2014-08-06 00:24:48 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"os"
|
2014-08-12 22:32:44 +00:00
|
|
|
"strings"
|
2014-08-06 00:24:48 +00:00
|
|
|
"testing"
|
2014-08-08 22:32:43 +00:00
|
|
|
"time"
|
|
|
|
|
|
pkg refactor
command/agent/* -> agent/*
command/consul/* -> agent/consul/*
command/agent/command{,_test}.go -> command/agent{,_test}.go
command/base/command.go -> command/base.go
command/base/* -> command/*
commands.go -> command/commands.go
The script which did the refactor is:
(
cd $GOPATH/src/github.com/hashicorp/consul
git mv command/agent/command.go command/agent.go
git mv command/agent/command_test.go command/agent_test.go
git mv command/agent/flag_slice_value{,_test}.go command/
git mv command/agent .
git mv command/base/command.go command/base.go
git mv command/base/config_util{,_test}.go command/
git mv commands.go command/
git mv consul agent
rmdir command/base/
gsed -i -e 's|package agent|package command|' command/agent{,_test}.go
gsed -i -e 's|package agent|package command|' command/flag_slice_value{,_test}.go
gsed -i -e 's|package base|package command|' command/base.go command/config_util{,_test}.go
gsed -i -e 's|package main|package command|' command/commands.go
gsed -i -e 's|base.Command|BaseCommand|' command/commands.go
gsed -i -e 's|agent.Command|AgentCommand|' command/commands.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/commands.go
gsed -i -e 's|base\.||' command/commands.go
gsed -i -e 's|command\.||' command/commands.go
gsed -i -e 's|command|c|' main.go
gsed -i -e 's|range Commands|range command.Commands|' main.go
gsed -i -e 's|Commands: Commands|Commands: command.Commands|' main.go
gsed -i -e 's|base\.BoolValue|BoolValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.DurationValue|DurationValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.StringValue|StringValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.UintValue|UintValue|' command/operator_autopilot_set.go
gsed -i -e 's|\bCommand\b|BaseCommand|' command/base.go
gsed -i -e 's|BaseCommand Options|Command Options|' command/base.go
gsed -i -e 's|base.Command|BaseCommand|' command/*.go
gsed -i -e 's|c\.Command|c.BaseCommand|g' command/*.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/*_test.go
gsed -i -e 's|base\.||' command/*_test.go
gsed -i -e 's|\bCommand\b|AgentCommand|' command/agent{,_test}.go
gsed -i -e 's|cmd.AgentCommand|cmd.BaseCommand|' command/agent.go
gsed -i -e 's|cli.AgentCommand = new(Command)|cli.Command = new(AgentCommand)|' command/agent_test.go
gsed -i -e 's|exec.AgentCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|exec.BaseCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|NewTestAgent|agent.NewTestAgent|' command/agent_test.go
gsed -i -e 's|= TestConfig|= agent.TestConfig|' command/agent_test.go
gsed -i -e 's|: RetryJoin|: agent.RetryJoin|' command/agent_test.go
gsed -i -e 's|\.\./\.\./|../|' command/config_util_test.go
gsed -i -e 's|\bverifyUniqueListeners|VerifyUniqueListeners|' agent/config{,_test}.go command/agent.go
gsed -i -e 's|\bserfLANKeyring\b|SerfLANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bserfWANKeyring\b|SerfWANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bNewAgent\b|agent.New|g' command/agent{,_test}.go
gsed -i -e 's|\bNewAgent|New|' agent/{acl_test,agent,testagent}.go
gsed -i -e 's|\bAgent\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bBool\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDefaultConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDevConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bMergeConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bReadConfigPaths\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bParseMetaPair\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfLANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfWANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|circonus\.agent|circonus|g' command/agent{,_test}.go
gsed -i -e 's|logger\.agent|logger|g' command/agent{,_test}.go
gsed -i -e 's|metrics\.agent|metrics|g' command/agent{,_test}.go
gsed -i -e 's|// agent.Agent|// agent|' command/agent{,_test}.go
gsed -i -e 's|a\.agent\.Config|a.Config|' command/agent{,_test}.go
gsed -i -e 's|agent\.AppendSliceValue|AppendSliceValue|' command/{configtest,validate}.go
gsed -i -e 's|consul/consul|agent/consul|' GNUmakefile
gsed -i -e 's|\.\./test|../../test|' agent/consul/server_test.go
