@@ -19,18 +19,56 @@ package ocmrole
1919import (
2020 "fmt"
2121 "os"
22+ "testing"
2223
2324 "go.uber.org/mock/gomock"
2425
2526 . "github.com/onsi/ginkgo/v2"
2627 . "github.com/onsi/gomega"
2728 cmv1 "github.com/openshift-online/ocm-sdk-go/clustersmgmt/v1"
2829
30+ internalocmrole "github.com/openshift/rosa/internal/ocmrole"
2931 "github.com/openshift/rosa/pkg/aws"
3032 "github.com/openshift/rosa/pkg/reporter"
3133 "github.com/openshift/rosa/pkg/rosa"
3234)
3335
36+ func TestOCMRole (t * testing.T ) {
37+ RegisterFailHandler (Fail )
38+ RunSpecs (t , "OCM Role suite" )
39+ }
40+
41+ var _ = Describe ("internalocmrole.RoleProfile constants" , func () {
42+ It ("Should have correct profile values" , func () {
43+ Expect (internalocmrole .ProfileStandard ).To (Equal (internalocmrole .RoleProfile ("standard" )))
44+ Expect (internalocmrole .ProfileAdmin ).To (Equal (internalocmrole .RoleProfile ("admin" )))
45+ Expect (internalocmrole .ProfileNoConsole ).To (Equal (internalocmrole .RoleProfile ("no-console" )))
46+ })
47+ })
48+
49+ var _ = Describe ("internalocmrole.DetermineProfile" , func () {
50+ It ("should return internalocmrole.ProfileAdmin when isAdmin is true" , func () {
51+ profile := internalocmrole .DetermineProfile (true , false )
52+ Expect (profile ).To (Equal (internalocmrole .ProfileAdmin ))
53+ })
54+
55+ It ("should return internalocmrole.ProfileAdmin when both isAdmin and isNoConsole are true" , func () {
56+ // Admin takes precedence
57+ profile := internalocmrole .DetermineProfile (true , true )
58+ Expect (profile ).To (Equal (internalocmrole .ProfileAdmin ))
59+ })
60+
61+ It ("should return internalocmrole.ProfileNoConsole when isNoConsole is true and isAdmin is false" , func () {
62+ profile := internalocmrole .DetermineProfile (false , true )
63+ Expect (profile ).To (Equal (internalocmrole .ProfileNoConsole ))
64+ })
65+
66+ It ("should return internalocmrole.ProfileStandard when both are false" , func () {
67+ profile := internalocmrole .DetermineProfile (false , false )
68+ Expect (profile ).To (Equal (internalocmrole .ProfileStandard ))
69+ })
70+ })
71+
3472var _ = Describe ("buildCommands" , func () {
3573 var (
3674 creator * aws.Creator
@@ -76,7 +114,7 @@ var _ = Describe("buildCommands", func() {
76114 "" ,
77115 creator ,
78116 "production" ,
79- ProfileNoConsole ,
117+ internalocmrole . ProfileNoConsole ,
80118 true , // managedPolicies
81119 false ,
82120 policies ,
@@ -96,7 +134,7 @@ var _ = Describe("buildCommands", func() {
96134 "" ,
97135 creator ,
98136 "production" ,
99- ProfileNoConsole ,
137+ internalocmrole . ProfileNoConsole ,
100138 true , // managedPolicies
101139 false ,
102140 policies ,
@@ -115,7 +153,7 @@ var _ = Describe("buildCommands", func() {
115153 "" ,
116154 creator ,
117155 "production" ,
118- ProfileAdmin ,
156+ internalocmrole . ProfileAdmin ,
119157 true , // managedPolicies
120158 false ,
121159 policies ,
@@ -135,7 +173,7 @@ var _ = Describe("buildCommands", func() {
135173 "" ,
136174 creator ,
137175 "production" ,
138- ProfileAdmin ,
176+ internalocmrole . ProfileAdmin ,
139177 true , // managedPolicies
140178 false ,
141179 policies ,
@@ -154,7 +192,7 @@ var _ = Describe("buildCommands", func() {
154192 "" ,
155193 creator ,
156194 "production" ,
157- ProfileStandard ,
195+ internalocmrole . ProfileStandard ,
158196 true , // managedPolicies
159197 false ,
160198 policies ,
@@ -174,7 +212,7 @@ var _ = Describe("buildCommands", func() {
174212 "" ,
175213 creator ,
176214 "production" ,
177- ProfileNoConsole ,
215+ internalocmrole . ProfileNoConsole ,
178216 true , // managedPolicies
179217 false ,
180218 policies ,
@@ -252,7 +290,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
252290 })
253291
254292 It ("should generate no-console permission policy file when profile is no-console" , func () {
255- err := generateOcmRolePolicyFiles (r , env , orgID , ProfileNoConsole , policies )
