Add tests for user and group deletion functionality

Signed-off-by: Shiv Tyagi <shivtyagi3015@gmail.com>

Author: shiv-tyagi

cmd/authctl/group/delete_test.go

@@ -0,0 +1,94 @@
+package group_test
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/canonical/authd/internal/testutils"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+)
+
+func TestGroupDeleteCommand(t *testing.T) {
+	daemonSocket := testutils.StartAuthd(t, daemonPath,
+		testutils.WithGroupFile(filepath.Join("testdata", "empty.group")),
+		testutils.WithPreviousDBState("multiple_users_and_groups"),
+		testutils.WithCurrentUserAsRoot,
+	)
+
+	err := os.Setenv("AUTHD_SOCKET", daemonSocket)
+	require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+
+	tests := map[string]struct {
+		args             []string
+		stdin            string
+		authdUnavailable bool
+
+		expectedExitCode int
+	}{
+		"Delete_group_success": {
+			args:             []string{"delete", "--yes", "group1"},
+			expectedExitCode: 0,
+		},
+
+		"Confirmation_prompt_accepted_with_y": {
+			args:             []string{"delete", "group2"},
+			stdin:            "y\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_accepted_with_yes": {
+			args:             []string{"delete", "group3"},
+			stdin:            "yes\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_accepted_case_insensitively": {
+			args:             []string{"delete", "group4"},
+			stdin:            "YES\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_aborted_with_n": {
+			args:             []string{"delete", "group1"},
+			stdin:            "n\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_aborted_with_empty_input": {
+			args:             []string{"delete", "group1"},
+			stdin:            "\n",
+			expectedExitCode: 0,
+		},
+
+		"Error_when_group_does_not_exist": {
+			args:             []string{"delete", "--yes", "nonexistent"},
+			expectedExitCode: int(codes.NotFound),
+		},
+		"Error_when_authd_is_unavailable": {
+			args:             []string{"delete", "--yes", "group1"},
+			authdUnavailable: true,
+			expectedExitCode: int(codes.Unavailable),
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			if tc.authdUnavailable {
+				origValue := os.Getenv("AUTHD_SOCKET")
+				err := os.Setenv("AUTHD_SOCKET", "/non-existent")
+				require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+				t.Cleanup(func() {
+					err := os.Setenv("AUTHD_SOCKET", origValue)
+					require.NoError(t, err, "Failed to restore AUTHD_SOCKET environment variable")
+				})
+			}
+
+			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
+			cmd := exec.Command(authctlPath, append([]string{"group"}, tc.args...)...)
+			if tc.stdin != "" {
+				cmd.Stdin = strings.NewReader(tc.stdin)
+			}
+			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
+		})
+	}
+}

