test: switch test file from assert -> require for consistency
Also in acl_endpoint_test.go: * convert logical blocks in some token tests to subtests * remove use of require.New This removes a lot of noise in a later PR.
This commit is contained in:
R.B. Boyer
parent
dade260753
commit
8e344c0218
|
|
@ -17,8 +17,7 @@ import (
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
"github.com/hashicorp/consul/testutil/retry"
|
"github.com/hashicorp/consul/testutil/retry"
|
||||||
uuid "github.com/hashicorp/go-uuid"
|
uuid "github.com/hashicorp/go-uuid"
|
||||||
"github.com/hashicorp/net-rpc-msgpackrpc"
|
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
|
||||||
"github.com/stretchr/testify/assert"
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -625,7 +624,6 @@ func TestACLEndpoint_ReplicationStatus(t *testing.T) {
|
||||||
|
|
||||||
func TestACLEndpoint_TokenRead(t *testing.T) {
|
func TestACLEndpoint_TokenRead(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -646,8 +644,7 @@ func TestACLEndpoint_TokenRead(t *testing.T) {
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
// exists and matches what we created
|
t.Run("exists and matches what we created", func(t *testing.T) {
|
||||||
{
|
|
||||||
req := structs.ACLTokenGetRequest{
|
req := structs.ACLTokenGetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
TokenID: token.AccessorID,
|
TokenID: token.AccessorID,
|
||||||
|
|
@ -658,17 +655,16 @@ func TestACLEndpoint_TokenRead(t *testing.T) {
|
||||||
resp := structs.ACLTokenResponse{}
|
resp := structs.ACLTokenResponse{}
|
||||||
|
|
||||||
err := acl.TokenRead(&req, &resp)
|
err := acl.TokenRead(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
if !reflect.DeepEqual(resp.Token, token) {
|
if !reflect.DeepEqual(resp.Token, token) {
|
||||||
t.Fatalf("tokens are not equal: %v != %v", resp.Token, token)
|
t.Fatalf("tokens are not equal: %v != %v", resp.Token, token)
|
||||||
}
|
}
|
||||||
}
|
})
|
||||||
|
|
||||||
// nil when token does not exist
|
t.Run("nil when token does not exist", func(t *testing.T) {
|
||||||
{
|
|
||||||
fakeID, err := uuid.GenerateUUID()
|
fakeID, err := uuid.GenerateUUID()
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
req := structs.ACLTokenGetRequest{
|
req := structs.ACLTokenGetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
|
|
@ -680,12 +676,11 @@ func TestACLEndpoint_TokenRead(t *testing.T) {
|
||||||
resp := structs.ACLTokenResponse{}
|
resp := structs.ACLTokenResponse{}
|
||||||
|
|
||||||
err = acl.TokenRead(&req, &resp)
|
err = acl.TokenRead(&req, &resp)
|
||||||
assert.Nil(resp.Token)
|
require.Nil(t, resp.Token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
}
|
})
|
||||||
|
|
||||||
// validates ID format
|
t.Run("validates ID format", func(t *testing.T) {
|
||||||
{
|
|
||||||
req := structs.ACLTokenGetRequest{
|
req := structs.ACLTokenGetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
TokenID: "definitely-really-certainly-not-a-uuid",
|
TokenID: "definitely-really-certainly-not-a-uuid",
|
||||||
|
|
@ -696,14 +691,13 @@ func TestACLEndpoint_TokenRead(t *testing.T) {
|
||||||
resp := structs.ACLTokenResponse{}
|
resp := structs.ACLTokenResponse{}
|
||||||
|
|
||||||
err := acl.TokenRead(&req, &resp)
|
err := acl.TokenRead(&req, &resp)
|
||||||
assert.Nil(resp.Token)
|
require.Nil(t, resp.Token)
|
||||||
assert.EqualError(err, "failed acl token lookup: failed acl token lookup: index error: UUID must be 36 characters")
|
require.EqualError(t, err, "failed acl token lookup: failed acl token lookup: index error: UUID must be 36 characters")
|
||||||
}
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenClone(t *testing.T) {
|
func TestACLEndpoint_TokenClone(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -718,7 +712,7 @@ func TestACLEndpoint_TokenClone(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
t1, err := upsertTestToken(codec, "root", "dc1")
|
t1, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
|
|
@ -731,19 +725,18 @@ func TestACLEndpoint_TokenClone(t *testing.T) {
|
||||||
t2 := structs.ACLToken{}
|
t2 := structs.ACLToken{}
|
||||||
|
|
||||||
err = acl.TokenClone(&req, &t2)
|
err = acl.TokenClone(&req, &t2)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t1.Description, t2.Description)
|
require.Equal(t, t1.Description, t2.Description)
