|
|
@ -307,6 +307,8 @@ func TestIntentionApply_deleteGood(t *testing.T) {
|
|
|
|
// Test apply with a deny ACL
|
|
|
|
// Test apply with a deny ACL
|
|
|
|
func TestIntentionApply_aclDeny(t *testing.T) {
|
|
|
|
func TestIntentionApply_aclDeny(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -338,9 +340,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Setup a basic record to create
|
|
|
|
// Setup a basic record to create
|
|
|
@ -354,47 +354,38 @@ service "foo" {
|
|
|
|
// Create without a token should error since default deny
|
|
|
|
// Create without a token should error since default deny
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Now add the token and try again.
|
|
|
|
// Now add the token and try again.
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Read
|
|
|
|
// Read
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
{
|
|
|
|
{
|
|
|
|
req := &structs.IntentionQueryRequest{
|
|
|
|
req := &structs.IntentionQueryRequest{
|
|
|
|
Datacenter: "dc1",
|
|
|
|
Datacenter: "dc1",
|
|
|
|
IntentionID: ixn.Intention.ID,
|
|
|
|
IntentionID: ixn.Intention.ID,
|
|
|
|
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 1 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
actual := resp.Intentions[0]
|
|
|
|
actual := resp.Intentions[0]
|
|
|
|
if resp.Index != actual.ModifyIndex {
|
|
|
|
assert.Equal(resp.Index, actual.ModifyIndex)
|
|
|
|
t.Fatalf("bad index: %d", resp.Index)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
actual.CreateIndex, actual.ModifyIndex = 0, 0
|
|
|
|
actual.CreateIndex, actual.ModifyIndex = 0, 0
|
|
|
|
actual.CreatedAt = ixn.Intention.CreatedAt
|
|
|
|
actual.CreatedAt = ixn.Intention.CreatedAt
|
|
|
|
actual.UpdatedAt = ixn.Intention.UpdatedAt
|
|
|
|
actual.UpdatedAt = ixn.Intention.UpdatedAt
|
|
|
|
if !reflect.DeepEqual(actual, ixn.Intention) {
|
|
|
|
assert.Equal(ixn.Intention, actual)
|
|
|
|
t.Fatalf("bad:\n\n%#v\n\n%#v", actual, ixn.Intention)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test apply with delete and a default deny ACL
|
|
|
|
// Test apply with delete and a default deny ACL
|
|
|
|
func TestIntentionApply_aclDelete(t *testing.T) {
|
|
|
|
func TestIntentionApply_aclDelete(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -426,9 +417,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Setup a basic record to create
|
|
|
|
// Setup a basic record to create
|
|
|
@ -442,24 +431,18 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Try to do a delete with no token; this should get rejected.
|
|
|
|
// Try to do a delete with no token; this should get rejected.
|
|
|
|
ixn.Op = structs.IntentionOpDelete
|
|
|
|
ixn.Op = structs.IntentionOpDelete
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.WriteRequest.Token = ""
|
|
|
|
ixn.WriteRequest.Token = ""
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Try again with the original token. This should go through.
|
|
|
|
// Try again with the original token. This should go through.
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Verify it is gone
|
|
|
|
// Verify it is gone
|
|
|
|
{
|
|
|
|
{
|
|
|
@ -469,15 +452,16 @@ service "foo" {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
|
|
|
|
if err == nil || err.Error() != ErrIntentionNotFound.Error() {
|
|
|
|
assert.NotNil(err)
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Contains(err.Error(), ErrIntentionNotFound.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test apply with update and a default deny ACL
|
|
|
|
// Test apply with update and a default deny ACL
|
|
|
|
func TestIntentionApply_aclUpdate(t *testing.T) {
|
|
|
|
func TestIntentionApply_aclUpdate(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -509,9 +493,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Setup a basic record to create
|
|
|
|
// Setup a basic record to create
|
|
|
@ -525,29 +507,25 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Try to do an update without a token; this should get rejected.
|
|
|
|
// Try to do an update without a token; this should get rejected.
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.WriteRequest.Token = ""
|
|
|
|
ixn.WriteRequest.Token = ""
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Try again with the original token; this should go through.
|
|
|
|
// Try again with the original token; this should go through.
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test apply with a management token
|
|
|
|
// Test apply with a management token
|
|
|
|
func TestIntentionApply_aclManagement(t *testing.T) {
|
|
|
|
func TestIntentionApply_aclManagement(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -571,27 +549,23 @@ func TestIntentionApply_aclManagement(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
|
|
|
|
|
|
|
|
// Update
|
|
|
|
// Update
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Delete
|
|
|
|
// Delete
|
|
|
|
ixn.Op = structs.IntentionOpDelete
|
|
|
|
ixn.Op = structs.IntentionOpDelete
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test update changing the name where an ACL won't allow it
|
|
|
|
// Test update changing the name where an ACL won't allow it
|
|
|
|
func TestIntentionApply_aclUpdateChange(t *testing.T) {
|
|
|
|
func TestIntentionApply_aclUpdateChange(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -623,9 +597,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Setup a basic record to create
|
|
|
|
// Setup a basic record to create
|
|
|
@ -639,9 +611,7 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Try to do an update without a token; this should get rejected.
|
|
|
|
// Try to do an update without a token; this should get rejected.
