github.com/outbrain/consul@v1.4.5/agent/structs/acl_legacy_test.go (about)

     1  package structs
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/require"
     7  )
     8  
     9  func TestStructs_ACL_IsSame(t *testing.T) {
    10  	acl := &ACL{
    11  		ID:    "guid",
    12  		Name:  "An ACL for testing",
    13  		Type:  "client",
    14  		Rules: "service \"\" { policy = \"read\" }",
    15  	}
    16  	if !acl.IsSame(acl) {
    17  		t.Fatalf("should be equal to itself")
    18  	}
    19  
    20  	other := &ACL{
    21  		ID:    "guid",
    22  		Name:  "An ACL for testing",
    23  		Type:  "client",
    24  		Rules: "service \"\" { policy = \"read\" }",
    25  		RaftIndex: RaftIndex{
    26  			CreateIndex: 1,
    27  			ModifyIndex: 2,
    28  		},
    29  	}
    30  	if !acl.IsSame(other) || !other.IsSame(acl) {
    31  		t.Fatalf("should not care about Raft fields")
    32  	}
    33  
    34  	check := func(twiddle, restore func()) {
    35  		if !acl.IsSame(other) || !other.IsSame(acl) {
    36  			t.Fatalf("should be the same")
    37  		}
    38  
    39  		twiddle()
    40  		if acl.IsSame(other) || other.IsSame(acl) {
    41  			t.Fatalf("should not be the same")
    42  		}
    43  
    44  		restore()
    45  		if !acl.IsSame(other) || !other.IsSame(acl) {
    46  			t.Fatalf("should be the same")
    47  		}
    48  	}
    49  
    50  	check(func() { other.ID = "nope" }, func() { other.ID = "guid" })
    51  	check(func() { other.Name = "nope" }, func() { other.Name = "An ACL for testing" })
    52  	check(func() { other.Type = "management" }, func() { other.Type = "client" })
    53  	check(func() { other.Rules = "" }, func() { other.Rules = "service \"\" { policy = \"read\" }" })
    54  }
    55  
    56  func TestStructs_ACL_Convert(t *testing.T) {
    57  	t.Parallel()
    58  
    59  	acl := &ACL{
    60  		ID:    "guid",
    61  		Name:  "AN ACL for testing",
    62  		Type:  "client",
    63  		Rules: `service "" { policy "read" }`,
    64  	}
    65  
    66  	token := acl.Convert()
    67  	require.Equal(t, "", token.AccessorID)
    68  	require.Equal(t, acl.ID, token.SecretID)
    69  	require.Equal(t, acl.Type, token.Type)
    70  	require.Equal(t, acl.Name, token.Description)
    71  	require.Nil(t, token.Policies)
    72  	require.False(t, token.Local)
    73  	require.Equal(t, acl.Rules, token.Rules)
    74  	require.Equal(t, acl.CreateIndex, token.CreateIndex)
    75  	require.Equal(t, acl.ModifyIndex, token.ModifyIndex)
    76  }
    77  
    78  func TestStructs_ACLToken_Convert(t *testing.T) {
    79  	t.Parallel()
    80  
    81  	t.Run("Management", func(t *testing.T) {
    82  		t.Parallel()
    83  		token := &ACLToken{
    84  			AccessorID:  "6c4eb178-c7f3-4620-b899-91eb8696c265",
    85  			SecretID:    "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
    86  			Description: "new token",
    87  			Policies: []ACLTokenPolicyLink{
    88  				ACLTokenPolicyLink{
    89  					ID: ACLPolicyGlobalManagementID,
    90  				},
    91  			},
    92  			Type: ACLTokenTypeManagement,
    93  		}
    94  
    95  		acl, err := token.Convert()
    96  		require.NoError(t, err)
    97  		require.Equal(t, token.SecretID, acl.ID)
    98  		require.Equal(t, token.Type, acl.Type)
    99  		require.Equal(t, token.Description, acl.Name)
   100  		require.Equal(t, "", acl.Rules)
   101  	})
   102  
   103  	t.Run("Client", func(t *testing.T) {
   104  		t.Parallel()
   105  		token := &ACLToken{
   106  			AccessorID:  "6c4eb178-c7f3-4620-b899-91eb8696c265",
   107  			SecretID:    "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
   108  			Description: "new token",
   109  			Policies:    nil,
   110  			Type:        ACLTokenTypeClient,
   111  			Rules:       `acl = "read"`,
   112  		}
   113  
   114  		acl, err := token.Convert()
   115  		require.NoError(t, err)
   116  		require.Equal(t, token.SecretID, acl.ID)
   117  		require.Equal(t, token.Type, acl.Type)
   118  		require.Equal(t, token.Description, acl.Name)
   119  		require.Equal(t, token.Rules, acl.Rules)
   120  	})
   121  
   122  	t.Run("Unconvertible", func(t *testing.T) {
   123  		t.Parallel()
   124  		token := &ACLToken{
   125  			AccessorID:  "6c4eb178-c7f3-4620-b899-91eb8696c265",
   126  			SecretID:    "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
   127  			Description: "new token",
   128  			Policies: []ACLTokenPolicyLink{
   129  				ACLTokenPolicyLink{
   130  					ID: ACLPolicyGlobalManagementID,
   131  				},
   132  			},
   133  		}
   134  
   135  		acl, err := token.Convert()
   136  		require.Error(t, err)
   137  		require.Nil(t, acl)
   138  	})
   139  
   140  }