github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/ui/tests/unit/abilities/job-test.js (about) 1 /* eslint-disable ember/avoid-leaking-state-in-ember-objects */ 2 import { module, test } from 'qunit'; 3 import { setupTest } from 'ember-qunit'; 4 import Service from '@ember/service'; 5 import setupAbility from 'nomad-ui/tests/helpers/setup-ability'; 6 7 module('Unit | Ability | job', function(hooks) { 8 setupTest(hooks); 9 setupAbility('job')(hooks); 10 11 test('it permits job run when ACLs are disabled', function(assert) { 12 const mockToken = Service.extend({ 13 aclEnabled: false, 14 }); 15 16 this.owner.register('service:token', mockToken); 17 18 assert.ok(this.ability.canRun); 19 }); 20 21 test('it permits job run for management tokens', function(assert) { 22 const mockToken = Service.extend({ 23 aclEnabled: true, 24 selfToken: { type: 'management' }, 25 }); 26 27 this.owner.register('service:token', mockToken); 28 29 assert.ok(this.ability.canRun); 30 }); 31 32 test('it permits job run for client tokens with a policy that has namespace submit-job', function(assert) { 33 const mockSystem = Service.extend({ 34 aclEnabled: true, 35 activeNamespace: { 36 name: 'aNamespace', 37 }, 38 }); 39 40 const mockToken = Service.extend({ 41 aclEnabled: true, 42 selfToken: { type: 'client' }, 43 selfTokenPolicies: [ 44 { 45 rulesJSON: { 46 Namespaces: [ 47 { 48 Name: 'aNamespace', 49 Capabilities: ['submit-job'], 50 }, 51 ], 52 }, 53 }, 54 ], 55 }); 56 57 this.owner.register('service:system', mockSystem); 58 this.owner.register('service:token', mockToken); 59 60 assert.ok(this.ability.canRun); 61 }); 62 63 test('it permits job run for client tokens with a policy that has default namespace submit-job and no capabilities for active namespace', function(assert) { 64 const mockSystem = Service.extend({ 65 aclEnabled: true, 66 activeNamespace: { 67 name: 'anotherNamespace', 68 }, 69 }); 70 71 const mockToken = Service.extend({ 72 aclEnabled: true, 73 selfToken: { type: 'client' }, 74 selfTokenPolicies: [ 75 { 76 rulesJSON: { 77 Namespaces: [ 78 { 79 Name: 'aNamespace', 80 Capabilities: [], 81 }, 82 { 83 Name: 'default', 84 Capabilities: ['submit-job'], 85 }, 86 ], 87 }, 88 }, 89 ], 90 }); 91 92 this.owner.register('service:system', mockSystem); 93 this.owner.register('service:token', mockToken); 94 95 assert.ok(this.ability.canRun); 96 }); 97 98 test('it blocks job run for client tokens with a policy that has no submit-job capability', function(assert) { 99 const mockSystem = Service.extend({ 100 aclEnabled: true, 101 activeNamespace: { 102 name: 'aNamespace', 103 }, 104 }); 105 106 const mockToken = Service.extend({ 107 aclEnabled: true, 108 selfToken: { type: 'client' }, 109 selfTokenPolicies: [ 110 { 111 rulesJSON: { 112 Namespaces: [ 113 { 114 Name: 'aNamespace', 115 Capabilities: ['list-jobs'], 116 }, 117 ], 118 }, 119 }, 120 ], 121 }); 122 123 this.owner.register('service:system', mockSystem); 124 this.owner.register('service:token', mockToken); 125 126 assert.notOk(this.ability.canRun); 127 }); 128 129 test('job scale requires a client token with the submit-job or scale-job capability', function(assert) { 130 const makePolicies = (namespace, ...capabilities) => [ 131 { 132 rulesJSON: { 133 Namespaces: [ 134 { 135 Name: namespace, 136 Capabilities: capabilities, 137 }, 138 ], 139 }, 140 }, 141 ]; 142 143 const mockSystem = Service.extend({ 144 aclEnabled: true, 145 activeNamespace: { 146 name: 'aNamespace', 147 }, 148 }); 149 150 const mockToken = Service.extend({ 151 aclEnabled: true, 152 selfToken: { type: 'client' }, 153 selfTokenPolicies: makePolicies('aNamespace'), 154 }); 155 156 this.owner.register('service:system', mockSystem); 157 this.owner.register('service:token', mockToken); 158 const tokenService = this.owner.lookup('service:token'); 159 160 assert.notOk(this.ability.canScale); 161 162 tokenService.set('selfTokenPolicies', makePolicies('aNamespace', 'scale-job')); 163 assert.ok(this.ability.canScale); 164 165 tokenService.set('selfTokenPolicies', makePolicies('aNamespace', 'submit-job')); 166 assert.ok(this.ability.canScale); 167 168 tokenService.set('selfTokenPolicies', makePolicies('bNamespace', 'scale-job')); 169 assert.notOk(this.ability.canScale); 170 }); 171 172 test('it handles globs in namespace names', function(assert) { 173 const mockSystem = Service.extend({ 174 aclEnabled: true, 175 activeNamespace: { 176 name: 'aNamespace', 177 }, 178 }); 179 180 const mockToken = Service.extend({ 181 aclEnabled: true, 182 selfToken: { type: 'client' }, 183 selfTokenPolicies: [ 184 { 185 rulesJSON: { 186 Namespaces: [ 187 { 188 Name: 'production-*', 189 Capabilities: ['submit-job'], 190 }, 191 { 192 Name: 'production-api', 193 Capabilities: ['submit-job'], 194 }, 195 { 196 Name: 'production-web', 197 Capabilities: [], 198 }, 199 { 200 Name: '*-suffixed', 201 Capabilities: ['submit-job'], 202 }, 203 { 204 Name: '*-more-suffixed', 205 Capabilities: [], 206 }, 207 { 208 Name: '*-abc-*', 209 Capabilities: ['submit-job'], 210 }, 211 ], 212 }, 213 }, 214 ], 215 }); 216 217 this.owner.register('service:system', mockSystem); 218 this.owner.register('service:token', mockToken); 219 220 const systemService = this.owner.lookup('service:system'); 221 222 systemService.set('activeNamespace.name', 'production-web'); 223 assert.notOk(this.ability.canRun); 224 225 systemService.set('activeNamespace.name', 'production-api'); 226 assert.ok(this.ability.canRun); 227 228 systemService.set('activeNamespace.name', 'production-other'); 229 assert.ok(this.ability.canRun); 230 231 systemService.set('activeNamespace.name', 'something-suffixed'); 232 assert.ok(this.ability.canRun); 233 234 systemService.set('activeNamespace.name', 'something-more-suffixed'); 235 assert.notOk( 236 this.ability.canRun, 237 'expected the namespace with the greatest number of matched characters to be chosen' 238 ); 239 240 systemService.set('activeNamespace.name', '000-abc-999'); 241 assert.ok(this.ability.canRun, 'expected to be able to match against more than one wildcard'); 242 }); 243 });