|
||||||
assert.Equal(t1.Policies, t2.Policies)
|
require.Equal(t, t1.Policies, t2.Policies)
|
||||||
assert.Equal(t1.Rules, t2.Rules)
|
require.Equal(t, t1.Rules, t2.Rules)
|
||||||
assert.Equal(t1.Local, t2.Local)
|
require.Equal(t, t1.Local, t2.Local)
|
||||||
assert.NotEqual(t1.AccessorID, t2.AccessorID)
|
require.NotEqual(t, t1.AccessorID, t2.AccessorID)
|
||||||
assert.NotEqual(t1.SecretID, t2.SecretID)
|
require.NotEqual(t, t1.SecretID, t2.SecretID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenSet(t *testing.T) {
|
func TestACLEndpoint_TokenSet(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -760,8 +753,7 @@ func TestACLEndpoint_TokenSet(t *testing.T) {
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
var tokenID string
|
var tokenID string
|
||||||
|
|
||||||
// Create it
|
t.Run("Create it", func(t *testing.T) {
|
||||||
{
|
|
||||||
req := structs.ACLTokenSetRequest{
|
req := structs.ACLTokenSetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
|
|
@ -775,21 +767,21 @@ func TestACLEndpoint_TokenSet(t *testing.T) {
|
||||||
resp := structs.ACLToken{}
|
resp := structs.ACLToken{}
|
||||||
|
|
||||||
err := acl.TokenSet(&req, &resp)
|
err := acl.TokenSet(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Get the token directly to validate that it exists
|
// Get the token directly to validate that it exists
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
token := tokenResp.Token
|
token := tokenResp.Token
|
||||||
|
|
||||||
assert.NotNil(token.AccessorID)
|
require.NotNil(t, token.AccessorID)
|
||||||
assert.Equal(token.Description, "foobar")
|
require.Equal(t, token.Description, "foobar")
|
||||||
assert.Equal(token.AccessorID, resp.AccessorID)
|
require.Equal(t, token.AccessorID, resp.AccessorID)
|
||||||
|
|
||||||
tokenID = token.AccessorID
|
tokenID = token.AccessorID
|
||||||
}
|
})
|
||||||
// Update it
|
|
||||||
{
|
t.Run("Update it", func(t *testing.T) {
|
||||||
req := structs.ACLTokenSetRequest{
|
req := structs.ACLTokenSetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
|
|
@ -802,21 +794,21 @@ func TestACLEndpoint_TokenSet(t *testing.T) {
|
||||||
resp := structs.ACLToken{}
|
resp := structs.ACLToken{}
|
||||||
|
|
||||||
err := acl.TokenSet(&req, &resp)
|
err := acl.TokenSet(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Get the token directly to validate that it exists
|
// Get the token directly to validate that it exists
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
token := tokenResp.Token
|
token := tokenResp.Token
|
||||||
|
|
||||||
assert.NotNil(token.AccessorID)
|
require.NotNil(t, token.AccessorID)
|
||||||
assert.Equal(token.Description, "new-description")
|
require.Equal(t, token.Description, "new-description")
|
||||||
assert.Equal(token.AccessorID, resp.AccessorID)
|
require.Equal(t, token.AccessorID, resp.AccessorID)
|
||||||
}
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenSet_anon(t *testing.T) {
|
func TestACLEndpoint_TokenSet_anon(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -830,7 +822,7 @@ func TestACLEndpoint_TokenSet_anon(t *testing.T) {
|
||||||
|
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
policy, err := upsertTestPolicy(codec, "root", "dc1")
|
policy, err := upsertTestPolicy(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
|
|
@ -849,17 +841,16 @@ func TestACLEndpoint_TokenSet_anon(t *testing.T) {
|
||||||
}
|
}
|
||||||
token := structs.ACLToken{}
|
token := structs.ACLToken{}
|
||||||
err = acl.TokenSet(&tokenUpsertReq, &token)
|
err = acl.TokenSet(&tokenUpsertReq, &token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
assert.NotEmpty(token.SecretID)
|
require.NotEmpty(t, token.SecretID)
|
||||||
|
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID)
|
||||||
assert.Equal(len(tokenResp.Token.Policies), 1)
|
require.Equal(t, len(tokenResp.Token.Policies), 1)
|
||||||
assert.Equal(tokenResp.Token.Policies[0].ID, policy.ID)
|
require.Equal(t, tokenResp.Token.Policies[0].ID, policy.ID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenDelete(t *testing.T) {
|
func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -894,13 +885,12 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
joinWAN(t, s2, s1)
|
joinWAN(t, s2, s1)
|
||||||
|
|
||||||
existingToken, err := upsertTestToken(codec, "root", "dc1")
|