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
|
ixn.Op = structs.IntentionOpUpdate
|
|
|
@ -649,14 +619,14 @@ service "foo" {
|
|
|
|
ixn.Intention.DestinationName = "foo"
|
|
|
|
ixn.Intention.DestinationName = "foo"
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
ixn.WriteRequest.Token = token
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test reading with ACLs
|
|
|
|
// Test reading with ACLs
|
|
|
|
func TestIntentionGet_acl(t *testing.T) {
|
|
|
|
func TestIntentionGet_acl(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -688,9 +658,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Setup a basic record to create
|
|
|
|
// Setup a basic record to create
|
|
|
@ -704,9 +672,7 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
ixn.Intention.ID = reply
|
|
|
|
|
|
|
|
|
|
|
|
// Read without token should be error
|
|
|
|
// Read without token should be error
|
|
|
@ -718,12 +684,8 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 0)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 0 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Read with token should work
|
|
|
|
// Read with token should work
|
|
|
@ -735,12 +697,8 @@ service "foo" {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 1 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -771,6 +729,8 @@ func TestIntentionList(t *testing.T) {
|
|
|
|
// Test listing with ACLs
|
|
|
|
// Test listing with ACLs
|
|
|
|
func TestIntentionList_acl(t *testing.T) {
|
|
|
|
func TestIntentionList_acl(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -802,9 +762,7 @@ service "foo" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Create a few records
|
|
|
|
// Create a few records
|
|
|
@ -819,9 +777,7 @@ service "foo" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test with no token
|
|
|
|
// Test with no token
|
|
|
@ -830,13 +786,8 @@ service "foo" {
|
|
|
|
Datacenter: "dc1",
|
|
|
|
Datacenter: "dc1",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 0)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 0 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test with management token
|
|
|
|
// Test with management token
|
|
|
@ -846,13 +797,8 @@ service "foo" {
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "root"},
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 3)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 3 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test with user token
|
|
|
|
// Test with user token
|
|
|
@ -862,13 +808,8 @@ service "foo" {
|
|
|
|
QueryOptions: structs.QueryOptions{Token: token},
|
|
|
|
QueryOptions: structs.QueryOptions{Token: token},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
var resp structs.IndexedIntentions
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Intentions, 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(resp.Intentions) != 1 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %v", resp)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -944,6 +885,8 @@ func TestIntentionMatch_good(t *testing.T) {
|
|
|
|
// Test matching with ACLs
|
|
|
|
// Test matching with ACLs
|
|
|
|
func TestIntentionMatch_acl(t *testing.T) {
|
|
|
|
func TestIntentionMatch_acl(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
assert := assert.New(t)
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
@ -975,9 +918,7 @@ service "bar" {
|
|
|
|
},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Create some records
|
|
|
|
// Create some records
|
|
|
@ -1003,9 +944,7 @@ service "bar" {
|
|
|
|
|
|
|
|
|
|
|
|
// Create
|
|
|
|
// Create
|
|
|
|
var reply string
|
|
|
|
var reply string
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -1025,13 +964,8 @@ service "bar" {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentionMatches
|
|
|
|
var resp structs.IndexedIntentionMatches
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp)
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp)
|
|
|
|
if !acl.IsErrPermissionDenied(err) {
|
|
|
|
assert.True(acl.IsErrPermissionDenied(err))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Matches, 0)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(resp.Matches) != 0 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %#v", resp.Matches)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Test with proper token
|
|
|
|
// Test with proper token
|
|
|
@ -1050,13 +984,8 @@ service "bar" {
|
|
|
|
QueryOptions: structs.QueryOptions{Token: token},
|
|
|
|
QueryOptions: structs.QueryOptions{Token: token},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
var resp structs.IndexedIntentionMatches
|
|
|
|
var resp structs.IndexedIntentionMatches
|
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp); err != nil {
|
|
|
|
assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp))
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
assert.Len(resp.Matches, 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if len(resp.Matches) != 1 {
|
|
|
|
|
|
|
|
t.Fatalf("bad: %#v", resp.Matches)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
|
|
|
|
expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
|
|
|
|
var actual [][]string
|
|
|
|
var actual [][]string
|
|
|
@ -1064,8 +993,6 @@ service "bar" {
|
|
|
|
actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
|
|
|
|
actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
|
|
assert.Equal(expected, actual)
|
|
|
|
t.Fatalf("bad (got, wanted):\n\n%#v\n\n%#v", actual, expected)
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|