github.com/KyaXTeam/consul@v1.4.5/agent/acl_endpoint_legacy_test.go (about)

     1  package agent
     2  
     3  import (
     4  	"bytes"
     5  	"encoding/json"
     6  	"fmt"
     7  	"net/http"
     8  	"net/http/httptest"
     9  	"strings"
    10  	"testing"
    11  
    12  	"github.com/hashicorp/consul/acl"
    13  	"github.com/hashicorp/consul/agent/structs"
    14  	"github.com/hashicorp/consul/testrpc"
    15  )
    16  
    17  func TestACL_Legacy_Disabled_Response(t *testing.T) {
    18  	t.Parallel()
    19  	a := NewTestAgent(t, t.Name(), "")
    20  	defer a.Shutdown()
    21  
    22  	tests := []func(resp http.ResponseWriter, req *http.Request) (interface{}, error){
    23  		a.srv.ACLDestroy,
    24  		a.srv.ACLCreate,
    25  		a.srv.ACLUpdate,
    26  		a.srv.ACLClone,
    27  		a.srv.ACLGet,
    28  		a.srv.ACLList,
    29  	}
    30  	testrpc.WaitForLeader(t, a.RPC, "dc1")
    31  	for i, tt := range tests {
    32  		t.Run(fmt.Sprintf("%d", i), func(t *testing.T) {
    33  			req, _ := http.NewRequest("PUT", "/should/not/care", nil)
    34  			resp := httptest.NewRecorder()
    35  			obj, err := tt(resp, req)
    36  			if err != nil {
    37  				t.Fatalf("err: %v", err)
    38  			}
    39  			if obj != nil {
    40  				t.Fatalf("bad: %#v", obj)
    41  			}
    42  			if got, want := resp.Code, http.StatusUnauthorized; got != want {
    43  				t.Fatalf("got %d want %d", got, want)
    44  			}
    45  			if !strings.Contains(resp.Body.String(), "ACL support disabled") {
    46  				t.Fatalf("bad: %#v", resp)
    47  			}
    48  		})
    49  	}
    50  }
    51  
    52  func makeTestACL(t *testing.T, srv *HTTPServer) string {
    53  	body := bytes.NewBuffer(nil)
    54  	enc := json.NewEncoder(body)
    55  	raw := map[string]interface{}{
    56  		"Name":  "User Token",
    57  		"Type":  "client",
    58  		"Rules": "",
    59  	}
    60  	enc.Encode(raw)
    61  
    62  	req, _ := http.NewRequest("PUT", "/v1/acl/create?token=root", body)
    63  	resp := httptest.NewRecorder()
    64  	obj, err := srv.ACLCreate(resp, req)
    65  	if err != nil {
    66  		t.Fatalf("err: %v", err)
    67  	}
    68  	aclResp := obj.(aclCreateResponse)
    69  	return aclResp.ID
    70  }
    71  
    72  func TestACL_Legacy_Update(t *testing.T) {
    73  	t.Parallel()
    74  	a := NewTestAgent(t, t.Name(), TestACLConfig())
    75  	defer a.Shutdown()
    76  
    77  	testrpc.WaitForLeader(t, a.RPC, "dc1")
    78  	id := makeTestACL(t, a.srv)
    79  
    80  	body := bytes.NewBuffer(nil)
    81  	enc := json.NewEncoder(body)
    82  	raw := map[string]interface{}{
    83  		"ID":    id,
    84  		"Name":  "User Token 2",
    85  		"Type":  "client",
    86  		"Rules": "",
    87  	}
    88  	enc.Encode(raw)
    89  
    90  	req, _ := http.NewRequest("PUT", "/v1/acl/update?token=root", body)
    91  	resp := httptest.NewRecorder()
    92  	obj, err := a.srv.ACLUpdate(resp, req)
    93  	if err != nil {
    94  		t.Fatalf("err: %v", err)
    95  	}
    96  	aclResp := obj.(aclCreateResponse)
    97  	if aclResp.ID != id {
    98  		t.Fatalf("bad: %v", aclResp)
