github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/acl/acl_test.go (about)

     1  package acl
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/hashicorp/go-set"
     7  	"github.com/hashicorp/nomad/api"
     8  	"github.com/hashicorp/nomad/e2e/e2eutil"
     9  	"github.com/stretchr/testify/assert"
    10  	"github.com/stretchr/testify/require"
    11  )
    12  
    13  func TestACL(t *testing.T) {
    14  
    15  	// Wait until we have a usable cluster before running the tests. While the
    16  	// test does not run client workload, some do perform listings of nodes. It
    17  	// is therefore better to wait until we have a node, so these tests can
    18  	// check for a non-empty node list response object.
    19  	nomadClient := e2eutil.NomadClient(t)
    20  	e2eutil.WaitForLeader(t, nomadClient)
    21  	e2eutil.WaitForNodesReady(t, nomadClient, 1)
    22  
    23  	// Run our test cases.
    24  	t.Run("TestACL_Role", testACLRole)
    25  	t.Run("TestACL_TokenExpiration", testACLTokenExpiration)
    26  	t.Run("TestACL_TokenRolePolicyAssignment", testACLTokenRolePolicyAssignment)
    27  }
    28  
    29  // testResourceType indicates what the resource is so the cleanup process can
    30  // use the correct API.
    31  type testResourceType int
    32  
    33  const (
    34  	namespaceTestResourceType testResourceType = iota
    35  	aclPolicyTestResourceType
    36  	aclRoleTestResourceType
    37  	aclTokenTestResourceType
    38  )
    39  
    40  // cleanup stores Nomad resources that have been created by a test which will
    41  // need to be deleted once the test exits. This ensures other tests can run in
    42  // a clean environment and reduces the potential for conflicts.
    43  type cleanup struct {
    44  	namespaces  *set.Set[string]
    45  	aclPolicies *set.Set[string]
    46  	aclRoles    *set.Set[string]
    47  	aclTokens   *set.Set[string]
    48  }
    49  
    50  // newCleanup generates an initialized cleanup object for immediate use.
    51  func newCleanup() *cleanup {
    52  	return &cleanup{
    53  		namespaces:  set.New[string](0),
    54  		aclPolicies: set.New[string](0),
    55  		aclRoles:    set.New[string](0),
    56  		aclTokens:   set.New[string](0),
    57  	}
    58  }
    59  
    60  // run triggers a cleanup of all the stored resources. This should typically be
    61  // called via defer, so it will always run no matter if the test fails or not.
    62  // Any failure will ultimately fail the test, but will not stop the attempts to
    63  // delete all the resources.
    64  func (c *cleanup) run(t *testing.T, nomadClient *api.Client) {
    65  
    66  	for _, namespace := range c.namespaces.List() {
    67  		_, err := nomadClient.Namespaces().Delete(namespace, nil)
    68  		assert.NoError(t, err)
    69  	}
    70  
    71  	for _, policy := range c.aclPolicies.List() {
    72  		_, err := nomadClient.ACLPolicies().Delete(policy, nil)
    73  		assert.NoError(t, err)
    74  	}
    75  
    76  	for _, role := range c.aclRoles.List() {
    77  		_, err := nomadClient.ACLRoles().Delete(role, nil)
    78  		assert.NoError(t, err)
    79  	}
    80  
    81  	for _, token := range c.aclTokens.List() {
    82  		_, err := nomadClient.ACLTokens().Delete(token, nil)
    83  		assert.NoError(t, err)
    84  	}
    85  
    86  	require.NoError(t, nomadClient.System().GarbageCollect())
    87  }
    88  
    89  // add the resource identifier to the resource tracker. It will be removed by
    90  // the cleanup function once it is triggered.
    91  func (c *cleanup) add(id string, resourceType testResourceType) {
    92  	switch resourceType {
    93  	case namespaceTestResourceType:
    94  		c.namespaces.Insert(id)
    95  	case aclPolicyTestResourceType:
    96  		c.aclPolicies.Insert(id)
    97  	case aclRoleTestResourceType:
    98  		c.aclRoles.Insert(id)
    99  	case aclTokenTestResourceType:
   100  		c.aclTokens.Insert(id)
   101  	}
   102  }
   103  
   104  // remove the resource identifier from the resource tracker, indicating it is
   105  // no longer existing on the cluster and does not need to be cleaned.
   106  func (c *cleanup) remove(id string, resourceType testResourceType) {
   107  	switch resourceType {
   108  	case namespaceTestResourceType:
   109  		c.namespaces.Remove(id)
   110  	case aclPolicyTestResourceType:
   111  		c.aclPolicies.Remove(id)
   112  	case aclRoleTestResourceType:
   113  		c.aclRoles.Remove(id)
   114  	case aclTokenTestResourceType:
   115  		c.aclTokens.Remove(id)
   116  	}
   117  }