github.com/hernad/nomad@v1.6.112/command/acl_auth_method_update_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package command 5 6 import ( 7 "encoding/json" 8 "fmt" 9 "os" 10 "testing" 11 "time" 12 13 "github.com/hernad/nomad/ci" 14 "github.com/hernad/nomad/command/agent" 15 "github.com/hernad/nomad/nomad/structs" 16 "github.com/hernad/nomad/testutil" 17 "github.com/mitchellh/cli" 18 "github.com/shoenig/test/must" 19 ) 20 21 func TestACLAuthMethodUpdateCommand_Run(t *testing.T) { 22 ci.Parallel(t) 23 24 // Build a test server with ACLs enabled. 25 srv, _, url := testServer(t, false, func(c *agent.Config) { 26 c.ACL.Enabled = true 27 }) 28 defer srv.Shutdown() 29 30 // Wait for the server to start fully and ensure we have a bootstrap token. 31 testutil.WaitForLeader(t, srv.Agent.RPC) 32 rootACLToken := srv.RootToken 33 must.NotNil(t, rootACLToken) 34 35 ui := cli.NewMockUi() 36 cmd := &ACLAuthMethodUpdateCommand{ 37 Meta: Meta{ 38 Ui: ui, 39 flagAddress: url, 40 }, 41 } 42 43 // Try calling the command without setting the method name argument 44 must.One(t, cmd.Run([]string{"-address=" + url})) 45 must.StrContains(t, ui.ErrorWriter.String(), "This command takes one argument") 46 47 ui.OutputWriter.Reset() 48 ui.ErrorWriter.Reset() 49 50 // Try calling the command with a method name that doesn't exist 51 code := cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, "catch-me-if-you-can"}) 52 must.One(t, code) 53 must.StrContains(t, ui.ErrorWriter.String(), "ACL auth-method not found") 54 55 ui.OutputWriter.Reset() 56 ui.ErrorWriter.Reset() 57 58 // Create a test auth method 59 ttl, _ := time.ParseDuration("3600s") 60 method := &structs.ACLAuthMethod{ 61 Name: "test-auth-method", 62 Type: "OIDC", 63 MaxTokenTTL: ttl, 64 TokenLocality: "local", 65 Config: &structs.ACLAuthMethodConfig{ 66 OIDCDiscoveryURL: "http://example.com", 67 }, 68 } 69 method.SetHash() 70 must.NoError(t, srv.Agent.Server().State().UpsertACLAuthMethods(1000, []*structs.ACLAuthMethod{method})) 71 72 // Try an update without setting any parameters to update. 73 code = cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, method.Name}) 74 must.One(t, code) 75 must.StrContains(t, ui.ErrorWriter.String(), "Please provide at least one flag to update the ACL auth method") 76 77 ui.OutputWriter.Reset() 78 ui.ErrorWriter.Reset() 79 80 // Update the token locality 81 code = cmd.Run([]string{ 82 "-address=" + url, "-token=" + rootACLToken.SecretID, "-token-locality=global", method.Name}) 83 must.Zero(t, code) 84 s := ui.OutputWriter.String() 85 must.StrContains(t, s, method.Name) 86 87 ui.OutputWriter.Reset() 88 ui.ErrorWriter.Reset() 89 90 // Update an auth method with a config from file 91 configFile, err := os.CreateTemp("", "config.json") 92 defer os.Remove(configFile.Name()) 93 must.Nil(t, err) 94 95 conf := map[string]interface{}{"OIDCDiscoveryURL": "http://example.com"} 96 jsonData, err := json.Marshal(conf) 97 must.Nil(t, err) 98 99 _, err = configFile.Write(jsonData) 100 must.Nil(t, err) 101 102 code = cmd.Run([]string{ 103 "-address=" + url, 104 "-token=" + rootACLToken.SecretID, 105 fmt.Sprintf("-config=@%s", configFile.Name()), 106 method.Name, 107 }) 108 must.Zero(t, code) 109 s = ui.OutputWriter.String() 110 must.StrContains(t, s, method.Name) 111 112 ui.OutputWriter.Reset() 113 ui.ErrorWriter.Reset() 114 115 // Update a default auth method 116 code = cmd.Run([]string{ 117 "-address=" + url, "-token=" + rootACLToken.SecretID, "-default=true", method.Name}) 118 must.Zero(t, code) 119 s = ui.OutputWriter.String() 120 must.StrContains(t, s, method.Name) 121 122 ui.OutputWriter.Reset() 123 ui.ErrorWriter.Reset() 124 }