293+ err := generateOcmRolePolicyFiles (r , env , orgID , internalocmrole . ProfileNoConsole , policies )
256294 Expect (err ).ToNot (HaveOccurred ())
257295
258296 _ , err = os .Stat ("sts_ocm_no_console_permission_policy.json" )
@@ -269,7 +307,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
269307 })
270308
271309 It ("should generate standard permission policy file when profile is standard" , func () {
272- err := generateOcmRolePolicyFiles (r , env , orgID , ProfileStandard , policies )
310+ err := generateOcmRolePolicyFiles (r , env , orgID , internalocmrole . ProfileStandard , policies )
273311 Expect (err ).ToNot (HaveOccurred ())
274312
275313 _ , err = os .Stat ("sts_ocm_permission_policy.json" )
@@ -286,7 +324,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
286324 })
287325
288326 It ("should generate admin policy file when profile is admin" , func () {
289- err := generateOcmRolePolicyFiles (r , env , orgID , ProfileAdmin , policies )
327+ err := generateOcmRolePolicyFiles (r , env , orgID , internalocmrole . ProfileAdmin , policies )
290328 Expect (err ).ToNot (HaveOccurred ())
291329
292330 _ , err = os .Stat ("sts_ocm_admin_permission_policy.json" )
@@ -303,7 +341,7 @@ var _ = Describe("generateOcmRolePolicyFiles", func() {
303341 })
304342
305343 It ("should generate no-console files successfully when policy is available" , func () {
306- err := generateOcmRolePolicyFiles (r , env , orgID , ProfileNoConsole , policies )
344+ err := generateOcmRolePolicyFiles (r , env , orgID , internalocmrole . ProfileNoConsole , policies )
307345
308346 Expect (err ).NotTo (HaveOccurred ())
309347 // Verify no-console permission policy file was created
@@ -345,7 +383,7 @@ var _ = Describe("checkRoleExists", func() {
345383 mockClient .EXPECT ().IsAdminRole (roleName ).Return (false , nil )
346384 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (false , nil )
347385
348- arn , exists , err := checkRoleExists (r , roleName , ProfileStandard , "auto" , "" )
386+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileStandard , "auto" , "" )
349387
350388 Expect (err ).NotTo (HaveOccurred ())
351389 Expect (exists ).To (BeTrue ())
@@ -357,7 +395,7 @@ var _ = Describe("checkRoleExists", func() {
357395 mockClient .EXPECT ().IsAdminRole (roleName ).Return (true , nil )
358396 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (false , nil )
359397
360- _ , exists , err := checkRoleExists (r , roleName , ProfileStandard , "auto" , "" )
398+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileStandard , "auto" , "" )
361399
362400 Expect (err ).To (HaveOccurred ())
363401 Expect (exists ).To (BeTrue ())
@@ -369,7 +407,7 @@ var _ = Describe("checkRoleExists", func() {
369407 mockClient .EXPECT ().IsAdminRole (roleName ).Return (false , nil )
370408 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (true , nil )
371409
372- _ , exists , err := checkRoleExists (r , roleName , ProfileStandard , "auto" , "" )
410+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileStandard , "auto" , "" )
373411
374412 Expect (err ).To (HaveOccurred ())
375413 Expect (exists ).To (BeTrue ())
@@ -383,7 +421,7 @@ var _ = Describe("checkRoleExists", func() {
383421 mockClient .EXPECT ().IsAdminRole (roleName ).Return (true , nil )
384422 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (false , nil )
385423
386- arn , exists , err := checkRoleExists (r , roleName , ProfileAdmin , "auto" , "" )
424+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileAdmin , "auto" , "" )
387425
388426 Expect (err ).NotTo (HaveOccurred ())
389427 Expect (exists ).To (BeTrue ())
@@ -395,7 +433,7 @@ var _ = Describe("checkRoleExists", func() {
395433 mockClient .EXPECT ().IsAdminRole (roleName ).Return (false , nil )
396434 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (true , nil )
397435
398- _ , exists , err := checkRoleExists (r , roleName , ProfileAdmin , "auto" , "" )
436+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileAdmin , "auto" , "" )
