|
|
|
@ -22,6 +22,13 @@ func TestTokenUpdateCommand_noTabs(t *testing.T) {
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func create_token(t *testing.T, client *api.Client, aclToken *api.ACLToken, writeOptions *api.WriteOptions) *api.ACLToken {
|
|
|
|
|
token, _, err := client.ACL().TokenCreate(aclToken, writeOptions)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
return token
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
if testing.Short() {
|
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
@ -50,13 +57,6 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
// create a token
|
|
|
|
|
token, _, err := client.ACL().TokenCreate(
|
|
|
|
|
&api.ACLToken{Description: "test"},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
run := func(t *testing.T, args []string) *api.ACLToken {
|
|
|
|
|
ui := cli.NewMockUi()
|
|
|
|
|
cmd := New(ui)
|
|
|
|
@ -72,7 +72,9 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
// update with node identity
|
|
|
|
|
t.Run("node-identity", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -80,13 +82,19 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.NodeIdentities, 1)
|
|
|
|
|
require.Equal(t, "foo", token.NodeIdentities[0].NodeName)
|
|
|
|
|
require.Equal(t, "bar", token.NodeIdentities[0].Datacenter)
|
|
|
|
|
require.Len(t, responseToken.NodeIdentities, 1)
|
|
|
|
|
require.Equal(t, "foo", responseToken.NodeIdentities[0].NodeName)
|
|
|
|
|
require.Equal(t, "bar", responseToken.NodeIdentities[0].Datacenter)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
t.Run("node-identity-merge", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t,
|
|
|
|
|
client,
|
|
|
|
|
&api.ACLToken{Description: "test", NodeIdentities: []*api.ACLNodeIdentity{{NodeName: "foo", Datacenter: "bar"}}},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -95,7 +103,7 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
"-merge-node-identities",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.NodeIdentities, 2)
|
|
|
|
|
require.Len(t, responseToken.NodeIdentities, 2)
|
|
|
|
|
expected := []*api.ACLNodeIdentity{
|
|
|
|
|
{
|
|
|
|
|
NodeName: "foo",
|
|
|
|
@ -106,28 +114,14 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
Datacenter: "baz",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
require.ElementsMatch(t, expected, token.NodeIdentities)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with append-node-identity
|
|
|
|
|
t.Run("append-node-identity", func(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-append-node-identity=third:node",
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.NodeIdentities, 3)
|
|
|
|
|
require.Equal(t, "third", token.NodeIdentities[2].NodeName)
|
|
|
|
|
require.Equal(t, "node", token.NodeIdentities[2].Datacenter)
|
|
|
|
|
require.ElementsMatch(t, expected, responseToken.NodeIdentities)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with policy by name
|
|
|
|
|
t.Run("policy-name", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -135,12 +129,14 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.Policies, 1)
|
|
|
|
|
require.Len(t, responseToken.Policies, 1)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with policy by id
|
|
|
|
|
t.Run("policy-id", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -148,12 +144,14 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.Policies, 1)
|
|
|
|
|
require.Len(t, responseToken.Policies, 1)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with service-identity
|
|
|
|
|
t.Run("service-identity", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -161,33 +159,22 @@ func TestTokenUpdateCommand(t *testing.T) {
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.ServiceIdentities, 1)
|
|
|
|
|
require.Equal(t, "service", token.ServiceIdentities[0].ServiceName)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with append-service-identity
|
|
|
|
|
t.Run("append-service-identity", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-append-service-identity=web",
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
require.Len(t, token.ServiceIdentities, 2)
|
|
|
|
|
require.Equal(t, "web", token.ServiceIdentities[1].ServiceName)
|
|
|
|
|
require.Len(t, responseToken.ServiceIdentities, 1)
|
|
|
|
|