# fix imports
f=$(grep -rl 'github.com/hashicorp/consul/command/agent' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/command/agent|github.com/hashicorp/consul/agent|' $f
goimports -w $f
f=$(grep -rl 'github.com/hashicorp/consul/consul' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/consul|github.com/hashicorp/consul/agent/consul|' $f
goimports -w $f
goimports -w command/*.go main.go
)
2017-06-09 22:28:28 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/structs"
|
2016-01-29 19:42:34 +00:00
|
|
|
"github.com/hashicorp/consul/lib"
|
2017-04-19 23:00:11 +00:00
|
|
|
"github.com/hashicorp/consul/testrpc"
|
2017-05-04 22:35:33 +00:00
|
|
|
"github.com/hashicorp/consul/testutil/retry"
|
2015-10-13 23:43:52 +00:00
|
|
|
"github.com/hashicorp/net-rpc-msgpackrpc"
|
2014-08-06 00:24:48 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestACLEndpoint_Apply(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
2014-08-06 00:24:48 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-06 00:24:48 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-06 00:24:48 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
2014-08-12 22:32:44 +00:00
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
2014-08-06 00:24:48 +00:00
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
id := out
|
|
|
|
|
|
|
|
|
|
// Verify
|
|
|
|
|
state := s1.fsm.State()
|
2017-01-24 08:00:06 +00:00
|
|
|
_, s, err := state.ACLGet(nil, out)
|
2014-08-06 00:24:48 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if s == nil {
|
|
|
|
|
t.Fatalf("should not be nil")
|
|
|
|
|
}
|
|
|
|
|
if s.ID != out {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
if s.Name != "User token" {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do a delete
|
|
|
|
|
arg.Op = structs.ACLDelete
|
|
|
|
|
arg.ACL.ID = out
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify
|
2017-01-24 08:00:06 +00:00
|
|
|
_, s, err = state.ACLGet(nil, id)
|
2014-08-06 00:24:48 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if s != nil {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-18 22:23:02 +00:00
|
|
|
func TestACLEndpoint_Update_PurgeCache(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-18 22:23:02 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-18 22:23:02 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-18 22:23:02 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-18 22:23:02 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
id := out
|
|
|
|
|
|
|
|
|
|
// Resolve
|
|
|
|
|
acl1, err := s1.resolveToken(id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if acl1 == nil {
|
|
|
|
|
t.Fatalf("should not be nil")
|
|
|
|
|
}
|
|
|
|
|
if !acl1.KeyRead("foo") {
|
|
|
|
|
t.Fatalf("should be allowed")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do an update
|
|
|
|
|
arg.ACL.ID = out
|
|
|
|
|
arg.ACL.Rules = `{"key": {"": {"policy": "deny"}}}`
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-18 22:23:02 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Resolve again
|
|
|
|
|
acl2, err := s1.resolveToken(id)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if acl2 == nil {
|
|
|
|
|
t.Fatalf("should not be nil")
|
|
|
|
|
}
|
|
|
|
|
if acl2 == acl1 {
|
|
|
|
|
t.Fatalf("should not be cached")
|
|
|
|
|
}
|
|
|
|
|
if acl2.KeyRead("foo") {
|
|
|
|
|
t.Fatalf("should not be allowed")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Do a delete
|
|
|
|
|
arg.Op = structs.ACLDelete
|
|
|
|
|
arg.ACL.Rules = ""
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-18 22:23:02 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Resolve again
|
|
|
|
|
acl3, err := s1.resolveToken(id)
|
|
|
|
|
if err == nil || err.Error() != aclNotFound {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if acl3 != nil {
|
|
|
|
|
t.Fatalf("should be nil")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-06 02:19:45 +00:00
|
|
|
func TestACLEndpoint_Apply_CustomID(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2015-05-06 02:19:45 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2015-05-06 02:19:45 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2015-05-06 02:19:45 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
ID: "foobarbaz", // Specify custom ID, does not exist
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2015-05-06 02:19:45 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if out != "foobarbaz" {