    99  	}
   100  }
   101  
   102  func TestACL_Legacy_UpdateUpsert(t *testing.T) {
   103  	t.Parallel()
   104  	a := NewTestAgent(t, t.Name(), TestACLConfig())
   105  	defer a.Shutdown()
   106  
   107  	body := bytes.NewBuffer(nil)
   108  	enc := json.NewEncoder(body)
   109  	raw := map[string]interface{}{
   110  		"ID":    "my-old-id",
   111  		"Name":  "User Token 2",
   112  		"Type":  "client",
   113  		"Rules": "",
   114  	}
   115  	enc.Encode(raw)
   116  
   117  	req, _ := http.NewRequest("PUT", "/v1/acl/update?token=root", body)
   118  	resp := httptest.NewRecorder()
   119  
   120  	testrpc.WaitForLeader(t, a.RPC, "dc1")
   121  	obj, err := a.srv.ACLUpdate(resp, req)
   122  	if err != nil {
   123  		t.Fatalf("err: %v", err)
   124  	}
   125  	aclResp := obj.(aclCreateResponse)
   126  	if aclResp.ID != "my-old-id" {
   127  		t.Fatalf("bad: %v", aclResp)
   128  	}
   129  }
   130  
   131  func TestACL_Legacy_Destroy(t *testing.T) {
   132  	t.Parallel()
   133  	a := NewTestAgent(t, t.Name(), TestACLConfig())
   134  	defer a.Shutdown()
   135  
   136  	testrpc.WaitForLeader(t, a.RPC, "dc1")
   137  	id := makeTestACL(t, a.srv)
   138  	req, _ := http.NewRequest("PUT", "/v1/acl/destroy/"+id+"?token=root", nil)
   139  	resp := httptest.NewRecorder()
   140  	obj, err := a.srv.ACLDestroy(resp, req)
   141  	if err != nil {
   142  		t.Fatalf("err: %v", err)
   143  	}
   144  	if resp, ok := obj.(bool); !ok || !resp {
   145  		t.Fatalf("should work")
   146  	}
   147  
   148  	req, _ = http.NewRequest("GET", "/v1/acl/info/"+id, nil)
   149  	resp = httptest.NewRecorder()
   150  	obj, err = a.srv.ACLGet(resp, req)
   151  	if err != nil {
   152  		t.Fatalf("err: %v", err)
   153  	}
   154  	respObj, ok := obj.(structs.ACLs)
   155  	if !ok {
   156  		t.Fatalf("should work")
   157  	}
   158  	if len(respObj) != 0 {
   159  		t.Fatalf("bad: %v", respObj)
   160  	}
   161  }
   162  
   163  func TestACL_Legacy_Clone(t *testing.T) {
   164  	t.Parallel()
   165  	a := NewTestAgent(t, t.Name(), TestACLConfig())
   166  	defer a.Shutdown()
   167  
   168  	testrpc.WaitForLeader(t, a.RPC, "dc1")
   169  	id := makeTestACL(t, a.srv)
   170  
   171  	req, _ := http.NewRequest("PUT", "/v1/acl/clone/"+id, nil)
   172  	resp := httptest.NewRecorder()
   173  	_, err := a.srv.ACLClone(resp, req)
   174  	if !acl.IsErrPermissionDenied(err) {
   175  		t.Fatalf("err: %v", err)
   176  	}
   177  
   178  	req, _ = http.NewRequest("PUT", "/v1/acl/clone/"+id+"?token=root", nil)
   179  	resp = httptest.NewRecorder()
   180  	obj, err := a.srv.ACLClone(resp, req)
   181  	if err != nil {
   182  		t.Fatalf("err: %v", err)
   183  	}
   184  	aclResp, ok := obj.(aclCreateResponse)
   185  	if !ok {
   186  		t.Fatalf("should work: %#v %#v", obj, resp)
   187  	}
   188  	if aclResp.ID == id {
   189  		t.Fatalf("bad id")
   190  	}
   191  
   192  	req, _ = http.NewRequest("GET", "/v1/acl/info/"+aclResp.ID, nil)
   193  	resp = httptest.NewRecorder()
   194  	obj, err = a.srv.ACLGet(resp, req)
   195  	if err != nil {
   196  		t.Fatalf("err: %v", err)
