From 1fc286e812a80f175eecd1018b42ec280dcf8253 Mon Sep 17 00:00:00 2001 From: Josh Winters Date: Thu, 20 Sep 2018 12:20:49 -0400 Subject: [PATCH] Modifying "admin" role to "owner" Signed-off-by: Saman Alvi --- atc/api/accessor/accessor.go | 16 +- atc/api/accessor/accessor_test.go | 170 +++++++++--------- atc/api/teams_test.go | 22 +-- atc/db/migration/add_team_role_test.go | 6 +- .../1537196857_add_team_roles.down.sql | 2 +- .../1537196857_add_team_roles.up.sql | 2 +- atc/db/team_factory_test.go | 2 +- atc/db/team_test.go | 4 +- fly/integration/set_team_test.go | 20 +-- fly/integration/teams_test.go | 18 +- skymarshal/skycmd/flags.go | 2 +- skymarshal/token/issuer_test.go | 56 +++--- 12 files changed, 160 insertions(+), 160 deletions(-) diff --git a/atc/api/accessor/accessor.go b/atc/api/accessor/accessor.go index 62c6d5dd62d..975802b429b 100644 --- a/atc/api/accessor/accessor.go +++ b/atc/api/accessor/accessor.go @@ -36,7 +36,7 @@ func (a *access) IsAuthorized(team string) bool { if len(teamParts) == 1 { teamName = teamParts[0] - roleName = "admin" + roleName = "owner" } else if len(teamParts) > 1 { teamName = teamParts[0] @@ -52,12 +52,12 @@ func (a *access) IsAuthorized(team string) bool { func (a *access) HasPermission(role string) bool { switch requiredRoles[a.action] { - case "admin": - return role == "admin" + case "owner": + return role == "owner" case "member": - return role == "admin" || role == "member" + return role == "owner" || role == "member" case "viewer": - return role == "admin" || role == "member" || role == "viewer" + return role == "owner" || role == "member" || role == "viewer" default: return false } @@ -203,9 +203,9 @@ var requiredRoles = map[string]string{ atc.ListDestroyingVolumes: "viewer", atc.ReportWorkerVolumes: "member", atc.ListTeams: "viewer", - atc.SetTeam: "admin", - atc.RenameTeam: "admin", - atc.DestroyTeam: "admin", + atc.SetTeam: "owner", + atc.RenameTeam: "owner", + atc.DestroyTeam: "owner", atc.ListTeamBuilds: "viewer", atc.SendInputToBuildPlan: "member", atc.ReadOutputFromBuildPlan: "member", diff --git a/atc/api/accessor/accessor_test.go b/atc/api/accessor/accessor_test.go index be8c47ad11a..0079790d46b 100644 --- a/atc/api/accessor/accessor_test.go +++ b/atc/api/accessor/accessor_test.go @@ -170,9 +170,9 @@ var _ = Describe("Accessor", func() { access = accessorFactory.Create(req, atc.SetTeam) }) - Context("when request has team name claim set to some-team:admin", func() { + Context("when request has team name claim set to some-team:owner", func() { BeforeEach(func() { - claims = &jwt.MapClaims{"teams": []string{"some-team:admin"}} + claims = &jwt.MapClaims{"teams": []string{"some-team:owner"}} }) It("returns true", func() { Expect(access.IsAuthorized("some-team")).To(BeTrue()) @@ -183,7 +183,7 @@ var _ = Describe("Accessor", func() { BeforeEach(func() { claims = &jwt.MapClaims{"teams": []string{"some-team"}} }) - It("returns true and defaults to role 'admin'", func() { + It("returns true and defaults to role 'owner'", func() { Expect(access.IsAuthorized("some-team")).To(BeTrue()) }) }) @@ -206,9 +206,9 @@ var _ = Describe("Accessor", func() { }) }) - Context("when request has team name claim set to other team:admin", func() { + Context("when request has team name claim set to other team:owner", func() { BeforeEach(func() { - claims = &jwt.MapClaims{"teams": []string{"other-team:admin"}} + claims = &jwt.MapClaims{"teams": []string{"other-team:owner"}} }) It("returns false", func() { Expect(access.IsAuthorized("some-team")).To(BeFalse()) @@ -313,7 +313,7 @@ var _ = Describe("Accessor", func() { }) Context("when request has teams with multiple roles", func() { BeforeEach(func() { - claims = &jwt.MapClaims{"teams": []string{"team-1:admin", "team-1:member", "team-2:viewer"}} + claims = &jwt.MapClaims{"teams": []string{"team-1:owner", "team-1:member", "team-2:viewer"}} }) It("returns empty list", func() { Expect(access.TeamNames()).To(ConsistOf("team-1", "team-2")) @@ -332,319 +332,319 @@ var _ = Describe("Accessor", func() { Expect(access.IsAuthorized("some-team")).To(Equal(authorized)) }, - Entry("admin :: "+atc.SaveConfig, atc.SaveConfig, "admin", true), + Entry("owner :: "+atc.SaveConfig, atc.SaveConfig, "owner", true), Entry("member :: "+atc.SaveConfig, atc.SaveConfig, "member", true), Entry("viewer :: "+atc.SaveConfig, atc.SaveConfig, "viewer", false), - Entry("admin :: "+atc.GetConfig, atc.GetConfig, "admin", true), + Entry("owner :: "+atc.GetConfig, atc.GetConfig, "owner", true), Entry("member :: "+atc.GetConfig, atc.GetConfig, "member", true), Entry("viewer :: "+atc.GetConfig, atc.GetConfig, "viewer", true), - Entry("admin :: "+atc.GetBuild, atc.GetBuild, "admin", true), + Entry("owner :: "+atc.GetBuild, atc.GetBuild, "owner", true), Entry("member :: "+atc.GetBuild, atc.GetBuild, "member", true), Entry("viewer :: "+atc.GetBuild, atc.GetBuild, "viewer", true), - Entry("admin :: "+atc.GetBuildPlan, atc.GetBuildPlan, "admin", true), + Entry("owner :: "+atc.GetBuildPlan, atc.GetBuildPlan, "owner", true), Entry("member :: "+atc.GetBuildPlan, atc.GetBuildPlan, "member", true), Entry("viewer :: "+atc.GetBuildPlan, atc.GetBuildPlan, "viewer", true), - Entry("admin :: "+atc.CreateBuild, atc.CreateBuild, "admin", true), + Entry("owner :: "+atc.CreateBuild, atc.CreateBuild, "owner", true), Entry("member :: "+atc.CreateBuild, atc.CreateBuild, "member", true), Entry("viewer :: "+atc.CreateBuild, atc.CreateBuild, "viewer", false), - Entry("admin :: "+atc.ListBuilds, atc.ListBuilds, "admin", true), + Entry("owner :: "+atc.ListBuilds, atc.ListBuilds, "owner", true), Entry("member :: "+atc.ListBuilds, atc.ListBuilds, "member", true), Entry("viewer :: "+atc.ListBuilds, atc.ListBuilds, "viewer", true), - Entry("admin :: "+atc.BuildEvents, atc.BuildEvents, "admin", true), + Entry("owner :: "+atc.BuildEvents, atc.BuildEvents, "owner", true), Entry("member :: "+atc.BuildEvents, atc.BuildEvents, "member", true), Entry("viewer :: "+atc.BuildEvents, atc.BuildEvents, "viewer", true), - Entry("admin :: "+atc.BuildResources, atc.BuildResources, "admin", true), + Entry("owner :: "+atc.BuildResources, atc.BuildResources, "owner", true), Entry("member :: "+atc.BuildResources, atc.BuildResources, "member", true), Entry("viewer :: "+atc.BuildResources, atc.BuildResources, "viewer", true), - Entry("admin :: "+atc.AbortBuild, atc.AbortBuild, "admin", true), + Entry("owner :: "+atc.AbortBuild, atc.AbortBuild, "owner", true), Entry("member :: "+atc.AbortBuild, atc.AbortBuild, "member", true), Entry("viewer :: "+atc.AbortBuild, atc.AbortBuild, "viewer", false), - Entry("admin :: "+atc.GetBuildPreparation, atc.GetBuildPreparation, "admin", true), + Entry("owner :: "+atc.GetBuildPreparation, atc.GetBuildPreparation, "owner", true), Entry("member :: "+atc.GetBuildPreparation, atc.GetBuildPreparation, "member", true), Entry("viewer :: "+atc.GetBuildPreparation, atc.GetBuildPreparation, "viewer", true), - Entry("admin :: "+atc.GetJob, atc.GetJob, "admin", true), + Entry("owner :: "+atc.GetJob, atc.GetJob, "owner", true), Entry("member :: "+atc.GetJob, atc.GetJob, "member", true), Entry("viewer :: "+atc.GetJob, atc.GetJob, "viewer", true), - Entry("admin :: "+atc.CreateJobBuild, atc.CreateJobBuild, "admin", true), + Entry("owner :: "+atc.CreateJobBuild, atc.CreateJobBuild, "owner", true), Entry("member :: "+atc.CreateJobBuild, atc.CreateJobBuild, "member", true), Entry("viewer :: "+atc.CreateJobBuild, atc.CreateJobBuild, "viewer", false), - Entry("admin :: "+atc.ListAllJobs, atc.ListAllJobs, "admin", true), + Entry("owner :: "+atc.ListAllJobs, atc.ListAllJobs, "owner", true), Entry("member :: "+atc.ListAllJobs, atc.ListAllJobs, "member", true), Entry("viewer :: "+atc.ListAllJobs, atc.ListAllJobs, "viewer", true), - Entry("admin :: "+atc.ListJobs, atc.ListJobs, "admin", true), + Entry("owner :: "+atc.ListJobs, atc.ListJobs, "owner", true), Entry("member :: "+atc.ListJobs, atc.ListJobs, "member", true), Entry("viewer :: "+atc.ListJobs, atc.ListJobs, "viewer", true), - Entry("admin :: "+atc.ListJobBuilds, atc.ListJobBuilds, "admin", true), + Entry("owner :: "+atc.ListJobBuilds, atc.ListJobBuilds, "owner", true), Entry("member :: "+atc.ListJobBuilds, atc.ListJobBuilds, "member", true), Entry("viewer :: "+atc.ListJobBuilds, atc.ListJobBuilds, "viewer", true), - Entry("admin :: "+atc.ListJobInputs, atc.ListJobInputs, "admin", true), + Entry("owner :: "+atc.ListJobInputs, atc.ListJobInputs, "owner", true), Entry("member :: "+atc.ListJobInputs, atc.ListJobInputs, "member", true), Entry("viewer :: "+atc.ListJobInputs, atc.ListJobInputs, "viewer", true), - Entry("admin :: "+atc.GetJobBuild, atc.GetJobBuild, "admin", true), + Entry("owner :: "+atc.GetJobBuild, atc.GetJobBuild, "owner", true), Entry("member :: "+atc.GetJobBuild, atc.GetJobBuild, "member", true), Entry("viewer :: "+atc.GetJobBuild, atc.GetJobBuild, "viewer", true), - Entry("admin :: "+atc.PauseJob, atc.PauseJob, "admin", true), + Entry("owner :: "+atc.PauseJob, atc.PauseJob, "owner", true), Entry("member :: "+atc.PauseJob, atc.PauseJob, "member", true), Entry("viewer :: "+atc.PauseJob, atc.PauseJob, "viewer", false), - Entry("admin :: "+atc.UnpauseJob, atc.UnpauseJob, "admin", true), + Entry("owner :: "+atc.UnpauseJob, atc.UnpauseJob, "owner", true), Entry("member :: "+atc.UnpauseJob, atc.UnpauseJob, "member", true), Entry("viewer :: "+atc.UnpauseJob, atc.UnpauseJob, "viewer", false), - Entry("admin :: "+atc.GetVersionsDB, atc.GetVersionsDB, "admin", true), + Entry("owner :: "+atc.GetVersionsDB, atc.GetVersionsDB, "owner", true), Entry("member :: "+atc.GetVersionsDB, atc.GetVersionsDB, "member", true), Entry("viewer :: "+atc.GetVersionsDB, atc.GetVersionsDB, "viewer", true), - Entry("admin :: "+atc.JobBadge, atc.JobBadge, "admin", true), + Entry("owner :: "+atc.JobBadge, atc.JobBadge, "owner", true), Entry("member :: "+atc.JobBadge, atc.JobBadge, "member", true), Entry("viewer :: "+atc.JobBadge, atc.JobBadge, "viewer", true), - Entry("admin :: "+atc.MainJobBadge, atc.MainJobBadge, "admin", true), + Entry("owner :: "+atc.MainJobBadge, atc.MainJobBadge, "owner", true), Entry("member :: "+atc.MainJobBadge, atc.MainJobBadge, "member", true), Entry("viewer :: "+atc.MainJobBadge, atc.MainJobBadge, "viewer", true), - Entry("admin :: "+atc.ClearTaskCache, atc.ClearTaskCache, "admin", true), + Entry("owner :: "+atc.ClearTaskCache, atc.ClearTaskCache, "owner", true), Entry("member :: "+atc.ClearTaskCache, atc.ClearTaskCache, "member", true), Entry("viewer :: "+atc.ClearTaskCache, atc.ClearTaskCache, "viewer", false), - Entry("admin :: "+atc.ListAllResources, atc.ListAllResources, "admin", true), + Entry("owner :: "+atc.ListAllResources, atc.ListAllResources, "owner", true), Entry("member :: "+atc.ListAllResources, atc.ListAllResources, "member", true), Entry("viewer :: "+atc.ListAllResources, atc.ListAllResources, "viewer", true), - Entry("admin :: "+atc.ListResources, atc.ListResources, "admin", true), + Entry("owner :: "+atc.ListResources, atc.ListResources, "owner", true), Entry("member :: "+atc.ListResources, atc.ListResources, "member", true), Entry("viewer :: "+atc.ListResources, atc.ListResources, "viewer", true), - Entry("admin :: "+atc.ListResourceTypes, atc.ListResourceTypes, "admin", true), + Entry("owner :: "+atc.ListResourceTypes, atc.ListResourceTypes, "owner", true), Entry("member :: "+atc.ListResourceTypes, atc.ListResourceTypes, "member", true), Entry("viewer :: "+atc.ListResourceTypes, atc.ListResourceTypes, "viewer", true), - Entry("admin :: "+atc.GetResource, atc.GetResource, "admin", true), + Entry("owner :: "+atc.GetResource, atc.GetResource, "owner", true), Entry("member :: "+atc.GetResource, atc.GetResource, "member", true), Entry("viewer :: "+atc.GetResource, atc.GetResource, "viewer", true), - Entry("admin :: "+atc.PauseResource, atc.PauseResource, "admin", true), + Entry("owner :: "+atc.PauseResource, atc.PauseResource, "owner", true), Entry("member :: "+atc.PauseResource, atc.PauseResource, "member", true), Entry("viewer :: "+atc.PauseResource, atc.PauseResource, "viewer", false), - Entry("admin :: "+atc.UnpauseResource, atc.UnpauseResource, "admin", true), + Entry("owner :: "+atc.UnpauseResource, atc.UnpauseResource, "owner", true), Entry("member :: "+atc.UnpauseResource, atc.UnpauseResource, "member", true), Entry("viewer :: "+atc.UnpauseResource, atc.UnpauseResource, "viewer", false), - Entry("admin :: "+atc.CheckResource, atc.CheckResource, "admin", true), + Entry("owner :: "+atc.CheckResource, atc.CheckResource, "owner", true), Entry("member :: "+atc.CheckResource, atc.CheckResource, "member", true), Entry("viewer :: "+atc.CheckResource, atc.CheckResource, "viewer", false), - Entry("admin :: "+atc.CheckResourceWebHook, atc.CheckResourceWebHook, "admin", true), + Entry("owner :: "+atc.CheckResourceWebHook, atc.CheckResourceWebHook, "owner", true), Entry("member :: "+atc.CheckResourceWebHook, atc.CheckResourceWebHook, "member", true), Entry("viewer :: "+atc.CheckResourceWebHook, atc.CheckResourceWebHook, "viewer", false), - Entry("admin :: "+atc.CheckResourceType, atc.CheckResourceType, "admin", true), + Entry("owner :: "+atc.CheckResourceType, atc.CheckResourceType, "owner", true), Entry("member :: "+atc.CheckResourceType, atc.CheckResourceType, "member", true), Entry("viewer :: "+atc.CheckResourceType, atc.CheckResourceType, "viewer", false), - Entry("admin :: "+atc.ListResourceVersions, atc.ListResourceVersions, "admin", true), + Entry("owner :: "+atc.ListResourceVersions, atc.ListResourceVersions, "owner", true), Entry("member :: "+atc.ListResourceVersions, atc.ListResourceVersions, "member", true), Entry("viewer :: "+atc.ListResourceVersions, atc.ListResourceVersions, "viewer", true), - Entry("admin :: "+atc.GetResourceVersion, atc.GetResourceVersion, "admin", true), + Entry("owner :: "+atc.GetResourceVersion, atc.GetResourceVersion, "owner", true), Entry("member :: "+atc.GetResourceVersion, atc.GetResourceVersion, "member", true), Entry("viewer :: "+atc.GetResourceVersion, atc.GetResourceVersion, "viewer", true), - Entry("admin :: "+atc.EnableResourceVersion, atc.EnableResourceVersion, "admin", true), + Entry("owner :: "+atc.EnableResourceVersion, atc.EnableResourceVersion, "owner", true), Entry("member :: "+atc.EnableResourceVersion, atc.EnableResourceVersion, "member", true), Entry("viewer :: "+atc.EnableResourceVersion, atc.EnableResourceVersion, "viewer", false), - Entry("admin :: "+atc.DisableResourceVersion, atc.DisableResourceVersion, "admin", true), + Entry("owner :: "+atc.DisableResourceVersion, atc.DisableResourceVersion, "owner", true), Entry("member :: "+atc.DisableResourceVersion, atc.DisableResourceVersion, "member", true), Entry("viewer :: "+atc.DisableResourceVersion, atc.DisableResourceVersion, "viewer", false), - Entry("admin :: "+atc.ListBuildsWithVersionAsInput, atc.ListBuildsWithVersionAsInput, "admin", true), + Entry("owner :: "+atc.ListBuildsWithVersionAsInput, atc.ListBuildsWithVersionAsInput, "owner", true), Entry("member :: "+atc.ListBuildsWithVersionAsInput, atc.ListBuildsWithVersionAsInput, "member", true), Entry("viewer :: "+atc.ListBuildsWithVersionAsInput, atc.ListBuildsWithVersionAsInput, "viewer", true), - Entry("admin :: "+atc.ListBuildsWithVersionAsOutput, atc.ListBuildsWithVersionAsOutput, "admin", true), + Entry("owner :: "+atc.ListBuildsWithVersionAsOutput, atc.ListBuildsWithVersionAsOutput, "owner", true), Entry("member :: "+atc.ListBuildsWithVersionAsOutput, atc.ListBuildsWithVersionAsOutput, "member", true), Entry("viewer :: "+atc.ListBuildsWithVersionAsOutput, atc.ListBuildsWithVersionAsOutput, "viewer", true), - Entry("admin :: "+atc.GetResourceCausality, atc.GetResourceCausality, "admin", true), + Entry("owner :: "+atc.GetResourceCausality, atc.GetResourceCausality, "owner", true), Entry("member :: "+atc.GetResourceCausality, atc.GetResourceCausality, "member", true), Entry("viewer :: "+atc.GetResourceCausality, atc.GetResourceCausality, "viewer", true), - Entry("admin :: "+atc.ListAllPipelines, atc.ListAllPipelines, "admin", true), + Entry("owner :: "+atc.ListAllPipelines, atc.ListAllPipelines, "owner", true), Entry("member :: "+atc.ListAllPipelines, atc.ListAllPipelines, "member", true), Entry("viewer :: "+atc.ListAllPipelines, atc.ListAllPipelines, "viewer", true), - Entry("admin :: "+atc.ListPipelines, atc.ListPipelines, "admin", true), + Entry("owner :: "+atc.ListPipelines, atc.ListPipelines, "owner", true), Entry("member :: "+atc.ListPipelines, atc.ListPipelines, "member", true), Entry("viewer :: "+atc.ListPipelines, atc.ListPipelines, "viewer", true), - Entry("admin :: "+atc.GetPipeline, atc.GetPipeline, "admin", true), + Entry("owner :: "+atc.GetPipeline, atc.GetPipeline, "owner", true), Entry("member :: "+atc.GetPipeline, atc.GetPipeline, "member", true), Entry("viewer :: "+atc.GetPipeline, atc.GetPipeline, "viewer", true), - Entry("admin :: "+atc.DeletePipeline, atc.DeletePipeline, "admin", true), + Entry("owner :: "+atc.DeletePipeline, atc.DeletePipeline, "owner", true), Entry("member :: "+atc.DeletePipeline, atc.DeletePipeline, "member", true), Entry("viewer :: "+atc.DeletePipeline, atc.DeletePipeline, "viewer", false), - Entry("admin :: "+atc.OrderPipelines, atc.OrderPipelines, "admin", true), + Entry("owner :: "+atc.OrderPipelines, atc.OrderPipelines, "owner", true), Entry("member :: "+atc.OrderPipelines, atc.OrderPipelines, "member", true), Entry("viewer :: "+atc.OrderPipelines, atc.OrderPipelines, "viewer", false), - Entry("admin :: "+atc.PausePipeline, atc.PausePipeline, "admin", true), + Entry("owner :: "+atc.PausePipeline, atc.PausePipeline, "owner", true), Entry("member :: "+atc.PausePipeline, atc.PausePipeline, "member", true), Entry("viewer :: "+atc.PausePipeline, atc.PausePipeline, "viewer", false), - Entry("admin :: "+atc.UnpausePipeline, atc.UnpausePipeline, "admin", true), + Entry("owner :: "+atc.UnpausePipeline, atc.UnpausePipeline, "owner", true), Entry("member :: "+atc.UnpausePipeline, atc.UnpausePipeline, "member", true), Entry("viewer :: "+atc.UnpausePipeline, atc.UnpausePipeline, "viewer", false), - Entry("admin :: "+atc.ExposePipeline, atc.ExposePipeline, "admin", true), + Entry("owner :: "+atc.ExposePipeline, atc.ExposePipeline, "owner", true), Entry("member :: "+atc.ExposePipeline, atc.ExposePipeline, "member", true), Entry("viewer :: "+atc.ExposePipeline, atc.ExposePipeline, "viewer", false), - Entry("admin :: "+atc.HidePipeline, atc.HidePipeline, "admin", true), + Entry("owner :: "+atc.HidePipeline, atc.HidePipeline, "owner", true), Entry("member :: "+atc.HidePipeline, atc.HidePipeline, "member", true), Entry("viewer :: "+atc.HidePipeline, atc.HidePipeline, "viewer", false), - Entry("admin :: "+atc.RenamePipeline, atc.RenamePipeline, "admin", true), + Entry("owner :: "+atc.RenamePipeline, atc.RenamePipeline, "owner", true), Entry("member :: "+atc.RenamePipeline, atc.RenamePipeline, "member", true), Entry("viewer :: "+atc.RenamePipeline, atc.RenamePipeline, "viewer", false), - Entry("admin :: "+atc.ListPipelineBuilds, atc.ListPipelineBuilds, "admin", true), + Entry("owner :: "+atc.ListPipelineBuilds, atc.ListPipelineBuilds, "owner", true), Entry("member :: "+atc.ListPipelineBuilds, atc.ListPipelineBuilds, "member", true), Entry("viewer :: "+atc.ListPipelineBuilds, atc.ListPipelineBuilds, "viewer", true), - Entry("admin :: "+atc.CreatePipelineBuild, atc.CreatePipelineBuild, "admin", true), + Entry("owner :: "+atc.CreatePipelineBuild, atc.CreatePipelineBuild, "owner", true), Entry("member :: "+atc.CreatePipelineBuild, atc.CreatePipelineBuild, "member", true), Entry("viewer :: "+atc.CreatePipelineBuild, atc.CreatePipelineBuild, "viewer", false), - Entry("admin :: "+atc.PipelineBadge, atc.PipelineBadge, "admin", true), + Entry("owner :: "+atc.PipelineBadge, atc.PipelineBadge, "owner", true), Entry("member :: "+atc.PipelineBadge, atc.PipelineBadge, "member", true), Entry("viewer :: "+atc.PipelineBadge, atc.PipelineBadge, "viewer", true), - Entry("admin :: "+atc.RegisterWorker, atc.RegisterWorker, "admin", true), + Entry("owner :: "+atc.RegisterWorker, atc.RegisterWorker, "owner", true), Entry("member :: "+atc.RegisterWorker, atc.RegisterWorker, "member", true), Entry("viewer :: "+atc.RegisterWorker, atc.RegisterWorker, "viewer", false), - Entry("admin :: "+atc.LandWorker, atc.LandWorker, "admin", true), + Entry("owner :: "+atc.LandWorker, atc.LandWorker, "owner", true), Entry("member :: "+atc.LandWorker, atc.LandWorker, "member", true), Entry("viewer :: "+atc.LandWorker, atc.LandWorker, "viewer", false), - Entry("admin :: "+atc.RetireWorker, atc.RetireWorker, "admin", true), + Entry("owner :: "+atc.RetireWorker, atc.RetireWorker, "owner", true), Entry("member :: "+atc.RetireWorker, atc.RetireWorker, "member", true), Entry("viewer :: "+atc.RetireWorker, atc.RetireWorker, "viewer", false), - Entry("admin :: "+atc.PruneWorker, atc.PruneWorker, "admin", true), + Entry("owner :: "+atc.PruneWorker, atc.PruneWorker, "owner", true), Entry("member :: "+atc.PruneWorker, atc.PruneWorker, "member", true), Entry("viewer :: "+atc.PruneWorker, atc.PruneWorker, "viewer", false), - Entry("admin :: "+atc.HeartbeatWorker, atc.HeartbeatWorker, "admin", true), + Entry("owner :: "+atc.HeartbeatWorker, atc.HeartbeatWorker, "owner", true), Entry("member :: "+atc.HeartbeatWorker, atc.HeartbeatWorker, "member", true), Entry("viewer :: "+atc.HeartbeatWorker, atc.HeartbeatWorker, "viewer", false), - Entry("admin :: "+atc.ListWorkers, atc.ListWorkers, "admin", true), + Entry("owner :: "+atc.ListWorkers, atc.ListWorkers, "owner", true), Entry("member :: "+atc.ListWorkers, atc.ListWorkers, "member", true), Entry("viewer :: "+atc.ListWorkers, atc.ListWorkers, "viewer", true), - Entry("admin :: "+atc.DeleteWorker, atc.DeleteWorker, "admin", true), + Entry("owner :: "+atc.DeleteWorker, atc.DeleteWorker, "owner", true), Entry("member :: "+atc.DeleteWorker, atc.DeleteWorker, "member", true), Entry("viewer :: "+atc.DeleteWorker, atc.DeleteWorker, "viewer", false), - Entry("admin :: "+atc.SetLogLevel, atc.SetLogLevel, "admin", true), + Entry("owner :: "+atc.SetLogLevel, atc.SetLogLevel, "owner", true), Entry("member :: "+atc.SetLogLevel, atc.SetLogLevel, "member", true), Entry("viewer :: "+atc.SetLogLevel, atc.SetLogLevel, "viewer", false), - Entry("admin :: "+atc.GetLogLevel, atc.GetLogLevel, "admin", true), + Entry("owner :: "+atc.GetLogLevel, atc.GetLogLevel, "owner", true), Entry("member :: "+atc.GetLogLevel, atc.GetLogLevel, "member", true), Entry("viewer :: "+atc.GetLogLevel, atc.GetLogLevel, "viewer", true), - Entry("admin :: "+atc.DownloadCLI, atc.DownloadCLI, "admin", true), + Entry("owner :: "+atc.DownloadCLI, atc.DownloadCLI, "owner", true), Entry("member :: "+atc.DownloadCLI, atc.DownloadCLI, "member", true), Entry("viewer :: "+atc.DownloadCLI, atc.DownloadCLI, "viewer", true), - Entry("admin :: "+atc.GetInfo, atc.GetInfo, "admin", true), + Entry("owner :: "+atc.GetInfo, atc.GetInfo, "owner", true), Entry("member :: "+atc.GetInfo, atc.GetInfo, "member", true), Entry("viewer :: "+atc.GetInfo, atc.GetInfo, "viewer", true), - Entry("admin :: "+atc.GetInfoCreds, atc.GetInfoCreds, "admin", true), + Entry("owner :: "+atc.GetInfoCreds, atc.GetInfoCreds, "owner", true), Entry("member :: "+atc.GetInfoCreds, atc.GetInfoCreds, "member", true), Entry("viewer :: "+atc.GetInfoCreds, atc.GetInfoCreds, "viewer", true), - Entry("admin :: "+atc.ListContainers, atc.ListContainers, "admin", true), + Entry("owner :: "+atc.ListContainers, atc.ListContainers, "owner", true), Entry("member :: "+atc.ListContainers, atc.ListContainers, "member", true), Entry("viewer :: "+atc.ListContainers, atc.ListContainers, "viewer", true), - Entry("admin :: "+atc.GetContainer, atc.GetContainer, "admin", true), + Entry("owner :: "+atc.GetContainer, atc.GetContainer, "owner", true), Entry("member :: "+atc.GetContainer, atc.GetContainer, "member", true), Entry("viewer :: "+atc.GetContainer, atc.GetContainer, "viewer", true), - Entry("admin :: "+atc.HijackContainer, atc.HijackContainer, "admin", true), + Entry("owner :: "+atc.HijackContainer, atc.HijackContainer, "owner", true), Entry("member :: "+atc.HijackContainer, atc.HijackContainer, "member", true), Entry("viewer :: "+atc.HijackContainer, atc.HijackContainer, "viewer", false), - Entry("admin :: "+atc.ListDestroyingContainers, atc.ListDestroyingContainers, "admin", true), + Entry("owner :: "+atc.ListDestroyingContainers, atc.ListDestroyingContainers, "owner", true), Entry("member :: "+atc.ListDestroyingContainers, atc.ListDestroyingContainers, "member", true), Entry("viewer :: "+atc.ListDestroyingContainers, atc.ListDestroyingContainers, "viewer", true), - Entry("admin :: "+atc.ReportWorkerContainers, atc.ReportWorkerContainers, "admin", true), + Entry("owner :: "+atc.ReportWorkerContainers, atc.ReportWorkerContainers, "owner", true), Entry("member :: "+atc.ReportWorkerContainers, atc.ReportWorkerContainers, "member", true), Entry("viewer :: "+atc.ReportWorkerContainers, atc.ReportWorkerContainers, "viewer", false), - Entry("admin :: "+atc.ListVolumes, atc.ListVolumes, "admin", true), + Entry("owner :: "+atc.ListVolumes, atc.ListVolumes, "owner", true), Entry("member :: "+atc.ListVolumes, atc.ListVolumes, "member", true), Entry("viewer :: "+atc.ListVolumes, atc.ListVolumes, "viewer", true), - Entry("admin :: "+atc.ListDestroyingVolumes, atc.ListDestroyingVolumes, "admin", true), + Entry("owner :: "+atc.ListDestroyingVolumes, atc.ListDestroyingVolumes, "owner", true), Entry("member :: "+atc.ListDestroyingVolumes, atc.ListDestroyingVolumes, "member", true), Entry("viewer :: "+atc.ListDestroyingVolumes, atc.ListDestroyingVolumes, "viewer", true), - Entry("admin :: "+atc.ReportWorkerVolumes, atc.ReportWorkerVolumes, "admin", true), + Entry("owner :: "+atc.ReportWorkerVolumes, atc.ReportWorkerVolumes, "owner", true), Entry("member :: "+atc.ReportWorkerVolumes, atc.ReportWorkerVolumes, "member", true), Entry("viewer :: "+atc.ReportWorkerVolumes, atc.ReportWorkerVolumes, "viewer", false), - Entry("admin :: "+atc.ListTeams, atc.ListTeams, "admin", true), + Entry("owner :: "+atc.ListTeams, atc.ListTeams, "owner", true), Entry("member :: "+atc.ListTeams, atc.ListTeams, "member", true), Entry("viewer :: "+atc.ListTeams, atc.ListTeams, "viewer", true), - Entry("admin :: "+atc.SetTeam, atc.SetTeam, "admin", true), + Entry("owner :: "+atc.SetTeam, atc.SetTeam, "owner", true), Entry("member :: "+atc.SetTeam, atc.SetTeam, "member", false), Entry("viewer :: "+atc.SetTeam, atc.SetTeam, "viewer", false), - Entry("admin :: "+atc.RenameTeam, atc.RenameTeam, "admin", true), + Entry("owner :: "+atc.RenameTeam, atc.RenameTeam, "owner", true), Entry("member :: "+atc.RenameTeam, atc.RenameTeam, "member", false), Entry("viewer :: "+atc.RenameTeam, atc.RenameTeam, "viewer", false), - Entry("admin :: "+atc.DestroyTeam, atc.DestroyTeam, "admin", true), + Entry("owner :: "+atc.DestroyTeam, atc.DestroyTeam, "owner", true), Entry("member :: "+atc.DestroyTeam, atc.DestroyTeam, "member", false), Entry("viewer :: "+atc.DestroyTeam, atc.DestroyTeam, "viewer", false), - Entry("admin :: "+atc.ListTeamBuilds, atc.ListTeamBuilds, "admin", true), + Entry("owner :: "+atc.ListTeamBuilds, atc.ListTeamBuilds, "owner", true), Entry("member :: "+atc.ListTeamBuilds, atc.ListTeamBuilds, "member", true), Entry("viewer :: "+atc.ListTeamBuilds, atc.ListTeamBuilds, "viewer", true), - Entry("admin :: "+atc.SendInputToBuildPlan, atc.SendInputToBuildPlan, "admin", true), + Entry("owner :: "+atc.SendInputToBuildPlan, atc.SendInputToBuildPlan, "owner", true), Entry("member :: "+atc.SendInputToBuildPlan, atc.SendInputToBuildPlan, "member", true), Entry("viewer :: "+atc.SendInputToBuildPlan, atc.SendInputToBuildPlan, "viewer", false), - Entry("admin :: "+atc.ReadOutputFromBuildPlan, atc.ReadOutputFromBuildPlan, "admin", true), + Entry("owner :: "+atc.ReadOutputFromBuildPlan, atc.ReadOutputFromBuildPlan, "owner", true), Entry("member :: "+atc.ReadOutputFromBuildPlan, atc.ReadOutputFromBuildPlan, "member", true), Entry("viewer :: "+atc.ReadOutputFromBuildPlan, atc.ReadOutputFromBuildPlan, "viewer", false), ) diff --git a/atc/api/teams_test.go b/atc/api/teams_test.go index b2ef5261d47..bbba90dae2f 100644 --- a/atc/api/teams_test.go +++ b/atc/api/teams_test.go @@ -68,7 +68,7 @@ var _ = Describe("Teams API", func() { fakeTeamOne.IDReturns(5) fakeTeamOne.NameReturns(teamNames[0]) fakeTeamOne.AuthReturns(atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "groups": []string{}, "users": []string{"local:username"}, }, }) @@ -76,7 +76,7 @@ var _ = Describe("Teams API", func() { fakeTeamTwo.IDReturns(9) fakeTeamTwo.NameReturns(teamNames[1]) fakeTeamTwo.AuthReturns(atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "groups": []string{}, "users": []string{"local:username"}, }, }) @@ -84,13 +84,13 @@ var _ = Describe("Teams API", func() { fakeTeamThree.IDReturns(22) fakeTeamThree.NameReturns(teamNames[2]) fakeTeamThree.AuthReturns(atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "groups": []string{}, "users": []string{"local:username"}, }, }) }) - Context("when the requester is an admin user", func() { + Context("when the requester is an admin", func() { BeforeEach(func() { fakeaccess.IsAdminReturns(true) @@ -106,23 +106,23 @@ var _ = Describe("Teams API", func() { { "id": 5, "name": "avengers", - "auth": { "admin":{"users":["local:username"],"groups":[]}} + "auth": { "owner":{"users":["local:username"],"groups":[]}} }, { "id": 9, "name": "aliens", - "auth": { "admin":{"users":["local:username"],"groups":[]}} + "auth": { "owner":{"users":["local:username"],"groups":[]}} }, { "id": 22, "name": "predators", - "auth": { "admin":{"users":["local:username"],"groups":[]}} + "auth": { "owner":{"users":["local:username"],"groups":[]}} } ]`)) }) }) - Context("when the requester is NOT an admin user", func() { + Context("when the requester is NOT an admin", func() { BeforeEach(func() { fakeaccess.IsAdminReturns(false) @@ -141,12 +141,12 @@ var _ = Describe("Teams API", func() { { "id": 5, "name": "avengers", - "auth": { "admin":{"users":["local:username"],"groups":[]}} + "auth": { "owner":{"users":["local:username"],"groups":[]}} }, { "id": 22, "name": "predators", - "auth": { "admin":{"users":["local:username"],"groups":[]}} + "auth": { "owner":{"users":["local:username"],"groups":[]}} } ]`)) }) @@ -195,7 +195,7 @@ var _ = Describe("Teams API", func() { BeforeEach(func() { atcTeam = atc.Team{ Auth: atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "users": []string{"local:username"}, }, }, diff --git a/atc/db/migration/add_team_role_test.go b/atc/db/migration/add_team_role_test.go index 9b4ac075f0f..7425d885f77 100644 --- a/atc/db/migration/add_team_role_test.go +++ b/atc/db/migration/add_team_role_test.go @@ -16,14 +16,14 @@ var _ = Describe("Add team roles", func() { ) Context("Up", func() { - It("successfully adds the default 'admin' role to existing team auth", func() { + It("successfully adds the default 'owner' role to existing team auth", func() { db = postgresRunner.OpenDBAtVersion(preMigrationVersion) SetupTeam(db, "main", `{"users": ["local:user1"], "groups": [] }`) db.Close() db = postgresRunner.OpenDBAtVersion(postMigrationVersion) - ExpectTeamWithUsersAndGroupsForRole(db, "main", "admin", []string{"local:user1"}, []string{}) + ExpectTeamWithUsersAndGroupsForRole(db, "main", "owner", []string{"local:user1"}, []string{}) db.Close() }) @@ -33,7 +33,7 @@ var _ = Describe("Add team roles", func() { It("successfully removes roles from team auth", func() { db = postgresRunner.OpenDBAtVersion(postMigrationVersion) - SetupTeam(db, "main", `{ "admin": {"users": ["local:user1"], "groups": [] }}`) + SetupTeam(db, "main", `{ "owner": {"users": ["local:user1"], "groups": [] }}`) db.Close() db = postgresRunner.OpenDBAtVersion(preMigrationVersion) diff --git a/atc/db/migration/migrations/1537196857_add_team_roles.down.sql b/atc/db/migration/migrations/1537196857_add_team_roles.down.sql index a80dfebbce0..861fd80816c 100644 --- a/atc/db/migration/migrations/1537196857_add_team_roles.down.sql +++ b/atc/db/migration/migrations/1537196857_add_team_roles.down.sql @@ -1,3 +1,3 @@ BEGIN; - UPDATE teams SET auth = auth::json->'admin'; + UPDATE teams SET auth = auth::json->'owner'; COMMIT; diff --git a/atc/db/migration/migrations/1537196857_add_team_roles.up.sql b/atc/db/migration/migrations/1537196857_add_team_roles.up.sql index 4b836bc0a74..95579d2f2b6 100644 --- a/atc/db/migration/migrations/1537196857_add_team_roles.up.sql +++ b/atc/db/migration/migrations/1537196857_add_team_roles.up.sql @@ -1,3 +1,3 @@ BEGIN; - UPDATE teams SET auth=json_build_object('admin', auth::json); + UPDATE teams SET auth=json_build_object('owner', auth::json); COMMIT; diff --git a/atc/db/team_factory_test.go b/atc/db/team_factory_test.go index d534d50ead2..315d38d7061 100644 --- a/atc/db/team_factory_test.go +++ b/atc/db/team_factory_test.go @@ -16,7 +16,7 @@ var _ = Describe("Team Factory", func() { atcTeam = atc.Team{ Name: "some-team", Auth: atc.TeamAuth{ - "admin": {"users": []string{"local:username"}}, + "owner": {"users": []string{"local:username"}}, }, } }) diff --git a/atc/db/team_test.go b/atc/db/team_test.go index 9382a1deeca..b5d2005abaa 100644 --- a/atc/db/team_test.go +++ b/atc/db/team_test.go @@ -726,7 +726,7 @@ var _ = Describe("Team", func() { BeforeEach(func() { authProvider = atc.TeamAuth{ - "admin": {"users": []string{"local:username"}}, + "owner": {"users": []string{"local:username"}}, } }) @@ -746,7 +746,7 @@ var _ = Describe("Team", func() { Expect(err).ToNot(HaveOccurred()) Expect(team.Auth()["viewer"]).To(Equal(viewer)) - Expect(team.Auth()["admin"]).To(Equal(authProvider["admin"])) + Expect(team.Auth()["owner"]).To(Equal(authProvider["owner"])) }) It("resets legacy_auth to NULL", func() { diff --git a/fly/integration/set_team_test.go b/fly/integration/set_team_test.go index b91f5cb83ce..62a9272aedc 100644 --- a/fly/integration/set_team_test.go +++ b/fly/integration/set_team_test.go @@ -86,7 +86,7 @@ var _ = Describe("Fly CLI", func() { cmdParams = []string{"--allow-all-users"} confirmHandlers() }) - It("displays the default admin role", func() { + It("displays the default owner role", func() { stdin, err := flyCmd.StdinPipe() Expect(err).NotTo(HaveOccurred()) @@ -95,7 +95,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- none")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -123,7 +123,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- none")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -152,7 +152,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- local:brock-samson")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -178,7 +178,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- local:brock-samson")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -198,7 +198,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- github:samsonite")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -219,7 +219,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- cf:my-username")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -241,7 +241,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- ldap:my-username")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -263,7 +263,7 @@ var _ = Describe("Fly CLI", func() { Expect(err).ToNot(HaveOccurred()) Eventually(sess.Out).Should(gbytes.Say("Team Name: venture")) - Eventually(sess.Out).Should(gbytes.Say("Role: admin")) + Eventually(sess.Out).Should(gbytes.Say("Role: owner")) Eventually(sess.Out).Should(gbytes.Say("Users:")) Eventually(sess.Out).Should(gbytes.Say("- none")) Eventually(sess.Out).Should(gbytes.Say("Groups:")) @@ -393,7 +393,7 @@ var _ = Describe("Fly CLI", func() { ghttp.VerifyRequest("PUT", "/api/v1/teams/venture"), ghttp.VerifyJSON(`{ "auth": { - "admin":{ + "owner":{ "users": [ "local:brock-obama" ], diff --git a/fly/integration/teams_test.go b/fly/integration/teams_test.go index 0441bcad927..d198666e25e 100644 --- a/fly/integration/teams_test.go +++ b/fly/integration/teams_test.go @@ -33,7 +33,7 @@ var _ = Describe("Fly CLI", func() { ID: 1, Name: "main", Auth: atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "groups": []string{}, "users": []string{}, }, @@ -43,7 +43,7 @@ var _ = Describe("Fly CLI", func() { ID: 2, Name: "a-team", Auth: atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "groups": []string{"github:github-org"}, "users": []string{}, }, @@ -63,7 +63,7 @@ var _ = Describe("Fly CLI", func() { ID: 4, Name: "c-team", Auth: atc.TeamAuth{ - "admin": atc.TeamRole{ + "owner": atc.TeamRole{ "users": []string{"github:github-user"}, "groups": []string{"github:github-org"}, }, @@ -114,13 +114,13 @@ var _ = Describe("Fly CLI", func() { { "id": 1, "name": "main", - "auth": { "admin":{"groups":[], "users":[]}} + "auth": { "owner":{"groups":[], "users":[]}} }, { "id": 2, "name": "a-team", "auth": { - "admin": { + "owner": { "groups": ["github:github-org"], "users": [] } @@ -140,7 +140,7 @@ var _ = Describe("Fly CLI", func() { "id": 4, "name": "c-team", "auth": { - "admin": { + "owner": { "groups":["github:github-org"], "users":["github:github-user"] }, @@ -174,12 +174,12 @@ var _ = Describe("Fly CLI", func() { {Contents: "auth", Color: color.New(color.Bold)}, }, Data: []ui.TableRow{ - {{Contents: "a-team/admin"}, {Contents: "none"}, {Contents: "github:github-org"}}, + {{Contents: "a-team/owner"}, {Contents: "none"}, {Contents: "github:github-org"}}, {{Contents: "b-team/member"}, {Contents: "github:github-user"}, {Contents: "none"}}, - {{Contents: "c-team/admin"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}}, {{Contents: "c-team/member"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}}, + {{Contents: "c-team/owner"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}}, {{Contents: "c-team/viewer"}, {Contents: "github:github-user"}, {Contents: "github:github-org"}}, - {{Contents: "main/admin"}, {Contents: "all"}, {Contents: "none"}}, + {{Contents: "main/owner"}, {Contents: "all"}, {Contents: "none"}}, }, })) }) diff --git a/skymarshal/skycmd/flags.go b/skymarshal/skycmd/flags.go index f0e8581d9ba..81d7504d2bb 100644 --- a/skymarshal/skycmd/flags.go +++ b/skymarshal/skycmd/flags.go @@ -44,7 +44,7 @@ type AuthFlags struct { } type AuthTeamFlags struct { - TeamRole string `long:"role" description:"The role to assign to these users" choice:"admin" choice:"member" choice:"viewer" default:"admin"` + TeamRole string `long:"role" description:"The role to assign to these users" choice:"owner" choice:"member" choice:"viewer" default:"owner"` LocalUsers []string `long:"local-user" description:"List of whitelisted local concourse users. These are the users you've added at atc startup with the --add-local-user flag." value-name:"USERNAME"` AllowAllUsers bool `long:"allow-all-users" description:"Setting this flag will whitelist all logged in users in the system. ALL OF THEM. If, for example, you've configured GitHub, any user with a GitHub account will have access to your team."