open-consul/acl/MockAuthorizer.go

package acl

import "github.com/stretchr/testify/mock"

type MockAuthorizer struct {
	mock.Mock
}

var _ Authorizer = (*MockAuthorizer)(nil)

// ACLRead checks for permission to list all the ACLs
func (m *MockAuthorizer) ACLRead(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// ACLWrite checks for permission to manipulate ACLs
func (m *MockAuthorizer) ACLWrite(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// AgentRead checks for permission to read from agent endpoints for a
// given node.
func (m *MockAuthorizer) AgentRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// AgentWrite checks for permission to make changes via agent endpoints
// for a given node.
func (m *MockAuthorizer) AgentWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// EventRead determines if a specific event can be queried.
func (m *MockAuthorizer) EventRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// EventWrite determines if a specific event may be fired.
func (m *MockAuthorizer) EventWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// IntentionDefaultAllow determines the default authorized behavior
// when no intentions match a Connect request.
func (m *MockAuthorizer) IntentionDefaultAllow(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// IntentionRead determines if a specific intention can be read.
func (m *MockAuthorizer) IntentionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// IntentionWrite determines if a specific intention can be
// created, modified, or deleted.
func (m *MockAuthorizer) IntentionWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyList checks for permission to list keys under a prefix
func (m *MockAuthorizer) KeyList(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyRead checks for permission to read a given key
func (m *MockAuthorizer) KeyRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyWrite checks for permission to write a given key
func (m *MockAuthorizer) KeyWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyWritePrefix checks for permission to write to an
// entire key prefix. This means there must be no sub-policies
// that deny a write.
func (m *MockAuthorizer) KeyWritePrefix(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyringRead determines if the encryption keyring used in
// the gossip layer can be read.
func (m *MockAuthorizer) KeyringRead(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// KeyringWrite determines if the keyring can be manipulated
func (m *MockAuthorizer) KeyringWrite(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// NodeRead checks for permission to read (discover) a given node.
func (m *MockAuthorizer) NodeRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

func (m *MockAuthorizer) NodeReadAll(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// NodeWrite checks for permission to create or update (register) a
// given node.
func (m *MockAuthorizer) NodeWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

func (m *MockAuthorizer) MeshRead(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

func (m *MockAuthorizer) MeshWrite(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// PeeringRead determines if the read-only Consul peering functions
// can be used.
func (m *MockAuthorizer) PeeringRead(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// PeeringWrite determines if the state-changing Consul peering
// functions can be used.
func (m *MockAuthorizer) PeeringWrite(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// OperatorRead determines if the read-only Consul operator functions
// can be used.	ret := m.Called(segment, ctx)
func (m *MockAuthorizer) OperatorRead(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// OperatorWrite determines if the state-changing Consul operator
// functions can be used.
func (m *MockAuthorizer) OperatorWrite(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// PreparedQueryRead determines if a specific prepared query can be read
// to show its contents (this is not used for execution).
func (m *MockAuthorizer) PreparedQueryRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// PreparedQueryWrite determines if a specific prepared query can be
// created, modified, or deleted.
func (m *MockAuthorizer) PreparedQueryWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// ServiceRead checks for permission to read a given service
func (m *MockAuthorizer) ServiceRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

func (m *MockAuthorizer) ServiceReadAll(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// ServiceWrite checks for permission to create or update a given
// service
func (m *MockAuthorizer) ServiceWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// ServiceWriteAny checks for service:write on any service
func (m *MockAuthorizer) ServiceWriteAny(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

// SessionRead checks for permission to read sessions for a given node.
func (m *MockAuthorizer) SessionRead(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// SessionWrite checks for permission to create sessions for a given
// node.
func (m *MockAuthorizer) SessionWrite(segment string, ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(segment, ctx)
	return ret.Get(0).(EnforcementDecision)
}

// Snapshot checks for permission to take and restore snapshots.
func (m *MockAuthorizer) Snapshot(ctx *AuthorizerContext) EnforcementDecision {
	ret := m.Called(ctx)
	return ret.Get(0).(EnforcementDecision)
}

func (p *MockAuthorizer) ToAllowAuthorizer() AllowAuthorizer {
	return AllowAuthorizer{Authorizer: p}
}
Leadership transfer cmd (#14132) * add leadership transfer command * add RPC call test (flaky) * add missing import * add changelog * add command registration * Apply suggestions from code review Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * add the possibility of providing an id to raft leadership transfer. Add few tests. * delete old file from cherry pick * rename changelog filename to PR # * rename changelog and fix import * fix failing test * check for OperatorWrite Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * rename from leader-transfer to transfer-leader * remove version check and add test for operator read * move struct to operator.go * first pass * add code for leader transfer in the grpc backend and tests * wire the http endpoint to the new grpc endpoint * remove the RPC endpoint * remove non needed struct * fix naming * add mog glue to API * fix comment * remove dead code * fix linter error * change package name for proto file * remove error wrapping * fix failing test * add command registration * add grpc service mock tests * fix receiver to be pointer * use defined values Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * reuse MockAclAuthorizer * add documentation * remove usage of external.TokenFromContext * fix failing tests * fix proto generation * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review * add more context in doc for the reason * Apply suggestions from docs code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * regenerate proto * fix linter errors Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2022-11-14 20:35:12 +00:00			`package acl`