|
|
|
|
|
t.Fatalf("bad token ID: %s", out)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Verify
|
|
|
|
|
state := s1.fsm.State()
|
2017-01-24 08:00:06 +00:00
|
|
|
_, s, err := state.ACLGet(nil, out)
|
2015-05-06 02:19:45 +00:00
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if s == nil {
|
|
|
|
|
t.Fatalf("should not be nil")
|
|
|
|
|
}
|
|
|
|
|
if s.ID != out {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
if s.Name != "User token" {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-12 22:32:44 +00:00
|
|
|
func TestACLEndpoint_Apply_Denied(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-12 22:32:44 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-12 22:32:44 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out)
|
2014-08-12 22:32:44 +00:00
|
|
|
if err == nil || !strings.Contains(err.Error(), permissionDenied) {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-22 21:55:09 +00:00
|
|
|
func TestACLEndpoint_Apply_DeleteAnon(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-22 21:55:09 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-22 21:55:09 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-22 21:55:09 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLDelete,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
ID: anonymousToken,
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out)
|
2014-08-22 21:55:09 +00:00
|
|
|
if err == nil || !strings.Contains(err.Error(), "delete anonymous") {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestACLEndpoint_Apply_RootChange(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-22 21:55:09 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-22 21:55:09 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-22 21:55:09 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
ID: "manage",
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out)
|
2014-08-22 21:55:09 +00:00
|
|
|
if err == nil || !strings.Contains(err.Error(), "root ACL") {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-06 00:24:48 +00:00
|
|
|
func TestACLEndpoint_Get(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
2014-08-06 00:24:48 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-06 00:24:48 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-06 00:24:48 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
2014-08-12 22:32:44 +00:00
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
2014-08-06 00:24:48 +00:00
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getR := structs.ACLSpecificRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
ACL: out,
|
|
|
|
|
}
|
|
|
|
|
var acls structs.IndexedACLs
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Get", &getR, &acls); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if acls.Index == 0 {
|
|
|
|
|
t.Fatalf("Bad: %v", acls)
|
|
|
|
|
}
|
|
|
|
|
if len(acls.ACLs) != 1 {
|
|
|
|
|
t.Fatalf("Bad: %v", acls)
|
|
|
|
|
}
|
|
|
|
|
s := acls.ACLs[0]
|
|
|
|
|
if s.ID != out {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-08 22:32:43 +00:00
|
|
|
func TestACLEndpoint_GetPolicy(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
2014-08-08 22:32:43 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-08 22:32:43 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-08 22:32:43 +00:00
|
|
|
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
2014-08-12 22:32:44 +00:00
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
2014-08-08 22:32:43 +00:00
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-08 22:32:43 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-08 23:55:47 +00:00
|
|
|
getR := structs.ACLPolicyRequest{
|
2014-08-08 22:32:43 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
|
ACL: out,
|
|
|
|
|
}
|
|
|
|
|
var acls structs.ACLPolicy
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.GetPolicy", &getR, &acls); err != nil {
|
2014-08-08 22:32:43 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if acls.Policy == nil {
|
|
|
|
|
t.Fatalf("Bad: %v", acls)
|
|
|
|
|
}
|
|
|
|
|
if acls.TTL != 30*time.Second {
|
|
|
|
|
t.Fatalf("bad: %v", acls)
|
|
|
|
|
}
|
2014-08-08 23:55:47 +00:00
|
|
|
|
|
|
|
|
// Do a conditional lookup with etag
|
|
|
|
|
getR.ETag = acls.ETag
|
|
|
|
|
var out2 structs.ACLPolicy
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.GetPolicy", &getR, &out2); err != nil {
|
