github.com/sl1pm4t/consul@v1.4.5-0.20190325224627-74c31c540f9c/api/connect_intention_test.go

github.com/sl1pm4t/consul@v1.4.5-0.20190325224627-74c31c540f9c/api/connect_intention_test.go (about)

     1  package api
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/stretchr/testify/require"
     7  )
     8  
     9  func TestAPI_ConnectIntentionCreateListGetUpdateDelete(t *testing.T) {
    10  	t.Parallel()
    11  
    12  	require := require.New(t)
    13  	c, s := makeClient(t)
    14  	defer s.Stop()
    15  
    16  	connect := c.Connect()
    17  
    18  	// Create
    19  	ixn := testIntention()
    20  	id, _, err := connect.IntentionCreate(ixn, nil)
    21  	require.Nil(err)
    22  	require.NotEmpty(id)
    23  
    24  	// List it
    25  	list, _, err := connect.Intentions(nil)
    26  	require.Nil(err)
    27  	require.Len(list, 1)
    28  
    29  	actual := list[0]
    30  	ixn.ID = id
    31  	ixn.CreatedAt = actual.CreatedAt
    32  	ixn.UpdatedAt = actual.UpdatedAt
    33  	ixn.CreateIndex = actual.CreateIndex
    34  	ixn.ModifyIndex = actual.ModifyIndex
    35  	require.Equal(ixn, actual)
    36  
    37  	// Get it
    38  	actual, _, err = connect.IntentionGet(id, nil)
    39  	require.Nil(err)
    40  	require.Equal(ixn, actual)
    41  
    42  	// Update it
    43  	ixn.SourceNS = ixn.SourceNS + "-different"
    44  	_, err = connect.IntentionUpdate(ixn, nil)
    45  	require.NoError(err)
    46  
    47  	// Get it
    48  	actual, _, err = connect.IntentionGet(id, nil)
    49  	require.NoError(err)
    50  	ixn.UpdatedAt = actual.UpdatedAt
    51  	ixn.ModifyIndex = actual.ModifyIndex
    52  	require.Equal(ixn, actual)
    53  
    54  	// Delete it
    55  	_, err = connect.IntentionDelete(id, nil)
    56  	require.Nil(err)
    57  
    58  	// Get it (should be gone)
    59  	actual, _, err = connect.IntentionGet(id, nil)
    60  	require.Nil(err)
    61  	require.Nil(actual)
    62  }
    63  
    64  func TestAPI_ConnectIntentionGet_invalidId(t *testing.T) {
    65  	t.Parallel()
    66  
    67  	require := require.New(t)
    68  	c, s := makeClient(t)
    69  	defer s.Stop()
    70  
    71  	connect := c.Connect()
    72  
    73  	// Get it
    74  	actual, _, err := connect.IntentionGet("hello", nil)
    75  	require.Nil(actual)
    76  	require.Error(err)
    77  	require.Contains(err.Error(), "UUID") // verify it contains the message
    78  }
    79  
    80  func TestAPI_ConnectIntentionMatch(t *testing.T) {
    81  	t.Parallel()
    82  
    83  	require := require.New(t)
    84  	c, s := makeClient(t)
    85  	defer s.Stop()
    86  
    87  	connect := c.Connect()
    88  
    89  	// Create
    90  	{
    91  		insert := [][]string{
    92  			{"foo", "*"},
    93  			{"foo", "bar"},
    94  			{"foo", "baz"}, // shouldn't match
    95  			{"bar", "bar"}, // shouldn't match
    96  			{"bar", "*"},   // shouldn't match
    97  			{"*", "*"},
    98  		}
    99  
   100  		for _, v := range insert {
   101  			ixn := testIntention()
   102  			ixn.DestinationNS = v[0]
   103  			ixn.DestinationName = v[1]
   104  			id, _, err := connect.IntentionCreate(ixn, nil)
   105  			require.Nil(err)
   106  			require.NotEmpty(id)
   107  		}
   108  	}
   109  
   110  	// Match it
   111  	result, _, err := connect.IntentionMatch(&IntentionMatch{
   112  		By:    IntentionMatchDestination,
   113  		Names: []string{"foo/bar"},
   114  	}, nil)
   115  	require.Nil(err)
   116  	require.Len(result, 1)
   117  
   118  	var actual [][]string
   119  	expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
   120  	for _, ixn := range result["foo/bar"] {
   121  		actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
   122  	}
   123  
   124  	require.Equal(expected, actual)
   125  }
   126  
   127  func TestAPI_ConnectIntentionCheck(t *testing.T) {
   128  	t.Parallel()
   129  
   130  	require := require.New(t)
   131  	c, s := makeClient(t)
   132  	defer s.Stop()
   133  
   134  	connect := c.Connect()
   135  
   136  	// Create
   137  	{
   138  		insert := [][]string{
   139  			{"foo", "*", "foo", "bar"},
   140  		}
   141  
   142  		for _, v := range insert {
   143  			ixn := testIntention()
   144  			ixn.SourceNS = v[0]
   145  			ixn.SourceName = v[1]
   146  			ixn.DestinationNS = v[2]
   147  			ixn.DestinationName = v[3]
   148  			ixn.Action = IntentionActionDeny
   149  			id, _, err := connect.IntentionCreate(ixn, nil)
   150  			require.Nil(err)
   151  			require.NotEmpty(id)
   152  		}
   153  	}
   154  
   155  	// Match it
   156  	{
   157  		result, _, err := connect.IntentionCheck(&IntentionCheck{
   158  			Source:      "foo/qux",
   159  			Destination: "foo/bar",
   160  		}, nil)
   161  		require.Nil(err)
   162  		require.False(result)
   163  	}
   164  
   165  	// Match it (non-matching)
   166  	{
   167  		result, _, err := connect.IntentionCheck(&IntentionCheck{
   168  			Source:      "bar/qux",
   169  			Destination: "foo/bar",
   170  		}, nil)
   171  		require.Nil(err)
   172  		require.True(result)
   173  	}
   174  }
   175  
   176  func testIntention() *Intention {
   177  	return &Intention{
   178  		SourceNS:        "eng",
   179  		SourceName:      "api",
   180  		DestinationNS:   "eng",
   181  		DestinationName: "db",
   182  		Precedence:      9,
   183  		Action:          IntentionActionAllow,
   184  		SourceType:      IntentionSourceConsul,
   185  		Meta:            map[string]string{},
   186  	}
   187  }