luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/token/store_test.go

294 lines
10 KiB
Go
Raw Permalink Normal View History

copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
package token
import (
"testing"
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
"github.com/stretchr/testify/require"
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
)
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
func TestStore_RegularTokens(t *testing.T) {
type tokens struct {
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
userSource TokenSource
user string
agent string
agentSource TokenSource
recovery string
recoverySource TokenSource
repl string
replSource TokenSource
registration string
registrationSource TokenSource
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
}
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
tests := []struct {
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
name string
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
set tokens
raw tokens
effective tokens
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
}{
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
{
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
name: "set user - config",
set: tokens{user: "U", userSource: TokenSourceConfig},
raw: tokens{user: "U", userSource: TokenSourceConfig},
effective: tokens{user: "U", agent: "U"},
},
{
name: "set user - api",
set: tokens{user: "U", userSource: TokenSourceAPI},
raw: tokens{user: "U", userSource: TokenSourceAPI},
effective: tokens{user: "U", agent: "U"},
},
{
name: "set agent - config",
set: tokens{agent: "A", agentSource: TokenSourceConfig},
raw: tokens{agent: "A", agentSource: TokenSourceConfig},
effective: tokens{agent: "A"},
},
{
name: "set agent - api",
set: tokens{agent: "A", agentSource: TokenSourceAPI},
raw: tokens{agent: "A", agentSource: TokenSourceAPI},
effective: tokens{agent: "A"},
},
{
name: "set user and agent",
set: tokens{agent: "A", user: "U"},
raw: tokens{agent: "A", user: "U"},
effective: tokens{agent: "A", user: "U"},
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
},
{
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
name: "set repl - config",
set: tokens{repl: "R", replSource: TokenSourceConfig},
raw: tokens{repl: "R", replSource: TokenSourceConfig},
effective: tokens{repl: "R"},
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
},
{
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
name: "set repl - api",
set: tokens{repl: "R", replSource: TokenSourceAPI},
raw: tokens{repl: "R", replSource: TokenSourceAPI},
effective: tokens{repl: "R"},
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
},
{
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
name: "set recovery - config",
set: tokens{recovery: "M", recoverySource: TokenSourceConfig},
raw: tokens{recovery: "M", recoverySource: TokenSourceConfig},
effective: tokens{recovery: "M"},
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
},
{
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
name: "set recovery - api",
set: tokens{recovery: "M", recoverySource: TokenSourceAPI},
raw: tokens{recovery: "M", recoverySource: TokenSourceAPI},
effective: tokens{recovery: "M"},
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
},
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
{
name: "set registration - config",
set: tokens{registration: "G", registrationSource: TokenSourceConfig},
raw: tokens{registration: "G", registrationSource: TokenSourceConfig},
effective: tokens{registration: "G"},
},
{
name: "set registration - api",
set: tokens{registration: "G", registrationSource: TokenSourceAPI},
raw: tokens{registration: "G", registrationSource: TokenSourceAPI},
effective: tokens{registration: "G"},
},
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
{
name: "set all",
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
set: tokens{user: "U", agent: "A", repl: "R", recovery: "M", registration: "G"},
raw: tokens{user: "U", agent: "A", repl: "R", recovery: "M", registration: "G"},
effective: tokens{user: "U", agent: "A", repl: "R", recovery: "M", registration: "G"},
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
},
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
}
for _, tt := range tests {
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
t.Run(tt.name, func(t *testing.T) {
s := new(Store)
fix TestStore_RegularTokens This test was only passing because t.Parallel was causing every subtest to run with the last value in the iteration, which sets a value for all tokens. The test started to fail once t.Parallel was removed, but the same failure could have been produced by adding 'tt := tt' to the t.Run() func. These tests run in under 10ms, so there is no reason to use t.Parallel.
