open-consul/command/acl/token/clone/token_clone_test.go

package tokenclone

import (
	"os"
	"regexp"
	"strconv"
	"strings"
	"testing"

	"github.com/hashicorp/consul/agent"
	"github.com/hashicorp/consul/api"
	"github.com/hashicorp/consul/sdk/testutil"
	"github.com/hashicorp/consul/testrpc"
	"github.com/mitchellh/cli"
	"github.com/stretchr/testify/require"
)

func parseCloneOutput(t *testing.T, output string) *api.ACLToken {
	// This will only work for non-legacy tokens
	re := regexp.MustCompile("Token cloned successfully.\n" +
		"AccessorID:       ([a-zA-Z0-9\\-]{36})\n" +
		"SecretID:         ([a-zA-Z0-9\\-]{36})\n" +
		"(?:Namespace:        default\n)?" +
		"Description:      ([^\n]*)\n" +
		"Local:            (true|false)\n" +
		"Create Time:      ([^\n]+)\n" +
		"Policies:\n" +
		"(   [a-zA-Z0-9\\-]{36} - [^\n]+\n)*")

	submatches := re.FindStringSubmatch(output)
	require.Lenf(t, submatches, 7, "Didn't match: %q", output)

	local, err := strconv.ParseBool(submatches[4])
	require.NoError(t, err)

	token := &api.ACLToken{
		AccessorID:  submatches[1],
		SecretID:    submatches[2],
		Description: submatches[3],
		Local:       local,
	}

	if len(submatches[6]) > 0 {
		policyRe := regexp.MustCompile("   ([a-zA-Z0-9\\-]{36}) - ([^\n]+)")
		for _, m := range policyRe.FindAllStringSubmatch(submatches[6], -1) {
			token.Policies = append(token.Policies, &api.ACLTokenPolicyLink{ID: m[1], Name: m[2]})
		}
	}

	return token
}

func TestTokenCloneCommand_noTabs(t *testing.T) {
	t.Parallel()

	if strings.ContainsRune(New(cli.NewMockUi()).Help(), '\t') {
		t.Fatal("help has tabs")
	}
}

func TestTokenCloneCommand(t *testing.T) {
	t.Parallel()
	req := require.New(t)

	testDir := testutil.TempDir(t, "acl")
	defer os.RemoveAll(testDir)

	a := agent.NewTestAgent(t, t.Name(), `
   primary_datacenter = "dc1"
   acl {
      enabled = true
      tokens {
         master = "root"
      }
   }`)

	defer a.Shutdown()
	testrpc.WaitForLeader(t, a.RPC, "dc1")

	// Create a policy
	client := a.Client()

	_, _, err := client.ACL().PolicyCreate(
		&api.ACLPolicy{Name: "test-policy"},
		&api.WriteOptions{Token: "root"},
	)
	req.NoError(err)

	// create a token
	token, _, err := client.ACL().TokenCreate(
		&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{&api.ACLTokenPolicyLink{Name: "test-policy"}}},
		&api.WriteOptions{Token: "root"},
	)
	req.NoError(err)

	// clone with description
	t.Run("Description", func(t *testing.T) {
		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-id=" + token.AccessorID,
			"-token=root",
			"-description=test cloned",
		}

		code := cmd.Run(args)
		req.Empty(ui.ErrorWriter.String())
		req.Equal(code, 0)

		cloned := parseCloneOutput(t, ui.OutputWriter.String())

		req.Equal("test cloned", cloned.Description)
		req.Len(cloned.Policies, 1)

		apiToken, _, err := client.ACL().TokenRead(
			cloned.AccessorID,
			&api.QueryOptions{Token: "root"},
		)

		req.NoError(err)
		req.NotNil(apiToken)

		req.Equal(cloned.AccessorID, apiToken.AccessorID)
		req.Equal(cloned.SecretID, apiToken.SecretID)
		req.Equal(cloned.Description, apiToken.Description)
		req.Equal(cloned.Local, apiToken.Local)
		req.Equal(cloned.Policies, apiToken.Policies)
	})

