github.com/djenriquez/nomad-1@v0.8.1/acl/policy_test.go (about) 1 package acl 2 3 import ( 4 "fmt" 5 "strings" 6 "testing" 7 8 "github.com/stretchr/testify/assert" 9 ) 10 11 func TestParse(t *testing.T) { 12 type tcase struct { 13 Raw string 14 ErrStr string 15 Expect *Policy 16 } 17 tcases := []tcase{ 18 { 19 ` 20 namespace "default" { 21 policy = "read" 22 } 23 `, 24 "", 25 &Policy{ 26 Namespaces: []*NamespacePolicy{ 27 { 28 Name: "default", 29 Policy: PolicyRead, 30 Capabilities: []string{ 31 NamespaceCapabilityListJobs, 32 NamespaceCapabilityReadJob, 33 }, 34 }, 35 }, 36 }, 37 }, 38 { 39 ` 40 namespace "default" { 41 policy = "read" 42 } 43 namespace "other" { 44 policy = "write" 45 } 46 namespace "secret" { 47 capabilities = ["deny", "read-logs"] 48 } 49 agent { 50 policy = "read" 51 } 52 node { 53 policy = "write" 54 } 55 operator { 56 policy = "deny" 57 } 58 quota { 59 policy = "read" 60 } 61 `, 62 "", 63 &Policy{ 64 Namespaces: []*NamespacePolicy{ 65 { 66 Name: "default", 67 Policy: PolicyRead, 68 Capabilities: []string{ 69 NamespaceCapabilityListJobs, 70 NamespaceCapabilityReadJob, 71 }, 72 }, 73 { 74 Name: "other", 75 Policy: PolicyWrite, 76 Capabilities: []string{ 77 NamespaceCapabilityListJobs, 78 NamespaceCapabilityReadJob, 79 NamespaceCapabilitySubmitJob, 80 NamespaceCapabilityDispatchJob, 81 NamespaceCapabilityReadLogs, 82 NamespaceCapabilityReadFS, 83 }, 84 }, 85 { 86 Name: "secret", 87 Capabilities: []string{ 88 NamespaceCapabilityDeny, 89 NamespaceCapabilityReadLogs, 90 }, 91 }, 92 }, 93 Agent: &AgentPolicy{ 94 Policy: PolicyRead, 95 }, 96 Node: &NodePolicy{ 97 Policy: PolicyWrite, 98 }, 99 Operator: &OperatorPolicy{ 100 Policy: PolicyDeny, 101 }, 102 Quota: &QuotaPolicy{ 103 Policy: PolicyRead, 104 }, 105 }, 106 }, 107 { 108 ` 109 namespace "default" { 110 policy = "foo" 111 } 112 `, 113 "Invalid namespace policy", 114 nil, 115 }, 116 { 117 ` 118 namespace "default" { 119 capabilities = ["deny", "foo"] 120 } 121 `, 122 "Invalid namespace capability", 123 nil, 124 }, 125 { 126 ` 127 agent { 128 policy = "foo" 129 } 130 `, 131 "Invalid agent policy", 132 nil, 133 }, 134 { 135 ` 136 node { 137 policy = "foo" 138 } 139 `, 140 "Invalid node policy", 141 nil, 142 }, 143 { 144 ` 145 operator { 146 policy = "foo" 147 } 148 `, 149 "Invalid operator policy", 150 nil, 151 }, 152 { 153 ` 154 quota { 155 policy = "foo" 156 } 157 `, 158 "Invalid quota policy", 159 nil, 160 }, 161 { 162 ` 163 { 164 "Name": "my-policy", 165 "Description": "This is a great policy", 166 "Rules": "anything" 167 } 168 `, 169 "Invalid policy", 170 nil, 171 }, 172 { 173 ` 174 namespace "has a space"{ 175 policy = "read" 176 } 177 `, 178 "Invalid namespace name", 179 nil, 180 }, 181 { 182 ` 183 namespace "default" { 184 capabilities = ["sentinel-override"] 185 } 186 `, 187 "", 188 &Policy{ 189 Namespaces: []*NamespacePolicy{ 190 { 191 Name: "default", 192 Policy: "", 193 Capabilities: []string{ 194 NamespaceCapabilitySentinelOverride, 195 }, 196 }, 197 }, 198 }, 199 }, 200 } 201 202 for idx, tc := range tcases { 203 t.Run(fmt.Sprintf("%d", idx), func(t *testing.T) { 204 p, err := Parse(tc.Raw) 205 if err != nil { 206 if tc.ErrStr == "" { 207 t.Fatalf("Unexpected err: %v", err) 208 } 209 if !strings.Contains(err.Error(), tc.ErrStr) { 210 t.Fatalf("Unexpected err: %v", err) 211 } 212 return 213 } 214 if err == nil && tc.ErrStr != "" { 215 t.Fatalf("Missing expected err") 216 } 217 tc.Expect.Raw = tc.Raw 218 assert.EqualValues(t, tc.Expect, p) 219 }) 220 } 221 }