github.com/smithx10/nomad@v0.9.1-rc1/client/acl_test.go (about)

     1  package client
     2  
     3  import (
     4  	"testing"
     5  
     6  	"github.com/hashicorp/nomad/acl"
     7  	"github.com/hashicorp/nomad/client/config"
     8  	"github.com/hashicorp/nomad/helper/uuid"
     9  	"github.com/hashicorp/nomad/nomad/mock"
    10  	"github.com/hashicorp/nomad/nomad/structs"
    11  	"github.com/hashicorp/nomad/testutil"
    12  	"github.com/stretchr/testify/assert"
    13  )
    14  
    15  func TestClient_ACL_resolveTokenValue(t *testing.T) {
    16  	s1, _, _ := testACLServer(t, nil)
    17  	defer s1.Shutdown()
    18  	testutil.WaitForLeader(t, s1.RPC)
    19  
    20  	c1, cleanup := TestClient(t, func(c *config.Config) {
    21  		c.RPCHandler = s1
    22  		c.ACLEnabled = true
    23  	})
    24  	defer cleanup()
    25  
    26  	// Create a policy / token
    27  	policy := mock.ACLPolicy()
    28  	policy2 := mock.ACLPolicy()
    29  	token := mock.ACLToken()
    30  	token.Policies = []string{policy.Name, policy2.Name}
    31  	token2 := mock.ACLToken()
    32  	token2.Type = structs.ACLManagementToken
    33  	token2.Policies = nil
    34  	err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2})
    35  	assert.Nil(t, err)
    36  	err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2})
    37  	assert.Nil(t, err)
    38  
    39  	// Test the client resolution
    40  	out0, err := c1.resolveTokenValue("")
    41  	assert.Nil(t, err)
    42  	assert.NotNil(t, out0)
    43  	assert.Equal(t, structs.AnonymousACLToken, out0)
    44  
    45  	// Test the client resolution
    46  	out1, err := c1.resolveTokenValue(token.SecretID)
    47  	assert.Nil(t, err)
    48  	assert.NotNil(t, out1)
    49  	assert.Equal(t, token, out1)
    50  
    51  	out2, err := c1.resolveTokenValue(token2.SecretID)
    52  	assert.Nil(t, err)
    53  	assert.NotNil(t, out2)
    54  	assert.Equal(t, token2, out2)
    55  
    56  	out3, err := c1.resolveTokenValue(token.SecretID)
    57  	assert.Nil(t, err)
    58  	assert.NotNil(t, out3)
    59  	if out1 != out3 {
    60  		t.Fatalf("bad caching")
    61  	}
    62  }
    63  
    64  func TestClient_ACL_resolvePolicies(t *testing.T) {
    65  	s1, _, root := testACLServer(t, nil)
    66  	defer s1.Shutdown()
    67  	testutil.WaitForLeader(t, s1.RPC)
    68  
    69  	c1, cleanup := TestClient(t, func(c *config.Config) {
    70  		c.RPCHandler = s1
    71  		c.ACLEnabled = true
    72  	})
    73  	defer cleanup()
    74  
    75  	// Create a policy / token
    76  	policy := mock.ACLPolicy()
    77  	policy2 := mock.ACLPolicy()
    78  	token := mock.ACLToken()
    79  	token.Policies = []string{policy.Name, policy2.Name}
    80  	token2 := mock.ACLToken()
    81  	token2.Type = structs.ACLManagementToken
    82  	token2.Policies = nil
    83  	err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2})
    84  	assert.Nil(t, err)
    85  	err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2})
    86  	assert.Nil(t, err)
    87  
    88  	// Test the client resolution
    89  	out, err := c1.resolvePolicies(root.SecretID, []string{policy.Name, policy2.Name})
    90  	assert.Nil(t, err)
    91  	assert.Equal(t, 2, len(out))
    92  
    93  	// Test caching
    94  	out2, err := c1.resolvePolicies(root.SecretID, []string{policy.Name, policy2.Name})
    95  	assert.Nil(t, err)
    96  	assert.Equal(t, 2, len(out2))
    97  
    98  	// Check we get the same objects back (ignore ordering)
    99  	if out[0] != out2[0] && out[0] != out2[1] {
   100  		t.Fatalf("bad caching")
   101  	}
   102  }
   103  
   104  func TestClient_ACL_ResolveToken_Disabled(t *testing.T) {
   105  	s1, _ := testServer(t, nil)
   106  	defer s1.Shutdown()
   107  	testutil.WaitForLeader(t, s1.RPC)
   108  
   109  	c1, cleanup := TestClient(t, func(c *config.Config) {
   110  		c.RPCHandler = s1
   111  	})
   112  	defer cleanup()
   113  
   114  	// Should always get nil when disabled
   115  	aclObj, err := c1.ResolveToken("blah")
   116  	assert.Nil(t, err)
   117  	assert.Nil(t, aclObj)
   118  }
   119  
   120  func TestClient_ACL_ResolveToken(t *testing.T) {
   121  	s1, _, _ := testACLServer(t, nil)
   122  	defer s1.Shutdown()
   123  	testutil.WaitForLeader(t, s1.RPC)
   124  
   125  	c1, cleanup := TestClient(t, func(c *config.Config) {
   126  		c.RPCHandler = s1
   127  		c.ACLEnabled = true
   128  	})
   129  	defer cleanup()
   130  
   131  	// Create a policy / token
   132  	policy := mock.ACLPolicy()
   133  	policy2 := mock.ACLPolicy()
   134  	token := mock.ACLToken()
   135  	token.Policies = []string{policy.Name, policy2.Name}
   136  	token2 := mock.ACLToken()
   137  	token2.Type = structs.ACLManagementToken
   138  	token2.Policies = nil
   139  	err := s1.State().UpsertACLPolicies(100, []*structs.ACLPolicy{policy, policy2})
   140  	assert.Nil(t, err)
   141  	err = s1.State().UpsertACLTokens(110, []*structs.ACLToken{token, token2})
   142  	assert.Nil(t, err)
   143  
   144  	// Test the client resolution
   145  	out, err := c1.ResolveToken(token.SecretID)
   146  	assert.Nil(t, err)
   147  	assert.NotNil(t, out)
   148  
   149  	// Test caching
   150  	out2, err := c1.ResolveToken(token.SecretID)
   151  	assert.Nil(t, err)
   152  	if out != out2 {
   153  		t.Fatalf("should be cached")
   154  	}
   155  
   156  	// Test management token
   157  	out3, err := c1.ResolveToken(token2.SecretID)
   158  	assert.Nil(t, err)
   159  	if acl.ManagementACL != out3 {
   160  		t.Fatalf("should be management")
   161  	}
   162  
   163  	// Test bad token
   164  	out4, err := c1.ResolveToken(uuid.Generate())
   165  	assert.Equal(t, structs.ErrTokenNotFound, err)
   166  	assert.Nil(t, out4)
   167  }