Test suite for ACL on git.liw.fi
================================

Introduction
------------

This is a test suite for my Gitano ACL setup on git.liw.fi. It is run
against either the real or a test instance of the setup. It requires
the person running it to have admin access on the Gitano instance,
so the tests can create and remove users and repositories.

Pre-requisites
--------------

Yarn must be run with `--env` used to set the environment variables
`GITANO` and `GITHOST`. `GITANO` must be the Unix user for the
Gitano instance (typically `git`), and `GITHOST` must be the address
of the host (IP address or domain name).

The person running this test suite must be able to log in to the
Gitano instance using their normal ssh key. In other words,
`ssh "$GITANO@$GITHOST" whoami` must work.

See the `check` script for details on how to invoke yarn for this test
suite.

The test suite will create a user called `tstusr` and `tstusr2`, and
remove them after the test suite. The users may get created and
removed multiple times.

User creation
-------------

The admin must be able to create and remove a user.

	SCENARIO admin can create and remove a user
	ASSUMING no tstusr user exists on server
	GIVEN an ssh key for tstusr
	WHEN admin creates user tstusr
	THEN user tstusr exists
	AND user tstusr can access gitano
	WHEN admin removes user tstusr
	THEN user tstusr doesn't exist
	FINALLY remove user tstusr on server

A non-admin mustn't be able to create or remove users.

	SCENARIO non-admin attempts to create or remove users
	ASSUMING no tstusr user exists on server
	AND no tstusr2 user exists on server
	GIVEN an ssh key for tstusr
	AND an ssh key for tstusr2
	WHEN admin creates user tstusr
	AND tstusr attempts to create user tstusr2
	THEN gitano failed with error matching "You may not perform site administration"
	FINALLY remove user tstusr on server

Implementations
---------------

Verify that there are no test related users on the server. If there
is, something's gone wrong in a previous run, and things should be
cleaned up manually. Or another run of the test suite is going on, and
we shouldn't interfere with that.

We split up the various assumptions so the implementation code
doesn't make assumptions on user names, etc.

	IMPLEMENTS ASSUMING no (\S+) user exists on server
	if user_exists "$MATCH_1"
	then
		die "User $MATCH_1 exists on server, but shouldn't"
	fi
	
Create an ssh key for a user. This is generated for a scenario,
then discarded.

	IMPLEMENTS GIVEN an ssh key for (\S+)
	ssh-keygen -f "$DATADIR/$MATCH_1.key" -N ''
	
Create a user on the server. Only an admin should be able to do
this, but anyone can try. Note that since we only care about
usernames, we invent the real name and e-mail address.

	IMPLEMENTS WHEN (\S+) creates user (\S+)
	user_add "$MATCH_1" "$MATCH_2"

Verify a user exists on the server.

	IMPLEMENTS THEN user (\S+) exists
	user_exists "$MATCH_1"

Verify a user can access gitano (by invoking whoami).

	IMPLEMENTS THEN user (\S+) can access gitano
	run_gitano_as "$MATCH_1" whoami | grep "User name: $MATCH_1\$"

Remove a user.

	IMPLEMENTS WHEN (\S+) removes user (\S+)
	user_del "$MATCH_1" "$MATCH_2"

Verify a user doesn't exist on the server.

	IMPLEMENTS THEN user (\S+) doesn't exist
	if user_exists "$MATCH_1"
	then
		die "User $MATCH_1 exists on server, but shouldn't"
	fi

Clean up user.

	IMPLEMENTS FINALLY remove user (\S+) on server
	user_del admin "$MATCH_1"

Attempt to create a user; check later if it worked.

	IMPLEMENTS WHEN (\S+) attempts to create user (\S+)
	attempt user_add "$MATCH_1" "$MATCH_2"

Check error message from latest gitano run that we assumed would fail.

	IMPLEMENTS THEN gitano failed with error matching "(.*)"
	echo ==========================
	cat "$DATADIR/attempt.stderr"
	echo ==========================
	grep "$MATCH_1" "$DATADIR/attempt.stderr"