agent/consul: convert intention ACLs to testify/assert

7 years ago · a621afe72c
parent 9dc8aa0fb3
commit a621afe72c
3 changed files with 77 additions and 162 deletions
--- a/acl/policy_test.go
+++ b/acl/policy_test.go
@ -4,6 +4,8 @@ import (
 	"reflect"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )

 func TestParse_table(t *testing.T) {
@ -69,21 +71,14 @@ service "foo" {

 	for _, tc := range cases {
 		t.Run(tc.Name, func(t *testing.T) {
+			assert := assert.New(t)
 			actual, err := Parse(tc.Input, nil)
-			if (err != nil) != (tc.Err != "") {
-				t.Fatalf("err: %s", err)
-			}
+			assert.Equal(tc.Err != "", err != nil, err)
 			if err != nil {
-				if !strings.Contains(err.Error(), tc.Err) {
-					t.Fatalf("err: %s", err)
-				}
-
+				assert.Contains(err.Error(), tc.Err)
 				return
 			}
-
-			if !reflect.DeepEqual(actual, tc.Expected) {
-				t.Fatalf("bad: %#v", actual)
-			}
+			assert.Equal(tc.Expected, actual)
 		})
 	}
 }
--- a/agent/consul/acl_test.go
+++ b/agent/consul/acl_test.go
@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/consul/agent/structs"
 	"github.com/hashicorp/consul/testrpc"
 	"github.com/hashicorp/consul/testutil/retry"
+	"github.com/stretchr/testify/assert"
 )

 var testACLPolicy = `
@ -849,6 +850,8 @@ node "node1" {

 func TestACL_filterIntentions(t *testing.T) {
 	t.Parallel()
+	assert := assert.New(t)
+
 	fill := func() structs.Intentions {
 		return structs.Intentions{
 			&structs.Intention{
@ -867,9 +870,7 @@ func TestACL_filterIntentions(t *testing.T) {
 		ixns := fill()
 		filt := newACLFilter(acl.AllowAll(), nil, false)
 		filt.filterIntentions(&ixns)
-		if len(ixns) != 2 {
-			t.Fatalf("bad: %#v", ixns)
-		}
+		assert.Len(ixns, 2)
 	}

 	// Try restrictive filtering.
@ -877,9 +878,7 @@ func TestACL_filterIntentions(t *testing.T) {
 		ixns := fill()
 		filt := newACLFilter(acl.DenyAll(), nil, false)
 		filt.filterIntentions(&ixns)
-		if len(ixns) != 0 {
-			t.Fatalf("bad: %#v", ixns)
-		}
+		assert.Len(ixns, 0)
 	}

 	// Policy to see one
@ -888,22 +887,16 @@ service "foo" {
  policy = "read"
 }
 `, nil)
-	if err != nil {
-		t.Fatalf("err %v", err)
-	}
+	assert.Nil(err)
 	perms, err := acl.New(acl.DenyAll(), policy, nil)
-	if err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(err)

 	// Filter
 	{
 		ixns := fill()
 		filt := newACLFilter(perms, nil, false)
 		filt.filterIntentions(&ixns)
-		if len(ixns) != 1 {
-			t.Fatalf("bad: %#v", ixns)
-		}
+		assert.Len(ixns, 1)
 	}
 }

--- a/agent/consul/intention_endpoint_test.go
+++ b/agent/consul/intention_endpoint_test.go
@ -307,6 +307,8 @@ func TestIntentionApply_deleteGood(t *testing.T) {
 // Test apply with a deny ACL
 func TestIntentionApply_aclDeny(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -338,9 +340,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Setup a basic record to create
@ -354,47 +354,38 @@ service "foo" {
 	// Create without a token should error since default deny
 	var reply string
 	err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
-	if !acl.IsErrPermissionDenied(err) {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.True(acl.IsErrPermissionDenied(err))