	// clone without description
	t.Run("Without Description", func(t *testing.T) {
		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-id=" + token.AccessorID,
			"-token=root",
		}

		code := cmd.Run(args)
		req.Equal(code, 0)
		req.Empty(ui.ErrorWriter.String())

		cloned := parseCloneOutput(t, ui.OutputWriter.String())

		req.Equal("test", cloned.Description)
		req.Len(cloned.Policies, 1)

		apiToken, _, err := client.ACL().TokenRead(
			cloned.AccessorID,
			&api.QueryOptions{Token: "root"},
		)

		req.NoError(err)
		req.NotNil(apiToken)

		req.Equal(cloned.AccessorID, apiToken.AccessorID)
		req.Equal(cloned.SecretID, apiToken.SecretID)
		req.Equal(cloned.Description, apiToken.Description)
		req.Equal(cloned.Local, apiToken.Local)
		req.Equal(cloned.Policies, apiToken.Policies)
	})
}
Implement CLI token cloning & special ID handling (#4827) * Implement CLI token cloning & special ID handling * Update a couple CLI commands to take some alternative options. * Document the CLI. * Update the policy list and set-agent-token synopsis 2018-10-24 14:24:29 +00:00			`package tokenclone`

			`import (`
			`"os"`
			`"regexp"`
			`"strconv"`
			`"strings"`
			`"testing"`

			`"github.com/hashicorp/consul/agent"`
			`"github.com/hashicorp/consul/api"`
Move internal/ to sdk/ (#5568) * Move internal/ to sdk/ * Add a readme to the SDK folder 2019-03-27 12:54:56 +00:00			`"github.com/hashicorp/consul/sdk/testutil"`
Add fmt and vet (#5671) * add go fmt and vet * go fmt fixes 2019-04-25 16:26:33 +00:00			`"github.com/hashicorp/consul/testrpc"`
Implement CLI token cloning & special ID handling (#4827) * Implement CLI token cloning & special ID handling * Update a couple CLI commands to take some alternative options. * Document the CLI. * Update the policy list and set-agent-token synopsis 2018-10-24 14:24:29 +00:00			`"github.com/mitchellh/cli"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func parseCloneOutput(t testing.T, output string) api.ACLToken {`
			`// This will only work for non-legacy tokens`
			`re := regexp.MustCompile("Token cloned successfully.\n" +`
acl: tokens can be created with an optional expiration time (#5353) 2019-04-08 17:05:51 +00:00			`"AccessorID: ([a-zA-Z0-9\\-]{36})\n" +`
			`"SecretID: ([a-zA-Z0-9\\-]{36})\n" +`
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields 2019-12-06 16:14:56 +00:00			`"(?:Namespace: default\n)?" +`
acl: tokens can be created with an optional expiration time (#5353) 2019-04-08 17:05:51 +00:00			`"Description: ([^\n]*)\n" +`
			`"Local: (true\|false)\n" +`
			`"Create Time: ([^\n]+)\n" +`
Implement CLI token cloning & special ID handling (#4827) * Implement CLI token cloning & special ID handling * Update a couple CLI commands to take some alternative options. * Document the CLI. * Update the policy list and set-agent-token synopsis 2018-10-24 14:24:29 +00:00			`"Policies:\n" +`
			`"( [a-zA-Z0-9\\-]{36} - [^\n]+\n)*")`

			`submatches := re.FindStringSubmatch(output)`
			`require.Lenf(t, submatches, 7, "Didn't match: %q", output)`

			`local, err := strconv.ParseBool(submatches[4])`
			`require.NoError(t, err)`

			`token := &api.ACLToken{`
			`AccessorID: submatches[1],`
			`SecretID: submatches[2],`
			`Description: submatches[3],`
			`Local: local,`
			`}`

			`if len(submatches[6]) > 0 {`
			`policyRe := regexp.MustCompile(" ([a-zA-Z0-9\\-]{36}) - ([^\n]+)")`
			`for _, m := range policyRe.FindAllStringSubmatch(submatches[6], -1) {`
			`token.Policies = append(token.Policies, &api.ACLTokenPolicyLink{ID: m[1], Name: m[2]})`
			`}`
			`}`