2020-08-24 21:46:55 +00:00
if tt.set.user != "" {
require.True(t, s.UpdateUserToken(tt.set.user, tt.set.userSource))
}
if tt.set.agent != "" {
require.True(t, s.UpdateAgentToken(tt.set.agent, tt.set.agentSource))
}
if tt.set.repl != "" {
require.True(t, s.UpdateReplicationToken(tt.set.repl, tt.set.replSource))
}
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
if tt.set.recovery != "" {
require.True(t, s.UpdateAgentRecoveryToken(tt.set.recovery, tt.set.recoverySource))
fix TestStore_RegularTokens This test was only passing because t.Parallel was causing every subtest to run with the last value in the iteration, which sets a value for all tokens. The test started to fail once t.Parallel was removed, but the same failure could have been produced by adding 'tt := tt' to the t.Run() func. These tests run in under 10ms, so there is no reason to use t.Parallel.
2020-08-24 21:46:55 +00:00
}
agent: updates to the agent token trigger anti-entropy full syncs (#6577)
2019-10-04 18:37:34 +00:00
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
if tt.set.registration != "" {
require.True(t, s.UpdateConfigFileRegistrationToken(tt.set.registration, tt.set.registrationSource))
}
agent: updates to the agent token trigger anti-entropy full syncs (#6577)
2019-10-04 18:37:34 +00:00
// If they don't change then they return false.
require.False(t, s.UpdateUserToken(tt.set.user, tt.set.userSource))
require.False(t, s.UpdateAgentToken(tt.set.agent, tt.set.agentSource))
require.False(t, s.UpdateReplicationToken(tt.set.repl, tt.set.replSource))
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
require.False(t, s.UpdateAgentRecoveryToken(tt.set.recovery, tt.set.recoverySource))
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
require.False(t, s.UpdateConfigFileRegistrationToken(tt.set.registration, tt.set.registrationSource))
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
require.Equal(t, tt.effective.user, s.UserToken())
require.Equal(t, tt.effective.agent, s.AgentToken())
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
require.Equal(t, tt.effective.recovery, s.AgentRecoveryToken())
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
require.Equal(t, tt.effective.repl, s.ReplicationToken())
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
require.Equal(t, tt.effective.registration, s.ConfigFileRegistrationToken())
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
tok, src := s.UserTokenAndSource()
require.Equal(t, tt.raw.user, tok)
require.Equal(t, tt.raw.userSource, src)
tok, src = s.AgentTokenAndSource()
require.Equal(t, tt.raw.agent, tok)
require.Equal(t, tt.raw.agentSource, src)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
tok, src = s.AgentRecoveryTokenAndSource()
require.Equal(t, tt.raw.recovery, tok)
require.Equal(t, tt.raw.recoverySource, src)
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 19:28:31 +00:00
tok, src = s.ReplicationTokenAndSource()
require.Equal(t, tt.raw.repl, tok)
require.Equal(t, tt.raw.replSource, src)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
tok, src = s.ConfigFileRegistrationTokenAndSource()
require.Equal(t, tt.raw.registration, tok)
require.Equal(t, tt.raw.registrationSource, src)
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
})
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
}
}
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
func TestStore_AgentRecoveryToken(t *testing.T) {
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 22:39:31 +00:00
s := new(Store)
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
verify := func(want bool, toks ...string) {
for _, tok := range toks {
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
require.Equal(t, want, s.IsAgentRecoveryToken(tok))
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
}
}
verify(false, "", "nope")
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
s.UpdateAgentRecoveryToken("recovery", TokenSourceConfig)
verify(true, "recovery")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
verify(false, "", "nope")
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
s.UpdateAgentRecoveryToken("another", TokenSourceConfig)
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
verify(true, "another")
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
verify(false, "", "nope", "recovery")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
s.UpdateAgentRecoveryToken("", TokenSourceConfig)
verify(false, "", "nope", "recovery", "another")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
2017-07-26 18:03:43 +00:00
}
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
func TestStore_Notify(t *testing.T) {
s := new(Store)
newNotification := func(t *testing.T, s *Store, kind TokenKind) Notifier {
n := s.Notify(kind)
require.NotNil(t, n.Ch)
return n
}
requireNotNotified := func(t *testing.T, ch <-chan struct{}) {
require.Empty(t, ch)
}
requireNotifiedOnce := func(t *testing.T, ch <-chan struct{}) {
require.Len(t, ch, 1)
// drain the channel
<-ch
// just to be safe
require.Empty(t, ch)
}
agentNotifier := newNotification(t, s, TokenKindAgent)
userNotifier := newNotification(t, s, TokenKindUser)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
agentRecoveryNotifier := newNotification(t, s, TokenKindAgentRecovery)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
replicationNotifier := newNotification(t, s, TokenKindReplication)
replicationNotifier2 := newNotification(t, s, TokenKindReplication)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
registrationNotifier := newNotification(t, s, TokenKindConfigFileRegistration)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
// perform an update of the user token
require.True(t, s.UpdateUserToken("edcae2a2-3b51-4864-b412-c7a568f49cb1", TokenSourceConfig))
// do it again to ensure it doesn't block even though nothing has read from the 1 buffered chan yet
require.True(t, s.UpdateUserToken("47788919-f944-476a-bda5-446d64be1df8", TokenSourceAPI))
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// ensure notifications were sent to the user notifier and all other notifiers were not notified.
