github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/ui/tests/unit/abilities/allocation-test.js

github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/ui/tests/unit/abilities/allocation-test.js (about)

     1  import { module, test } from 'qunit';
     2  import { setupTest } from 'ember-qunit';
     3  import Service from '@ember/service';
     4  import setupAbility from 'nomad-ui/tests/helpers/setup-ability';
     5  
     6  module('Unit | Ability | allocation', function(hooks) {
     7    setupTest(hooks);
     8    setupAbility('allocation')(hooks);
     9  
    10    test('it permits alloc exec when ACLs are disabled', function(assert) {
    11      const mockToken = Service.extend({
    12        aclEnabled: false,
    13      });
    14  
    15      this.owner.register('service:token', mockToken);
    16  
    17      assert.ok(this.ability.canExec);
    18    });
    19  
    20    test('it permits alloc exec for management tokens', function(assert) {
    21      const mockToken = Service.extend({
    22        aclEnabled: true,
    23        selfToken: { type: 'management' },
    24      });
    25  
    26      this.owner.register('service:token', mockToken);
    27  
    28      assert.ok(this.ability.canExec);
    29    });
    30  
    31    test('it permits alloc exec for client tokens with a policy that has namespace alloc-exec', function(assert) {
    32      const mockSystem = Service.extend({
    33        aclEnabled: true,
    34        activeNamespace: {
    35          name: 'aNamespace',
    36        },
    37      });
    38  
    39      const mockToken = Service.extend({
    40        aclEnabled: true,
    41        selfToken: { type: 'client' },
    42        selfTokenPolicies: [
    43          {
    44            rulesJSON: {
    45              Namespaces: [
    46                {
    47                  Name: 'aNamespace',
    48                  Capabilities: ['alloc-exec'],
    49                },
    50              ],
    51            },
    52          },
    53        ],
    54      });
    55  
    56      this.owner.register('service:system', mockSystem);
    57      this.owner.register('service:token', mockToken);
    58  
    59      assert.ok(this.ability.canExec);
    60    });
    61  
    62    test('it permits alloc exec for client tokens with a policy that has default namespace alloc-exec and no capabilities for active namespace', function(assert) {
    63      const mockSystem = Service.extend({
    64        aclEnabled: true,
    65        activeNamespace: {
    66          name: 'anotherNamespace',
    67        },
    68      });
    69  
    70      const mockToken = Service.extend({
    71        aclEnabled: true,
    72        selfToken: { type: 'client' },
    73        selfTokenPolicies: [
    74          {
    75            rulesJSON: {
    76              Namespaces: [
    77                {
    78                  Name: 'aNamespace',
    79                  Capabilities: [],
    80                },
    81                {
    82                  Name: 'default',
    83                  Capabilities: ['alloc-exec'],
    84                },
    85              ],
    86            },
    87          },
    88        ],
    89      });
    90  
    91      this.owner.register('service:system', mockSystem);
    92      this.owner.register('service:token', mockToken);
    93  
    94      assert.ok(this.ability.canExec);
    95    });
    96  
    97    test('it blocks alloc exec for client tokens with a policy that has no alloc-exec capability', function(assert) {
    98      const mockSystem = Service.extend({
    99        aclEnabled: true,
   100        activeNamespace: {
   101          name: 'aNamespace',
   102        },
   103      });
   104  
   105      const mockToken = Service.extend({
   106        aclEnabled: true,
   107        selfToken: { type: 'client' },
   108        selfTokenPolicies: [
   109          {
   110            rulesJSON: {
   111              Namespaces: [
   112                {
   113                  Name: 'aNamespace',
   114                  Capabilities: ['list-jobs'],
   115                },
   116              ],
   117            },
   118          },
   119        ],
   120      });
   121  
   122      this.owner.register('service:system', mockSystem);
   123      this.owner.register('service:token', mockToken);
   124  
   125      assert.notOk(this.ability.canExec);
   126    });
   127  
   128    test('it handles globs in namespace names', function(assert) {
   129      const mockSystem = Service.extend({
   130        aclEnabled: true,
   131        activeNamespace: {
   132          name: 'aNamespace',
   133        },
   134      });
   135  
   136      const mockToken = Service.extend({
   137        aclEnabled: true,
   138        selfToken: { type: 'client' },
   139        selfTokenPolicies: [
   140          {
   141            rulesJSON: {
   142              Namespaces: [
   143                {
   144                  Name: 'production-*',
   145                  Capabilities: ['alloc-exec'],
   146                },
   147                {
   148                  Name: 'production-api',
   149                  Capabilities: ['alloc-exec'],
   150                },
   151                {
   152                  Name: 'production-web',
   153                  Capabilities: [],
   154                },
   155                {
   156                  Name: '*-suffixed',
   157                  Capabilities: ['alloc-exec'],
   158                },
   159                {
   160                  Name: '*-more-suffixed',
   161                  Capabilities: [],
   162                },
   163                {
   164                  Name: '*-abc-*',
   165                  Capabilities: ['alloc-exec'],
   166                },
   167              ],
   168            },
   169          },
   170        ],
   171      });
   172  
   173      this.owner.register('service:system', mockSystem);
   174      this.owner.register('service:token', mockToken);
   175  
   176      const systemService = this.owner.lookup('service:system');
   177  
   178      systemService.set('activeNamespace.name', 'production-web');
   179      assert.notOk(this.ability.canExec);
   180  
   181      systemService.set('activeNamespace.name', 'production-api');
   182      assert.ok(this.ability.canExec);
   183  
   184      systemService.set('activeNamespace.name', 'production-other');
   185      assert.ok(this.ability.canExec);
   186  
   187      systemService.set('activeNamespace.name', 'something-suffixed');
   188      assert.ok(this.ability.canExec);
   189  
   190      systemService.set('activeNamespace.name', 'something-more-suffixed');
   191      assert.notOk(
   192        this.ability.canExec,
   193        'expected the namespace with the greatest number of matched characters to be chosen'
   194      );
   195  
   196      systemService.set('activeNamespace.name', '000-abc-999');
   197      assert.ok(this.ability.canExec, 'expected to be able to match against more than one wildcard');
   198    });
   199  });