github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

agent/consul: convert intention ACLs to testify/assert

Browse Source
pull/4275/head
Mitchell Hashimoto 7 years ago
parent 9dc8aa0fb3
commit a621afe72c
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
3 changed files with 77 additions and 162 deletions
Show Stats Download Patch File Download Diff File

17
acl/policy_test.go
Unescape View File

@ -4,6 +4,8 @@ import (
"reflect" "reflect"
"strings" "strings"
"testing" "testing"
"github.com/stretchr/testify/assert"
) )
func TestParse_table(t *testing.T) { func TestParse_table(t *testing.T) {
@ -69,21 +71,14 @@ service "foo" {
for _, tc := range cases { for _, tc := range cases {
t.Run(tc.Name, func(t *testing.T) { t.Run(tc.Name, func(t *testing.T) {
assert := assert.New(t)
actual, err := Parse(tc.Input, nil) actual, err := Parse(tc.Input, nil)
if (err != nil) != (tc.Err != "") { assert.Equal(tc.Err != "", err != nil, err)
t.Fatalf("err: %s", err)
}
if err != nil { if err != nil {
if !strings.Contains(err.Error(), tc.Err) { assert.Contains(err.Error(), tc.Err)
t.Fatalf("err: %s", err)
}
return return
} }
assert.Equal(tc.Expected, actual)
if !reflect.DeepEqual(actual, tc.Expected) {
t.Fatalf("bad: %#v", actual)
}
}) })
} }
} }

23
agent/consul/acl_test.go
Unescape View File

@ -11,6 +11,7 @@ import (
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testrpc"
"github.com/hashicorp/consul/testutil/retry" "github.com/hashicorp/consul/testutil/retry"
"github.com/stretchr/testify/assert"
) )
var testACLPolicy = ` var testACLPolicy = `
@ -849,6 +850,8 @@ node "node1" {
func TestACL_filterIntentions(t *testing.T) { func TestACL_filterIntentions(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
fill := func() structs.Intentions { fill := func() structs.Intentions {
return structs.Intentions{ return structs.Intentions{
&structs.Intention{ &structs.Intention{
@ -867,9 +870,7 @@ func TestACL_filterIntentions(t *testing.T) {
ixns := fill() ixns := fill()
filt := newACLFilter(acl.AllowAll(), nil, false) filt := newACLFilter(acl.AllowAll(), nil, false)
filt.filterIntentions(&ixns) filt.filterIntentions(&ixns)
if len(ixns) != 2 { assert.Len(ixns, 2)
t.Fatalf("bad: %#v", ixns)
}
} }
// Try restrictive filtering. // Try restrictive filtering.
@ -877,9 +878,7 @@ func TestACL_filterIntentions(t *testing.T) {
ixns := fill() ixns := fill()
filt := newACLFilter(acl.DenyAll(), nil, false) filt := newACLFilter(acl.DenyAll(), nil, false)
filt.filterIntentions(&ixns) filt.filterIntentions(&ixns)
if len(ixns) != 0 { assert.Len(ixns, 0)
t.Fatalf("bad: %#v", ixns)
}
} }
// Policy to see one // Policy to see one
@ -888,22 +887,16 @@ service "foo" {
policy = "read" policy = "read"
} }
`, nil) `, nil)
if err != nil { assert.Nil(err)
t.Fatalf("err %v", err)
}
perms, err := acl.New(acl.DenyAll(), policy, nil) perms, err := acl.New(acl.DenyAll(), policy, nil)
if err != nil { assert.Nil(err)
t.Fatalf("err: %v", err)
}
// Filter // Filter
{ {
ixns := fill() ixns := fill()
filt := newACLFilter(perms, nil, false) filt := newACLFilter(perms, nil, false)
filt.filterIntentions(&ixns) filt.filterIntentions(&ixns)
if len(ixns) != 1 { assert.Len(ixns, 1)
t.Fatalf("bad: %#v", ixns)
}
} }
} }