399437
400438 Expect (err ).To (HaveOccurred ())
401439 Expect (exists ).To (BeTrue ())
@@ -415,7 +453,7 @@ var _ = Describe("checkRoleExists", func() {
415453 "arn:aws:iam::123456789012:policy/test-role-NoConsole-Policy" ,
416454 }, nil )
417455
418- arn , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
456+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
419457
420458 Expect (err ).NotTo (HaveOccurred ())
421459 Expect (exists ).To (BeTrue ())
@@ -427,7 +465,7 @@ var _ = Describe("checkRoleExists", func() {
427465 mockClient .EXPECT ().IsAdminRole (roleName ).Return (true , nil )
428466 mockClient .EXPECT ().IsNoConsoleRole (roleName ).Return (false , nil )
429467
430- _ , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
468+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
431469
432470 Expect (err ).To (HaveOccurred ())
433471 Expect (exists ).To (BeTrue ())
@@ -442,7 +480,7 @@ var _ = Describe("checkRoleExists", func() {
442480 "arn:aws:iam::123456789012:policy/ManagedOpenShift-OCM-Role-Policy" ,
443481 }, nil )
444482
445- _ , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
483+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
446484
447485 Expect (err ).To (HaveOccurred ())
448486 Expect (exists ).To (BeTrue ())
@@ -459,7 +497,7 @@ var _ = Describe("checkRoleExists", func() {
459497 }, nil )
460498 mockClient .EXPECT ().AddRoleTag (roleName , "rosa_no_console_role" , "true" ).Return (nil )
461499
462- arn , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
500+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
463501
464502 Expect (err ).NotTo (HaveOccurred ())
465503 Expect (exists ).To (BeTrue ())
@@ -477,7 +515,7 @@ var _ = Describe("checkRoleExists", func() {
477515 mockClient .EXPECT ().AddRoleTag (roleName , "rosa_no_console_role" , "true" ).Return (
478516 fmt .Errorf ("tag operation failed" ))
479517
480- _ , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
518+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
481519
482520 Expect (err ).To (HaveOccurred ())
483521 Expect (exists ).To (BeTrue ())
@@ -492,7 +530,7 @@ var _ = Describe("checkRoleExists", func() {
492530 "arn:aws:iam::123456789012:policy/test-role-Policy" , // standard policy, not no-console
493531 }, nil )
494532
495- _ , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , "" )
533+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , "" )
496534
497535 Expect (err ).To (HaveOccurred ())
498536 Expect (exists ).To (BeTrue ())
@@ -512,7 +550,7 @@ var _ = Describe("checkRoleExists", func() {
512550 }, nil )
513551 mockClient .EXPECT ().AddRoleTag (roleName , "rosa_admin_role" , "true" ).Return (nil )
514552
515- arn , exists , err := checkRoleExists (r , roleName , ProfileAdmin , "auto" , "" )
553+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileAdmin , "auto" , "" )
516554
517555 Expect (err ).NotTo (HaveOccurred ())
518556 Expect (exists ).To (BeTrue ())
@@ -531,7 +569,7 @@ var _ = Describe("checkRoleExists", func() {
531569 mockClient .EXPECT ().AddRoleTag (roleName , "rosa_admin_role" , "true" ).Return (
532570 fmt .Errorf ("tag operation failed" ))
533571
534- _ , exists , err := checkRoleExists (r , roleName , ProfileAdmin , "auto" , "" )
572+ _ , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileAdmin , "auto" , "" )
535573
536574 Expect (err ).To (HaveOccurred ())
537575 Expect (exists ).To (BeTrue ())
@@ -549,7 +587,7 @@ var _ = Describe("checkRoleExists", func() {
549587 }, nil )
550588 mockClient .EXPECT ().AddRoleTag (roleName , "rosa_no_console_role" , "true" ).Return (nil )
551589
552- arn , exists , err := checkRoleExists (r , roleName , ProfileNoConsole , "auto" , customPath )
590+ arn , exists , err := checkRoleExists (r , roleName , internalocmrole . ProfileNoConsole , "auto" , customPath )
553591
554592 Expect (err ).NotTo (HaveOccurred ())
555593 Expect (exists ).To (BeTrue ())
0 commit comments