github.com/hernad/nomad@v1.6.112/ui/mirage/factories/token.js (about) 1 /** 2 * Copyright (c) HashiCorp, Inc. 3 * SPDX-License-Identifier: MPL-2.0 4 */ 5 6 import { Factory } from 'ember-cli-mirage'; 7 import faker from 'nomad-ui/mirage/faker'; 8 9 export default Factory.extend({ 10 id: () => faker.random.uuid(), 11 accessorId() { 12 return this.id; 13 }, 14 secretId: () => faker.random.uuid(), 15 name: (i) => `${i === 0 ? 'Manager ' : ''}${faker.name.findName()}`, 16 global: () => faker.random.boolean(), 17 type: (i) => (i === 0 ? 'management' : 'client'), 18 19 oneTimeSecret: () => faker.random.uuid(), 20 21 afterCreate(token, server) { 22 if (token.policyIds && token.policyIds.length) return; 23 const policyIds = Array(faker.random.number({ min: 1, max: 5 })) 24 .fill(0) 25 .map(() => faker.hacker.verb()) 26 .uniq(); 27 28 policyIds.forEach((policy) => { 29 const dbPolicy = server.db.policies.find(policy); 30 if (!dbPolicy) { 31 server.create('policy', { id: policy }); 32 } 33 }); 34 35 token.update({ policyIds }); 36 37 // Create a special policy with variables rules in place 38 if (token.id === '53cur3-v4r14bl35') { 39 const variableMakerPolicy = { 40 id: 'Variable Maker', 41 rules: ` 42 # Allow read only access to the default namespace 43 namespace "*" { 44 policy = "read" 45 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 46 variables { 47 # Base access is to all abilities for all variables 48 path "*" { 49 capabilities = ["list", "read", "destroy", "create"] 50 } 51 } 52 } 53 54 node { 55 policy = "read" 56 } 57 `, 58 59 rulesJSON: { 60 Namespaces: [ 61 { 62 Name: '*', 63 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 64 Variables: { 65 Paths: [ 66 { 67 Capabilities: ['write', 'read', 'destroy', 'list'], 68 PathSpec: '*', 69 }, 70 ], 71 }, 72 }, 73 ], 74 }, 75 }; 76 server.create('policy', variableMakerPolicy); 77 token.policyIds.push(variableMakerPolicy.id); 78 } 79 if (token.id === 'f3w3r-53cur3-v4r14bl35') { 80 const variableViewerPolicy = { 81 id: 'Variable Viewer', 82 rules: ` 83 # Allow read only access to the default namespace 84 namespace "*" { 85 policy = "read" 86 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 87 variables { 88 # Base access is to all abilities for all variables 89 path "*" { 90 capabilities = ["list"] 91 } 92 } 93 } 94 95 namespace "namespace-1" { 96 policy = "read" 97 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 98 variables { 99 # Base access is to all abilities for all variables 100 path "*" { 101 capabilities = ["list", "read", "destroy", "create"] 102 } 103 } 104 } 105 106 namespace "namespace-2" { 107 policy = "read" 108 capabilities = ["list-jobs", "alloc-exec", "read-logs"] 109 variables { 110 # Base access is to all abilities for all variables 111 path "blue/*" { 112 capabilities = ["list", "read", "destroy", "create"] 113 } 114 path "nomad/jobs/*" { 115 capabilities = ["list", "read", "create"] 116 } 117 } 118 } 119 120 node { 121 policy = "read" 122 } 123 `, 124 125 rulesJSON: { 126 Namespaces: [ 127 { 128 Name: '*', 129 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 130 Variables: { 131 Paths: [ 132 { 133 Capabilities: ['list'], 134 PathSpec: '*', 135 }, 136 ], 137 }, 138 }, 139 { 140 Name: 'namespace-1', 141 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 142 Variables: { 143 Paths: [ 144 { 145 Capabilities: ['list', 'read', 'destroy', 'create'], 146 PathSpec: '*', 147 }, 148 ], 149 }, 150 }, 151 { 152 Name: 'namespace-2', 153 Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'], 154 Variables: { 155 Paths: [ 156 { 157 Capabilities: ['list', 'read', 'destroy', 'create'], 158 PathSpec: 'blue/*', 159 }, 160 { 161 Capabilities: ['list', 'read', 'create'], 162 PathSpec: 'nomad/jobs/*', 163 }, 164 ], 165 }, 166 }, 167 ], 168 }, 169 }; 170 server.create('policy', variableViewerPolicy); 171 token.policyIds.push(variableViewerPolicy.id); 172 } 173 if (token.id === '3XP1R35-1N-3L3V3N-M1NU735') { 174 token.update({ 175 expirationTime: new Date(new Date().getTime() + 11 * 60 * 1000), 176 }); 177 } 178 }, 179 });