199
agent/consul/intention_endpoint_test.go
Unescape View File

@ -307,6 +307,8 @@ func TestIntentionApply_deleteGood(t *testing.T) {
// Test apply with a deny ACL // Test apply with a deny ACL
func TestIntentionApply_aclDeny(t *testing.T) { func TestIntentionApply_aclDeny(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -338,9 +340,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Setup a basic record to create // Setup a basic record to create
@ -354,47 +354,38 @@ service "foo" {
// Create without a token should error since default deny // Create without a token should error since default deny
var reply string var reply string
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("bad: %v", err)
}
// Now add the token and try again. // Now add the token and try again.
ixn.WriteRequest.Token = token ixn.WriteRequest.Token = token
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
// Read // Read
ixn.Intention.ID = reply ixn.Intention.ID = reply
{ {
req := &structs.IntentionQueryRequest{ req := &structs.IntentionQueryRequest{
Datacenter: "dc1", Datacenter: "dc1",
IntentionID: ixn.Intention.ID, IntentionID: ixn.Intention.ID,
QueryOptions: structs.QueryOptions{Token: "root"},
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Intentions, 1)
}
if len(resp.Intentions) != 1 {
t.Fatalf("bad: %v", resp)
}
actual := resp.Intentions[0] actual := resp.Intentions[0]
if resp.Index != actual.ModifyIndex { assert.Equal(resp.Index, actual.ModifyIndex)
t.Fatalf("bad index: %d", resp.Index)
}
actual.CreateIndex, actual.ModifyIndex = 0, 0 actual.CreateIndex, actual.ModifyIndex = 0, 0
actual.CreatedAt = ixn.Intention.CreatedAt actual.CreatedAt = ixn.Intention.CreatedAt
actual.UpdatedAt = ixn.Intention.UpdatedAt actual.UpdatedAt = ixn.Intention.UpdatedAt
if !reflect.DeepEqual(actual, ixn.Intention) { assert.Equal(ixn.Intention, actual)
t.Fatalf("bad:\n\n%#v\n\n%#v", actual, ixn.Intention)
}
} }
} }
// Test apply with delete and a default deny ACL // Test apply with delete and a default deny ACL
func TestIntentionApply_aclDelete(t *testing.T) { func TestIntentionApply_aclDelete(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -426,9 +417,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Setup a basic record to create // Setup a basic record to create
@ -442,24 +431,18 @@ service "foo" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("bad: %v", err)
}
// Try to do a delete with no token; this should get rejected. // Try to do a delete with no token; this should get rejected.
ixn.Op = structs.IntentionOpDelete ixn.Op = structs.IntentionOpDelete
ixn.Intention.ID = reply ixn.Intention.ID = reply
ixn.WriteRequest.Token = "" ixn.WriteRequest.Token = ""
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("bad: %v", err)
}
// Try again with the original token. This should go through. // Try again with the original token. This should go through.
ixn.WriteRequest.Token = token ixn.WriteRequest.Token = token
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
// Verify it is gone // Verify it is gone
{ {
@ -469,15 +452,16 @@ service "foo" {
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp) err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
if err == nil || err.Error() != ErrIntentionNotFound.Error() { assert.NotNil(err)
t.Fatalf("err: %v", err) assert.Contains(err.Error(), ErrIntentionNotFound.Error())
}
} }
} }
// Test apply with update and a default deny ACL // Test apply with update and a default deny ACL
func TestIntentionApply_aclUpdate(t *testing.T) { func TestIntentionApply_aclUpdate(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -509,9 +493,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Setup a basic record to create // Setup a basic record to create
@ -525,29 +507,25 @@ service "foo" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("bad: %v", err)
}
// Try to do an update without a token; this should get rejected. // Try to do an update without a token; this should get rejected.
ixn.Op = structs.IntentionOpUpdate ixn.Op = structs.IntentionOpUpdate
ixn.Intention.ID = reply ixn.Intention.ID = reply
ixn.WriteRequest.Token = "" ixn.WriteRequest.Token = ""
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("bad: %v", err)
}
// Try again with the original token; this should go through. // Try again with the original token; this should go through.
ixn.WriteRequest.Token = token ixn.WriteRequest.Token = token
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
} }
// Test apply with a management token // Test apply with a management token
func TestIntentionApply_aclManagement(t *testing.T) { func TestIntentionApply_aclManagement(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -571,27 +549,23 @@ func TestIntentionApply_aclManagement(t *testing.T) {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("bad: %v", err)
}
ixn.Intention.ID = reply ixn.Intention.ID = reply
// Update // Update
ixn.Op = structs.IntentionOpUpdate ixn.Op = structs.IntentionOpUpdate
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
// Delete // Delete
ixn.Op = structs.IntentionOpDelete ixn.Op = structs.IntentionOpDelete
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
} }
// Test update changing the name where an ACL won't allow it // Test update changing the name where an ACL won't allow it
func TestIntentionApply_aclUpdateChange(t *testing.T) { func TestIntentionApply_aclUpdateChange(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -623,9 +597,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Setup a basic record to create // Setup a basic record to create