			`return token`
			`}`

			`func TestTokenCloneCommand_noTabs(t *testing.T) {`
			`t.Parallel()`

			`if strings.ContainsRune(New(cli.NewMockUi()).Help(), '\t') {`
			`t.Fatal("help has tabs")`
			`}`
			`}`

			`func TestTokenCloneCommand(t *testing.T) {`
			`t.Parallel()`
			`req := require.New(t)`

			`testDir := testutil.TempDir(t, "acl")`
			`defer os.RemoveAll(testDir)`

Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) This way we can avoid unnecessary panics which cause other tests not to run. This doesn't remove all the possibilities for panics causing other tests not to run, it just fixes the TestAgent 2019-02-14 15:59:14 +00:00			a := agent.NewTestAgent(t, t.Name(), `
Implement CLI token cloning & special ID handling (#4827) * Implement CLI token cloning & special ID handling * Update a couple CLI commands to take some alternative options. * Document the CLI. * Update the policy list and set-agent-token synopsis 2018-10-24 14:24:29 +00:00			`primary_datacenter = "dc1"`
			`acl {`
			`enabled = true`
			`tokens {`
			`master = "root"`
			`}`
			}`)

			`defer a.Shutdown()`
			`testrpc.WaitForLeader(t, a.RPC, "dc1")`

			`// Create a policy`
			`client := a.Client()`

			`_, _, err := client.ACL().PolicyCreate(`
			`&api.ACLPolicy{Name: "test-policy"},`
			`&api.WriteOptions{Token: "root"},`
			`)`
			`req.NoError(err)`

			`// create a token`
			`token, _, err := client.ACL().TokenCreate(`
			`&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{&api.ACLTokenPolicyLink{Name: "test-policy"}}},`
			`&api.WriteOptions{Token: "root"},`
			`)`
			`req.NoError(err)`

			`// clone with description`
			`t.Run("Description", func(t *testing.T) {`
			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-id=" + token.AccessorID,`
			`"-token=root",`
			`"-description=test cloned",`
			`}`

			`code := cmd.Run(args)`
			`req.Empty(ui.ErrorWriter.String())`
			`req.Equal(code, 0)`

			`cloned := parseCloneOutput(t, ui.OutputWriter.String())`

			`req.Equal("test cloned", cloned.Description)`
			`req.Len(cloned.Policies, 1)`

			`apiToken, _, err := client.ACL().TokenRead(`
			`cloned.AccessorID,`
			`&api.QueryOptions{Token: "root"},`
			`)`

			`req.NoError(err)`
			`req.NotNil(apiToken)`

			`req.Equal(cloned.AccessorID, apiToken.AccessorID)`
			`req.Equal(cloned.SecretID, apiToken.SecretID)`
			`req.Equal(cloned.Description, apiToken.Description)`
			`req.Equal(cloned.Local, apiToken.Local)`
			`req.Equal(cloned.Policies, apiToken.Policies)`
			`})`

			`// clone without description`
			`t.Run("Without Description", func(t *testing.T) {`
			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-id=" + token.AccessorID,`
			`"-token=root",`
			`}`

			`code := cmd.Run(args)`
			`req.Equal(code, 0)`
			`req.Empty(ui.ErrorWriter.String())`

			`cloned := parseCloneOutput(t, ui.OutputWriter.String())`

			`req.Equal("test", cloned.Description)`
			`req.Len(cloned.Policies, 1)`

			`apiToken, _, err := client.ACL().TokenRead(`
			`cloned.AccessorID,`
			`&api.QueryOptions{Token: "root"},`
			`)`

			`req.NoError(err)`
			`req.NotNil(apiToken)`

			`req.Equal(cloned.AccessorID, apiToken.AccessorID)`
			`req.Equal(cloned.SecretID, apiToken.SecretID)`
			`req.Equal(cloned.Description, apiToken.Description)`
			`req.Equal(cloned.Local, apiToken.Local)`
			`req.Equal(cloned.Policies, apiToken.Policies)`
			`})`
			`}`