` } diff --git a/skymarshal/token/issuer_test.go b/skymarshal/token/issuer_test.go index 83406963a2f..97ba0ce6e7a 100644 --- a/skymarshal/token/issuer_test.go +++ b/skymarshal/token/issuer_test.go @@ -144,7 +144,7 @@ var _ = Describe("Token Issuer", func() { Context("when team is admin", func() { BeforeEach(func() { fakeTeam1.AdminReturns(true) - fakeTeam1.AuthReturns(atc.TeamAuth{"admin": {}}) + fakeTeam1.AuthReturns(atc.TeamAuth{"owner": {}}) }) It("includes expected claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) @@ -155,7 +155,7 @@ var _ = Describe("Token Issuer", func() { Context("when team is not admin", func() { BeforeEach(func() { fakeTeam1.AdminReturns(false) - fakeTeam1.AuthReturns(atc.TeamAuth{"admin": {}}) + fakeTeam1.AuthReturns(atc.TeamAuth{"owner": {}}) }) It("includes expected claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) @@ -168,13 +168,13 @@ var _ = Describe("Token Issuer", func() { fakeTeam1 = &dbfakes.FakeTeam{} fakeTeam1.NameReturns("fake-team-1") fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"users": []string{"some-connector:some-user"}}, + "owner": {"users": []string{"some-connector:some-user"}}, }) fakeTeam2 = &dbfakes.FakeTeam{} fakeTeam2.NameReturns("fake-team-2") fakeTeam2.AuthReturns(atc.TeamAuth{ - "admin": {"groups": []string{"some-connector:some-exclusive-group"}}, + "owner": {"groups": []string{"some-connector:some-exclusive-group"}}, }) teams = []db.Team{fakeTeam1, fakeTeam2} @@ -204,14 +204,14 @@ var _ = Describe("Token Issuer", func() { Context("when teams don't have auth configured", func() { BeforeEach(func() { - fakeTeam1.AuthReturns(atc.TeamAuth{"admin": {}}) - fakeTeam2.AuthReturns(atc.TeamAuth{"admin": {}}) + fakeTeam1.AuthReturns(atc.TeamAuth{"owner": {}}) + fakeTeam2.AuthReturns(atc.TeamAuth{"owner": {}}) }) It("calls generate with expected team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).To(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).To(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -235,14 +235,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has user auth configured for the userid", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"users": []string{"connector-id:user-id"}}, + "owner": {"users": []string{"connector-id:user-id"}}, }) }) It("calls generate with expected team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -252,14 +252,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has user auth configured for the username", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"users": []string{"connector-id:user-name"}}, + "owner": {"users": []string{"connector-id:user-name"}}, }) }) It("calls generate with expected team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -270,7 +270,7 @@ var _ = Describe("Token Issuer", func() { Context("when a team has different roles configured", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"users": []string{"connector-id:user-id"}}, + "owner": {"users": []string{"connector-id:user-id"}}, "member": {"users": []string{"connector-id:user-id"}}, "viewer": {"users": []string{"connector-id:user-id"}}, }) @@ -278,7 +278,7 @@ var _ = Describe("Token Issuer", func() { It("calls generate with expected team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) Expect(claims["teams"]).To(ContainElement("fake-team-1:member")) Expect(claims["teams"]).To(ContainElement("fake-team-1:viewer")) }) @@ -295,14 +295,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has group auth configured for an org", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"groups": []string{"connector-id:org-1"}}, + "owner": {"groups": []string{"connector-id:org-1"}}, }) }) It("calls generate with expect team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -312,14 +312,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has group auth configured for an org:team", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"groups": []string{"connector-id:org-1:team-1"}}, + "owner": {"groups": []string{"connector-id:org-1:team-1"}}, }) }) It("calls generate with expect team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -334,14 +334,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has group auth configured for an org", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"groups": []string{"connector-id:org-1"}}, + "owner": {"groups": []string{"connector-id:org-1"}}, }) }) It("calls generate with expect team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims() @@ -351,14 +351,14 @@ var _ = Describe("Token Issuer", func() { Context("when a team has group auth configured for an org:team", func() { BeforeEach(func() { fakeTeam1.AuthReturns(atc.TeamAuth{ - "admin": {"groups": []string{"connector-id:org-1:team-1"}}, + "owner": {"groups": []string{"connector-id:org-1:team-1"}}, }) }) It("calls generate with expect team claims", func() { claims := fakeGenerator.GenerateArgsForCall(0) - Expect(claims["teams"]).To(ContainElement("fake-team-1:admin")) - Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:admin")) + Expect(claims["teams"]).To(ContainElement("fake-team-1:owner")) + Expect(claims["teams"]).NotTo(ContainElement("fake-team-2:owner")) }) AssertTokenClaims()