Add tests for bm whoami, bm users, and bm access-key commands

10 new test files following the bm/roles test patterns. Each covers:
JSON-mode return shape, non-JSON output (where applicable),
flag/arg behavior, and OCAPI error paths via the expectError helper.

- whoami.test.ts (3 cases)
- users/{list,get,delete}.test.ts (3 cases each)
- users/search.test.ts (5 cases — covers convenience flags, raw --query
  passthrough, and invalid JSON rejection)
- users/update.test.ts (4 cases — covers the field→snake_case mapping
  and "no fields" guard)
- access-key/{get,delete}.test.ts cover both the explicit-login and
  whoami-fallback branches via two-call OCAPI stubs
- access-key/{create,set}.test.ts cover scope flag and PATCH body shape

CLI tests now: 1218 passing (was 1184). SDK tests unchanged at 1722.

Author: clavery

packages/b2c-cli/test/commands/bm/access-key/create.test.ts

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * SPDX-License-Identifier: Apache-2
+ * For full license text, see the license.txt file in the repo root or http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+import {ux} from '@oclif/core';
+import {expect} from 'chai';
+import {afterEach, beforeEach} from 'mocha';
+import sinon from 'sinon';
+import BmAccessKeyCreate from '../../../../src/commands/bm/access-key/create.js';
+import {createIsolatedConfigHooks, createTestCommand, expectError} from '../../../helpers/test-setup.js';
+
+describe('bm access-key create', () => {
+  const hooks = createIsolatedConfigHooks();
+
+  beforeEach(hooks.beforeEach);
+
+  afterEach(hooks.afterEach);
+
+  async function createCommand(flags: Record<string, unknown> = {}, args: Record<string, unknown> = {}) {
+    return createTestCommand(BmAccessKeyCreate, hooks.getConfig(), flags, args);
+  }
+
+  function stubCommon(command: any, {jsonEnabled}: {jsonEnabled: boolean}) {
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'jsonEnabled').returns(jsonEnabled);
+  }
+
+  it('creates an access key and returns secret in JSON mode', async () => {
+    const command: any = await createCommand({scope: 'STOREFRONT'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPut = sinon.stub().resolves({
+      data: {access_key: 'secret-value', enabled: true, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PUT: ocapiPut}}));
+
+    const result = await command.run();
+    expect(result.access_key).to.equal('secret-value');
+    expect(result.enabled).to.equal(true);
+    expect(ocapiPut.calledOnce).to.equal(true);
+    expect(ocapiPut.firstCall.args[0]).to.equal('/users/{login}/access_key/{scope}');
+    expect(ocapiPut.firstCall.args[1].params.path).to.deep.equal({
+      login: 'user@x.com',
+      scope: 'STOREFRONT',
+    });
+  });
+
+  it('displays access key details in non-JSON mode', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: false});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPut = sinon.stub().resolves({
+      data: {access_key: 'secret-value', enabled: true, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PUT: ocapiPut}}));
+
+    const stdoutStub = sinon.stub(ux, 'stdout').returns(void 0 as any);
+
+    const result = await command.run();
+    expect(result.access_key).to.equal('secret-value');
+    expect(stdoutStub.calledOnce).to.equal(true);
+  });
+
+  it('throws when API returns a fault', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPut = sinon.stub().resolves({
+      data: undefined,
+      error: {fault: {message: 'Bad request'}},
+      response: {status: 400, statusText: 'Bad Request'},
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PUT: ocapiPut}}));
+
+    await expectError(() => command.run(), /Failed to create access key/);
+  });
+});

