Update 4 non-acl tests that used the legacy ACL.Apply

These tests don't really care about the endpoint, they just need some way to create an ACL token.
3 years ago · 3b9578d7eb
3 changed files with 77 additions and 67 deletions
--- a/agent/event_endpoint_test.go
+++ b/agent/event_endpoint_test.go
@ -9,11 +9,9 @@ import (
 	"testing"
 	"time"

-	"github.com/hashicorp/consul/testrpc"
-
 	"github.com/hashicorp/consul/acl"
-	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
+	"github.com/hashicorp/consul/testrpc"
 )

 func TestEventFire(t *testing.T) {
@ -72,21 +70,7 @@ func TestEventFire_token(t *testing.T) {
 	defer a.Shutdown()
 	testrpc.WaitForLeader(t, a.RPC, "dc1")

-	// Create an ACL token
-	args := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLSet,
-		ACL: structs.ACL{
-			Name:  "User token",
-			Type:  structs.ACLTokenTypeClient,
-			Rules: testEventPolicy,
-		},
-		WriteRequest: structs.WriteRequest{Token: "root"},
-	}
-	var token string
-	if err := a.RPC("ACL.Apply", &args, &token); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	token := createToken(t, a, testEventPolicy)

 	type tcase struct {
 		event   string
--- a/agent/local/state_test.go
+++ b/agent/local/state_test.go
@ -8,6 +8,7 @@ import (
 	"time"

 	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/go-uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

@ -791,23 +792,7 @@ func TestAgentAntiEntropy_Services_ACLDeny(t *testing.T) {
 	defer a.Shutdown()
 	testrpc.WaitForLeader(t, a.RPC, "dc1")

-	// Create the ACL
-	arg := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLSet,
-		ACL: structs.ACL{
-			Name:  "User token",
-			Type:  structs.ACLTokenTypeClient,
-			Rules: testRegisterRules,
-		},
-		WriteRequest: structs.WriteRequest{
-			Token: "root",
-		},
-	}
-	var token string
-	if err := a.RPC("ACL.Apply", &arg, &token); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	token := createToken(t, a, testRegisterRules)

 	// Create service (disallowed)
 	srv1 := &structs.NodeService{
@ -929,6 +914,40 @@ func TestAgentAntiEntropy_Services_ACLDeny(t *testing.T) {
 	}
 }

+type RPC interface {
+	RPC(method string, args interface{}, reply interface{}) error
+}
+
+func createToken(t *testing.T, rpc RPC, policyRules string) string {
+	t.Helper()
+
+	reqPolicy := structs.ACLPolicySetRequest{
+		Datacenter: "dc1",
+		Policy: structs.ACLPolicy{
+			Name:  "the-policy",
+			Rules: policyRules,
+		},
+		WriteRequest: structs.WriteRequest{Token: "root"},
+	}
+	err := rpc.RPC("ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{})
+	require.NoError(t, err)
+
+	token, err := uuid.GenerateUUID()
+	require.NoError(t, err)
+
+	reqToken := structs.ACLTokenSetRequest{
+		Datacenter: "dc1",
+		ACLToken: structs.ACLToken{
+			SecretID: token,
+			Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}},
+		},
+		WriteRequest: structs.WriteRequest{Token: "root"},
+	}
+	err = rpc.RPC("ACL.TokenSet", &reqToken, &structs.ACLToken{})
+	require.NoError(t, err)
+	return token
+}
+
 func TestAgentAntiEntropy_Checks(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
@ -1222,23 +1241,7 @@ func TestAgentAntiEntropy_Checks_ACLDeny(t *testing.T) {

 	testrpc.WaitForLeader(t, a.RPC, dc)

-	// Create the ACL
-	arg := structs.ACLRequest{
-		Datacenter: dc,
-		Op:         structs.ACLSet,
-		ACL: structs.ACL{
-			Name:  "User token",
-			Type:  structs.ACLTokenTypeClient,
-			Rules: testRegisterRules,
-		},
-		WriteRequest: structs.WriteRequest{
-			Token: "root",
-		},
-	}
-	var token string
-	if err := a.RPC("ACL.Apply", &arg, &token); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	token := createToken(t, a, testRegisterRules)

 	// Create services using the root token
 	srv1 := &structs.NodeService{
--- a/agent/user_event_test.go
+++ b/agent/user_event_test.go
@ -4,6 +4,9 @@ import (
 	"strings"
 	"testing"

+	"github.com/hashicorp/go-uuid"
+	"github.com/stretchr/testify/require"
+
 	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/sdk/testutil/retry"
@ -205,21 +208,7 @@ func TestUserEventToken(t *testing.T) {
 	`)
 	defer a.Shutdown()

-	// Create an ACL token
-	args := structs.ACLRequest{
-		Datacenter: "dc1",
-		Op:         structs.ACLSet,
-		ACL: structs.ACL{
-			Name:  "User token",
-			Type:  structs.ACLTokenTypeClient,
-			Rules: testEventPolicy,
-		},
-		WriteRequest: structs.WriteRequest{Token: "root"},
-	}
-	var token string
-	if err := a.RPC("ACL.Apply", &args, &token); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	token := createToken(t, a, testEventPolicy)

 	type tcase struct {
 		name   string
@ -241,6 +230,40 @@ func TestUserEventToken(t *testing.T) {
 	}
 }

+type RPC interface {
+	RPC(method string, args interface{}, reply interface{}) error
+}
+
+func createToken(t *testing.T, rpc RPC, policyRules string) string {
+	t.Helper()
+
+	reqPolicy := structs.ACLPolicySetRequest{
+		Datacenter: "dc1",
+		Policy: structs.ACLPolicy{
+			Name:  "the-policy",
+			Rules: policyRules,
+		},
+		WriteRequest: structs.WriteRequest{Token: "root"},
+	}
+	err := rpc.RPC("ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{})
+	require.NoError(t, err)
+
+	token, err := uuid.GenerateUUID()
+	require.NoError(t, err)
+
+	reqToken := structs.ACLTokenSetRequest{
+		Datacenter: "dc1",
+		ACLToken: structs.ACLToken{
+			SecretID: token,
+			Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}},
+		},
+		WriteRequest: structs.WriteRequest{Token: "root"},
+	}
+	err = rpc.RPC("ACL.TokenSet", &reqToken, &structs.ACLToken{})
+	require.NoError(t, err)
+	return token
+}
+
 const testEventPolicy = `
 event "foo" {
 	policy = "deny"