Add authctl user set-shell command

cmd/authctl/group/group_test.go

@@ -32,6 +32,7 @@ func TestGroupCommand(t *testing.T) {
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, append([]string{"group"}, tc.args...)...)
+			cmd.Env = []string{testutils.CoverDirEnv()}
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

cmd/authctl/group/set-gid_test.go

@@ -2,12 +2,12 @@ package group_test
 
 import (
 	"math"
-	"os"
 	"os/exec"
 	"path/filepath"
 	"strconv"
 	"testing"
 
+	"github.com/canonical/authd/internal/envutils"
 	"github.com/canonical/authd/internal/testutils"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -26,8 +26,10 @@ func TestSetGIDCommand(t *testing.T) {
 		testutils.WithCurrentUserAsRoot,
 	)
 
-	err := os.Setenv("AUTHD_SOCKET", daemonSocket)
-	require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+	authctlEnv := []string{
+		"AUTHD_SOCKET=" + daemonSocket,
+		testutils.CoverDirEnv(),
+	}
 
 	tests := map[string]struct {
 		args             []string
@@ -69,18 +71,17 @@ func TestSetGIDCommand(t *testing.T) {
 
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
+			// Copy authctlEnv to avoid modifying the original slice.
+			authctlEnv := append([]string{}, authctlEnv...)
 			if tc.authdUnavailable {
-				origValue := os.Getenv("AUTHD_SOCKET")
-				err := os.Setenv("AUTHD_SOCKET", "/non-existent")
+				var err error
+				authctlEnv, err = envutils.Setenv(authctlEnv, "AUTHD_SOCKET", "/non-existent")
 				require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
-				t.Cleanup(func() {
-					err := os.Setenv("AUTHD_SOCKET", origValue)
-					require.NoError(t, err, "Failed to restore AUTHD_SOCKET environment variable")
-				})
 			}
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, append([]string{"group"}, tc.args...)...)
+			cmd.Env = authctlEnv
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

cmd/authctl/internal/client/client.go

@@ -27,7 +27,7 @@ func NewUserServiceClient() (authd.UserServiceClient, error) {
 
 	conn, err := grpc.NewClient(authdSocket, grpc.WithTransportCredentials(insecure.NewCredentials()))
 	if err != nil {
-		return nil, fmt.Errorf("failed to connect to authd: %w", err)
+		return nil, fmt.Errorf("failed to create gRPC client: %w", err)
 	}
 
 	client := authd.NewUserServiceClient(conn)

cmd/authctl/main_test.go

@@ -33,6 +33,7 @@ func TestRootCommand(t *testing.T) {
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, tc.args...)
+			cmd.Env = []string{testutils.CoverDirEnv()}
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

cmd/authctl/user/lock_test.go

@@ -1,13 +1,11 @@
 package user_test
 
 import (
-	"os"
 	"os/exec"
 	"path/filepath"
 	"testing"
 
 	"github.com/canonical/authd/internal/testutils"
-	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
 )
 
@@ -20,8 +18,10 @@ func TestUserLockCommand(t *testing.T) {
 		testutils.WithCurrentUserAsRoot,
 	)
 
-	err := os.Setenv("AUTHD_SOCKET", daemonSocket)
-	require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+	authctlEnv := []string{
+		"AUTHD_SOCKET=" + daemonSocket,
+		testutils.CoverDirEnv(),
+	}
 
 	tests := map[string]struct {
 		args             []string
@@ -38,6 +38,7 @@ func TestUserLockCommand(t *testing.T) {
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, append([]string{"user"}, tc.args...)...)
+			cmd.Env = authctlEnv
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