existingToken, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
acl2 := ACL{srv: s2}
|
acl2 := ACL{srv: s2}
|
||||||
|
|
||||||
// deletes a token
|
t.Run("deletes a token", func(t *testing.T) {
|
||||||
{
|
|
||||||
req := structs.ACLTokenDeleteRequest{
|
req := structs.ACLTokenDeleteRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
TokenID: existingToken.AccessorID,
|
TokenID: existingToken.AccessorID,
|
||||||
|
|
@ -910,16 +900,15 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
var resp string
|
var resp string
|
||||||
|
|
||||||
err = acl.TokenDelete(&req, &resp)
|
err = acl.TokenDelete(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Make sure the token is gone
|
// Make sure the token is gone
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID)
|
||||||
assert.Nil(tokenResp.Token)
|
require.Nil(t, tokenResp.Token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
}
|
})
|
||||||
|
|
||||||
// can't delete itself
|
t.Run("can't delete itself", func(t *testing.T) {
|
||||||
{
|
|
||||||
readReq := structs.ACLTokenGetRequest{
|
readReq := structs.ACLTokenGetRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
TokenID: "root",
|
TokenID: "root",
|
||||||
|
|
@ -931,7 +920,7 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
|
|
||||||
err := msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &readReq, &out)
|
err := msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &readReq, &out)
|
||||||
|
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
req := structs.ACLTokenDeleteRequest{
|
req := structs.ACLTokenDeleteRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
|
|
@ -941,13 +930,12 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
|
|
||||||
var resp string
|
var resp string
|
||||||
err = acl.TokenDelete(&req, &resp)
|
err = acl.TokenDelete(&req, &resp)
|
||||||
assert.EqualError(err, "Deletion of the request's authorization token is not permitted")
|
require.EqualError(t, err, "Deletion of the request's authorization token is not permitted")
|
||||||
}
|
})
|
||||||
|
|
||||||
// errors when token doesn't exist
|
t.Run("errors when token doesn't exist", func(t *testing.T) {
|
||||||
{
|
|
||||||
fakeID, err := uuid.GenerateUUID()
|
fakeID, err := uuid.GenerateUUID()
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
req := structs.ACLTokenDeleteRequest{
|
req := structs.ACLTokenDeleteRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
|
|
@ -958,18 +946,17 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
var resp string
|
var resp string
|
||||||
|
|
||||||
err = acl.TokenDelete(&req, &resp)
|
err = acl.TokenDelete(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// token should be nil
|
// token should be nil
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID)
|
||||||
assert.Nil(tokenResp.Token)
|
require.Nil(t, tokenResp.Token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
}
|
})
|
||||||
|
|
||||||
// don't segfault when attempting to delete non existant token in secondary dc
|
t.Run("don't segfault when attempting to delete non existant token in secondary dc", func(t *testing.T) {
|
||||||
{
|
|
||||||
fakeID, err := uuid.GenerateUUID()
|
fakeID, err := uuid.GenerateUUID()
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
req := structs.ACLTokenDeleteRequest{
|
req := structs.ACLTokenDeleteRequest{
|
||||||
Datacenter: "dc2",
|
Datacenter: "dc2",
|
||||||
|
|
@ -982,17 +969,17 @@ func TestACLEndpoint_TokenDelete(t *testing.T) {
|
||||||
waitForNewACLs(t, s2)
|
waitForNewACLs(t, s2)
|
||||||
|
|
||||||
err = acl2.TokenDelete(&req, &resp)
|
err = acl2.TokenDelete(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// token should be nil
|
// token should be nil
|
||||||
tokenResp, err := retrieveTestToken(codec2, "root", "dc1", existingToken.AccessorID)
|
tokenResp, err := retrieveTestToken(codec2, "root", "dc1", existingToken.AccessorID)
|
||||||
assert.Nil(tokenResp.Token)
|
require.Nil(t, tokenResp.Token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
}
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenDelete_anon(t *testing.T) {
|
func TestACLEndpoint_TokenDelete_anon(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1017,16 +1004,15 @@ func TestACLEndpoint_TokenDelete_anon(t *testing.T) {
|
||||||
var resp string
|
var resp string
|
||||||
|
|
||||||