   197  	}
   198  	respObj, ok := obj.(structs.ACLs)
   199  	if !ok {
   200  		t.Fatalf("should work")
   201  	}
   202  	if len(respObj) != 1 {
   203  		t.Fatalf("bad: %v", respObj)
   204  	}
   205  }
   206  
   207  func TestACL_Legacy_Get(t *testing.T) {
   208  	t.Parallel()
   209  	t.Run("wrong id", func(t *testing.T) {
   210  		a := NewTestAgent(t, t.Name(), TestACLConfig())
   211  		defer a.Shutdown()
   212  
   213  		req, _ := http.NewRequest("GET", "/v1/acl/info/nope", nil)
   214  		resp := httptest.NewRecorder()
   215  		testrpc.WaitForLeader(t, a.RPC, "dc1")
   216  		obj, err := a.srv.ACLGet(resp, req)
   217  		if err != nil {
   218  			t.Fatalf("err: %v", err)
   219  		}
   220  		respObj, ok := obj.(structs.ACLs)
   221  		if !ok {
   222  			t.Fatalf("should work")
   223  		}
   224  		if respObj == nil || len(respObj) != 0 {
   225  			t.Fatalf("bad: %v", respObj)
   226  		}
   227  	})
   228  
   229  	t.Run("right id", func(t *testing.T) {
   230  		a := NewTestAgent(t, t.Name(), TestACLConfig())
   231  		defer a.Shutdown()
   232  
   233  		testrpc.WaitForLeader(t, a.RPC, "dc1")
   234  		id := makeTestACL(t, a.srv)
   235  
   236  		req, _ := http.NewRequest("GET", "/v1/acl/info/"+id, nil)
   237  		resp := httptest.NewRecorder()
   238  		obj, err := a.srv.ACLGet(resp, req)
   239  		if err != nil {
   240  			t.Fatalf("err: %v", err)
   241  		}
   242  		respObj, ok := obj.(structs.ACLs)
   243  		if !ok {
   244  			t.Fatalf("should work")
   245  		}
   246  		if len(respObj) != 1 {
   247  			t.Fatalf("bad: %v", respObj)
   248  		}
   249  	})
   250  }
   251  
   252  func TestACL_Legacy_List(t *testing.T) {
   253  	t.Parallel()
   254  	a := NewTestAgent(t, t.Name(), TestACLConfig())
   255  	defer a.Shutdown()
   256  
   257  	testrpc.WaitForLeader(t, a.RPC, "dc1")
   258  	var ids []string
   259  	for i := 0; i < 10; i++ {
   260  		ids = append(ids, makeTestACL(t, a.srv))
   261  	}
   262  
   263  	req, _ := http.NewRequest("GET", "/v1/acl/list?token=root", nil)
   264  	resp := httptest.NewRecorder()
   265  	obj, err := a.srv.ACLList(resp, req)
   266  	if err != nil {
   267  		t.Fatalf("err: %v", err)
   268  	}
   269  	respObj, ok := obj.(structs.ACLs)
   270  	if !ok {
   271  		t.Fatalf("should work")
   272  	}
   273  
   274  	// 10  + master
   275  	// anonymous token is a new token and wont show up in this list
   276  	if len(respObj) != 11 {
   277  		t.Fatalf("bad: %v", respObj)
   278  	}
   279  }
   280  
   281  func TestACLReplicationStatus(t *testing.T) {
   282  	t.Parallel()
   283  	a := NewTestAgent(t, t.Name(), TestACLConfig())
   284  	defer a.Shutdown()
   285  
   286  	req, _ := http.NewRequest("GET", "/v1/acl/replication", nil)
   287  	resp := httptest.NewRecorder()
   288  	testrpc.WaitForLeader(t, a.RPC, "dc1")
   289  	obj, err := a.srv.ACLReplicationStatus(resp, req)
   290  	if err != nil {
   291  		t.Fatalf("err: %v", err)
   292  	}
   293  	_, ok := obj.(structs.ACLReplicationStatus)
   294  	if !ok {
   295  		t.Fatalf("should work")
   296  	}
   297  }