@ -639,9 +611,7 @@ service "foo" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("bad: %v", err)
}
// Try to do an update without a token; this should get rejected. // Try to do an update without a token; this should get rejected.
ixn.Op = structs.IntentionOpUpdate ixn.Op = structs.IntentionOpUpdate
@ -649,14 +619,14 @@ service "foo" {
ixn.Intention.DestinationName = "foo" ixn.Intention.DestinationName = "foo"
ixn.WriteRequest.Token = token ixn.WriteRequest.Token = token
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("bad: %v", err)
}
} }
// Test reading with ACLs // Test reading with ACLs
func TestIntentionGet_acl(t *testing.T) { func TestIntentionGet_acl(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -688,9 +658,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Setup a basic record to create // Setup a basic record to create
@ -704,9 +672,7 @@ service "foo" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
ixn.Intention.ID = reply ixn.Intention.ID = reply
// Read without token should be error // Read without token should be error
@ -718,12 +684,8 @@ service "foo" {
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp) err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("bad: %v", err) assert.Len(resp.Intentions, 0)
}
if len(resp.Intentions) != 0 {
t.Fatalf("bad: %v", resp)
}
} }
// Read with token should work // Read with token should work
@ -735,12 +697,8 @@ service "foo" {
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Intentions, 1)
}
if len(resp.Intentions) != 1 {
t.Fatalf("bad: %v", resp)
}
} }
} }
@ -771,6 +729,8 @@ func TestIntentionList(t *testing.T) {
// Test listing with ACLs // Test listing with ACLs
func TestIntentionList_acl(t *testing.T) { func TestIntentionList_acl(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -802,9 +762,7 @@ service "foo" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Create a few records // Create a few records
@ -819,9 +777,7 @@ service "foo" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
} }
// Test with no token // Test with no token
@ -830,13 +786,8 @@ service "foo" {
Datacenter: "dc1", Datacenter: "dc1",
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Intentions, 0)
}
if len(resp.Intentions) != 0 {
t.Fatalf("bad: %v", resp)
}
} }
// Test with management token // Test with management token
@ -846,13 +797,8 @@ service "foo" {
QueryOptions: structs.QueryOptions{Token: "root"}, QueryOptions: structs.QueryOptions{Token: "root"},
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Intentions, 3)
}
if len(resp.Intentions) != 3 {
t.Fatalf("bad: %v", resp)
}
} }
// Test with user token // Test with user token
@ -862,13 +808,8 @@ service "foo" {
QueryOptions: structs.QueryOptions{Token: token}, QueryOptions: structs.QueryOptions{Token: token},
} }
var resp structs.IndexedIntentions var resp structs.IndexedIntentions
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Intentions, 1)
}
if len(resp.Intentions) != 1 {
t.Fatalf("bad: %v", resp)
}
} }
} }
@ -944,6 +885,8 @@ func TestIntentionMatch_good(t *testing.T) {
// Test matching with ACLs // Test matching with ACLs
func TestIntentionMatch_acl(t *testing.T) { func TestIntentionMatch_acl(t *testing.T) {
t.Parallel() t.Parallel()
assert := assert.New(t)
dir1, s1 := testServerWithConfig(t, func(c *Config) { dir1, s1 := testServerWithConfig(t, func(c *Config) {
c.ACLDatacenter = "dc1" c.ACLDatacenter = "dc1"
c.ACLMasterToken = "root" c.ACLMasterToken = "root"
@ -975,9 +918,7 @@ service "bar" {
}, },
WriteRequest: structs.WriteRequest{Token: "root"}, WriteRequest: structs.WriteRequest{Token: "root"},
} }
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
t.Fatalf("err: %v", err)
}
} }
// Create some records // Create some records
@ -1003,9 +944,7 @@ service "bar" {
// Create // Create
var reply string var reply string
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
t.Fatalf("err: %v", err)
}
} }
} }
@ -1025,13 +964,8 @@ service "bar" {
} }
var resp structs.IndexedIntentionMatches var resp structs.IndexedIntentionMatches
err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp) err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp)
if !acl.IsErrPermissionDenied(err) { assert.True(acl.IsErrPermissionDenied(err))
t.Fatalf("err: %v", err) assert.Len(resp.Matches, 0)
}
if len(resp.Matches) != 0 {
t.Fatalf("bad: %#v", resp.Matches)
}
} }
// Test with proper token // Test with proper token
@ -1050,13 +984,8 @@ service "bar" {
QueryOptions: structs.QueryOptions{Token: token}, QueryOptions: structs.QueryOptions{Token: token},
} }
var resp structs.IndexedIntentionMatches var resp structs.IndexedIntentionMatches
if err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp); err != nil { assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp))
t.Fatalf("err: %v", err) assert.Len(resp.Matches, 1)
}
if len(resp.Matches) != 1 {
t.Fatalf("bad: %#v", resp.Matches)
}
expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}} expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
var actual [][]string var actual [][]string
@ -1064,8 +993,6 @@ service "bar" {
actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName}) actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
} }
if !reflect.DeepEqual(actual, expected) { assert.Equal(expected, actual)
t.Fatalf("bad (got, wanted):\n\n%#v\n\n%#v", actual, expected)
}
} }
} }

Write Preview
Loading…
Cancel
Save