cmd/authctl/user/set-shell.go

@@ -0,0 +1,52 @@
+package user
+
+import (
+	"context"
+
+	"github.com/canonical/authd/cmd/authctl/internal/client"
+	"github.com/canonical/authd/cmd/authctl/internal/completion"
+	"github.com/canonical/authd/cmd/authctl/internal/log"
+	"github.com/canonical/authd/internal/proto/authd"
+	"github.com/spf13/cobra"
+)
+
+var setShellCmd = &cobra.Command{
+	Use:               "set-shell <name> <shell>",
+	Short:             "Set the login shell for a user",
+	Args:              cobra.ExactArgs(2),
+	ValidArgsFunction: setShellCompletionFunc,
+	RunE:              runSetShell,
+}
+
+func runSetShell(cmd *cobra.Command, args []string) error {
+	name := args[0]
+	shell := args[1]
+
+	svc, err := client.NewUserServiceClient()
+	if err != nil {
+		return err
+	}
+
+	resp, err := svc.SetShell(context.Background(), &authd.SetShellRequest{
+		Name:  name,
+		Shell: shell,
+	})
+	if resp == nil {
+		return err
+	}
+
+	// Print any warnings returned by the server.
+	for _, warning := range resp.Warnings {
+		log.Warning(warning)
+	}
+
+	return err
+}
+
+func setShellCompletionFunc(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+	if len(args) == 0 {
+		return completion.Users(cmd, args, toComplete)
+	}
+
+	return nil, cobra.ShellCompDirectiveNoFileComp
+}

cmd/authctl/user/set-shell_test.go

@@ -0,0 +1,49 @@
+package user_test
+
+import (
+	"os/exec"
+	"path/filepath"
+	"testing"
+
+	"github.com/canonical/authd/internal/testutils"
+	"google.golang.org/grpc/codes"
+)
+
+func TestSetShellCommand(t *testing.T) {
+	t.Parallel()
+
+	daemonSocket := testutils.StartAuthd(t, daemonPath,
+		testutils.WithGroupFile(filepath.Join("testdata", "empty.group")),
+		testutils.WithPreviousDBState("one_user_and_group"),
+		testutils.WithCurrentUserAsRoot,
+	)
+
+	authctlEnv := []string{
+		"AUTHD_SOCKET=" + daemonSocket,
+		testutils.CoverDirEnv(),
+	}
+
+	tests := map[string]struct {
+		args []string
+
+		expectedExitCode int
+	}{
+		"Set_shell_success": {args: []string{"set-shell", "user1", "/bin/bash"}, expectedExitCode: 0},
+
+		"Error_when_user_does_not_exist": {
+			args:             []string{"set-shell", "invaliduser", "/bin/bash"},
+			expectedExitCode: int(codes.NotFound),
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
+			cmd := exec.Command(authctlPath, append([]string{"user"}, tc.args...)...)
+			cmd.Env = authctlEnv
+			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
+		})
+	}
+}

cmd/authctl/user/set-uid_test.go

@@ -2,12 +2,12 @@ package user_test
 
 import (
 	"math"
-	"os"
 	"os/exec"
 	"path/filepath"
 	"strconv"
 	"testing"
 
+	"github.com/canonical/authd/internal/envutils"
 	"github.com/canonical/authd/internal/testutils"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc/codes"
@@ -19,15 +19,16 @@ func TestSetUIDCommand(t *testing.T) {
 	// which makes userslocking.WriteLock() return an error immediately when the lock
 	// is already held - unlike the normal behavior which tries to acquire the lock
 	// for 15 seconds before returning an error.
-
 	daemonSocket := testutils.StartAuthd(t, daemonPath,
 		testutils.WithGroupFile(filepath.Join("testdata", "empty.group")),
 		testutils.WithPreviousDBState("one_user_and_group"),
 		testutils.WithCurrentUserAsRoot,
 	)
 
-	err := os.Setenv("AUTHD_SOCKET", daemonSocket)
-	require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
+	authctlEnv := []string{
+		"AUTHD_SOCKET=" + daemonSocket,
+		testutils.CoverDirEnv(),
+	}
 
 	tests := map[string]struct {
 		args             []string
@@ -69,18 +70,17 @@ func TestSetUIDCommand(t *testing.T) {
 
 	for name, tc := range tests {
 		t.Run(name, func(t *testing.T) {
+			// Copy authctlEnv to avoid modifying the original slice.
+			authctlEnv := append([]string{}, authctlEnv...)
 			if tc.authdUnavailable {
-				origValue := os.Getenv("AUTHD_SOCKET")
-				err := os.Setenv("AUTHD_SOCKET", "/non-existent")
+				var err error
+				authctlEnv, err = envutils.Setenv(authctlEnv, "AUTHD_SOCKET", "/non-existent")
 				require.NoError(t, err, "Failed to set AUTHD_SOCKET environment variable")
-				t.Cleanup(func() {
-					err := os.Setenv("AUTHD_SOCKET", origValue)
-					require.NoError(t, err, "Failed to restore AUTHD_SOCKET environment variable")
-				})
 			}
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, append([]string{"user"}, tc.args...)...)
+			cmd.Env = authctlEnv
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

cmd/authctl/user/testdata/golden/TestSetShellCommand/Error_when_user_does_not_exist

