github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/e2e/acl/acl_test.go (about) 1 package acl 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/go-set" 7 "github.com/hashicorp/nomad/api" 8 "github.com/hashicorp/nomad/e2e/e2eutil" 9 "github.com/stretchr/testify/assert" 10 "github.com/stretchr/testify/require" 11 ) 12 13 func TestACL(t *testing.T) { 14 15 // Wait until we have a usable cluster before running the tests. While the 16 // test does not run client workload, some do perform listings of nodes. It 17 // is therefore better to wait until we have a node, so these tests can 18 // check for a non-empty node list response object. 19 nomadClient := e2eutil.NomadClient(t) 20 e2eutil.WaitForLeader(t, nomadClient) 21 e2eutil.WaitForNodesReady(t, nomadClient, 1) 22 23 // Run our test cases. 24 t.Run("TestACL_Role", testACLRole) 25 t.Run("TestACL_TokenExpiration", testACLTokenExpiration) 26 t.Run("TestACL_TokenRolePolicyAssignment", testACLTokenRolePolicyAssignment) 27 } 28 29 // testResourceType indicates what the resource is so the cleanup process can 30 // use the correct API. 31 type testResourceType int 32 33 const ( 34 namespaceTestResourceType testResourceType = iota 35 aclPolicyTestResourceType 36 aclRoleTestResourceType 37 aclTokenTestResourceType 38 ) 39 40 // cleanup stores Nomad resources that have been created by a test which will 41 // need to be deleted once the test exits. This ensures other tests can run in 42 // a clean environment and reduces the potential for conflicts. 43 type cleanup struct { 44 namespaces *set.Set[string] 45 aclPolicies *set.Set[string] 46 aclRoles *set.Set[string] 47 aclTokens *set.Set[string] 48 } 49 50 // newCleanup generates an initialized cleanup object for immediate use. 51 func newCleanup() *cleanup { 52 return &cleanup{ 53 namespaces: set.New[string](0), 54 aclPolicies: set.New[string](0), 55 aclRoles: set.New[string](0), 56 aclTokens: set.New[string](0), 57 } 58 } 59 60 // run triggers a cleanup of all the stored resources. This should typically be 61 // called via defer, so it will always run no matter if the test fails or not. 62 // Any failure will ultimately fail the test, but will not stop the attempts to 63 // delete all the resources. 64 func (c *cleanup) run(t *testing.T, nomadClient *api.Client) { 65 66 for _, namespace := range c.namespaces.List() { 67 _, err := nomadClient.Namespaces().Delete(namespace, nil) 68 assert.NoError(t, err) 69 } 70 71 for _, policy := range c.aclPolicies.List() { 72 _, err := nomadClient.ACLPolicies().Delete(policy, nil) 73 assert.NoError(t, err) 74 } 75 76 for _, role := range c.aclRoles.List() { 77 _, err := nomadClient.ACLRoles().Delete(role, nil) 78 assert.NoError(t, err) 79 } 80 81 for _, token := range c.aclTokens.List() { 82 _, err := nomadClient.ACLTokens().Delete(token, nil) 83 assert.NoError(t, err) 84 } 85 86 require.NoError(t, nomadClient.System().GarbageCollect()) 87 } 88 89 // add the resource identifier to the resource tracker. It will be removed by 90 // the cleanup function once it is triggered. 91 func (c *cleanup) add(id string, resourceType testResourceType) { 92 switch resourceType { 93 case namespaceTestResourceType: 94 c.namespaces.Insert(id) 95 case aclPolicyTestResourceType: 96 c.aclPolicies.Insert(id) 97 case aclRoleTestResourceType: 98 c.aclRoles.Insert(id) 99 case aclTokenTestResourceType: 100 c.aclTokens.Insert(id) 101 } 102 } 103 104 // remove the resource identifier from the resource tracker, indicating it is 105 // no longer existing on the cluster and does not need to be cleaned. 106 func (c *cleanup) remove(id string, resourceType testResourceType) { 107 switch resourceType { 108 case namespaceTestResourceType: 109 c.namespaces.Remove(id) 110 case aclPolicyTestResourceType: 111 c.aclPolicies.Remove(id) 112 case aclRoleTestResourceType: 113 c.aclRoles.Remove(id) 114 case aclTokenTestResourceType: 115 c.aclTokens.Remove(id) 116 } 117 }