2 files changed, 75 insertions, 0 deletions

diff --git a/src/garage/tests/admin.rs b/src/garage/tests/admin.rs
new file mode 100644
index 00000000..37aefe38
--- /dev/null
+++ b/src/garage/tests/admin.rs
@@ -0,0 +1,74 @@
+use crate::common;
+use crate::common::ext::*;
+
+const BCKT_NAME: &str = "seau";
+
+#[tokio::test]
+async fn test_admin_bucket_perms() {
+	let ctx = common::context();
+
+	let hb = || ctx.client.head_bucket().bucket(BCKT_NAME).send();
+
+	assert!(hb().await.is_err());
+
+	ctx.garage
+		.command()
+		.args(["bucket", "create", BCKT_NAME])
+		.quiet()
+		.expect_success_status("Could not create bucket");
+
+	assert!(hb().await.is_err());
+
+	ctx.garage
+		.command()
+		.args([
+			"bucket",
+			"allow",
+			"--read",
+			"--key",
+			&ctx.garage.key.id,
+			BCKT_NAME,
+		])
+		.quiet()
+		.expect_success_status("Could not create bucket");
+
+	assert!(hb().await.is_ok());
+
+	ctx.garage
+		.command()
+		.args([
+			"bucket",
+			"deny",
+			"--read",
+			"--key",
+			&ctx.garage.key.name,
+			BCKT_NAME,
+		])
+		.quiet()
+		.expect_success_status("Could not create bucket");
+
+	assert!(hb().await.is_err());
+
+	ctx.garage
+		.command()
+		.args([
+			"bucket",
+			"allow",
+			"--read",
+			"--key",
+			&ctx.garage.key.name,
+			BCKT_NAME,
+		])
+		.quiet()
+		.expect_success_status("Could not create bucket");
+
+	assert!(hb().await.is_ok());
+
+	ctx.garage
+		.command()
+		.args(["bucket", "delete", "--yes", BCKT_NAME])
+		.quiet()
+		.expect_success_status("Could not delete bucket");
+
+	assert!(hb().await.is_err());
+}
diff --git a/src/garage/tests/lib.rs b/src/garage/tests/lib.rs
index ba614cf8..9d7e4322 100644
--- a/src/garage/tests/lib.rs
+++ b/src/garage/tests/lib.rs
@@ -1,6 +1,7 @@
 #[macro_use]
 mod common;
 
+mod admin;
 mod bucket;
 mod list;
 mod multipart;