github.com/hernad/nomad@v1.6.112/nomad/consul_policy_oss_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 //go:build !ent 5 6 package nomad 7 8 import ( 9 "testing" 10 11 "github.com/hashicorp/consul/api" 12 "github.com/hernad/nomad/ci" 13 "github.com/hernad/nomad/command/agent/consul" 14 "github.com/hernad/nomad/helper/testlog" 15 "github.com/shoenig/test/must" 16 ) 17 18 func TestConsulACLsAPI_hasSufficientPolicy_oss(t *testing.T) { 19 ci.Parallel(t) 20 21 try := func(t *testing.T, namespace, task string, token *api.ACLToken, exp bool) { 22 logger := testlog.HCLogger(t) 23 cAPI := &consulACLsAPI{ 24 aclClient: consul.NewMockACLsAPI(logger), 25 logger: logger, 26 } 27 result, err := cAPI.canWriteService(namespace, task, token) 28 must.NoError(t, err) 29 must.Eq(t, exp, result) 30 } 31 32 // In Nomad OSS, group consul namespace will always be empty string. 33 34 t.Run("no namespace with default token", func(t *testing.T) { 35 t.Run("no useful policy or role", func(t *testing.T) { 36 try(t, "", "service1", consul.ExampleOperatorToken0, false) 37 }) 38 39 t.Run("working policy only", func(t *testing.T) { 40 try(t, "", "service1", consul.ExampleOperatorToken1, true) 41 }) 42 43 t.Run("working role only", func(t *testing.T) { 44 try(t, "", "service1", consul.ExampleOperatorToken4, true) 45 }) 46 47 t.Run("working service identity only", func(t *testing.T) { 48 try(t, "", "service1", consul.ExampleOperatorToken6, true) 49 }) 50 }) 51 }