github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/command/acl_auth_method_update_test.go (about) 1 package command 2 3 import ( 4 "encoding/json" 5 "fmt" 6 "os" 7 "testing" 8 "time" 9 10 "github.com/hashicorp/nomad/ci" 11 "github.com/hashicorp/nomad/command/agent" 12 "github.com/hashicorp/nomad/nomad/structs" 13 "github.com/hashicorp/nomad/testutil" 14 "github.com/mitchellh/cli" 15 "github.com/shoenig/test/must" 16 ) 17 18 func TestACLAuthMethodUpdateCommand_Run(t *testing.T) { 19 ci.Parallel(t) 20 21 // Build a test server with ACLs enabled. 22 srv, _, url := testServer(t, false, func(c *agent.Config) { 23 c.ACL.Enabled = true 24 }) 25 defer srv.Shutdown() 26 27 // Wait for the server to start fully and ensure we have a bootstrap token. 28 testutil.WaitForLeader(t, srv.Agent.RPC) 29 rootACLToken := srv.RootToken 30 must.NotNil(t, rootACLToken) 31 32 ui := cli.NewMockUi() 33 cmd := &ACLAuthMethodUpdateCommand{ 34 Meta: Meta{ 35 Ui: ui, 36 flagAddress: url, 37 }, 38 } 39 40 // Try calling the command without setting the method name argument 41 must.One(t, cmd.Run([]string{"-address=" + url})) 42 must.StrContains(t, ui.ErrorWriter.String(), "This command takes one argument") 43 44 ui.OutputWriter.Reset() 45 ui.ErrorWriter.Reset() 46 47 // Try calling the command with a method name that doesn't exist 48 code := cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, "catch-me-if-you-can"}) 49 must.One(t, code) 50 must.StrContains(t, ui.ErrorWriter.String(), "ACL auth-method not found") 51 52 ui.OutputWriter.Reset() 53 ui.ErrorWriter.Reset() 54 55 // Create a test auth method 56 ttl, _ := time.ParseDuration("3600s") 57 method := &structs.ACLAuthMethod{ 58 Name: "test-auth-method", 59 Type: "OIDC", 60 MaxTokenTTL: ttl, 61 TokenLocality: "local", 62 Config: &structs.ACLAuthMethodConfig{ 63 OIDCDiscoveryURL: "http://example.com", 64 }, 65 } 66 method.SetHash() 67 must.NoError(t, srv.Agent.Server().State().UpsertACLAuthMethods(1000, []*structs.ACLAuthMethod{method})) 68 69 // Try an update without setting any parameters to update. 70 code = cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, method.Name}) 71 must.One(t, code) 72 must.StrContains(t, ui.ErrorWriter.String(), "Please provide at least one flag to update the ACL auth method") 73 74 ui.OutputWriter.Reset() 75 ui.ErrorWriter.Reset() 76 77 // Update the token locality 78 code = cmd.Run([]string{ 79 "-address=" + url, "-token=" + rootACLToken.SecretID, "-token-locality=global", method.Name}) 80 must.Zero(t, code) 81 s := ui.OutputWriter.String() 82 must.StrContains(t, s, method.Name) 83 84 ui.OutputWriter.Reset() 85 ui.ErrorWriter.Reset() 86 87 // Update an auth method with a config from file 88 configFile, err := os.CreateTemp("", "config.json") 89 defer os.Remove(configFile.Name()) 90 must.Nil(t, err) 91 92 conf := map[string]interface{}{"OIDCDiscoveryURL": "http://example.com"} 93 jsonData, err := json.Marshal(conf) 94 must.Nil(t, err) 95 96 _, err = configFile.Write(jsonData) 97 must.Nil(t, err) 98 99 code = cmd.Run([]string{ 100 "-address=" + url, 101 "-token=" + rootACLToken.SecretID, 102 fmt.Sprintf("-config=@%s", configFile.Name()), 103 method.Name, 104 }) 105 must.Zero(t, code) 106 s = ui.OutputWriter.String() 107 must.StrContains(t, s, method.Name) 108 109 ui.OutputWriter.Reset() 110 ui.ErrorWriter.Reset() 111 112 // Update a default auth method 113 code = cmd.Run([]string{ 114 "-address=" + url, "-token=" + rootACLToken.SecretID, "-default=true", method.Name}) 115 must.Zero(t, code) 116 s = ui.OutputWriter.String() 117 must.StrContains(t, s, method.Name) 118 119 ui.OutputWriter.Reset() 120 ui.ErrorWriter.Reset() 121 }