Err, string(output.Stderr)) }) - _, err = boundary.CreateRoleCli(t, ctx, newOrgId) + _, err = boundary.CreateRoleCli(t, ctx, orgId) require.NoError(t, err) - _, err = boundary.CreateRoleCli(t, ctx, newProjectId) + _, err = boundary.CreateRoleCli(t, ctx, projectId) require.NoError(t, err) }