github.com/hernad/nomad@v1.6.112/nomad/consul_policy_oss_test.go

github.com/hernad/nomad@v1.6.112/nomad/consul_policy_oss_test.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  //go:build !ent
     5  
     6  package nomad
     7  
     8  import (
     9  	"testing"
    10  
    11  	"github.com/hashicorp/consul/api"
    12  	"github.com/hernad/nomad/ci"
    13  	"github.com/hernad/nomad/command/agent/consul"
    14  	"github.com/hernad/nomad/helper/testlog"
    15  	"github.com/shoenig/test/must"
    16  )
    17  
    18  func TestConsulACLsAPI_hasSufficientPolicy_oss(t *testing.T) {
    19  	ci.Parallel(t)
    20  
    21  	try := func(t *testing.T, namespace, task string, token *api.ACLToken, exp bool) {
    22  		logger := testlog.HCLogger(t)
    23  		cAPI := &consulACLsAPI{
    24  			aclClient: consul.NewMockACLsAPI(logger),
    25  			logger:    logger,
    26  		}
    27  		result, err := cAPI.canWriteService(namespace, task, token)
    28  		must.NoError(t, err)
    29  		must.Eq(t, exp, result)
    30  	}
    31  
    32  	// In Nomad OSS, group consul namespace will always be empty string.
    33  
    34  	t.Run("no namespace with default token", func(t *testing.T) {
    35  		t.Run("no useful policy or role", func(t *testing.T) {
    36  			try(t, "", "service1", consul.ExampleOperatorToken0, false)
    37  		})
    38  
    39  		t.Run("working policy only", func(t *testing.T) {
    40  			try(t, "", "service1", consul.ExampleOperatorToken1, true)
    41  		})
    42  
    43  		t.Run("working role only", func(t *testing.T) {
    44  			try(t, "", "service1", consul.ExampleOperatorToken4, true)
    45  		})
    46  
    47  		t.Run("working service identity only", func(t *testing.T) {
    48  			try(t, "", "service1", consul.ExampleOperatorToken6, true)
    49  		})
    50  	})
    51  }