packages/b2c-cli/test/commands/bm/access-key/delete.test.ts

@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * SPDX-License-Identifier: Apache-2
+ * For full license text, see the license.txt file in the repo root or http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+import {expect} from 'chai';
+import {afterEach, beforeEach} from 'mocha';
+import sinon from 'sinon';
+import BmAccessKeyDelete from '../../../../src/commands/bm/access-key/delete.js';
+import {createIsolatedConfigHooks, createTestCommand, expectError} from '../../../helpers/test-setup.js';
+
+describe('bm access-key delete', () => {
+  const hooks = createIsolatedConfigHooks();
+
+  beforeEach(hooks.beforeEach);
+
+  afterEach(hooks.afterEach);
+
+  async function createCommand(flags: Record<string, unknown> = {}, args: Record<string, unknown> = {}) {
+    return createTestCommand(BmAccessKeyDelete, hooks.getConfig(), flags, args);
+  }
+
+  function stubCommon(command: any, {jsonEnabled}: {jsonEnabled: boolean}) {
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'jsonEnabled').returns(jsonEnabled);
+  }
+
+  it('deletes an access key with --force in JSON mode', async () => {
+    const command: any = await createCommand({force: true, scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiDelete = sinon.stub().resolves({data: undefined, error: undefined});
+    sinon.stub(command, 'instance').get(() => ({ocapi: {DELETE: ocapiDelete}}));
+
+    const result = await command.run();
+    expect(result).to.deep.equal({
+      success: true,
+      login: 'user@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+      hostname: 'example.com',
+    });
+    expect(ocapiDelete.calledOnce).to.equal(true);
+    expect(ocapiDelete.firstCall.args[0]).to.equal('/users/{login}/access_key/{scope}');
+    expect(ocapiDelete.firstCall.args[1].params.path).to.deep.equal({
+      login: 'user@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+    });
+  });
+
+  it('falls back to whoami when login arg is omitted', async () => {
+    const command: any = await createCommand({force: true, scope: 'WEBDAV_AND_STUDIO'}, {});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiGet = sinon.stub().resolves({data: {login: 'me@x.com'}, error: undefined});
+    const ocapiDelete = sinon.stub().resolves({data: undefined, error: undefined});
+    sinon.stub(command, 'instance').get(() => ({ocapi: {GET: ocapiGet, DELETE: ocapiDelete}}));
+
+    const result = await command.run();
+    expect(result.success).to.equal(true);
+    expect(result.login).to.equal('me@x.com');
+    expect(ocapiGet.calledOnce).to.equal(true);
+    expect(ocapiGet.firstCall.args[0]).to.equal('/users/this');
+    expect(ocapiDelete.calledOnce).to.equal(true);
+    expect(ocapiDelete.firstCall.args[1].params.path).to.deep.equal({
+      login: 'me@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+    });
+  });
+
+  it('throws on 404', async () => {
+    const command: any = await createCommand({force: true, scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'jsonEnabled').returns(true);
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiDelete = sinon.stub().resolves({
+      data: undefined,
+      error: {fault: {message: 'Access key not found'}},
+      response: {status: 404, statusText: 'Not Found'},
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {DELETE: ocapiDelete}}));
+
+    await expectError(() => command.run(), /Failed to delete access key/);
+  });
+});

packages/b2c-cli/test/commands/bm/access-key/get.test.ts

@@ -0,0 +1,110 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * SPDX-License-Identifier: Apache-2
+ * For full license text, see the license.txt file in the repo root or http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+import {ux} from '@oclif/core';
+import {expect} from 'chai';
+import {afterEach, beforeEach} from 'mocha';
+import sinon from 'sinon';
+import BmAccessKeyGet from '../../../../src/commands/bm/access-key/get.js';
+import {createIsolatedConfigHooks, createTestCommand, expectError} from '../../../helpers/test-setup.js';
+
+describe('bm access-key get', () => {
+  const hooks = createIsolatedConfigHooks();
+
+  beforeEach(hooks.beforeEach);
+
+  afterEach(hooks.afterEach);
+
+  async function createCommand(flags: Record<string, unknown> = {}, args: Record<string, unknown> = {}) {
+    return createTestCommand(BmAccessKeyGet, hooks.getConfig(), flags, args);
+  }
+
+  function stubCommon(command: any, {jsonEnabled}: {jsonEnabled: boolean}) {
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'jsonEnabled').returns(jsonEnabled);
+  }
+
+  it('returns access key details in JSON mode with explicit login', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiGet = sinon.stub().resolves({
+      data: {enabled: true, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {GET: ocapiGet}}));
+
+    const result = await command.run();
+    expect(result.enabled).to.equal(true);
+    expect(result.expiration_date).to.equal('2027-01-01');
+    expect(ocapiGet.calledOnce).to.equal(true);
+    expect(ocapiGet.firstCall.args[0]).to.equal('/users/{login}/access_key/{scope}');
+    expect(ocapiGet.firstCall.args[1].params.path).to.deep.equal({
+      login: 'user@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+    });
+  });
+
+  it('falls back to whoami when login arg is omitted', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiGet = sinon.stub().callsFake((path: string) => {
+      if (path === '/users/this') {
+        return Promise.resolve({data: {login: 'me@x.com'}, error: undefined});
+      }
+      return Promise.resolve({data: {enabled: true}, error: undefined});
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {GET: ocapiGet}}));
+
+    const result = await command.run();
+    expect(result.enabled).to.equal(true);
+    expect(ocapiGet.callCount).to.equal(2);
+    expect(ocapiGet.firstCall.args[0]).to.equal('/users/this');
+    expect(ocapiGet.secondCall.args[0]).to.equal('/users/{login}/access_key/{scope}');
+    expect(ocapiGet.secondCall.args[1].params.path).to.deep.equal({
+      login: 'me@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+    });
+  });
+
+  it('displays access key fields in non-JSON mode', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: false});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiGet = sinon.stub().resolves({
+      data: {enabled: true, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {GET: ocapiGet}}));
+
+    const stdoutStub = sinon.stub(ux, 'stdout').returns(void 0 as any);
+
+    const result = await command.run();
+    expect(result.enabled).to.equal(true);
+    expect(stdoutStub.calledOnce).to.equal(true);
+  });
+
+  it('throws on 404', async () => {
+    const command: any = await createCommand({scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiGet = sinon.stub().resolves({
+      data: undefined,
+      error: {fault: {message: 'Access key not found'}},
+      response: {status: 404, statusText: 'Not Found'},
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {GET: ocapiGet}}));
+
+    await expectError(() => command.run(), /Failed to get access key/);
+  });
+});