cmd/authctl/user/delete_test.go

@@ -0,0 +1,133 @@
+package user_test
+
+import (
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/canonical/authd/internal/testutils"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/codes"
+)
+
+const homeBasePath = "/tmp/authd-delete-cmd-test/home"
+
+func TestUserDeleteCommand(t *testing.T) {
+	daemonSocket := testutils.StartAuthd(t, daemonPath,
+		testutils.WithGroupFile(filepath.Join("testdata", "empty.group")),
+		testutils.WithPreviousDBState("multiple_users_and_groups_with_tmp_home"),
+		testutils.WithCurrentUserAsRoot,
+	)
+	t.Cleanup(func() { _ = os.RemoveAll(homeBasePath) })
+
+	err := os.Setenv("AUTHD_SOCKET", daemonSocket)
+	require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+
+	tests := map[string]struct {
+		args             []string
+		stdin            string
+		authdUnavailable bool
+
+		createHomeDir      bool
+		wantHomeDirRemoved bool
+
+		expectedExitCode int
+	}{
+		"Delete_user_success": {
+			args:             []string{"delete", "--yes", "user1@example.com"},
+			expectedExitCode: 0,
+		},
+
+		"Confirmation_prompt_accepted_with_y": {
+			args:             []string{"delete", "user2@example.com"},
+			stdin:            "y\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_accepted_with_yes": {
+			args:             []string{"delete", "user3@example.com"},
+			stdin:            "yes\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_accepted_case_insensitively": {
+			args:             []string{"delete", "user4@example.com"},
+			stdin:            "YES\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_aborted_with_n": {
+			args:             []string{"delete", "user1@example.com"},
+			stdin:            "n\n",
+			expectedExitCode: 0,
+		},
+		"Confirmation_prompt_aborted_with_empty_input": {
+			args:             []string{"delete", "user1@example.com"},
+			stdin:            "\n",
+			expectedExitCode: 0,
+		},
+
+		"Delete_with_remove_flag_removes_home_dir": {
+			args:               []string{"delete", "--yes", "--remove", "user5@example.com"},
+			createHomeDir:      true,
+			wantHomeDirRemoved: true,
+			expectedExitCode:   0,
+		},
+		"Delete_without_remove_flag_keeps_home_dir": {
+			args:             []string{"delete", "--yes", "user6@example.com"},
+			createHomeDir:    true,
+			expectedExitCode: 0,
+		},
+		"Delete_with_remove_flag_succeeds_when_home_dir_does_not_exist": {
+			args:               []string{"delete", "--yes", "--remove", "user7@example.com"},
+			wantHomeDirRemoved: true,
+			expectedExitCode:   0,
+		},
+
+		"Error_when_user_does_not_exist": {
+			args:             []string{"delete", "--yes", "nonexistent@example.com"},
+			expectedExitCode: int(codes.NotFound),
+		},
+		"Error_when_authd_is_unavailable": {
+			args:             []string{"delete", "--yes", "user1@example.com"},
+			authdUnavailable: true,
+			expectedExitCode: int(codes.Unavailable),
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			if tc.authdUnavailable {
+				origValue := os.Getenv("AUTHD_SOCKET")
+				err := os.Setenv("AUTHD_SOCKET", "/non-existent")
+				require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+				t.Cleanup(func() {
+					err := os.Setenv("AUTHD_SOCKET", origValue)
+					require.NoError(t, err, "Failed to restore AUTHD_SOCKET environment variable")
+				})
+			}
+
+			// Extract the username from the last element of args
+			username := tc.args[len(tc.args)-1]
+			homeDir := filepath.Join(homeBasePath, username)
+
+			if tc.createHomeDir {
+				err := os.MkdirAll(homeDir, 0o700)
+				require.NoError(t, err, "Setup: failed to create home directory %q", homeDir)
+				t.Cleanup(func() { _ = os.RemoveAll(homeDir) })
+			}
+
+			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
+			cmd := exec.Command(authctlPath, append([]string{"user"}, tc.args...)...)
+			if tc.stdin != "" {
+				cmd.Stdin = strings.NewReader(tc.stdin)
+			}
+			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
+
+			if tc.wantHomeDirRemoved {
+				require.NoDirExists(t, homeDir, "Home directory %q should have been removed", homeDir)
+			} else if tc.createHomeDir {
+				require.DirExists(t, homeDir, "Home directory %q should still exist", homeDir)
+			}
+		})
+	}
+}

internal/brokers/broker_test.go

@@ -346,6 +346,33 @@ func TestUserPreCheck(t *testing.T) {
 	}
 }
 
+func TestDeleteUser(t *testing.T) {
+	t.Parallel()
+
+	b := newBrokerForTests(t, "", "")
+
+	tests := map[string]struct {
+		username string
+
+		wantErr bool
+	}{
+		"Successfully_delete_user":        {username: "user1@example.com"},
+		"Error_when_broker_returns_error": {username: "delete_error@example.com", wantErr: true},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			err := b.DeleteUser(context.Background(), tc.username)
+			if tc.wantErr {
+				require.Error(t, err, "DeleteUser should return an error, but did not")
+				return
+			}
+			require.NoError(t, err, "DeleteUser should not return an error, but did")
+		})
+	}
+}
+
 func newBrokerForTests(t *testing.T, cfgDir, brokerCfg string) (b brokers.Broker) {
 	t.Helper()
 

