github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/ui/tests/unit/abilities/allocation-test.js

github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/ui/tests/unit/abilities/allocation-test.js (about)

     1  /* eslint-disable ember/avoid-leaking-state-in-ember-objects */
     2  import { module, test } from 'qunit';
     3  import { setupTest } from 'ember-qunit';
     4  import Service from '@ember/service';
     5  import setupAbility from 'nomad-ui/tests/helpers/setup-ability';
     6  
     7  module('Unit | Ability | allocation', function(hooks) {
     8    setupTest(hooks);
     9    setupAbility('allocation')(hooks);
    10  
    11    test('it permits alloc exec when ACLs are disabled', function(assert) {
    12      const mockToken = Service.extend({
    13        aclEnabled: false,
    14      });
    15  
    16      this.owner.register('service:token', mockToken);
    17  
    18      assert.ok(this.ability.canExec);
    19    });
    20  
    21    test('it permits alloc exec for management tokens', function(assert) {
    22      const mockToken = Service.extend({
    23        aclEnabled: true,
    24        selfToken: { type: 'management' },
    25      });
    26  
    27      this.owner.register('service:token', mockToken);
    28  
    29      assert.ok(this.ability.canExec);
    30    });
    31  
    32    test('it permits alloc exec for client tokens with a policy that has namespace alloc-exec', function(assert) {
    33      const mockSystem = Service.extend({
    34        aclEnabled: true,
    35        activeNamespace: {
    36          name: 'aNamespace',
    37        },
    38      });
    39  
    40      const mockToken = Service.extend({
    41        aclEnabled: true,
    42        selfToken: { type: 'client' },
    43        selfTokenPolicies: [
    44          {
    45            rulesJSON: {
    46              Namespaces: [
    47                {
    48                  Name: 'aNamespace',
    49                  Capabilities: ['alloc-exec'],
    50                },
    51              ],
    52            },
    53          },
    54        ],
    55      });
    56  
    57      this.owner.register('service:system', mockSystem);
    58      this.owner.register('service:token', mockToken);
    59  
    60      assert.ok(this.ability.canExec);
    61    });
    62  
    63    test('it permits alloc exec for client tokens with a policy that has default namespace alloc-exec and no capabilities for active namespace', function(assert) {
    64      const mockSystem = Service.extend({
    65        aclEnabled: true,
    66        activeNamespace: {
    67          name: 'anotherNamespace',
    68        },
    69      });
    70  
    71      const mockToken = Service.extend({
    72        aclEnabled: true,
    73        selfToken: { type: 'client' },
    74        selfTokenPolicies: [
    75          {
    76            rulesJSON: {
    77              Namespaces: [
    78                {
    79                  Name: 'aNamespace',
    80                  Capabilities: [],
    81                },
    82                {
    83                  Name: 'default',
    84                  Capabilities: ['alloc-exec'],
    85                },
    86              ],
    87            },
    88          },
    89        ],
    90      });
    91  
    92      this.owner.register('service:system', mockSystem);
    93      this.owner.register('service:token', mockToken);
    94  
    95      assert.ok(this.ability.canExec);
    96    });
    97  
    98    test('it blocks alloc exec for client tokens with a policy that has no alloc-exec capability', function(assert) {
    99      const mockSystem = Service.extend({
   100        aclEnabled: true,
   101        activeNamespace: {
   102          name: 'aNamespace',
   103        },
   104      });
   105  
   106      const mockToken = Service.extend({
   107        aclEnabled: true,
   108        selfToken: { type: 'client' },
   109        selfTokenPolicies: [
   110          {
   111            rulesJSON: {
   112              Namespaces: [
   113                {
   114                  Name: 'aNamespace',
   115                  Capabilities: ['list-jobs'],
   116                },
   117              ],
   118            },
   119          },
   120        ],
   121      });
   122  
   123      this.owner.register('service:system', mockSystem);
   124      this.owner.register('service:token', mockToken);
   125  
   126      assert.notOk(this.ability.canExec);
   127    });
   128  
   129    test('it handles globs in namespace names', function(assert) {
   130      const mockSystem = Service.extend({
   131        aclEnabled: true,
   132        activeNamespace: {
   133          name: 'aNamespace',
   134        },
   135      });
   136  
   137      const mockToken = Service.extend({
   138        aclEnabled: true,
   139        selfToken: { type: 'client' },
   140        selfTokenPolicies: [
   141          {
   142            rulesJSON: {
   143              Namespaces: [
   144                {
   145                  Name: 'production-*',
   146                  Capabilities: ['alloc-exec'],
   147                },
   148                {
   149                  Name: 'production-api',
   150                  Capabilities: ['alloc-exec'],
   151                },
   152                {
   153                  Name: 'production-web',
   154                  Capabilities: [],
   155                },
   156                {
   157                  Name: '*-suffixed',
   158                  Capabilities: ['alloc-exec'],
   159                },
   160                {
   161                  Name: '*-more-suffixed',
   162                  Capabilities: [],
   163                },
   164                {
   165                  Name: '*-abc-*',
   166                  Capabilities: ['alloc-exec'],
   167                },
   168              ],
   169            },
   170          },
   171        ],
   172      });
   173  
   174      this.owner.register('service:system', mockSystem);
   175      this.owner.register('service:token', mockToken);
   176  
   177      const systemService = this.owner.lookup('service:system');
   178  
   179      systemService.set('activeNamespace.name', 'production-web');
   180      assert.notOk(this.ability.canExec);
   181  
   182      systemService.set('activeNamespace.name', 'production-api');
   183      assert.ok(this.ability.canExec);
   184  
   185      systemService.set('activeNamespace.name', 'production-other');
   186      assert.ok(this.ability.canExec);
   187  
   188      systemService.set('activeNamespace.name', 'something-suffixed');
   189      assert.ok(this.ability.canExec);
   190  
   191      systemService.set('activeNamespace.name', 'something-more-suffixed');
   192      assert.notOk(
   193        this.ability.canExec,
   194        'expected the namespace with the greatest number of matched characters to be chosen'
   195      );
   196  
   197      systemService.set('activeNamespace.name', '000-abc-999');
   198      assert.ok(this.ability.canExec, 'expected to be able to match against more than one wildcard');
   199    });
   200  });