github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/command/acl_role_delete_test.go

github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/command/acl_role_delete_test.go (about)

     1  package command
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/hashicorp/nomad/ci"
     7  	"github.com/hashicorp/nomad/command/agent"
     8  	"github.com/hashicorp/nomad/helper/uuid"
     9  	"github.com/hashicorp/nomad/nomad/structs"
    10  	"github.com/hashicorp/nomad/testutil"
    11  	"github.com/mitchellh/cli"
    12  	"github.com/stretchr/testify/require"
    13  )
    14  
    15  func TestACLRoleDeleteCommand_Run(t *testing.T) {
    16  	ci.Parallel(t)
    17  
    18  	// Build a test server with ACLs enabled.
    19  	srv, _, url := testServer(t, false, func(c *agent.Config) {
    20  		c.ACL.Enabled = true
    21  	})
    22  	defer srv.Shutdown()
    23  
    24  	// Wait for the server to start fully and ensure we have a bootstrap token.
    25  	testutil.WaitForLeader(t, srv.Agent.RPC)
    26  	rootACLToken := srv.RootToken
    27  	require.NotNil(t, rootACLToken)
    28  
    29  	ui := cli.NewMockUi()
    30  	cmd := &ACLRoleDeleteCommand{
    31  		Meta: Meta{
    32  			Ui:          ui,
    33  			flagAddress: url,
    34  		},
    35  	}
    36  
    37  	// Try and delete more than one ACL role.
    38  	code := cmd.Run([]string{"-address=" + url, "acl-role-1", "acl-role-2"})
    39  	require.Equal(t, 1, code)
    40  	require.Contains(t, ui.ErrorWriter.String(), "This command takes one argument")
    41  
    42  	ui.OutputWriter.Reset()
    43  	ui.ErrorWriter.Reset()
    44  
    45  	// Try deleting a role that does not exist.
    46  	require.Equal(t, 1, cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, "acl-role-1"}))
    47  	require.Contains(t, ui.ErrorWriter.String(), "ACL role not found")
    48  
    49  	ui.OutputWriter.Reset()
    50  	ui.ErrorWriter.Reset()
    51  
    52  	// Create an ACL policy that can be referenced within the ACL role.
    53  	aclPolicy := structs.ACLPolicy{
    54  		Name: "acl-role-cli-test",
    55  		Rules: `namespace "default" {
    56  			policy = "read"
    57  		}
    58  		`,
    59  	}
    60  	err := srv.Agent.Server().State().UpsertACLPolicies(
    61  		structs.MsgTypeTestSetup, 10, []*structs.ACLPolicy{&aclPolicy})
    62  	require.NoError(t, err)
    63  
    64  	// Create an ACL role referencing the previously created policy.
    65  	aclRole := structs.ACLRole{
    66  		ID:       uuid.Generate(),
    67  		Name:     "acl-role-cli-test",
    68  		Policies: []*structs.ACLRolePolicyLink{{Name: aclPolicy.Name}},
    69  	}
    70  	err = srv.Agent.Server().State().UpsertACLRoles(
    71  		structs.MsgTypeTestSetup, 20, []*structs.ACLRole{&aclRole}, false)
    72  	require.NoError(t, err)
    73  
    74  	// Delete the existing ACL role.
    75  	require.Equal(t, 0, cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, aclRole.ID}))
    76  	require.Contains(t, ui.OutputWriter.String(), "successfully deleted")
    77  }