acl: made acl rules in tests slightly more specific
When converting these tests from the legacy ACL system to the new RPC endpoints I initially changed most things to use _prefix rules, because that was equivalent to the old legacy rules. This commit modifies a few of those rules to be a bit more specific by replacing the _prefix rule with a non-prefix one where possible.
This commit is contained in:
Daniel Nephin
parent
ab91d254a3
commit
2ce64e2837
|
|
@ -2413,10 +2413,15 @@ func TestCatalog_ListServiceNodes_ConnectProxy_ACL(t *testing.T) {
|
|||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foo-proxy" {
|
||||
policy = "write"
|
||||
}
|
||||
node_prefix "" { policy = "read" }
|
||||
service "foo" {
|
||||
policy = "write"
|
||||
}
|
||||
node "foo" {
|
||||
policy = "read"
|
||||
}
|
||||
`
|
||||
token := createToken(t, codec, rules)
|
||||
|
||||
|
|
@ -2694,7 +2699,7 @@ func testACLFilterServer(t *testing.T) (dir, token string, srv *Server, codec rp
|
|||
testrpc.WaitForTestAgent(t, srv.RPC, "dc1", testrpc.WithToken("root"))
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foo" {
|
||||
policy = "write"
|
||||
}
|
||||
node_prefix "" {
|
||||
|
|
@ -2861,7 +2866,7 @@ func TestCatalog_NodeServices_ACLDeny(t *testing.T) {
|
|||
}
|
||||
|
||||
rules := fmt.Sprintf(`
|
||||
node_prefix "%s" {
|
||||
node "%s" {
|
||||
policy = "read"
|
||||
}
|
||||
`, s1.config.NodeName)
|
||||
|
|
|
|||
|
|
@ -994,10 +994,13 @@ func TestHealth_ServiceNodes_ConnectProxy_ACL(t *testing.T) {
|
|||
testrpc.WaitForLeader(t, s1.RPC, "dc1", testrpc.WithToken("root"))
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foo" {
|
||||
policy = "write"
|
||||
}
|
||||
node_prefix "foo" {
|
||||
service "foo-proxy" {
|
||||
policy = "write"
|
||||
}
|
||||
node "foo" {
|
||||
policy = "write"
|
||||
}
|
||||
`
|
||||
|
|
|
|||
|
|
@ -878,7 +878,7 @@ func TestIntentionApply_aclDeny(t *testing.T) {
|
|||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foobar" {
|
||||
policy = "deny"
|
||||
intentions = "write"
|
||||
}`
|
||||
|
|
@ -1268,7 +1268,7 @@ func TestIntentionApply_aclDelete(t *testing.T) {
|
|||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foobar" {
|
||||
policy = "deny"
|
||||
intentions = "write"
|
||||
}`
|
||||
|
|
@ -1334,7 +1334,7 @@ func TestIntentionApply_aclUpdate(t *testing.T) {
|
|||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foobar" {
|
||||
policy = "deny"
|
||||
intentions = "write"
|
||||
}`
|
||||
|
|
@ -1433,7 +1433,7 @@ func TestIntentionApply_aclUpdateChange(t *testing.T) {
|
|||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
rules := `
|
||||
service_prefix "foo" {
|
||||
service "foobar" {
|
||||
policy = "deny"
|
||||
intentions = "write"
|
||||
}`
|
||||
|
|
@ -1959,7 +1959,7 @@ func TestIntentionCheck_aclDeny(t *testing.T) {
|
|||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
rules := `
|
||||
service_prefix "bar" {
|
||||
service "bar" {
|
||||
policy = "read"
|
||||
}`
|
||||
token := createToken(t, codec, rules)
|
||||
|
|
|
|||
Loading…
Reference in New Issue