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, agentNotifier.Ch)
requireNotifiedOnce(t, userNotifier.Ch)
requireNotNotified(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotNotified(t, agentRecoveryNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, replicationNotifier2.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// update the agent token which should send a notification to the agent notifier.
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
require.True(t, s.UpdateAgentToken("5d748ec2-d536-461f-8e2a-1f7eae98d559", TokenSourceAPI))
requireNotifiedOnce(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotNotified(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotNotified(t, agentRecoveryNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, replicationNotifier2.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// update the agent recovery token which should send a notification to the agent recovery notifier.
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
require.True(t, s.UpdateAgentRecoveryToken("789badc8-f850-43e1-8742-9b9f484957cc", TokenSourceAPI))
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotNotified(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotifiedOnce(t, agentRecoveryNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, replicationNotifier2.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// update the replication token which should send a notification to the replication notifier.
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
require.True(t, s.UpdateReplicationToken("789badc8-f850-43e1-8742-9b9f484957cc", TokenSourceAPI))
requireNotNotified(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotifiedOnce(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotNotified(t, agentRecoveryNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotifiedOnce(t, replicationNotifier2.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
s.StopNotify(replicationNotifier2)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// update the replication token which should send a notification to the replication notifier.
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
require.True(t, s.UpdateReplicationToken("eb0b56b9-fa65-4ae1-902a-c64457c62ac6", TokenSourceAPI))
requireNotNotified(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotifiedOnce(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotNotified(t, agentRecoveryNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
requireNotNotified(t, replicationNotifier2.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
// update the config file registration token which should send a notification to the replication notifier.
require.True(t, s.UpdateConfigFileRegistrationToken("82fe7362-7d83-4f43-bb27-c35f1f15083c", TokenSourceAPI))
requireNotNotified(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotNotified(t, replicationNotifier.Ch)
requireNotNotified(t, agentRecoveryNotifier.Ch)
requireNotNotified(t, replicationNotifier2.Ch)
requireNotifiedOnce(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
// request updates that are not changes
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
require.False(t, s.UpdateAgentToken("5d748ec2-d536-461f-8e2a-1f7eae98d559", TokenSourceAPI))
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
require.False(t, s.UpdateAgentRecoveryToken("789badc8-f850-43e1-8742-9b9f484957cc", TokenSourceAPI))
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
require.False(t, s.UpdateUserToken("47788919-f944-476a-bda5-446d64be1df8", TokenSourceAPI))
require.False(t, s.UpdateReplicationToken("eb0b56b9-fa65-4ae1-902a-c64457c62ac6", TokenSourceAPI))
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
require.False(t, s.UpdateConfigFileRegistrationToken("82fe7362-7d83-4f43-bb27-c35f1f15083c", TokenSourceAPI))
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
// ensure that notifications were not sent
requireNotNotified(t, agentNotifier.Ch)
requireNotNotified(t, userNotifier.Ch)
requireNotNotified(t, replicationNotifier.Ch)
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
requireNotNotified(t, agentRecoveryNotifier.Ch)
Add new config_file_service_registration token (#15828)
2023-01-10 16:24:02 +00:00
requireNotNotified(t, registrationNotifier.Ch)
Add ability for notifications when one of the agent tokens is updated (#8301) Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-07-14 13:53:55 +00:00
}