github.com/smithx10/nomad@v0.9.1-rc1/client/acl_test.go (about) 1 package client 2 3 import ( 4 "testing" 5 6 "github.com/hashicorp/nomad/acl" 7 "github.com/hashicorp/nomad/client/config" 8 "github.com/hashicorp/nomad/helper/uuid" 9 "github.com/hashicorp/nomad/nomad/mock" 10 "github.com/hashicorp/nomad/nomad/structs" 11 "github.com/hashicorp/nomad/testutil" 12 "github.com/stretchr/testify/assert" 13 ) 14 15 func TestClient_ACL_resolveTokenValue(t *testing.T) { 16 s1, _, _ := testACLServer(t, nil) 17 defer s1.Shutdown() 18 testutil.WaitForLeader(t, s1.RPC) 19 20 c1, cleanup := TestClient(t, func(c *config.Config) { 21 c.RPCHandler = s1 22 c.ACLEnabled = true 23 }) 24 defer cleanup() 25 26 // Create a policy / token 27 policy := mock.ACLPolicy() 28 policy2 := mock.ACLPolicy() 29 token := mock.ACLToken() 30 token.Policies = []string{policy.Name, policy2.Name} 31 token2 := mock.ACLToken() 32 token2.Type = structs.ACLManagementToken 33 token2.Policies = nil 34 err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2}) 35 assert.Nil(t, err) 36 err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2}) 37 assert.Nil(t, err) 38 39 // Test the client resolution 40 out0, err := c1.resolveTokenValue("") 41 assert.Nil(t, err) 42 assert.NotNil(t, out0) 43 assert.Equal(t, structs.AnonymousACLToken, out0) 44 45 // Test the client resolution 46 out1, err := c1.resolveTokenValue(token.SecretID) 47 assert.Nil(t, err) 48 assert.NotNil(t, out1) 49 assert.Equal(t, token, out1) 50 51 out2, err := c1.resolveTokenValue(token2.SecretID) 52 assert.Nil(t, err) 53 assert.NotNil(t, out2) 54 assert.Equal(t, token2, out2) 55 56 out3, err := c1.resolveTokenValue(token.SecretID) 57 assert.Nil(t, err) 58 assert.NotNil(t, out3) 59 if out1 != out3 { 60 t.Fatalf("bad caching") 61 } 62 } 63 64 func TestClient_ACL_resolvePolicies(t *testing.T) { 65 s1, _, root := testACLServer(t, nil) 66 defer s1.Shutdown() 67 testutil.WaitForLeader(t, s1.RPC) 68 69 c1, cleanup := TestClient(t, func(c *config.Config) { 70 c.RPCHandler = s1 71 c.ACLEnabled = true 72 }) 73 defer cleanup() 74 75 // Create a policy / token 76 policy := mock.ACLPolicy() 77 policy2 := mock.ACLPolicy() 78 token := mock.ACLToken() 79 token.Policies = []string{policy.Name, policy2.Name} 80 token2 := mock.ACLToken() 81 token2.Type = structs.ACLManagementToken 82 token2.Policies = nil 83 err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2}) 84 assert.Nil(t, err) 85 err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2}) 86 assert.Nil(t, err) 87 88 // Test the client resolution 89 out, err := c1.resolvePolicies(root.SecretID, []string{policy.Name, policy2.Name}) 90 assert.Nil(t, err) 91 assert.Equal(t, 2, len(out)) 92 93 // Test caching 94 out2, err := c1.resolvePolicies(root.SecretID, []string{policy.Name, policy2.Name}) 95 assert.Nil(t, err) 96 assert.Equal(t, 2, len(out2)) 97 98 // Check we get the same objects back (ignore ordering) 99 if out[0] != out2[0] && out[0] != out2[1] { 100 t.Fatalf("bad caching") 101 } 102 } 103 104 func TestClient_ACL_ResolveToken_Disabled(t *testing.T) { 105 s1, _ := testServer(t, nil) 106 defer s1.Shutdown() 107 testutil.WaitForLeader(t, s1.RPC) 108 109 c1, cleanup := TestClient(t, func(c *config.Config) { 110 c.RPCHandler = s1 111 }) 112 defer cleanup() 113 114 // Should always get nil when disabled 115 aclObj, err := c1.ResolveToken("blah") 116 assert.Nil(t, err) 117 assert.Nil(t, aclObj) 118 } 119 120 func TestClient_ACL_ResolveToken(t *testing.T) { 121 s1, _, _ := testACLServer(t, nil) 122 defer s1.Shutdown() 123 testutil.WaitForLeader(t, s1.RPC) 124 125 c1, cleanup := TestClient(t, func(c *config.Config) { 126 c.RPCHandler = s1 127 c.ACLEnabled = true 128 }) 129 defer cleanup() 130 131 // Create a policy / token 132 policy := mock.ACLPolicy() 133 policy2 := mock.ACLPolicy() 134 token := mock.ACLToken() 135 token.Policies = []string{policy.Name, policy2.Name} 136 token2 := mock.ACLToken() 137 token2.Type = structs.ACLManagementToken 138 token2.Policies = nil 139 err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2}) 140 assert.Nil(t, err) 141 err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2}) 142 assert.Nil(t, err) 143 144 // Test the client resolution 145 out, err := c1.ResolveToken(token.SecretID) 146 assert.Nil(t, err) 147 assert.NotNil(t, out) 148 149 // Test caching 150 out2, err := c1.ResolveToken(token.SecretID) 151 assert.Nil(t, err) 152 if out != out2 { 153 t.Fatalf("should be cached") 154 } 155 156 // Test management token 157 out3, err := c1.ResolveToken(token2.SecretID) 158 assert.Nil(t, err) 159 if acl.ManagementACL != out3 { 160 t.Fatalf("should be management") 161 } 162 163 // Test bad token 164 out4, err := c1.ResolveToken(uuid.Generate()) 165 assert.Equal(t, structs.ErrTokenNotFound, err) 166 assert.Nil(t, out4) 167 }