packages/b2c-cli/test/commands/bm/access-key/set.test.ts

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * SPDX-License-Identifier: Apache-2
+ * For full license text, see the license.txt file in the repo root or http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+import {expect} from 'chai';
+import {afterEach, beforeEach} from 'mocha';
+import sinon from 'sinon';
+import BmAccessKeySet from '../../../../src/commands/bm/access-key/set.js';
+import {createIsolatedConfigHooks, createTestCommand, expectError} from '../../../helpers/test-setup.js';
+
+describe('bm access-key set', () => {
+  const hooks = createIsolatedConfigHooks();
+
+  beforeEach(hooks.beforeEach);
+
+  afterEach(hooks.afterEach);
+
+  async function createCommand(flags: Record<string, unknown> = {}, args: Record<string, unknown> = {}) {
+    return createTestCommand(BmAccessKeySet, hooks.getConfig(), flags, args);
+  }
+
+  function stubCommon(command: any, {jsonEnabled}: {jsonEnabled: boolean}) {
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'jsonEnabled').returns(jsonEnabled);
+  }
+
+  it('enables an access key with --enabled', async () => {
+    const command: any = await createCommand({enabled: true, scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPatch = sinon.stub().resolves({
+      data: {enabled: true, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PATCH: ocapiPatch}}));
+
+    const result = await command.run();
+    expect(result.enabled).to.equal(true);
+    expect(ocapiPatch.calledOnce).to.equal(true);
+    expect(ocapiPatch.firstCall.args[0]).to.equal('/users/{login}/access_key/{scope}');
+    expect(ocapiPatch.firstCall.args[1].params.path).to.deep.equal({
+      login: 'user@x.com',
+      scope: 'WEBDAV_AND_STUDIO',
+    });
+    expect(ocapiPatch.firstCall.args[1].body).to.deep.equal({enabled: true});
+  });
+
+  it('disables an access key with --no-enabled', async () => {
+    const command: any = await createCommand({enabled: false, scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    stubCommon(command, {jsonEnabled: true});
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPatch = sinon.stub().resolves({
+      data: {enabled: false, expiration_date: '2027-01-01'},
+      error: undefined,
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PATCH: ocapiPatch}}));
+
+    const result = await command.run();
+    expect(result.enabled).to.equal(false);
+    expect(ocapiPatch.firstCall.args[1].body).to.deep.equal({enabled: false});
+  });
+
+  it('throws on 404', async () => {
+    const command: any = await createCommand({enabled: true, scope: 'WEBDAV_AND_STUDIO'}, {login: 'user@x.com'});
+    sinon.stub(command, 'requireOAuthCredentials').returns(void 0);
+    sinon.stub(command, 'resolvedConfig').get(() => ({values: {hostname: 'example.com'}}));
+    sinon.stub(command, 'log').returns(void 0);
+
+    const ocapiPatch = sinon.stub().resolves({
+      data: undefined,
+      error: {fault: {message: 'Access key not found'}},
+      response: {status: 404, statusText: 'Not Found'},
+    });
+    sinon.stub(command, 'instance').get(() => ({ocapi: {PATCH: ocapiPatch}}));
+
+    await expectError(() => command.run(), /Failed to update access key/);
+  });
+});