github.com/go-chef/chef@v0.30.1/testapi/acl.go (about) 1 // Test the go-chef/chef chef server api ACL endpoints against a live server 2 package testapi 3 4 import ( 5 "fmt" 6 "os" 7 8 "github.com/go-chef/chef" 9 ) 10 11 // ACL exercise the chef server api 12 func ACL() { 13 client := Client(nil) 14 15 // Create a node 16 17 node := chef.NewNode("acltest") 18 _, err := client.Nodes.Post(node) 19 if err != nil { 20 fmt.Fprintln(os.Stderr, "Issue adding node for acl:", err) 21 } 22 23 // Create a new client and another chef.Client that uses its private key 24 25 newClient := chef.ApiNewClient{ 26 Name: "acltest", 27 ClientName: "acltest", 28 CreateKey: true, 29 } 30 aclClient, err := client.Clients.Create(newClient) 31 if err != nil { 32 fmt.Fprintln(os.Stderr, "Issue adding client for acl:", err) 33 } 34 35 // We want exactly the same test API client but with a different key. 36 37 client2 := Client(nil) 38 client2.Auth.ClientName = "acltest" 39 private, err := chef.PrivateKeyFromString([]byte(aclClient.ChefKey.PrivateKey)) 40 if err != nil { 41 fmt.Fprintln(os.Stderr, "Issue creating private key from client create response:", err) 42 } 43 client2.Auth.PrivateKey = private 44 45 // Test: Our new client isn't allowed to delete our new node. 46 47 if err = client2.Nodes.Delete("acltest"); err == nil { 48 49 fmt.Fprintln(os.Stderr, "Issue expected error when deleting node without acl permission") 50 } 51 52 // Test Fetch existing ACL for our test node 53 54 acls, err := client.ACLs.Get("nodes", "acltest") 55 if err != nil { 56 fmt.Fprintln(os.Stderr, "Issue fetching acls for node:", err) 57 } 58 // TODO: Test the values returned 59 60 // Test: Modify the delete ACL to allow our test client to delete the node 61 62 acl, ok := acls["delete"] 63 if !ok { 64 fmt.Fprintln(os.Stderr, "Issue expected a delete acl list for the node") 65 } 66 acl.Actors = []string{} 67 acl.Clients = append(acl.Clients, "acltest") 68 update := chef.ACL{"delete": acl} 69 if err = client.ACLs.Put("nodes", "acltest", "delete", &update); err != nil { 70 fmt.Fprintln(os.Stderr, "Issue updating acl for node:", err) 71 } 72 73 // Test: Our new client should now be allowed to delete our new node. 74 75 if err = client2.Nodes.Delete("acltest"); err != nil { 76 fmt.Fprintln(os.Stderr, "Issue deleting node after setting acl:", err) 77 } 78 79 // Test: Verify that the admin credentials are present in the fetched acl 80 81 err = chef.ACLAdminAccess(&update) 82 if err != nil { 83 fmt.Fprintln(os.Stderr, "Issue checking for pivtoal user in acl:", err) 84 } 85 86 // Test: Verify that the admin credentials are present in the update acl 87 88 err = chef.ACLAdminAccess(&update) 89 if err != nil { 90 fmt.Fprintln(os.Stderr, "Issue checking for pivtoal user in acl:", err) 91 } 92 93 // Test: Remove the pivotal and and verify that the admin credentials are not present in the acl 94 95 acl, ok = acls["delete"] 96 acl.Users = []string{} 97 update2 := chef.ACL{"create": acls["create"], "delete": acl, "grant": acls["grant"], "read": acls["read"], "update": acls["update"]} 98 err = chef.ACLAdminAccess(&update2) 99 if err == nil { 100 fmt.Fprintln(os.Stderr, "Issue expected missing user checking for pivotal user in acl:", err) 101 } 102 103 // Test: Try to update the acl without the pivotal user 104 105 if err = client.ACLs.Put("nodes", "acltest", "delete", &update2); err == nil { 106 fmt.Fprintln(os.Stderr, "Issue expected missing user credentials updating acl for node missing pivotal:", err) 107 } 108 109 // TODO: Fetch fail tests 110 // TODO: Wrong class failures 111 112 // Clean up 113 if err := client.Clients.Delete("acltest"); err != nil { 114 fmt.Fprintln(os.Stderr, "Issue deleting client for acl:", err) 115 } 116 }