github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/ui/tests/unit/abilities/allocation-test.js (about) 1 /* eslint-disable ember/avoid-leaking-state-in-ember-objects */ 2 import { module, test } from 'qunit'; 3 import { setupTest } from 'ember-qunit'; 4 import Service from '@ember/service'; 5 import setupAbility from 'nomad-ui/tests/helpers/setup-ability'; 6 7 module('Unit | Ability | allocation', function(hooks) { 8 setupTest(hooks); 9 setupAbility('allocation')(hooks); 10 11 test('it permits alloc exec when ACLs are disabled', function(assert) { 12 const mockToken = Service.extend({ 13 aclEnabled: false, 14 }); 15 16 this.owner.register('service:token', mockToken); 17 18 assert.ok(this.ability.canExec); 19 }); 20 21 test('it permits alloc exec for management tokens', function(assert) { 22 const mockToken = Service.extend({ 23 aclEnabled: true, 24 selfToken: { type: 'management' }, 25 }); 26 27 this.owner.register('service:token', mockToken); 28 29 assert.ok(this.ability.canExec); 30 }); 31 32 test('it permits alloc exec for client tokens with a policy that has namespace alloc-exec', function(assert) { 33 const mockSystem = Service.extend({ 34 aclEnabled: true, 35 activeNamespace: { 36 name: 'aNamespace', 37 }, 38 }); 39 40 const mockToken = Service.extend({ 41 aclEnabled: true, 42 selfToken: { type: 'client' }, 43 selfTokenPolicies: [ 44 { 45 rulesJSON: { 46 Namespaces: [ 47 { 48 Name: 'aNamespace', 49 Capabilities: ['alloc-exec'], 50 }, 51 ], 52 }, 53 }, 54 ], 55 }); 56 57 this.owner.register('service:system', mockSystem); 58 this.owner.register('service:token', mockToken); 59 60 assert.ok(this.ability.canExec); 61 }); 62 63 test('it permits alloc exec for client tokens with a policy that has default namespace alloc-exec and no capabilities for active namespace', function(assert) { 64 const mockSystem = Service.extend({ 65 aclEnabled: true, 66 activeNamespace: { 67 name: 'anotherNamespace', 68 }, 69 }); 70 71 const mockToken = Service.extend({ 72 aclEnabled: true, 73 selfToken: { type: 'client' }, 74 selfTokenPolicies: [ 75 { 76 rulesJSON: { 77 Namespaces: [ 78 { 79 Name: 'aNamespace', 80 Capabilities: [], 81 }, 82 { 83 Name: 'default', 84 Capabilities: ['alloc-exec'], 85 }, 86 ], 87 }, 88 }, 89 ], 90 }); 91 92 this.owner.register('service:system', mockSystem); 93 this.owner.register('service:token', mockToken); 94 95 assert.ok(this.ability.canExec); 96 }); 97 98 test('it blocks alloc exec for client tokens with a policy that has no alloc-exec capability', function(assert) { 99 const mockSystem = Service.extend({ 100 aclEnabled: true, 101 activeNamespace: { 102 name: 'aNamespace', 103 }, 104 }); 105 106 const mockToken = Service.extend({ 107 aclEnabled: true, 108 selfToken: { type: 'client' }, 109 selfTokenPolicies: [ 110 { 111 rulesJSON: { 112 Namespaces: [ 113 { 114 Name: 'aNamespace', 115 Capabilities: ['list-jobs'], 116 }, 117 ], 118 }, 119 }, 120 ], 121 }); 122 123 this.owner.register('service:system', mockSystem); 124 this.owner.register('service:token', mockToken); 125 126 assert.notOk(this.ability.canExec); 127 }); 128 129 test('it handles globs in namespace names', function(assert) { 130 const mockSystem = Service.extend({ 131 aclEnabled: true, 132 activeNamespace: { 133 name: 'aNamespace', 134 }, 135 }); 136 137 const mockToken = Service.extend({ 138 aclEnabled: true, 139 selfToken: { type: 'client' }, 140 selfTokenPolicies: [ 141 { 142 rulesJSON: { 143 Namespaces: [ 144 { 145 Name: 'production-*', 146 Capabilities: ['alloc-exec'], 147 }, 148 { 149 Name: 'production-api', 150 Capabilities: ['alloc-exec'], 151 }, 152 { 153 Name: 'production-web', 154 Capabilities: [], 155 }, 156 { 157 Name: '*-suffixed', 158 Capabilities: ['alloc-exec'], 159 }, 160 { 161 Name: '*-more-suffixed', 162 Capabilities: [], 163 }, 164 { 165 Name: '*-abc-*', 166 Capabilities: ['alloc-exec'], 167 }, 168 ], 169 }, 170 }, 171 ], 172 }); 173 174 this.owner.register('service:system', mockSystem); 175 this.owner.register('service:token', mockToken); 176 177 const systemService = this.owner.lookup('service:system'); 178 179 systemService.set('activeNamespace.name', 'production-web'); 180 assert.notOk(this.ability.canExec); 181 182 systemService.set('activeNamespace.name', 'production-api'); 183 assert.ok(this.ability.canExec); 184 185 systemService.set('activeNamespace.name', 'production-other'); 186 assert.ok(this.ability.canExec); 187 188 systemService.set('activeNamespace.name', 'something-suffixed'); 189 assert.ok(this.ability.canExec); 190 191 systemService.set('activeNamespace.name', 'something-more-suffixed'); 192 assert.notOk( 193 this.ability.canExec, 194 'expected the namespace with the greatest number of matched characters to be chosen' 195 ); 196 197 systemService.set('activeNamespace.name', '000-abc-999'); 198 assert.ok(this.ability.canExec, 'expected to be able to match against more than one wildcard'); 199 }); 200 });