2014-08-08 23:55:47 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if out2.Policy != nil {
|
|
|
|
|
t.Fatalf("Bad: %v", out2)
|
|
|
|
|
}
|
|
|
|
|
if out2.TTL != 30*time.Second {
|
|
|
|
|
t.Fatalf("bad: %v", out2)
|
|
|
|
|
}
|
2014-08-08 22:32:43 +00:00
|
|
|
}
|
|
|
|
|
|
2014-08-06 00:24:48 +00:00
|
|
|
func TestACLEndpoint_List(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
c.ACLMasterToken = "root"
|
|
|
|
|
})
|
2014-08-06 00:24:48 +00:00
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-06 00:24:48 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-06 00:24:48 +00:00
|
|
|
|
|
|
|
|
ids := []string{}
|
|
|
|
|
for i := 0; i < 5; i++ {
|
|
|
|
|
arg := structs.ACLRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
|
ACL: structs.ACL{
|
|
|
|
|
Name: "User token",
|
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
|
},
|
2014-08-12 22:32:44 +00:00
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
2014-08-06 00:24:48 +00:00
|
|
|
}
|
|
|
|
|
var out string
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &arg, &out); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
ids = append(ids, out)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
getR := structs.DCSpecificRequest{
|
2014-08-12 22:32:44 +00:00
|
|
|
Datacenter: "dc1",
|
|
|
|
|
QueryOptions: structs.QueryOptions{Token: "root"},
|
2014-08-06 00:24:48 +00:00
|
|
|
}
|
|
|
|
|
var acls structs.IndexedACLs
|
2015-10-13 23:43:52 +00:00
|
|
|
if err := msgpackrpc.CallWithCodec(codec, "ACL.List", &getR, &acls); err != nil {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if acls.Index == 0 {
|
|
|
|
|
t.Fatalf("Bad: %v", acls)
|
|
|
|
|
}
|
2014-08-12 22:32:44 +00:00
|
|
|
|
|
|
|
|
// 5 + anonymous + master
|
|
|
|
|
if len(acls.ACLs) != 7 {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("Bad: %v", acls.ACLs)
|
|
|
|
|
}
|
|
|
|
|
for i := 0; i < len(acls.ACLs); i++ {
|
|
|
|
|
s := acls.ACLs[i]
|
2014-08-12 22:32:44 +00:00
|
|
|
if s.ID == anonymousToken || s.ID == "root" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
2016-01-29 19:42:34 +00:00
|
|
|
if !lib.StrContains(ids, s.ID) {
|
2014-08-06 00:24:48 +00:00
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
if s.Name != "User token" {
|
|
|
|
|
t.Fatalf("bad: %v", s)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-08-12 22:32:44 +00:00
|
|
|
|
|
|
|
|
func TestACLEndpoint_List_Denied(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2014-08-12 22:32:44 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc1"
|
|
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
2015-10-13 23:43:52 +00:00
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
2014-08-12 22:32:44 +00:00
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2014-08-12 22:32:44 +00:00
|
|
|
|
|
|
|
|
getR := structs.DCSpecificRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
}
|
|
|
|
|
var acls structs.IndexedACLs
|
2015-10-13 23:43:52 +00:00
|
|
|
err := msgpackrpc.CallWithCodec(codec, "ACL.List", &getR, &acls)
|
2014-08-12 22:32:44 +00:00
|
|
|
if err == nil || !strings.Contains(err.Error(), permissionDenied) {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-05 04:32:36 +00:00
|
|
|
|
|
|
|
|
func TestACLEndpoint_ReplicationStatus(t *testing.T) {
|
2017-06-27 13:22:18 +00:00
|
|
|
t.Parallel()
|
2016-08-05 04:32:36 +00:00
|
|
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
|
|
|
|
c.ACLDatacenter = "dc2"
|
|
|
|
|
c.ACLReplicationToken = "secret"
|
2017-05-04 22:35:33 +00:00
|
|
|
c.ACLReplicationInterval = 10 * time.Millisecond
|
2016-08-05 04:32:36 +00:00
|
|
|
})
|
|
|
|
|
defer os.RemoveAll(dir1)
|
|
|
|
|
defer s1.Shutdown()
|
|
|
|
|
codec := rpcClient(t, s1)
|
|
|
|
|
defer codec.Close()
|
|
|
|
|
|
2017-04-19 23:00:11 +00:00
|
|
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
2016-08-05 04:32:36 +00:00
|
|
|
|
|
|
|
|
getR := structs.DCSpecificRequest{
|
|
|
|
|
Datacenter: "dc1",
|
|
|
|
|
}
|
2017-05-04 22:35:33 +00:00
|
|
|
|
2017-05-04 22:52:53 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-05-04 22:35:33 +00:00
|
|
|
var status structs.ACLReplicationStatus
|
|
|
|
|
err := msgpackrpc.CallWithCodec(codec, "ACL.ReplicationStatus", &getR, &status)
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
if !status.Enabled || !status.Running || status.SourceDatacenter != "dc2" {
|
|
|
|
|
r.Fatalf("bad: %#v", status)
|
|
|
|
|
}
|
|
|
|
|
})
|
2016-08-05 04:32:36 +00:00
|
|
|
}
|