2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2014-08-28 19:42:24 +00:00
|
|
|
package agent
|
|
|
|
|
|
|
|
import (
|
2022-12-14 15:24:22 +00:00
|
|
|
"context"
|
2014-08-28 19:42:24 +00:00
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
|
2021-09-03 18:49:29 +00:00
|
|
|
"github.com/hashicorp/go-uuid"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
2017-08-23 14:52:48 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
2017-07-06 10:34:00 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2019-03-27 12:54:56 +00:00
|
|
|
"github.com/hashicorp/consul/sdk/testutil/retry"
|
2014-08-28 19:42:24 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestValidateUserEventParams(t *testing.T) {
|
2017-05-21 07:54:40 +00:00
|
|
|
t.Parallel()
|
2014-08-28 19:42:24 +00:00
|
|
|
p := &UserEvent{}
|
|
|
|
err := validateUserEventParams(p)
|
|
|
|
if err == nil || err.Error() != "User event missing name" {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
p.Name = "foo"
|
|
|
|
|
|
|
|
p.NodeFilter = "("
|
|
|
|
err = validateUserEventParams(p)
|
|
|
|
if err == nil || !strings.Contains(err.Error(), "Invalid node filter") {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
p.NodeFilter = ""
|
|
|
|
p.ServiceFilter = "("
|
|
|
|
err = validateUserEventParams(p)
|
|
|
|
if err == nil || !strings.Contains(err.Error(), "Invalid service filter") {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
p.ServiceFilter = "foo"
|
|
|
|
p.TagFilter = "("
|
|
|
|
err = validateUserEventParams(p)
|
|
|
|
if err == nil || !strings.Contains(err.Error(), "Invalid tag filter") {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
p.ServiceFilter = ""
|
|
|
|
p.TagFilter = "foo"
|
|
|
|
err = validateUserEventParams(p)
|
|
|
|
if err == nil || !strings.Contains(err.Error(), "tag filter without service") {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestShouldProcessUserEvent(t *testing.T) {
|
2020-12-07 18:42:55 +00:00
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
}
|
|
|
|
|
2017-05-21 07:54:40 +00:00
|
|
|
t.Parallel()
|
2020-03-31 19:59:56 +00:00
|
|
|
a := NewTestAgent(t, "")
|
2017-05-21 07:11:09 +00:00
|
|
|
defer a.Shutdown()
|
2014-08-28 19:42:24 +00:00
|
|
|
|
|
|
|
srv1 := &structs.NodeService{
|
|
|
|
ID: "mysql",
|
|
|
|
Service: "mysql",
|
2020-09-16 18:05:01 +00:00
|
|
|
Tags: []string{"test", "foo", "bar", "primary"},
|
2014-08-28 19:42:24 +00:00
|
|
|
Port: 5000,
|
|
|
|
}
|
2023-01-10 16:24:02 +00:00
|
|
|
a.State.AddServiceWithChecks(srv1, nil, "", false)
|
2014-08-28 19:42:24 +00:00
|
|
|
|
|
|
|
p := &UserEvent{}
|
2017-05-21 07:11:09 +00:00
|
|
|
if !a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bad node name
|
|
|
|
p = &UserEvent{
|
|
|
|
NodeFilter: "foobar",
|
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Good node name
|
|
|
|
p = &UserEvent{
|
|
|
|
NodeFilter: "^Node",
|
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if !a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bad service name
|
|
|
|
p = &UserEvent{
|
|
|
|
ServiceFilter: "foobar",
|
