github.com/outbrain/consul@v1.4.5/agent/acl_endpoint_legacy_test.go (about) 1 package agent 2 3 import ( 4 "bytes" 5 "encoding/json" 6 "fmt" 7 "net/http" 8 "net/http/httptest" 9 "strings" 10 "testing" 11 12 "github.com/hashicorp/consul/acl" 13 "github.com/hashicorp/consul/agent/structs" 14 "github.com/hashicorp/consul/testrpc" 15 ) 16 17 func TestACL_Legacy_Disabled_Response(t *testing.T) { 18 t.Parallel() 19 a := NewTestAgent(t, t.Name(), "") 20 defer a.Shutdown() 21 22 tests := []func(resp http.ResponseWriter, req *http.Request) (interface{}, error){ 23 a.srv.ACLDestroy, 24 a.srv.ACLCreate, 25 a.srv.ACLUpdate, 26 a.srv.ACLClone, 27 a.srv.ACLGet, 28 a.srv.ACLList, 29 } 30 testrpc.WaitForLeader(t, a.RPC, "dc1") 31 for i, tt := range tests { 32 t.Run(fmt.Sprintf("%d", i), func(t *testing.T) { 33 req, _ := http.NewRequest("PUT", "/should/not/care", nil) 34 resp := httptest.NewRecorder() 35 obj, err := tt(resp, req) 36 if err != nil { 37 t.Fatalf("err: %v", err) 38 } 39 if obj != nil { 40 t.Fatalf("bad: %#v", obj) 41 } 42 if got, want := resp.Code, http.StatusUnauthorized; got != want { 43 t.Fatalf("got %d want %d", got, want) 44 } 45 if !strings.Contains(resp.Body.String(), "ACL support disabled") { 46 t.Fatalf("bad: %#v", resp) 47 } 48 }) 49 } 50 } 51 52 func makeTestACL(t *testing.T, srv *HTTPServer) string { 53 body := bytes.NewBuffer(nil) 54 enc := json.NewEncoder(body) 55 raw := map[string]interface{}{ 56 "Name": "User Token", 57 "Type": "client", 58 "Rules": "", 59 } 60 enc.Encode(raw) 61 62 req, _ := http.NewRequest("PUT", "/v1/acl/create?token=root", body) 63 resp := httptest.NewRecorder() 64 obj, err := srv.ACLCreate(resp, req) 65 if err != nil { 66 t.Fatalf("err: %v", err) 67 } 68 aclResp := obj.(aclCreateResponse) 69 return aclResp.ID 70 } 71 72 func TestACL_Legacy_Update(t *testing.T) { 73 t.Parallel() 74 a := NewTestAgent(t, t.Name(), TestACLConfig()) 75 defer a.Shutdown() 76 77 testrpc.WaitForLeader(t, a.RPC, "dc1") 78 id := makeTestACL(t, a.srv) 79 80 body := bytes.NewBuffer(nil) 81 enc := json.NewEncoder(body) 82 raw := map[string]interface{}{ 83 "ID": id, 84 "Name": "User Token 2", 85 "Type": "client", 86 "Rules": "", 87 } 88 enc.Encode(raw) 89 90 req, _ := http.NewRequest("PUT", "/v1/acl/update?token=root", body) 91 resp := httptest.NewRecorder() 92 obj, err := a.srv.ACLUpdate(resp, req) 93 if err != nil { 94 t.Fatalf("err: %v", err) 95 } 96 aclResp := obj.(aclCreateResponse) 97 if aclResp.ID != id { 98 t.Fatalf("bad: %v", aclResp) 99 } 100 } 101 102 func TestACL_Legacy_UpdateUpsert(t *testing.T) { 103 t.Parallel() 104 a := NewTestAgent(t, t.Name(), TestACLConfig()) 105 defer a.Shutdown() 106 107 body := bytes.NewBuffer(nil) 108 enc := json.NewEncoder(body) 109 raw := map[string]interface{}{ 110 "ID": "my-old-id", 111 "Name": "User Token 2", 112 "Type": "client", 113 "Rules": "", 114 } 115 enc.Encode(raw) 116 117 req, _ := http.NewRequest("PUT", "/v1/acl/update?token=root", body) 118 resp := httptest.NewRecorder() 119 120 testrpc.WaitForLeader(t, a.RPC, "dc1") 121 obj, err := a.srv.ACLUpdate(resp, req) 122 if err != nil { 123 t.Fatalf("err: %v", err) 124 } 125 aclResp := obj.(aclCreateResponse) 126 if aclResp.ID != "my-old-id" { 127 t.Fatalf("bad: %v", aclResp) 128 } 129 } 130 131 func TestACL_Legacy_Destroy(t *testing.T) { 132 t.Parallel() 133 a := NewTestAgent(t, t.Name(), TestACLConfig()) 134 defer a.Shutdown() 135 136 testrpc.WaitForLeader(t, a.RPC, "dc1") 137 id := makeTestACL(t, a.srv) 138 req, _ := http.NewRequest("PUT", "/v1/acl/destroy/"+id+"?token=root", nil) 139 resp := httptest.NewRecorder() 140 obj, err := a.srv.ACLDestroy(resp, req) 141 if err != nil { 142 t.Fatalf("err: %v", err) 143 } 144 if resp, ok := obj.(bool); !ok || !resp { 145 t.Fatalf("should work") 146 } 147 148 req, _ = http.NewRequest("GET", "/v1/acl/info/"+id, nil) 149 resp = httptest.NewRecorder() 150 obj, err = a.srv.ACLGet(resp, req) 151 if err != nil { 152 t.Fatalf("err: %v", err) 153 } 154 respObj, ok := obj.