Updates granular permission tests in team_integration_test.go

hashicorp · May 1, 2024 · 86d24e4 · 86d24e4
1 parent 121da84
commit 86d24e4
Showing 1 changed file with 39 additions and 15 deletions.
diff --git a/team_integration_test.go b/team_integration_test.go
@@ -483,7 +483,7 @@ func TestTeamsUpdateManageManageMembership(t *testing.T) {
 	assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess)
 }
 
-func TestTeamsUpdateManageOrganizationAccess(t *testing.T) {
+func TestTeamsUpdateManageTeams(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
@@ -495,30 +495,35 @@ func TestTeamsUpdateManageOrganizationAccess(t *testing.T) {
 
 	teamRead, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
-	assert.False(t, teamRead.OrganizationAccess.ManageOrganizationAccess, "manage organization access is false by default")
+	assert.False(t, teamRead.OrganizationAccess.ManageTeams, "manage teams is false by default")
 
 	originalTeamAccess := teamRead.OrganizationAccess
 
 	options := TeamUpdateOptions{
 		OrganizationAccess: &OrganizationAccessOptions{
-			ManageOrganizationAccess: Bool(true),
+			// **Note: ManageTeams requires ManageMembership.**
+			ManageMembership: Bool(true),
+			ManageTeams:      Bool(true),
 		},
 	}
 
 	tm, err := client.Teams.Update(ctx, tmTest.ID, options)
 	require.NoError(t, err)
-	assert.True(t, tm.OrganizationAccess.ManageOrganizationAccess)
+	assert.True(t, tm.OrganizationAccess.ManageMembership)
+	assert.True(t, tm.OrganizationAccess.ManageTeams)
 
 	refreshed, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
-	assert.True(t, refreshed.OrganizationAccess.ManageOrganizationAccess)
+	assert.True(t, refreshed.OrganizationAccess.ManageMembership)
+	assert.True(t, refreshed.OrganizationAccess.ManageTeams)
 
 	// Check that other org access fields are not updated
-	originalTeamAccess.ManageOrganizationAccess = true
+	originalTeamAccess.ManageMembership = true
+	originalTeamAccess.ManageTeams = true
 	assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess)
 }
 
-func TestTeamsUpdateAccessSecretTeams(t *testing.T) {
+func TestTeamsUpdateManageOrganizationAccess(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
@@ -530,30 +535,39 @@ func TestTeamsUpdateAccessSecretTeams(t *testing.T) {
 
 	teamRead, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
-	assert.False(t, teamRead.OrganizationAccess.AccessSecretTeams, "access secret teams is false by default")
+	assert.False(t, teamRead.OrganizationAccess.ManageOrganizationAccess, "manage organization access is false by default")
 
 	originalTeamAccess := teamRead.OrganizationAccess
 
 	options := TeamUpdateOptions{
 		OrganizationAccess: &OrganizationAccessOptions{
-			AccessSecretTeams: Bool(true),
+			// **Note: ManageOrganizationAccess requires ManageMembership and ManageTeams.**
+			ManageMembership:         Bool(true),
+			ManageTeams:              Bool(true),
+			ManageOrganizationAccess: Bool(true),
 		},
 	}
 
 	tm, err := client.Teams.Update(ctx, tmTest.ID, options)
 	require.NoError(t, err)
-	assert.True(t, tm.OrganizationAccess.AccessSecretTeams)
+	assert.True(t, tm.OrganizationAccess.ManageMembership)
+	assert.True(t, tm.OrganizationAccess.ManageTeams)
+	assert.True(t, tm.OrganizationAccess.ManageOrganizationAccess)
 
 	refreshed, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
-	assert.True(t, refreshed.OrganizationAccess.AccessSecretTeams)
+	assert.True(t, refreshed.OrganizationAccess.ManageMembership)
+	assert.True(t, refreshed.OrganizationAccess.ManageTeams)
+	assert.True(t, refreshed.OrganizationAccess.ManageOrganizationAccess)
 
 	// Check that other org access fields are not updated
-	originalTeamAccess.AccessSecretTeams = true
+	originalTeamAccess.ManageMembership = true
+	originalTeamAccess.ManageTeams = true
+	originalTeamAccess.ManageOrganizationAccess = true
 	assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess)
 }
 
-func TestTeamsUpdateManageTeams(t *testing.T) {
+func TestTeamsUpdateAccessSecretTeams(t *testing.T) {
 	client := testClient(t)
 	ctx := context.Background()
 
@@ -565,25 +579,35 @@ func TestTeamsUpdateManageTeams(t *testing.T) {
 
 	teamRead, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
-	assert.False(t, teamRead.OrganizationAccess.ManageTeams, "manage teams is false by default")
+	assert.False(t, teamRead.OrganizationAccess.AccessSecretTeams, "access secret teams is false by default")
 
 	originalTeamAccess := teamRead.OrganizationAccess
 
 	options := TeamUpdateOptions{
 		OrganizationAccess: &OrganizationAccessOptions{
-			ManageTeams: Bool(true),
+			// **Note: AccessSecretTeams requires at least one granular permission to be set
+			// for it to be set, and ManageTeams requires ManageMembership.**
+			ManageMembership:  Bool(true),
+			ManageTeams:       Bool(true),
+			AccessSecretTeams: Bool(true),
 		},
 	}
 
 	tm, err := client.Teams.Update(ctx, tmTest.ID, options)
 	require.NoError(t, err)
+	assert.True(t, tm.OrganizationAccess.ManageMembership)
 	assert.True(t, tm.OrganizationAccess.ManageTeams)
+	assert.True(t, tm.OrganizationAccess.AccessSecretTeams)
 
 	refreshed, err := client.Teams.Read(ctx, tmTest.ID)
 	require.NoError(t, err)
+	assert.True(t, refreshed.OrganizationAccess.ManageMembership)
 	assert.True(t, refreshed.OrganizationAccess.ManageTeams)
+	assert.True(t, refreshed.OrganizationAccess.AccessSecretTeams)
 
 	// Check that other org access fields are not updated
+	originalTeamAccess.ManageMembership = true
 	originalTeamAccess.ManageTeams = true
+	originalTeamAccess.AccessSecretTeams = true
 	assert.Equal(t, originalTeamAccess, refreshed.OrganizationAccess)
 }