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Good service name
|
|
|
|
p = &UserEvent{
|
|
|
|
ServiceFilter: ".*sql",
|
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if !a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bad tag name
|
|
|
|
p = &UserEvent{
|
|
|
|
ServiceFilter: ".*sql",
|
2020-09-16 18:05:01 +00:00
|
|
|
TagFilter: "replica",
|
2014-08-28 19:42:24 +00:00
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Good service name
|
|
|
|
p = &UserEvent{
|
|
|
|
ServiceFilter: ".*sql",
|
2020-09-16 18:05:01 +00:00
|
|
|
TagFilter: "primary",
|
2014-08-28 19:42:24 +00:00
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
if !a.shouldProcessUserEvent(p) {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestIngestUserEvent(t *testing.T) {
|
2020-12-07 18:42:55 +00:00
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
}
|
|
|
|
|
2017-05-21 07:54:40 +00:00
|
|
|
t.Parallel()
|
2020-03-31 19:59:56 +00:00
|
|
|
a := NewTestAgent(t, "")
|
2017-05-21 07:11:09 +00:00
|
|
|
defer a.Shutdown()
|
2014-08-28 19:42:24 +00:00
|
|
|
|
|
|
|
for i := 0; i < 512; i++ {
|
2014-09-02 21:49:23 +00:00
|
|
|
msg := &UserEvent{LTime: uint64(i), Name: "test"}
|
2017-05-21 07:11:09 +00:00
|
|
|
a.ingestUserEvent(msg)
|
|
|
|
if a.LastUserEvent() != msg {
|
2014-08-28 19:42:24 +00:00
|
|
|
t.Fatalf("bad: %#v", msg)
|
|
|
|
}
|
2017-05-21 07:11:09 +00:00
|
|
|
events := a.UserEvents()
|
2014-08-28 19:42:24 +00:00
|
|
|
|
|
|
|
expectLen := 256
|
|
|
|
if i < 256 {
|
|
|
|
expectLen = i + 1
|
|
|
|
}
|
|
|
|
if len(events) != expectLen {
|
|
|
|
t.Fatalf("bad: %d %d %d", i, expectLen, len(events))
|
|
|
|
}
|
|
|
|
|
|
|
|
counter := i
|
|
|
|
for j := len(events) - 1; j >= 0; j-- {
|
|
|
|
if events[j].LTime != uint64(counter) {
|
|
|
|
t.Fatalf("bad: %#v", events)
|
|
|
|
}
|
|
|
|
counter--
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestFireReceiveEvent(t *testing.T) {
|
2020-12-07 18:42:55 +00:00
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
}
|
|
|
|
|
2017-05-21 07:54:40 +00:00
|
|
|
t.Parallel()
|
2020-03-31 19:59:56 +00:00
|
|
|
a := NewTestAgent(t, "")
|
2017-05-21 07:11:09 +00:00
|
|
|
defer a.Shutdown()
|
2015-06-18 01:58:27 +00:00
|
|
|
|
2014-08-28 19:42:24 +00:00
|
|
|
srv1 := &structs.NodeService{
|
|
|
|
ID: "mysql",
|
|
|
|
Service: "mysql",
|
2020-09-16 18:05:01 +00:00
|
|
|
Tags: []string{"test", "foo", "bar", "primary"},
|
2014-08-28 19:42:24 +00:00
|
|
|
Port: 5000,
|
|
|
|
}
|
2023-01-10 16:24:02 +00:00
|
|
|
a.State.AddServiceWithChecks(srv1, nil, "", false)
|
2014-08-28 19:42:24 +00:00
|
|
|
|
|
|
|
p1 := &UserEvent{Name: "deploy", ServiceFilter: "web"}
|
2017-05-21 07:11:09 +00:00
|
|
|
err := a.UserEvent("dc1", "root", p1)
|
2014-08-28 19:42:24 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
p2 := &UserEvent{Name: "deploy"}
|
2017-05-21 07:11:09 +00:00
|
|
|
err = a.UserEvent("dc1", "root", p2)
|
2014-08-28 19:42:24 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2017-05-04 22:52:53 +00:00
|
|
|
retry.Run(t, func(r *retry.R) {
|
2017-05-21 07:11:09 +00:00
|
|
|
if got, want := len(a.UserEvents()), 1; got != want {
