test(cli): focused journey suite + cover new commands + tighten asserts

Replace the single bare-metal `integration.rs` test with focused modules driven by the shared `LazyLock<Fixture>` server. Each module owns one journey: * `auth.rs` — login (both bearer and username+password paths), logout (local file + server-side session invalidation), env-vars overriding the on-disk credentials file, role-label rendering. * `apps.rs` — create / ls / show / delete (with and without `--force`), invalid-slug rejection, conflict on duplicate slug. * `scripts.rs` — deploy (create + update), name override, version bumping, `ls` (with and without `--app`), delete. * `invoke.rs` — body sources (inline, `@file`, `@-`), header propagation, non-2xx exit semantics, top-level `pic invoke` alias. * `logs.rs` — emptiness, status labels, `--limit`, summary truncation. * `roles.rs` — Member RBAC: app-list filtering, viewer-vs-editor on deploy, member can hit the unguarded data plane, non-member 403 on logs. * `output.rs` — TSV column headers, stdout/stderr separation, RFC3339 shape, and the `--output json` invariants for apps / scripts / logs / whoami. * `api_keys.rs` — mint emits `raw_token` once, `ls` omits it, the minted token works as a real bearer, `rm` invalidates server-side. Bug-bug-fix-bug-fix: * The 5× retry loop in `ls_without_app_walks_every_accessible_app` was masking the abort-on-first-404 walk in the CLI. Now that the CLI uses a single server call, the retry is gone — the test runs one `pic scripts ls` and asserts. * Six `predicate::str::contains("HTTP 4")` assertions tightened to the specific status code: 422 for invalid-slug, 404 for unknown app/script/log id, 403 for role denials. Loose `HTTP 4` would have silently matched a regressed 401 from broken auth. * `tests/integration.rs` deleted — every step it covered is in one of the focused modules above. * Members module exposes `MEMBER_PASSWORD` so auth tests can drive the real username+password flow over stdin. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-29 23:34:03 +02:00
parent f147665157
commit c73e3c80c0
16 changed files with 1857 additions and 138 deletions
--- a/crates/picloud-cli/tests/output.rs
+++ b/crates/picloud-cli/tests/output.rs
@@ -0,0 +1,289 @@
+//! Output-shape invariants — the contracts downstream `jq`/`awk`
+//! pipelines depend on: column headers, stdout-vs-stderr separation,
+//! and RFC3339 timestamps.
+
+use serde_json::Value;
+
+use crate::common;
+use crate::common::cleanup::AppGuard;
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn apps_ls_header_columns() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+
+    let out = common::pic_as(&env)
+        .args(["apps", "ls"])
+        .output()
+        .expect("apps ls");
+    assert!(out.status.success());
+    let stdout = String::from_utf8(out.stdout).unwrap();
+    let header = stdout.lines().next().expect("header row");
+    assert_eq!(
+        common::cells(header),
+        vec!["slug", "name", "my_role", "created_at"]
+    );
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn scripts_ls_header_columns() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let slug = common::unique_slug("out-ls");
+    common::pic_as(&env)
+        .args(["apps", "create", &slug])
+        .assert()
+        .success();
+    let _guard = AppGuard::new(&env.url, &env.token, &slug);
+
+    let out = common::pic_as(&env)
+        .args(["scripts", "ls", "--app", &slug])
+        .output()
+        .expect("scripts ls");
+    assert!(out.status.success());
+    let stdout = String::from_utf8(out.stdout).unwrap();
+    let header = stdout.lines().next().expect("header row");
+    assert_eq!(
+        common::cells(header),
+        vec!["id", "app_slug", "name", "version", "updated_at"]
+    );
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn invoke_separates_stdout_and_stderr() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let (id, _guard) = common::deploy_fixture(&env, "out-inv", "hello.rhai");
+
+    let out = common::pic_as(&env)
+        .args(["scripts", "invoke", &id])
+        .output()
+        .expect("invoke");
+    assert!(out.status.success());
+
+    let stderr = String::from_utf8(out.stderr).unwrap();
+    assert!(
+        stderr.starts_with("<- HTTP 200"),
+        "stderr should announce HTTP status: {stderr:?}"
+    );
+
+    let parsed: Value = serde_json::from_slice(&out.stdout)
+        .expect("stdout should be JSON only, with no status prefix");
+    assert_eq!(parsed["ok"], true, "body: {parsed}");
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn error_goes_to_stderr_not_stdout() {
+    let Some(_fx) = common::fixture_or_skip() else {
+        return;
+    };
+    // Use a pristine env (no credentials file) so `whoami` is guaranteed
+    // to fail at the `config::load` step — `admin_env` would pre-seed
+    // creds and the command would succeed.
+    let env = common::TestEnv {
+        url: String::new(),
+        token: String::new(),
+        config_dir: tempfile::TempDir::new().unwrap(),
+        home: tempfile::TempDir::new().unwrap(),
+    };
+
+    let out = common::pic_no_env(&env)
+        .args(["whoami"])
+        .output()
+        .expect("whoami");
+    assert!(!out.status.success(), "expected failure, got: {out:?}");
+    assert!(
+        out.stdout.is_empty(),
+        "stdout should be empty on error, got: {:?}",
+        String::from_utf8_lossy(&out.stdout),
+    );
+    let stderr = String::from_utf8(out.stderr).unwrap();
+    assert!(
+        stderr.contains("error:"),
+        "stderr should be prefixed with `error:`: {stderr}"
+    );
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn apps_ls_created_at_is_rfc3339() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let slug = common::unique_slug("out-date");
+    common::pic_as(&env)
+        .args(["apps", "create", &slug])
+        .assert()
+        .success();
+    let _guard = AppGuard::new(&env.url, &env.token, &slug);
+
+    let out = common::pic_as(&env)
+        .args(["apps", "ls"])
+        .output()
+        .expect("apps ls");
+    let stdout = String::from_utf8(out.stdout).unwrap();
+    let row = stdout
+        .lines()
+        .map(common::cells)
+        .find(|c| c.first().copied() == Some(slug.as_str()))
+        .unwrap_or_else(|| panic!("slug {slug} missing in: {stdout}"));
+    let created_at = row.get(3).expect("created_at cell");
+
+    // Accept the RFC3339 shape without pulling in chrono — `YYYY-MM-DDTHH:MM:SS`
+    // with optional fraction + timezone is enough of a contract for the test.