err := acl.TokenDelete(&req, &resp)
|
err := acl.TokenDelete(&req, &resp)
|
||||||
assert.EqualError(err, "Delete operation not permitted on the anonymous token")
|
require.EqualError(t, err, "Delete operation not permitted on the anonymous token")
|
||||||
|
|
||||||
// Make sure the token is still there
|
// Make sure the token is still there
|
||||||
tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID)
|
tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID)
|
||||||
assert.NotNil(tokenResp.Token)
|
require.NotNil(t, tokenResp.Token)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenList(t *testing.T) {
|
func TestACLEndpoint_TokenList(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1041,10 +1027,10 @@ func TestACLEndpoint_TokenList(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
t1, err := upsertTestToken(codec, "root", "dc1")
|
t1, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
t2, err := upsertTestToken(codec, "root", "dc1")
|
t2, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
|
|
@ -1056,7 +1042,7 @@ func TestACLEndpoint_TokenList(t *testing.T) {
|
||||||
resp := structs.ACLTokenListResponse{}
|
resp := structs.ACLTokenListResponse{}
|
||||||
|
|
||||||
err = acl.TokenList(&req, &resp)
|
err = acl.TokenList(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
tokens := []string{t1.AccessorID, t2.AccessorID}
|
tokens := []string{t1.AccessorID, t2.AccessorID}
|
||||||
var retrievedTokens []string
|
var retrievedTokens []string
|
||||||
|
|
@ -1064,12 +1050,11 @@ func TestACLEndpoint_TokenList(t *testing.T) {
|
||||||
for _, v := range resp.Tokens {
|
for _, v := range resp.Tokens {
|
||||||
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
||||||
}
|
}
|
||||||
assert.Subset(retrievedTokens, tokens)
|
require.Subset(t, retrievedTokens, tokens)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_TokenBatchRead(t *testing.T) {
|
func TestACLEndpoint_TokenBatchRead(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1084,10 +1069,10 @@ func TestACLEndpoint_TokenBatchRead(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
t1, err := upsertTestToken(codec, "root", "dc1")
|
t1, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
t2, err := upsertTestToken(codec, "root", "dc1")
|
t2, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
tokens := []string{t1.AccessorID, t2.AccessorID}
|
tokens := []string{t1.AccessorID, t2.AccessorID}
|
||||||
|
|
@ -1101,14 +1086,14 @@ func TestACLEndpoint_TokenBatchRead(t *testing.T) {
|
||||||
resp := structs.ACLTokenBatchResponse{}
|
resp := structs.ACLTokenBatchResponse{}
|
||||||
|
|
||||||
err = acl.TokenBatchRead(&req, &resp)
|
err = acl.TokenBatchRead(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
var retrievedTokens []string
|
var retrievedTokens []string
|
||||||
|
|
||||||
for _, v := range resp.Tokens {
|
for _, v := range resp.Tokens {
|
||||||
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
||||||
}
|
}
|
||||||
assert.EqualValues(retrievedTokens, tokens)
|
require.EqualValues(t, retrievedTokens, tokens)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyRead(t *testing.T) {
|
func TestACLEndpoint_PolicyRead(t *testing.T) {
|
||||||
|
|
@ -1152,7 +1137,6 @@ func TestACLEndpoint_PolicyRead(t *testing.T) {
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyBatchRead(t *testing.T) {
|
func TestACLEndpoint_PolicyBatchRead(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1167,10 +1151,10 @@ func TestACLEndpoint_PolicyBatchRead(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
t1, err := upsertTestToken(codec, "root", "dc1")
|
t1, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
t2, err := upsertTestToken(codec, "root", "dc1")
|
t2, err := upsertTestToken(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
tokens := []string{t1.AccessorID, t2.AccessorID}
|
tokens := []string{t1.AccessorID, t2.AccessorID}
|
||||||
|
|
@ -1184,19 +1168,18 @@ func TestACLEndpoint_PolicyBatchRead(t *testing.T) {
|
||||||
resp := structs.ACLTokenBatchResponse{}
|
resp := structs.ACLTokenBatchResponse{}
|
||||||
|
|
||||||
err = acl.TokenBatchRead(&req, &resp)
|
err = acl.TokenBatchRead(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
var retrievedTokens []string
|
var retrievedTokens []string
|
||||||
|
|
||||||
for _, v := range resp.Tokens {
|
