test(cli): exercise all service-account privileges in fixtures

claude · claude · commit 6ed49d2458ec · 2026-06-25T16:03:21.000Z
The list fixture now contains one account per valid privilege (member, admin, snapshotter, reader), and the list/table tests assert all four render. Adds create dry-run cases proving the snapshotter and reader values flow through to the payload, so the full privilege set is covered. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01SWQ362qtJBoP3ncxRck9qu
diff --git a/cmd/kosli/serviceAccount_test.go b/cmd/kosli/serviceAccount_test.go
@@ -47,14 +47,23 @@ func TestPrintServiceAccountAsTableEmptyDescription(t *testing.T) {
 
 func TestPrintServiceAccountsListAsTable(t *testing.T) {
 	raw := `[{"name":"ci-bot","description":"first","privilege":"member","created_at":1780584129.5},` +
-		`{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5}]`
+		`{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5},` +
+		`{"name":"snapshot-bot","description":"snaps","privilege":"snapshotter","created_at":1780584131.5},` +
+		`{"name":"auditor","description":"ro","privilege":"reader","created_at":1780584132.5}]`
 
 	var buf bytes.Buffer
 	err := printServiceAccountsListAsTable(raw, &buf, 0)
 	require.NoError(t, err)
 
 	out := buf.String()
-	for _, want := range []string{"NAME", "DESCRIPTION", "PRIVILEGE", "CREATED", "ci-bot", "first", "deployer", "admin"} {
+	// every privilege must render in the PRIVILEGE column
+	for _, want := range []string{
+		"NAME", "DESCRIPTION", "PRIVILEGE", "CREATED",
+		"ci-bot", "first", "member",
+		"deployer", "admin",
+		"snapshot-bot", "snapshotter",
+		"auditor", "reader",
+	} {
 		require.Contains(t, out, want)
 	}
 	// the deployer's empty description must render as N/A, not blank
@@ -90,6 +99,18 @@ func (suite *ServiceAccountCommandTestSuite) TestCreateServiceAccountCmd() {
 			cmd:         "create sa ci-bot --privilege member --dry-run" + suite.defaultKosliArguments,
 			goldenRegex: `service-accounts/docs-cmd-test-user`,
 		},
+		{
+			wantError:   false,
+			name:        "the snapshotter privilege passes through to the payload (dry-run)",
+			cmd:         "create service-account snapshot-bot --privilege snapshotter --dry-run" + suite.defaultKosliArguments,
+			goldenRegex: `(?s)service-accounts/docs-cmd-test-user.*"privilege": "snapshotter"`,
+		},
+		{
+			wantError:   false,
+			name:        "the reader privilege passes through to the payload (dry-run)",
+			cmd:         "create service-account auditor --privilege reader --dry-run" + suite.defaultKosliArguments,
+			goldenRegex: `(?s)service-accounts/docs-cmd-test-user.*"privilege": "reader"`,
+		},
 		{
 			wantError: true,
 			name:      "create fails when NAME argument is missing",
@@ -220,9 +241,9 @@ func (suite *ServiceAccountCommandTestSuite) TestServiceAccountSuccessOutput() {
 		},
 		{
 			wantError:   false,
-			name:        "list prints the returned service accounts",
-			cmd:         "list service-accounts --output json" + args,
-			goldenRegex: `(?s)ci-bot.*deployer`,
+			name:        "list prints the returned service accounts across all privileges",
+			cmd:         "list service-accounts" + args,
+			goldenRegex: `(?s)ci-bot.*member.*deployer.*admin.*snapshot-bot.*snapshotter.*auditor.*reader`,
 		},
 		{
 			wantError:   false,
diff --git a/cmd/kosli/testdata/service-account/README.md b/cmd/kosli/testdata/service-account/README.md
@@ -20,7 +20,7 @@ response contract lives in one place.
 | Fixture | Endpoint / response |
 |---------|---------------------|
 | `created_service_account.json` | `POST /service-accounts/{org}` → `201` (create) |
-| `listed_service_accounts.json` | `GET /service-accounts/{org}` → `200` (list) |
+| `listed_service_accounts.json` | `GET /service-accounts/{org}` → `200` (list; one account per privilege: member, admin, snapshotter, reader) |
 | `service_account.json` | `GET /service-accounts/{org}/{name}` → `200` (get) |
 | `updated_service_account.json` | `PATCH /service-accounts/{org}/{name}` → `200` (update) |
 | `delete_success.json` | `DELETE /service-accounts/{org}/{name}` → `200` (bare `"OK"`) |
diff --git a/cmd/kosli/testdata/service-account/listed_service_accounts.json b/cmd/kosli/testdata/service-account/listed_service_accounts.json
@@ -1 +1 @@
-[{"name":"ci-bot","description":"CI service account","privilege":"member","created_at":1780584129.5},{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5}]
+[{"name":"ci-bot","description":"CI service account","privilege":"member","created_at":1780584129.5},{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5},{"name":"snapshot-bot","description":"reports env snapshots","privilege":"snapshotter","created_at":1780584131.5},{"name":"auditor","description":"read-only access","privilege":"reader","created_at":1780584132.5}]

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-[{"name":"ci-bot","description":"CI service account","privilege":"member","created_at":1780584129.5},{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5}]`
	`1`	`+[{"name":"ci-bot","description":"CI service account","privilege":"member","created_at":1780584129.5},{"name":"deployer","description":"","privilege":"admin","created_at":1780584130.5},{"name":"snapshot-bot","description":"reports env snapshots","privilege":"snapshotter","created_at":1780584131.5},{"name":"auditor","description":"read-only access","privilege":"reader","created_at":1780584132.5}]`