github.com/iqoqo/nomad@v0.11.3-0.20200911112621-d7021c74d101/ui/tests/unit/abilities/job-test.js (about) 1 import { module, test } from 'qunit'; 2 import { setupTest } from 'ember-qunit'; 3 import Service from '@ember/service'; 4 import setupAbility from 'nomad-ui/tests/helpers/setup-ability'; 5 6 module('Unit | Ability | job', function(hooks) { 7 setupTest(hooks); 8 setupAbility('job')(hooks); 9 10 test('it permits job run when ACLs are disabled', function(assert) { 11 const mockToken = Service.extend({ 12 aclEnabled: false, 13 }); 14 15 this.owner.register('service:token', mockToken); 16 17 assert.ok(this.ability.canRun); 18 }); 19 20 test('it permits job run for management tokens', function(assert) { 21 const mockToken = Service.extend({ 22 aclEnabled: true, 23 selfToken: { type: 'management' }, 24 }); 25 26 this.owner.register('service:token', mockToken); 27 28 assert.ok(this.ability.canRun); 29 }); 30 31 test('it permits job run for client tokens with a policy that has namespace submit-job', function(assert) { 32 const mockSystem = Service.extend({ 33 aclEnabled: true, 34 activeNamespace: { 35 name: 'aNamespace', 36 }, 37 }); 38 39 const mockToken = Service.extend({ 40 aclEnabled: true, 41 selfToken: { type: 'client' }, 42 selfTokenPolicies: [ 43 { 44 rulesJSON: { 45 Namespaces: [ 46 { 47 Name: 'aNamespace', 48 Capabilities: ['submit-job'], 49 }, 50 ], 51 }, 52 }, 53 ], 54 }); 55 56 this.owner.register('service:system', mockSystem); 57 this.owner.register('service:token', mockToken); 58 59 assert.ok(this.ability.canRun); 60 }); 61 62 test('it permits job run for client tokens with a policy that has default namespace submit-job and no capabilities for active namespace', function(assert) { 63 const mockSystem = Service.extend({ 64 aclEnabled: true, 65 activeNamespace: { 66 name: 'anotherNamespace', 67 }, 68 }); 69 70 const mockToken = Service.extend({ 71 aclEnabled: true, 72 selfToken: { type: 'client' }, 73 selfTokenPolicies: [ 74 { 75 rulesJSON: { 76 Namespaces: [ 77 { 78 Name: 'aNamespace', 79 Capabilities: [], 80 }, 81 { 82 Name: 'default', 83 Capabilities: ['submit-job'], 84 }, 85 ], 86 }, 87 }, 88 ], 89 }); 90 91 this.owner.register('service:system', mockSystem); 92 this.owner.register('service:token', mockToken); 93 94 assert.ok(this.ability.canRun); 95 }); 96 97 test('it blocks job run for client tokens with a policy that has no submit-job capability', function(assert) { 98 const mockSystem = Service.extend({ 99 aclEnabled: true, 100 activeNamespace: { 101 name: 'aNamespace', 102 }, 103 }); 104 105 const mockToken = Service.extend({ 106 aclEnabled: true, 107 selfToken: { type: 'client' }, 108 selfTokenPolicies: [ 109 { 110 rulesJSON: { 111 Namespaces: [ 112 { 113 Name: 'aNamespace', 114 Capabilities: ['list-jobs'], 115 }, 116 ], 117 }, 118 }, 119 ], 120 }); 121 122 this.owner.register('service:system', mockSystem); 123 this.owner.register('service:token', mockToken); 124 125 assert.notOk(this.ability.canRun); 126 }); 127 128 test('it handles globs in namespace names', function(assert) { 129 const mockSystem = Service.extend({ 130 aclEnabled: true, 131 activeNamespace: { 132 name: 'aNamespace', 133 }, 134 }); 135 136 const mockToken = Service.extend({ 137 aclEnabled: true, 138 selfToken: { type: 'client' }, 139 selfTokenPolicies: [ 140 { 141 rulesJSON: { 142 Namespaces: [ 143 { 144 Name: 'production-*', 145 Capabilities: ['submit-job'], 146 }, 147 { 148 Name: 'production-api', 149 Capabilities: ['submit-job'], 150 }, 151 { 152 Name: 'production-web', 153 Capabilities: [], 154 }, 155 { 156 Name: '*-suffixed', 157 Capabilities: ['submit-job'], 158 }, 159 { 160 Name: '*-more-suffixed', 161 Capabilities: [], 162 }, 163 { 164 Name: '*-abc-*', 165 Capabilities: ['submit-job'], 166 }, 167 ], 168 }, 169 }, 170 ], 171 }); 172 173 this.owner.register('service:system', mockSystem); 174 this.owner.register('service:token', mockToken); 175 176 const systemService = this.owner.lookup('service:system'); 177 178 systemService.set('activeNamespace.name', 'production-web'); 179 assert.notOk(this.ability.canRun); 180 181 systemService.set('activeNamespace.name', 'production-api'); 182 assert.ok(this.ability.canRun); 183 184 systemService.set('activeNamespace.name', 'production-other'); 185 assert.ok(this.ability.canRun); 186 187 systemService.set('activeNamespace.name', 'something-suffixed'); 188 assert.ok(this.ability.canRun); 189 190 systemService.set('activeNamespace.name', 'something-more-suffixed'); 191 assert.notOk( 192 this.ability.canRun, 193 'expected the namespace with the greatest number of matched characters to be chosen' 194 ); 195 196 systemService.set('activeNamespace.name', '000-abc-999'); 197 assert.ok(this.ability.canRun, 'expected to be able to match against more than one wildcard'); 198 }); 199 });