|
2017-04-29 16:34:02 +00:00
|
|
|
r.Fatalf("got %d events want %d", got, want)
|
|
|
|
}
|
|
|
|
})
|
2014-08-28 19:42:24 +00:00
|
|
|
|
2017-05-21 07:11:09 +00:00
|
|
|
last := a.LastUserEvent()
|
2014-08-28 19:42:24 +00:00
|
|
|
if last.ID != p2.ID {
|
|
|
|
t.Fatalf("bad: %#v", last)
|
|
|
|
}
|
|
|
|
}
|
2015-06-18 01:58:27 +00:00
|
|
|
|
|
|
|
func TestUserEventToken(t *testing.T) {
|
2020-12-07 18:42:55 +00:00
|
|
|
if testing.Short() {
|
|
|
|
t.Skip("too slow for testing.Short")
|
|
|
|
}
|
|
|
|
|
2017-05-21 07:54:40 +00:00
|
|
|
t.Parallel()
|
2020-03-31 19:59:56 +00:00
|
|
|
a := NewTestAgent(t, TestACLConfig()+`
|
2017-09-25 18:40:42 +00:00
|
|
|
acl_default_policy = "deny"
|
|
|
|
`)
|
2017-05-21 07:11:09 +00:00
|
|
|
defer a.Shutdown()
|
2015-06-18 01:58:27 +00:00
|
|
|
|
2021-09-03 18:49:29 +00:00
|
|
|
token := createToken(t, a, testEventPolicy)
|
2015-06-18 01:58:27 +00:00
|
|
|
|
|
|
|
type tcase struct {
|
|
|
|
name string
|
|
|
|
expect bool
|
|
|
|
}
|
|
|
|
cases := []tcase{
|
|
|
|
{"foo", false},
|
|
|
|
{"bar", false},
|
|
|
|
{"baz", true},
|
|
|
|
{"zip", false},
|
|
|
|
}
|
|
|
|
for _, c := range cases {
|
|
|
|
event := &UserEvent{Name: c.name}
|
2017-05-21 07:11:09 +00:00
|
|
|
err := a.UserEvent("dc1", token, event)
|
2017-08-23 14:52:48 +00:00
|
|
|
allowed := !acl.IsErrPermissionDenied(err)
|
2015-06-18 01:58:27 +00:00
|
|
|
if allowed != c.expect {
|
|
|
|
t.Fatalf("bad: %#v result: %v", c, allowed)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-09-03 18:49:29 +00:00
|
|
|
type RPC interface {
|
2022-12-14 15:24:22 +00:00
|
|
|
RPC(ctx context.Context, method string, args interface{}, reply interface{}) error
|
2021-09-03 18:49:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func createToken(t *testing.T, rpc RPC, policyRules string) string {
|
|
|
|
t.Helper()
|
|
|
|
|
|
|
|
reqPolicy := structs.ACLPolicySetRequest{
|
|
|
|
Datacenter: "dc1",
|
|
|
|
Policy: structs.ACLPolicy{
|
|
|
|
Name: "the-policy",
|
|
|
|
Rules: policyRules,
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
2022-12-14 15:24:22 +00:00
|
|
|
err := rpc.RPC(context.Background(), "ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{})
|
2021-09-03 18:49:29 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
token, err := uuid.GenerateUUID()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
reqToken := structs.ACLTokenSetRequest{
|
|
|
|
Datacenter: "dc1",
|
|
|
|
ACLToken: structs.ACLToken{
|
|
|
|
SecretID: token,
|
|
|
|
Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}},
|
|
|
|
},
|
|
|
|
WriteRequest: structs.WriteRequest{Token: "root"},
|
|
|
|
}
|
2022-12-14 15:24:22 +00:00
|
|
|
err = rpc.RPC(context.Background(), "ACL.TokenSet", &reqToken, &structs.ACLToken{})
|
2021-09-03 18:49:29 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
return token
|
|
|
|
}
|
|
|
|
|
2015-06-18 01:58:27 +00:00
|
|
|
const testEventPolicy = `
|
|
|
|
event "foo" {
|
|
|
|
policy = "deny"
|
|
|
|
}
|
|
|
|
event "bar" {
|
|
|
|
policy = "read"
|
|
|
|
}
|
|
|
|
event "baz" {
|
|
|
|
policy = "write"
|
|
|
|
}
|
|
|
|
`
|