-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathfleet-access.e2e.ts
More file actions
194 lines (158 loc) · 7.48 KB
/
fleet-access.e2e.ts
File metadata and controls
194 lines (158 loc) · 7.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* Copyright Oxide Computer Company
*/
import { crossSiloGroupId, crossSiloUserId, user3 } from '@oxide/api-mocks'
import { expect, expectRowVisible, expectToast, getPageAsUser, test } from './utils'
test('Click through fleet access page', async ({ page }) => {
await page.goto('/system/access')
const table = page.getByRole('table')
// initial fleet role assignments: Hannah Arendt (admin), Jane Austen (viewer)
await expect(page.getByRole('heading', { name: /Fleet Access/ })).toBeVisible()
await expectRowVisible(table, {
Name: 'Hannah Arendt',
Type: 'User',
'Fleet role': 'fleet.admin',
})
await expectRowVisible(table, {
Name: 'Jane Austen',
Type: 'User',
'Fleet role': 'fleet.viewer',
})
await expect(page.getByRole('cell', { name: user3.display_name })).toBeHidden()
// cross-silo user and group show UUID fallback since names can't be resolved
await expectRowVisible(table, {
Name: crossSiloUserId,
Type: 'User',
'Fleet role': 'fleet.collaborator',
})
await expectRowVisible(table, {
Name: crossSiloGroupId,
Type: 'Group',
'Fleet role': 'fleet.viewer',
})
// role mapping rows from silos with mapped_fleet_roles
await expectRowVisible(table, {
Name: 'Any silo.collaborator in maze-war',
Type: 'Role mapping',
'Fleet role': 'fleet.admin',
})
await expectRowVisible(table, {
Name: 'Any silo.viewer in myriad',
Type: 'Role mapping',
'Fleet role': 'fleet.viewer',
})
// Add user 3 as collaborator
await page.getByRole('button', { name: 'Add user or group' }).click()
await expect(page.getByRole('heading', { name: /Add user or group/ })).toBeVisible()
await page.getByRole('button', { name: /User or group/ }).click()
// users already assigned should not be in the list
await expect(page.getByRole('option', { name: 'Hannah Arendt' })).toBeHidden()
await expect(page.getByRole('option', { name: 'Jacob Klein' })).toBeVisible()
await expect(page.getByRole('option', { name: 'Hans Jonas' })).toBeVisible()
await expect(page.getByRole('option', { name: 'Simone de Beauvoir' })).toBeVisible()
await page.getByRole('option', { name: 'Jacob Klein' }).click()
await page.getByRole('radio', { name: /^Collaborator / }).click()
await page.getByRole('button', { name: 'Assign role' }).click()
// user 3 shows up in the table
await expectRowVisible(table, {
Name: 'Jacob Klein',
Type: 'User',
'Fleet role': 'fleet.collaborator',
})
// change user 3's role from collaborator to viewer
await page
.getByRole('row', { name: user3.display_name, exact: false })
.getByRole('button', { name: 'Row actions' })
.click()
await page.getByRole('menuitem', { name: 'Change role' }).click()
await expect(page.getByRole('heading', { name: /Edit role/ })).toBeVisible()
await expect(page.getByRole('radio', { name: /^Collaborator / })).toBeChecked()
await page.getByRole('radio', { name: /^Viewer / }).click()
await page.getByRole('button', { name: 'Update role' }).click()
await expectRowVisible(table, { Name: user3.display_name, 'Fleet role': 'fleet.viewer' })
// delete user 3
const user3Row = page.getByRole('row', { name: user3.display_name, exact: false })
await expect(user3Row).toBeVisible()
await user3Row.getByRole('button', { name: 'Row actions' }).click()
await page.getByRole('menuitem', { name: 'Delete' }).click()
await page.getByRole('button', { name: 'Confirm' }).click()
await expectToast(page, 'Access removed')
await expect(user3Row).toBeHidden()
})
test('Add a group to fleet access', async ({ page }) => {
await page.goto('/system/access')
const table = page.getByRole('table')
// groups should not already be in the table
await expect(page.getByRole('cell', { name: 'web-devs' })).toBeHidden()
await page.getByRole('button', { name: 'Add user or group' }).click()
await page.getByRole('button', { name: /User or group/ }).click()
// groups appear before users in the picker, with a "Group" badge
await expect(page.getByRole('option', { name: /web-devs/ })).toBeVisible()
await expect(page.getByRole('option', { name: /kernel-devs/ })).toBeVisible()
await page.getByRole('option', { name: /web-devs/ }).click()
await page.getByRole('radio', { name: /^Viewer / }).click()
await page.getByRole('button', { name: 'Assign role' }).click()
await expectRowVisible(table, {
Name: 'web-devs',
Type: 'Group',
'Fleet role': 'fleet.viewer',
})
})
test('Self-removal warning on delete', async ({ page }) => {
await page.goto('/system/access')
// Hannah Arendt is the logged-in user with fleet admin
const hannahRow = page.getByRole('row', { name: 'Hannah Arendt', exact: false })
await hannahRow.getByRole('button', { name: 'Row actions' }).click()
await page.getByRole('menuitem', { name: 'Delete' }).click()
// confirm dialog should show the self-removal warning
await expect(page.getByText('This will remove your own fleet access.')).toBeVisible()
// cancel instead of confirming
await page.getByRole('button', { name: 'Cancel' }).click()
})
test('Fleet viewer cannot modify fleet access', async ({ browser }) => {
const page = await getPageAsUser(browser, 'Jane Austen')
await page.goto('/system/access')
const table = page.getByRole('table')
await expect(page.getByRole('heading', { name: /Fleet Access/ })).toBeVisible()
await expectRowVisible(table, { Name: 'Hannah Arendt', 'Fleet role': 'fleet.admin' })
// attempt to add a user — the submit should fail with 403
await page.getByRole('button', { name: 'Add user or group' }).click()
await page.getByRole('button', { name: /User or group/ }).click()
await page.getByRole('option', { name: 'Jacob Klein' }).click()
await page.getByRole('button', { name: 'Assign role' }).click()
await expect(page.getByText('Action not authorized')).toBeVisible()
// dismiss the modal and confirm the table is unchanged
await page.getByRole('button', { name: 'Cancel' }).click()
await expect(page.getByRole('cell', { name: 'Jacob Klein' })).toBeHidden()
})
test('Cross-silo user shows UUID with tooltip', async ({ page }) => {
await page.goto('/system/access')
// cross-silo user's name can't be resolved, so UUID is shown
const userCell = page.getByRole('cell', { name: crossSiloUserId })
await expect(userCell).toBeVisible()
await userCell.getByRole('button', { name: 'Tip' }).hover()
await expect(
page.getByText("Can't resolve name because user is not in your silo")
).toBeVisible()
// dismiss the first tooltip before checking the group's
await page.getByRole('heading', { name: /Fleet Access/ }).click()
// same for a cross-silo group
const groupCell = page.getByRole('cell', { name: crossSiloGroupId })
await expect(groupCell).toBeVisible()
await groupCell.getByRole('button', { name: 'Tip' }).hover()
await expect(
page.getByText("Can't resolve name because group is not in your silo")
).toBeVisible()
})
test('Role mapping row links to silo fleet roles', async ({ page }) => {
await page.goto('/system/access')
// click the silo name link in a mapping row
await page.getByRole('link', { name: 'maze-war' }).click()
await expect(page).toHaveURL(/\/system\/silos\/maze-war\/fleet-roles/)
await expect(page.getByText('Silo collaboratorFleet admin')).toBeVisible()
await expect(page.getByText('Silo adminFleet collaborator')).toBeHidden()
})