			`import "github.com/stretchr/testify/mock"`

			`type MockAuthorizer struct {`
			`mock.Mock`
			`}`

			`var _ Authorizer = (*MockAuthorizer)(nil)`

			`// ACLRead checks for permission to list all the ACLs`
			`func (m MockAuthorizer) ACLRead(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// ACLWrite checks for permission to manipulate ACLs`
			`func (m MockAuthorizer) ACLWrite(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// AgentRead checks for permission to read from agent endpoints for a`
			`// given node.`
			`func (m MockAuthorizer) AgentRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// AgentWrite checks for permission to make changes via agent endpoints`
			`// for a given node.`
			`func (m MockAuthorizer) AgentWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// EventRead determines if a specific event can be queried.`
			`func (m MockAuthorizer) EventRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// EventWrite determines if a specific event may be fired.`
			`func (m MockAuthorizer) EventWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// IntentionDefaultAllow determines the default authorized behavior`
			`// when no intentions match a Connect request.`
			`func (m MockAuthorizer) IntentionDefaultAllow(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// IntentionRead determines if a specific intention can be read.`
			`func (m MockAuthorizer) IntentionRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// IntentionWrite determines if a specific intention can be`
			`// created, modified, or deleted.`
			`func (m MockAuthorizer) IntentionWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyList checks for permission to list keys under a prefix`
			`func (m MockAuthorizer) KeyList(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyRead checks for permission to read a given key`
			`func (m MockAuthorizer) KeyRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyWrite checks for permission to write a given key`
			`func (m MockAuthorizer) KeyWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyWritePrefix checks for permission to write to an`
			`// entire key prefix. This means there must be no sub-policies`
			`// that deny a write.`
			`func (m MockAuthorizer) KeyWritePrefix(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyringRead determines if the encryption keyring used in`
			`// the gossip layer can be read.`
			`func (m MockAuthorizer) KeyringRead(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// KeyringWrite determines if the keyring can be manipulated`
			`func (m MockAuthorizer) KeyringWrite(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// NodeRead checks for permission to read (discover) a given node.`
			`func (m MockAuthorizer) NodeRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`func (m MockAuthorizer) NodeReadAll(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// NodeWrite checks for permission to create or update (register) a`
			`// given node.`
			`func (m MockAuthorizer) NodeWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`func (m MockAuthorizer) MeshRead(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`func (m MockAuthorizer) MeshWrite(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// PeeringRead determines if the read-only Consul peering functions`
			`// can be used.`
			`func (m MockAuthorizer) PeeringRead(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// PeeringWrite determines if the state-changing Consul peering`
			`// functions can be used.`
			`func (m MockAuthorizer) PeeringWrite(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// OperatorRead determines if the read-only Consul operator functions`
			`// can be used. ret := m.Called(segment, ctx)`
			`func (m MockAuthorizer) OperatorRead(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// OperatorWrite determines if the state-changing Consul operator`
			`// functions can be used.`
			`func (m MockAuthorizer) OperatorWrite(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// PreparedQueryRead determines if a specific prepared query can be read`
			`// to show its contents (this is not used for execution).`
			`func (m MockAuthorizer) PreparedQueryRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// PreparedQueryWrite determines if a specific prepared query can be`
			`// created, modified, or deleted.`
			`func (m MockAuthorizer) PreparedQueryWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// ServiceRead checks for permission to read a given service`
			`func (m MockAuthorizer) ServiceRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`func (m MockAuthorizer) ServiceReadAll(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// ServiceWrite checks for permission to create or update a given`
			`// service`
			`func (m MockAuthorizer) ServiceWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// ServiceWriteAny checks for service:write on any service`
			`func (m MockAuthorizer) ServiceWriteAny(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// SessionRead checks for permission to read sessions for a given node.`
			`func (m MockAuthorizer) SessionRead(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// SessionWrite checks for permission to create sessions for a given`
			`// node.`
			`func (m MockAuthorizer) SessionWrite(segment string, ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(segment, ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`// Snapshot checks for permission to take and restore snapshots.`
			`func (m MockAuthorizer) Snapshot(ctx AuthorizerContext) EnforcementDecision {`
			`ret := m.Called(ctx)`
			`return ret.Get(0).(EnforcementDecision)`
			`}`

			`func (p *MockAuthorizer) ToAllowAuthorizer() AllowAuthorizer {`
			`return AllowAuthorizer{Authorizer: p}`
			`}`