internal/services/user/user_test.go

@@ -423,6 +423,85 @@ func TestSetGroupID(t *testing.T) {
 	}
 }
 
+func TestDeleteUser(t *testing.T) {
+	tests := map[string]struct {
+		sourceDB           string
+		username           string
+		currentUserNotRoot bool
+
+		wantErr bool
+	}{
+		"Successfully_delete_user":                {username: "user1@example.com"},
+		"Successfully_delete_user_with_uppercase": {username: "USER1@EXAMPLE.COM"},
+
+		"Error_when_username_is_empty":      {wantErr: true},
+		"Error_when_user_does_not_exist":    {username: "doesnotexist@example.com", wantErr: true},
+		"Error_when_not_root":               {username: "user1@example.com", currentUserNotRoot: true, wantErr: true},
+		"Error_when_broker_fails_to_delete": {username: "delete_error@example.com", wantErr: true},
+		"Error_when_broker_not_found":       {sourceDB: "default.db.yaml", username: "user1@example.com", wantErr: true},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			if !tc.wantErr {
+				userslocking.Z_ForTests_OverrideLockingWithCleanup(t)
+			}
+
+			dbFile := tc.sourceDB
+			if dbFile == "" {
+				dbFile = "delete-user.db.yaml"
+			}
+
+			client, m := newUserServiceClient(t, dbFile, tc.currentUserNotRoot)
+
+			_, err := client.DeleteUser(context.Background(), &authd.DeleteUserRequest{Name: tc.username})
+			if tc.wantErr {
+				require.Error(t, err, "DeleteUser should return an error, but did not")
+				return
+			}
+			require.NoError(t, err, "DeleteUser should not return an error, but did")
+
+			dbContent, err := db.Z_ForTests_DumpNormalizedYAML(userstestutils.DBManager(m))
+			require.NoError(t, err, "Setup: failed to dump database for comparing")
+			golden.CheckOrUpdate(t, dbContent)
+		})
+	}
+}
+
+func TestDeleteGroup(t *testing.T) {
+	tests := map[string]struct {
+		sourceDB string
+
+		groupname          string
+		currentUserNotRoot bool
+
+		wantErr bool
+	}{
+		"Successfully_delete_group":                {groupname: "commongroup"},
+		"Successfully_delete_group_with_uppercase": {groupname: "COMMONGROUP"},
+
+		"Error_when_groupname_is_empty":                         {wantErr: true},
+		"Error_when_group_does_not_exist":                       {groupname: "doesnotexist", wantErr: true},
+		"Error_when_not_root":                                   {groupname: "commongroup", currentUserNotRoot: true, wantErr: true},
+		"Error_when_group_is_primary_group_of_an_existing_user": {groupname: "group1", wantErr: true},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			client, m := newUserServiceClient(t, tc.sourceDB, tc.currentUserNotRoot)
+
+			_, err := client.DeleteGroup(context.Background(), &authd.DeleteGroupRequest{Name: tc.groupname})
+			if tc.wantErr {
+				require.Error(t, err, "DeleteGroup should return an error, but did not")
+				return
+			}
+			require.NoError(t, err, "DeleteGroup should not return an error, but did")
+
+			dbContent, err := db.Z_ForTests_DumpNormalizedYAML(userstestutils.DBManager(m))
+			require.NoError(t, err, "Setup: failed to dump database for comparing")
+			golden.CheckOrUpdate(t, dbContent)
+		})
+	}
+}
+
 // newUserServiceClient returns a new gRPC client for the CLI service.
 func newUserServiceClient(t *testing.T, dbFile string, currentUserNotRoot ...bool) (client authd.UserServiceClient, userManager *users.Manager) {
 	t.Helper()

internal/users/db/db_test.go

@@ -1066,6 +1066,46 @@ func TestDeleteUser(t *testing.T) {
 	}
 }
 
+func TestDeleteGroup(t *testing.T) {
+	t.Parallel()
+
+	tests := map[string]struct {
+		dbFile string
+		gid    uint32
+
+		wantErr     bool
+		wantErrType error
+	}{
+		"Deleting_sole_group_of_a_user_removes_group_and_memberships_but_keeps_user": {dbFile: "one_user_and_group", gid: 11111},
+		"Deleting_shared_group_removes_only_that_group_and_its_memberships":          {dbFile: "multiple_users_and_groups", gid: 99999},
+
+		"Error_on_nonexistent_group": {gid: 11111, wantErrType: db.NoDataFoundError{}},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			c := initDB(t, tc.dbFile)
+
+			err := c.DeleteGroup(tc.gid)
+			log.Debugf(context.Background(), "DeleteGroup error: %v", err)
+			if tc.wantErr {
+				require.Error(t, err, "DeleteGroup should return an error but didn't")
+				return
+			}
+			if tc.wantErrType != nil {
+				require.ErrorIs(t, err, tc.wantErrType, "DeleteGroup should return expected error")
+				return
+			}
+			require.NoError(t, err)
+
+			got, err := db.Z_ForTests_DumpNormalizedYAML(c)
+			require.NoError(t, err)
+			golden.CheckOrUpdate(t, got)
+		})
+	}
+}
+
 // TestBackwardCompatibilityAndMigrations covers loading legacy schemas (e.g., v2 with INT ugid)
 // and migrating older schemas (e.g., v1 without 'locked' column) to the latest schema.
 func TestBackwardCompatibilityAndMigrations(t *testing.T) {