github.com/hernad/nomad@v1.6.112/ui/tests/unit/abilities/client-test.js (about) 1 /** 2 * Copyright (c) HashiCorp, Inc. 3 * SPDX-License-Identifier: MPL-2.0 4 */ 5 6 /* eslint-disable ember/avoid-leaking-state-in-ember-objects */ 7 import { module, test } from 'qunit'; 8 import { setupTest } from 'ember-qunit'; 9 import Service from '@ember/service'; 10 import setupAbility from 'nomad-ui/tests/helpers/setup-ability'; 11 12 module('Unit | Ability | client', function (hooks) { 13 setupTest(hooks); 14 setupAbility('client')(hooks); 15 16 test('it permits client read and write when ACLs are disabled', function (assert) { 17 const mockToken = Service.extend({ 18 aclEnabled: false, 19 }); 20 this.owner.register('service:token', mockToken); 21 22 assert.ok(this.ability.canRead); 23 assert.ok(this.ability.canWrite); 24 }); 25 26 test('it permits client read and write for management tokens', function (assert) { 27 const mockToken = Service.extend({ 28 aclEnabled: true, 29 selfToken: { type: 'management' }, 30 }); 31 this.owner.register('service:token', mockToken); 32 33 assert.ok(this.ability.canRead); 34 assert.ok(this.ability.canWrite); 35 }); 36 37 test('it permits client read and write for tokens with a policy that has node-write', function (assert) { 38 const mockToken = Service.extend({ 39 aclEnabled: true, 40 selfToken: { type: 'client' }, 41 selfTokenPolicies: [ 42 { 43 rulesJSON: { 44 Node: { 45 Policy: 'write', 46 }, 47 }, 48 }, 49 ], 50 }); 51 this.owner.register('service:token', mockToken); 52 53 assert.ok(this.ability.canRead); 54 assert.ok(this.ability.canWrite); 55 }); 56 57 test('it permits client read and write for tokens with a policy that allows write and another policy that disallows it', function (assert) { 58 const mockToken = Service.extend({ 59 aclEnabled: true, 60 selfToken: { type: 'client' }, 61 selfTokenPolicies: [ 62 { 63 rulesJSON: { 64 Node: { 65 Policy: 'write', 66 }, 67 }, 68 }, 69 { 70 rulesJSON: { 71 Node: { 72 Policy: 'read', 73 }, 74 }, 75 }, 76 ], 77 }); 78 this.owner.register('service:token', mockToken); 79 80 assert.ok(this.ability.canRead); 81 assert.ok(this.ability.canWrite); 82 }); 83 84 test('it permits client read and blocks client write for tokens with a policy that does not allow node-write', function (assert) { 85 const mockToken = Service.extend({ 86 aclEnabled: true, 87 selfToken: { type: 'client' }, 88 selfTokenPolicies: [ 89 { 90 rulesJSON: { 91 Node: { 92 Policy: 'read', 93 }, 94 }, 95 }, 96 ], 97 }); 98 this.owner.register('service:token', mockToken); 99 100 assert.ok(this.ability.canRead); 101 assert.notOk(this.ability.canWrite); 102 }); 103 104 test('it blocks client read and write for tokens without a node policy', function (assert) { 105 const mockToken = Service.extend({ 106 aclEnabled: true, 107 selfToken: { type: 'client' }, 108 selfTokenPolicies: [ 109 { 110 rulesJSON: {}, 111 }, 112 ], 113 }); 114 this.owner.register('service:token', mockToken); 115 116 assert.notOk(this.ability.canRead); 117 assert.notOk(this.ability.canWrite); 118 }); 119 });