 	// Now add the token and try again.
 	ixn.WriteRequest.Token = token
-	if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Read
 	ixn.Intention.ID = reply
 	{
 		req := &structs.IntentionQueryRequest{
-			Datacenter:  "dc1",
-			IntentionID: ixn.Intention.ID,
+			Datacenter:   "dc1",
+			IntentionID:  ixn.Intention.ID,
+			QueryOptions: structs.QueryOptions{Token: "root"},
 		}
 		var resp structs.IndexedIntentions
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-		if len(resp.Intentions) != 1 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
+		assert.Len(resp.Intentions, 1)
 		actual := resp.Intentions[0]
-		if resp.Index != actual.ModifyIndex {
-			t.Fatalf("bad index: %d", resp.Index)
-		}
+		assert.Equal(resp.Index, actual.ModifyIndex)

 		actual.CreateIndex, actual.ModifyIndex = 0, 0
 		actual.CreatedAt = ixn.Intention.CreatedAt
 		actual.UpdatedAt = ixn.Intention.UpdatedAt
-		if !reflect.DeepEqual(actual, ixn.Intention) {
-			t.Fatalf("bad:\n\n%#v\n\n%#v", actual, ixn.Intention)
-		}
+		assert.Equal(ixn.Intention, actual)
 	}
 }

 // Test apply with delete and a default deny ACL
 func TestIntentionApply_aclDelete(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -426,9 +417,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Setup a basic record to create
@ -442,24 +431,18 @@ service "foo" {

 	// Create
 	var reply string
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Try to do a delete with no token; this should get rejected.
 	ixn.Op = structs.IntentionOpDelete
 	ixn.Intention.ID = reply
 	ixn.WriteRequest.Token = ""
 	err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
-	if !acl.IsErrPermissionDenied(err) {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.True(acl.IsErrPermissionDenied(err))

 	// Try again with the original token. This should go through.
 	ixn.WriteRequest.Token = token
-	if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Verify it is gone
 	{
@ -469,15 +452,16 @@ service "foo" {
 		}
 		var resp structs.IndexedIntentions
 		err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
-		if err == nil || err.Error() != ErrIntentionNotFound.Error() {
-			t.Fatalf("err: %v", err)
-		}
+		assert.NotNil(err)
+		assert.Contains(err.Error(), ErrIntentionNotFound.Error())
 	}
 }

 // Test apply with update and a default deny ACL
 func TestIntentionApply_aclUpdate(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -509,9 +493,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Setup a basic record to create
@ -525,29 +507,25 @@ service "foo" {

 	// Create
 	var reply string
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Try to do an update without a token; this should get rejected.
 	ixn.Op = structs.IntentionOpUpdate
 	ixn.Intention.ID = reply
 	ixn.WriteRequest.Token = ""
 	err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
-	if !acl.IsErrPermissionDenied(err) {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.True(acl.IsErrPermissionDenied(err))

 	// Try again with the original token; this should go through.
 	ixn.WriteRequest.Token = token
-	if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 }

 // Test apply with a management token
 func TestIntentionApply_aclManagement(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -571,27 +549,23 @@ func TestIntentionApply_aclManagement(t *testing.T) {

 	// Create
 	var reply string
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 	ixn.Intention.ID = reply

 	// Update
 	ixn.Op = structs.IntentionOpUpdate
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Delete
 	ixn.Op = structs.IntentionOpDelete
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 }

 // Test update changing the name where an ACL won't allow it
 func TestIntentionApply_aclUpdateChange(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -623,9 +597,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Setup a basic record to create
@ -639,9 +611,7 @@ service "foo" {

 	// Create
 	var reply string
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))

 	// Try to do an update without a token; this should get rejected.
 	ixn.Op = structs.IntentionOpUpdate
@ -649,14 +619,14 @@ service "foo" {
 	ixn.Intention.DestinationName = "foo"
 	ixn.WriteRequest.Token = token
 	err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
-	if !acl.IsErrPermissionDenied(err) {
-		t.Fatalf("bad: %v", err)
-	}
+	assert.True(acl.IsErrPermissionDenied(err))
 }

 // Test reading with ACLs
 func TestIntentionGet_acl(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -688,9 +658,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Setup a basic record to create
@ -704,9 +672,7 @@ service "foo" {

 	// Create
 	var reply string
-	if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-		t.Fatalf("err: %v", err)
-	}
+	assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 	ixn.Intention.ID = reply