+    assert!(
+        created_at.len() >= 20
+            && created_at.as_bytes()[4] == b'-'
+            && created_at.as_bytes()[7] == b'-'
+            && created_at.as_bytes()[10] == b'T'
+            && created_at.as_bytes()[13] == b':'
+            && created_at.as_bytes()[16] == b':',
+        "created_at not RFC3339-shaped: {created_at}"
+    );
+}
+
+/// `--output json` is the global pipeline-friendly format. Validates
+/// `apps ls` returns a real JSON array (not a TSV-with-quotes hack).
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn apps_ls_json_output_is_valid_array() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let slug = common::unique_slug("out-json-apps");
+    common::pic_as(&env)
+        .args(["apps", "create", &slug])
+        .assert()
+        .success();
+    let _guard = AppGuard::new(&env.url, &env.token, &slug);
+
+    let out = common::pic_as(&env)
+        .args(["--output", "json", "apps", "ls"])
+        .output()
+        .expect("apps ls --output json");
+    assert!(out.status.success(), "apps ls failed: {out:?}");
+    let v: Value = serde_json::from_slice(&out.stdout).expect("stdout should be JSON");
+    let arr = v.as_array().expect("apps ls JSON should be an array");
+    assert!(
+        arr.iter()
+            .any(|row| row.get("slug").and_then(Value::as_str) == Some(slug.as_str())),
+        "json should include created slug: {v}"
+    );
+    // The header row must NOT bleed into JSON output — the rendered
+    // objects use header *keys*, not data cells.
+    assert!(
+        arr.iter().all(|row| row.get("slug").is_some()),
+        "every row should have a `slug` key: {v}"
+    );
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn scripts_ls_json_output_has_app_slug() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let slug = common::unique_slug("out-json-scr");
+    common::pic_as(&env)
+        .args(["apps", "create", &slug])
+        .assert()
+        .success();
+    let _guard = AppGuard::new(&env.url, &env.token, &slug);
+    let fixture = common::fixture_path("hello.rhai");
+    common::pic_as(&env)
+        .args([
+            "scripts",
+            "deploy",
+            fixture.to_str().unwrap(),
+            "--app",
+            &slug,
+        ])
+        .assert()
+        .success();
+
+    let out = common::pic_as(&env)
+        .args(["--output", "json", "scripts", "ls", "--app", &slug])
+        .output()
+        .expect("scripts ls --output json");
+    assert!(out.status.success());
+    let v: Value = serde_json::from_slice(&out.stdout).expect("stdout JSON");
+    let arr = v.as_array().expect("array");
+    let row = arr
+        .iter()
+        .find(|r| r.get("name").and_then(Value::as_str) == Some("hello"))
+        .expect("hello row");
+    assert_eq!(row["app_slug"].as_str(), Some(slug.as_str()));
+}
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn logs_json_output_is_array_of_objects() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+    let (id, _guard) = common::deploy_fixture(&env, "out-json-log", "hello.rhai");
+    common::pic_as(&env)
+        .args(["scripts", "invoke", &id])
+        .assert()
+        .success();
+
+    let out = common::pic_as(&env)
+        .args(["--output", "json", "logs", &id])
+        .output()
+        .expect("logs --output json");
+    assert!(out.status.success());
+    let v: Value = serde_json::from_slice(&out.stdout).expect("stdout JSON");
+    let arr = v.as_array().expect("array");
+    assert!(!arr.is_empty(), "expected at least one log");
+    // Schema: each row carries the raw `ExecutionLog`, not the
+    // truncated summary the TSV form uses.
+    assert!(
+        arr[0].get("status").is_some(),
+        "log row missing status: {arr:?}"
+    );
+}
+
+/// TSV `whoami` used to be a single tab-separated line with no labels;
+/// downstream tools couldn't tell which column was the role. Now it's
+/// a key/value block with stable labels.
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[test]
+fn whoami_tsv_has_labeled_rows() {
+    let Some(fx) = common::fixture_or_skip() else {
+        return;
+    };
+    let env = common::admin_env(fx);
+
+    let out = common::pic_as(&env)
+        .args(["whoami"])
+        .output()
+        .expect("whoami");
+    assert!(out.status.success());
+    let stdout = String::from_utf8(out.stdout).unwrap();
+    let labels: Vec<&str> = stdout
+        .lines()
+        .filter_map(|l| l.split('\t').next())
+        .map(str::trim)
+        .collect();
+    assert!(
+        labels.contains(&"username"),
+        "missing username row: {stdout}"
+    );
+    assert!(labels.contains(&"role"), "missing role row: {stdout}");
+    assert!(labels.contains(&"email"), "missing email row: {stdout}");
+    assert!(labels.contains(&"url"), "missing url row: {stdout}");
+}