github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/ui/mirage/factories/token.js (about) 1 import { Factory } from 'ember-cli-mirage'; 2 import faker from 'nomad-ui/mirage/faker'; 3 4 export default Factory.extend({ 5 id: () => faker.random.uuid(), 6 accessorId() { 7 return this.id; 8 }, 9 secretId: () => faker.random.uuid(), 10 name: (i) => `${i === 0 ? 'Manager ' : ''}${faker.name.findName()}`, 11 global: () => faker.random.boolean(), 12 type: (i) => (i === 0 ? 'management' : 'client'), 13 14 oneTimeSecret: () => faker.random.uuid(), 15 16 afterCreate(token, server) { 17 const policyIds = Array(faker.random.number({ min: 1, max: 5 })) 18 .fill(0) 19 .map(() => faker.hacker.verb()) 20 .uniq(); 21 22 policyIds.forEach((policy) => { 23 const dbPolicy = server.db.policies.find(policy); 24 if (!dbPolicy) { 25 server.create('policy', { id: policy }); 26 } 27 }); 28 29 token.update({ policyIds }); 30 31 // Create a special policy with variables rules in place 32 if (token.id === '53cur3-v4r14bl35') { 33 const variableMakerPolicy = { 34 id: 'Variable Maker', 35 rules: ` 36 # Allow read only access to the default namespace 37 namespace "*" { 38 policy = "read" 39 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 40 variables { 41 # Base access is to all abilities for all variables 42 path "*" { 43 capabilities = ["list", "read", "destroy", "create"] 44 } 45 } 46 } 47 48 node { 49 policy = "read" 50 } 51 `, 52 53 rulesJSON: { 54 Namespaces: [ 55 { 56 Name: '*', 57 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 58 Variables: { 59 Paths: [ 60 { 61 Capabilities: ['write', 'read', 'destroy', 'list'], 62 PathSpec: '*', 63 }, 64 ], 65 }, 66 }, 67 ], 68 }, 69 }; 70 server.create('policy', variableMakerPolicy); 71 token.policyIds.push(variableMakerPolicy.id); 72 } 73 if (token.id === 'f3w3r-53cur3-v4r14bl35') { 74 const variableViewerPolicy = { 75 id: 'Variable Viewer', 76 rules: ` 77 # Allow read only access to the default namespace 78 namespace "*" { 79 policy = "read" 80 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 81 variables { 82 # Base access is to all abilities for all variables 83 path "*" { 84 capabilities = ["list"] 85 } 86 } 87 } 88 89 namespace "namespace-1" { 90 policy = "read" 91 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 92 variables { 93 # Base access is to all abilities for all variables 94 path "*" { 95 capabilities = ["list", "read", "destroy", "create"] 96 } 97 } 98 } 99 100 namespace "namespace-2" { 101 policy = "read" 102 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 103 variables { 104 # Base access is to all abilities for all variables 105 path "blue/*" { 106 capabilities = ["list", "read", "destroy", "create"] 107 } 108 path "nomad/jobs/*" { 109 capabilities = ["list", "read", "create"] 110 } 111 } 112 } 113 114 node { 115 policy = "read" 116 } 117 `, 118 119 rulesJSON: { 120 Namespaces: [ 121 { 122 Name: '*', 123 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 124 Variables: { 125 Paths: [ 126 { 127 Capabilities: ['list'], 128 PathSpec: '*', 129 }, 130 ], 131 }, 132 }, 133 { 134 Name: 'namespace-1', 135 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 136 Variables: { 137 Paths: [ 138 { 139 Capabilities: ['list', 'read', 'destroy', 'create'], 140 PathSpec: '*', 141 }, 142 ], 143 }, 144 }, 145 { 146 Name: 'namespace-2', 147 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 148 Variables: { 149 Paths: [ 150 { 151 Capabilities: ['list', 'read', 'destroy', 'create'], 152 PathSpec: 'blue/*', 153 }, 154 { 155 Capabilities: ['list', 'read', 'create'], 156 PathSpec: 'nomad/jobs/*', 157 }, 158 ], 159 }, 160 }, 161 ], 162 }, 163 }; 164 server.create('policy', variableViewerPolicy); 165 token.policyIds.push(variableViewerPolicy.id); 166 } 167 if (token.id === '3XP1R35-1N-3L3V3N-M1NU735') { 168 token.update({ 169 expirationTime: new Date(new Date().getTime() + 11 * 60 * 1000), 170 }); 171 } 172 }, 173 });