 	// Read without token should be error
@ -718,12 +684,8 @@ service "foo" {

 		var resp structs.IndexedIntentions
 		err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
-		if !acl.IsErrPermissionDenied(err) {
-			t.Fatalf("bad: %v", err)
-		}
-		if len(resp.Intentions) != 0 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.True(acl.IsErrPermissionDenied(err))
+		assert.Len(resp.Intentions, 0)
 	}

 	// Read with token should work
@ -735,12 +697,8 @@ service "foo" {
 		}

 		var resp structs.IndexedIntentions
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-		if len(resp.Intentions) != 1 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
+		assert.Len(resp.Intentions, 1)
 	}
 }

@ -771,6 +729,8 @@ func TestIntentionList(t *testing.T) {
 // Test listing with ACLs
 func TestIntentionList_acl(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -802,9 +762,7 @@ service "foo" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Create a few records
@ -819,9 +777,7 @@ service "foo" {

 		// Create
 		var reply string
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 	}

 	// Test with no token
@ -830,13 +786,8 @@ service "foo" {
 			Datacenter: "dc1",
 		}
 		var resp structs.IndexedIntentions
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-
-		if len(resp.Intentions) != 0 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
+		assert.Len(resp.Intentions, 0)
 	}

 	// Test with management token
@ -846,13 +797,8 @@ service "foo" {
 			QueryOptions: structs.QueryOptions{Token: "root"},
 		}
 		var resp structs.IndexedIntentions
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-
-		if len(resp.Intentions) != 3 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
+		assert.Len(resp.Intentions, 3)
 	}

 	// Test with user token
@ -862,13 +808,8 @@ service "foo" {
 			QueryOptions: structs.QueryOptions{Token: token},
 		}
 		var resp structs.IndexedIntentions
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-
-		if len(resp.Intentions) != 1 {
-			t.Fatalf("bad: %v", resp)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
+		assert.Len(resp.Intentions, 1)
 	}
 }

@ -944,6 +885,8 @@ func TestIntentionMatch_good(t *testing.T) {
 // Test matching with ACLs
 func TestIntentionMatch_acl(t *testing.T) {
 	t.Parallel()
+
+	assert := assert.New(t)
 	dir1, s1 := testServerWithConfig(t, func(c *Config) {
 		c.ACLDatacenter = "dc1"
 		c.ACLMasterToken = "root"
@ -975,9 +918,7 @@ service "bar" {
 			},
 			WriteRequest: structs.WriteRequest{Token: "root"},
 		}
-		if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
-			t.Fatalf("err: %v", err)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
 	}

 	// Create some records
@ -1003,9 +944,7 @@ service "bar" {

 			// Create
 			var reply string
-			if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
-				t.Fatalf("err: %v", err)
-			}
+			assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 		}
 	}

@ -1025,13 +964,8 @@ service "bar" {
 		}
 		var resp structs.IndexedIntentionMatches
 		err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp)
-		if !acl.IsErrPermissionDenied(err) {
-			t.Fatalf("err: %v", err)
-		}
-
-		if len(resp.Matches) != 0 {
-			t.Fatalf("bad: %#v", resp.Matches)
-		}
+		assert.True(acl.IsErrPermissionDenied(err))
+		assert.Len(resp.Matches, 0)
 	}

 	// Test with proper token
@ -1050,13 +984,8 @@ service "bar" {
 			QueryOptions: structs.QueryOptions{Token: token},
 		}
 		var resp structs.IndexedIntentionMatches
-		if err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp); err != nil {
-			t.Fatalf("err: %v", err)
-		}
-
-		if len(resp.Matches) != 1 {
-			t.Fatalf("bad: %#v", resp.Matches)
-		}
+		assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp))
+		assert.Len(resp.Matches, 1)

 		expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
 		var actual [][]string
@ -1064,8 +993,6 @@ service "bar" {
 			actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
 		}

-		if !reflect.DeepEqual(actual, expected) {
-			t.Fatalf("bad (got, wanted):\n\n%#v\n\n%#v", actual, expected)
-		}
+		assert.Equal(expected, actual)
 	}
 }