github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

catalog: use the new ACL system in tests 

In preparation for removing ACL.Apply
pull/10986/head
Daniel Nephin 3 years ago
parent
3b9578d7eb
commit
d64409f66f
1 changed files with 58 additions and 112 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 170
      agent/consul/catalog_endpoint_test.go

170
agent/consul/catalog_endpoint_test.go
Unescape View File

@ -8,6 +8,8 @@ import (
"testing"
"time"
"github.com/hashicorp/go-uuid"
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@ -191,28 +193,15 @@ func TestCatalog_Register_ACLDeny(t *testing.T) {
codec := rpcClient(t, s1)
defer codec.Close()
// Create the ACL.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: `
rules := `
service "foo" {
policy = "write"
}
node "foo" {
policy = "write"
}
`,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var id string
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &id); err != nil {
t.Fatalf("err: %v", err)
}
`
id := createToken(t, codec, rules)
argR := structs.RegisterRequest{
Datacenter: "dc1",
@ -272,6 +261,36 @@ node "foo" {
}
}
func createToken(t *testing.T, cc rpc.ClientCodec, policyRules string) string {
t.Helper()
reqPolicy := structs.ACLPolicySetRequest{
Datacenter: "dc1",
Policy: structs.ACLPolicy{
Name: "the-policy",
Rules: policyRules,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
err := msgpackrpc.CallWithCodec(cc, "ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{})
require.NoError(t, err)
token, err := uuid.GenerateUUID()
require.NoError(t, err)
reqToken := structs.ACLTokenSetRequest{
Datacenter: "dc1",
ACLToken: structs.ACLToken{
SecretID: token,
Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}},
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
err = msgpackrpc.CallWithCodec(cc, "ACL.TokenSet", &reqToken, &structs.ACLToken{})
require.NoError(t, err)
return token
}
func TestCatalog_Register_ForwardLeader(t *testing.T) {
if testing.Short() {
t.Skip("too slow for testing.Short")
@ -438,26 +457,15 @@ func TestCatalog_Register_ConnectProxy_ACLDestinationServiceName(t *testing.T) {
testrpc.WaitForLeader(t, s1.RPC, "dc1")
// Create the ACL.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: `
rules := `
service "foo" {
policy = "write"
}
node "foo" {
policy = "write"
}
`,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var token string
assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &token))
`
token := createToken(t, codec, rules)
// Register should fail because we don't have permission on the destination
args := structs.TestRegisterRequestProxy(t)
@ -567,14 +575,7 @@ func TestCatalog_Deregister_ACLDeny(t *testing.T) {
testrpc.WaitForLeader(t, s1.RPC, "dc1")
// Create the ACL.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: `
rules := `
node "node" {
policy = "write"
}
@ -582,14 +583,8 @@ node "node" {
service "service" {
policy = "write"
}
`,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var id string
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &id); err != nil {
t.Fatalf("err: %v", err)
}
`
id := createToken(t, codec, rules)
// Register a node, node check, service, and service check.
argR := structs.RegisterRequest{
@ -1325,25 +1320,12 @@ func TestCatalog_ListNodes_ACLFilter(t *testing.T) {
}
}
// Create an ACL that can read the node.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: fmt.Sprintf(`
rules := fmt.Sprintf(`
node "%s" {
policy = "read"
}
`, s1.config.NodeName),
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var id string
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &id); err != nil {
t.Fatalf("err: %v", err)
}
`, s1.config.NodeName)
id := createToken(t, codec, rules)
// Now try with the token and it will go through.
args.Token = id
@ -2425,24 +2407,13 @@ func TestCatalog_ListServiceNodes_ConnectProxy_ACL(t *testing.T) {
testrpc.WaitForLeader(t, s1.RPC, "dc1")
// Create the ACL.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: `
service "foo" {
rules := `
service_prefix "foo" {
policy = "write"
}
node "" { policy = "read" }
`,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var token string
require.NoError(t, msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &token))
node_prefix "" { policy = "read" }
`
token := createToken(t, codec, rules)
{
// Register a proxy
@ -2717,27 +2688,15 @@ func testACLFilterServer(t *testing.T) (dir, token string, srv *Server, codec rp
codec = rpcClient(t, srv)
testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken("root"))
// Create a new token
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: `
service "foo" {
rules := `
service_prefix "foo" {
policy = "write"
}
node "" {
node_prefix "" {
policy = "read"
}
`,
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &token); err != nil {
t.Fatalf("err: %v", err)
}
`
token = createToken(t, codec, rules)
// Register a service
regArg := structs.RegisterRequest{
@ -2896,25 +2855,12 @@ func TestCatalog_NodeServices_ACLDeny(t *testing.T) {
t.Fatalf("should not nil")
}
// Create an ACL that can read the node.
arg := structs.ACLRequest{
Datacenter: "dc1",
Op: structs.ACLSet,
ACL: structs.ACL{
Name: "User token",
Type: structs.ACLTokenTypeClient,
Rules: fmt.Sprintf(`
node "%s" {
rules := fmt.Sprintf(`
node_prefix "%s" {
policy = "read"
}
`, s1.config.NodeName),
},
WriteRequest: structs.WriteRequest{Token: "root"},
}
var id string
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &id); err != nil {
t.Fatalf("err: %v", err)
}
`, s1.config.NodeName)
id := createToken(t, codec, rules)
// Now try with the token and it will go through.
args.Token = id

Write Preview
Loading…
Cancel
Save