require.Equal(t, "service", responseToken.ServiceIdentities[0].ServiceName)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with no description shouldn't delete the current description
|
|
|
|
|
t.Run("merge-description", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test token"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-policy-name=" + policy.Name,
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Equal(t, "test token", token.Description)
|
|
|
|
|
require.Equal(t, "test token", responseToken.Description)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -219,13 +206,6 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
// create a token
|
|
|
|
|
token, _, err := client.ACL().TokenCreate(
|
|
|
|
|
&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
//secondary policy
|
|
|
|
|
secondPolicy, _, policyErr := client.ACL().PolicyCreate(
|
|
|
|
|
&api.ACLPolicy{Name: "secondary-policy"},
|
|
|
|
@ -233,13 +213,6 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, policyErr)
|
|
|
|
|
|
|
|
|
|
//third policy
|
|
|
|
|
thirdPolicy, _, policyErr := client.ACL().PolicyCreate(
|
|
|
|
|
&api.ACLPolicy{Name: "third-policy"},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, policyErr)
|
|
|
|
|
|
|
|
|
|
run := func(t *testing.T, args []string) *api.ACLToken {
|
|
|
|
|
ui := cli.NewMockUi()
|
|
|
|
|
cmd := New(ui)
|
|
|
|
@ -255,7 +228,12 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
|
|
|
|
|
|
|
|
|
|
// update with append-policy-name
|
|
|
|
|
t.Run("append-policy-name", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client,
|
|
|
|
|
&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
@ -263,20 +241,72 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.Policies, 2)
|
|
|
|
|
require.Len(t, responseToken.Policies, 2)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with append-policy-id
|
|
|
|
|
t.Run("append-policy-id", func(t *testing.T) {
|
|
|
|
|
token := run(t, []string{
|
|
|
|
|
token := create_token(t, client,
|
|
|
|
|
&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-append-policy-id=" + thirdPolicy.ID,
|
|
|
|
|
"-append-policy-id=" + secondPolicy.ID,
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, token.Policies, 3)
|
|
|
|
|
require.Len(t, responseToken.Policies, 2)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with append-node-identity
|
|
|
|
|
t.Run("append-node-identity", func(t *testing.T) {
|
|
|
|
|
token := create_token(t, client,
|
|
|
|
|
&api.ACLToken{
|
|
|
|
|
Description: "test",
|
|
|
|
|
Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}},
|
|
|
|
|
NodeIdentities: []*api.ACLNodeIdentity{{NodeName: "namenode", Datacenter: "somewhere"}},
|
|
|
|
|
},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-append-node-identity=third:node",
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, responseToken.NodeIdentities, 2)
|
|
|
|
|
require.Equal(t, "third", responseToken.NodeIdentities[1].NodeName)
|
|
|
|
|
require.Equal(t, "node", responseToken.NodeIdentities[1].Datacenter)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
// update with append-service-identity
|
|
|
|
|
t.Run("append-service-identity", func(t *testing.T) {
|
|
|
|
|
token := create_token(t, client,
|
|
|
|
|
&api.ACLToken{
|
|
|
|
|
Description: "test",
|
|
|
|
|
Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}},
|
|
|
|
|
ServiceIdentities: []*api.ACLServiceIdentity{{ServiceName: "service"}},
|
|
|
|
|
},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
responseToken := run(t, []string{
|
|
|
|
|
"-http-addr=" + a.HTTPAddr(),
|
|
|
|
|
"-accessor-id=" + token.AccessorID,
|
|
|
|
|
"-token=root",
|
|
|
|
|
"-append-service-identity=web",
|
|
|
|
|
"-description=test token",
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
require.Len(t, responseToken.ServiceIdentities, 2)
|
|
|
|
|
require.Equal(t, "web", responseToken.ServiceIdentities[1].ServiceName)
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
@ -310,12 +340,7 @@ func TestTokenUpdateCommand_JSON(t *testing.T) {
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
|
|
// create a token
|
|
|
|
|
token, _, err := client.ACL().TokenCreate(
|
|
|
|
|
&api.ACLToken{Description: "test"},
|
|
|
|
|
&api.WriteOptions{Token: "root"},
|
|
|
|
|
)
|
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
|
|
|
|
|
|
|
|
|
|
t.Run("update with policy by name", func(t *testing.T) {
|
|
|
|
|
cmd := New(ui)
|
|
|
|
|