@@ -0,0 +1 @@
+Error: user "invaliduser" not found

cmd/authctl/user/testdata/golden/TestUserCommand/Error_on_invalid_command

@@ -6,6 +6,7 @@ Available Commands:
   lock        Lock (disable) a user managed by authd
   unlock      Unlock (enable) a user managed by authd
   set-uid     Set the UID of a user managed by authd
+  set-shell   Set the login shell for a user
 
 Flags:
   -h, --help   help for user

cmd/authctl/user/testdata/golden/TestUserCommand/Error_on_invalid_flag

@@ -6,6 +6,7 @@ Available Commands:
   lock        Lock (disable) a user managed by authd
   unlock      Unlock (enable) a user managed by authd
   set-uid     Set the UID of a user managed by authd
+  set-shell   Set the login shell for a user
 
 Flags:
   -h, --help   help for user

cmd/authctl/user/testdata/golden/TestUserCommand/Help_flag

@@ -8,6 +8,7 @@ Available Commands:
   lock        Lock (disable) a user managed by authd
   unlock      Unlock (enable) a user managed by authd
   set-uid     Set the UID of a user managed by authd
+  set-shell   Set the login shell for a user
 
 Flags:
   -h, --help   help for user

cmd/authctl/user/testdata/golden/TestUserCommand/Usage_message_when_no_args

@@ -6,6 +6,7 @@ Available Commands:
   lock        Lock (disable) a user managed by authd
   unlock      Unlock (enable) a user managed by authd
   set-uid     Set the UID of a user managed by authd
+  set-shell   Set the login shell for a user
 
 Flags:
   -h, --help   help for user

cmd/authctl/user/user.go

@@ -17,4 +17,5 @@ func init() {
 	UserCmd.AddCommand(lockCmd)
 	UserCmd.AddCommand(unlockCmd)
 	UserCmd.AddCommand(setUIDCmd)
+	UserCmd.AddCommand(setShellCmd)
 }

cmd/authctl/user/user_test.go

@@ -32,6 +32,7 @@ func TestUserCommand(t *testing.T) {
 
 			//nolint:gosec // G204 it's safe to use exec.Command with a variable here
 			cmd := exec.Command(authctlPath, append([]string{"user"}, tc.args...)...)
+			cmd.Env = []string{testutils.CoverDirEnv()}
 			testutils.CheckCommand(t, cmd, tc.expectedExitCode)
 		})
 	}

docs/reference/cli/authctl_user.md

@@ -16,6 +16,7 @@ authctl user [flags]
 
 * [authctl](authctl.md)	 - CLI tool to interact with authd
 * [authctl user lock](authctl_user_lock.md)	 - Lock (disable) a user managed by authd
+* [authctl user set-shell](authctl_user_set-shell.md)	 - Set the login shell for a user
 * [authctl user set-uid](authctl_user_set-uid.md)	 - Set the UID of a user managed by authd
 * [authctl user unlock](authctl_user_unlock.md)	 - Unlock (enable) a user managed by authd
 

docs/reference/cli/authctl_user_set-shell.md

@@ -0,0 +1,18 @@
+## authctl user set-shell
+
+Set the login shell for a user
+
+```
+authctl user set-shell <name> <shell> [flags]
+```
+
+### Options
+
+```
+  -h, --help   help for set-shell
+```
+
+### SEE ALSO
+
+* [authctl user](authctl_user.md)	 - Commands related to users
+

docs/reference/cli/index.md

@@ -21,6 +21,7 @@ authctl_user
 authctl_user_lock
 authctl_user_unlock
 authctl_user_set-uid
+authctl_user_set-shell
 ```
 
 ```{toctree}