(structs.ACLs) 155 if !ok { 156 t.Fatalf("should work") 157 } 158 if len(respObj) != 0 { 159 t.Fatalf("bad: %v", respObj) 160 } 161 } 162 163 func TestACL_Legacy_Clone(t *testing.T) { 164 t.Parallel() 165 a := NewTestAgent(t, t.Name(), TestACLConfig()) 166 defer a.Shutdown() 167 168 testrpc.WaitForLeader(t, a.RPC, "dc1") 169 id := makeTestACL(t, a.srv) 170 171 req, _ := http.NewRequest("PUT", "/v1/acl/clone/"+id, nil) 172 resp := httptest.NewRecorder() 173 _, err := a.srv.ACLClone(resp, req) 174 if !acl.IsErrPermissionDenied(err) { 175 t.Fatalf("err: %v", err) 176 } 177 178 req, _ = http.NewRequest("PUT", "/v1/acl/clone/"+id+"?token=root", nil) 179 resp = httptest.NewRecorder() 180 obj, err := a.srv.ACLClone(resp, req) 181 if err != nil { 182 t.Fatalf("err: %v", err) 183 } 184 aclResp, ok := obj.(aclCreateResponse) 185 if !ok { 186 t.Fatalf("should work: %#v %#v", obj, resp) 187 } 188 if aclResp.ID == id { 189 t.Fatalf("bad id") 190 } 191 192 req, _ = http.NewRequest("GET", "/v1/acl/info/"+aclResp.ID, nil) 193 resp = httptest.NewRecorder() 194 obj, err = a.srv.ACLGet(resp, req) 195 if err != nil { 196 t.Fatalf("err: %v", err) 197 } 198 respObj, ok := obj.(structs.ACLs) 199 if !ok { 200 t.Fatalf("should work") 201 } 202 if len(respObj) != 1 { 203 t.Fatalf("bad: %v", respObj) 204 } 205 } 206 207 func TestACL_Legacy_Get(t *testing.T) { 208 t.Parallel() 209 t.Run("wrong id", func(t *testing.T) { 210 a := NewTestAgent(t, t.Name(), TestACLConfig()) 211 defer a.Shutdown() 212 213 req, _ := http.NewRequest("GET", "/v1/acl/info/nope", nil) 214 resp := httptest.NewRecorder() 215 testrpc.WaitForLeader(t, a.RPC, "dc1") 216 obj, err := a.srv.ACLGet(resp, req) 217 if err != nil { 218 t.Fatalf("err: %v", err) 219 } 220 respObj, ok := obj.(structs.ACLs) 221 if !ok { 222 t.Fatalf("should work") 223 } 224 if respObj == nil || len(respObj) != 0 { 225 t.Fatalf("bad: %v", respObj) 226 } 227 }) 228 229 t.Run("right id", func(t *testing.T) { 230 a := NewTestAgent(t, t.Name(), TestACLConfig()) 231 defer a.Shutdown() 232 233 testrpc.WaitForLeader(t, a.RPC, "dc1") 234 id := makeTestACL(t, a.srv) 235 236 req, _ := http.NewRequest("GET", "/v1/acl/info/"+id, nil) 237 resp := httptest.NewRecorder() 238 obj, err := a.srv.ACLGet(resp, req) 239 if err != nil { 240 t.Fatalf("err: %v", err) 241 } 242 respObj, ok := obj.(structs.ACLs) 243 if !ok { 244 t.Fatalf("should work") 245 } 246 if len(respObj) != 1 { 247 t.Fatalf("bad: %v", respObj) 248 } 249 }) 250 } 251 252 func TestACL_Legacy_List(t *testing.T) { 253 t.Parallel() 254 a := NewTestAgent(t, t.Name(), TestACLConfig()) 255 defer a.Shutdown() 256 257 testrpc.WaitForLeader(t, a.RPC, "dc1") 258 var ids []string 259 for i := 0; i < 10; i++ { 260 ids = append(ids, makeTestACL(t, a.srv)) 261 } 262 263 req, _ := http.NewRequest("GET", "/v1/acl/list?token=root", nil) 264 resp := httptest.NewRecorder() 265 obj, err := a.srv.ACLList(resp, req) 266 if err != nil { 267 t.Fatalf("err: %v", err) 268 } 269 respObj, ok := obj.(structs.ACLs) 270 if !ok { 271 t.Fatalf("should work") 272 } 273 274 // 10 + master 275 // anonymous token is a new token and wont show up in this list 276 if len(respObj) != 11 { 277 t.Fatalf("bad: %v", respObj) 278 } 279 } 280 281 func TestACLReplicationStatus(t *testing.T) { 282 t.Parallel() 283 a := NewTestAgent(t, t.Name(), TestACLConfig()) 284 defer a.Shutdown() 285 286 req, _ := http.NewRequest("GET", "/v1/acl/replication", nil) 287 resp := httptest.NewRecorder() 288 testrpc.WaitForLeader(t, a.RPC, "dc1") 289 obj, err := a.srv.ACLReplicationStatus(resp, req) 290 if err != nil { 291 t.Fatalf("err: %v", err) 292 } 293 _, ok := obj.(structs.ACLReplicationStatus) 294 if !ok { 295 t.Fatalf("should work") 296 } 297 }