for _, v := range resp.Tokens {
|
||||||
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
retrievedTokens = append(retrievedTokens, v.AccessorID)
|
||||||
}
|
}
|
||||||
assert.EqualValues(retrievedTokens, tokens)
|
require.EqualValues(t, retrievedTokens, tokens)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicySet(t *testing.T) {
|
func TestACLEndpoint_PolicySet(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1227,18 +1210,18 @@ func TestACLEndpoint_PolicySet(t *testing.T) {
|
||||||
resp := structs.ACLPolicy{}
|
resp := structs.ACLPolicy{}
|
||||||
|
|
||||||
err := acl.PolicySet(&req, &resp)
|
err := acl.PolicySet(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
assert.NotNil(resp.ID)
|
require.NotNil(t, resp.ID)
|
||||||
|
|
||||||
// Get the policy directly to validate that it exists
|
// Get the policy directly to validate that it exists
|
||||||
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID)
|
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
policy := policyResp.Policy
|
policy := policyResp.Policy
|
||||||
|
|
||||||
assert.NotNil(policy.ID)
|
require.NotNil(t, policy.ID)
|
||||||
assert.Equal(policy.Description, "foobar")
|
require.Equal(t, policy.Description, "foobar")
|
||||||
assert.Equal(policy.Name, "baz")
|
require.Equal(t, policy.Name, "baz")
|
||||||
assert.Equal(policy.Rules, "service \"\" { policy = \"read\" }")
|
require.Equal(t, policy.Rules, "service \"\" { policy = \"read\" }")
|
||||||
|
|
||||||
policyID = policy.ID
|
policyID = policy.ID
|
||||||
}
|
}
|
||||||
|
|
@ -1258,24 +1241,23 @@ func TestACLEndpoint_PolicySet(t *testing.T) {
|
||||||
resp := structs.ACLPolicy{}
|
resp := structs.ACLPolicy{}
|
||||||
|
|
||||||
err := acl.PolicySet(&req, &resp)
|
err := acl.PolicySet(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
assert.NotNil(resp.ID)
|
require.NotNil(t, resp.ID)
|
||||||
|
|
||||||
// Get the policy directly to validate that it exists
|
// Get the policy directly to validate that it exists
|
||||||
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID)
|
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
policy := policyResp.Policy
|
policy := policyResp.Policy
|
||||||
|
|
||||||
assert.NotNil(policy.ID)
|
require.NotNil(t, policy.ID)
|
||||||
assert.Equal(policy.Description, "bat")
|
require.Equal(t, policy.Description, "bat")
|
||||||
assert.Equal(policy.Name, "bar")
|
require.Equal(t, policy.Name, "bar")
|
||||||
assert.Equal(policy.Rules, "service \"\" { policy = \"write\" }")
|
require.Equal(t, policy.Rules, "service \"\" { policy = \"write\" }")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
|
func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1306,7 +1288,7 @@ func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
|
||||||
resp := structs.ACLPolicy{}
|
resp := structs.ACLPolicy{}
|
||||||
|
|
||||||
err := acl.PolicySet(&req, &resp)
|
err := acl.PolicySet(&req, &resp)
|
||||||
assert.EqualError(err, "Changing the Rules for the builtin global-management policy is not permitted")
|
require.EqualError(t, err, "Changing the Rules for the builtin global-management policy is not permitted")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Can rename it
|
// Can rename it
|
||||||
|
|
@ -1323,22 +1305,21 @@ func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) {
|
||||||
resp := structs.ACLPolicy{}
|
resp := structs.ACLPolicy{}
|
||||||
|
|
||||||
err := acl.PolicySet(&req, &resp)
|
err := acl.PolicySet(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Get the policy again
|
// Get the policy again
|
||||||
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", structs.ACLPolicyGlobalManagementID)
|
policyResp, err := retrieveTestPolicy(codec, "root", "dc1", structs.ACLPolicyGlobalManagementID)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
policy := policyResp.Policy
|
policy := policyResp.Policy
|
||||||
|
|
||||||
assert.Equal(policy.ID, structs.ACLPolicyGlobalManagementID)
|
require.Equal(t, policy.ID, structs.ACLPolicyGlobalManagementID)
|
||||||
assert.Equal(policy.Name, "foobar")
|
require.Equal(t, policy.Name, "foobar")
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyDelete(t *testing.T) {
|
func TestACLEndpoint_PolicyDelete(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1368,16 +1349,15 @@ func TestACLEndpoint_PolicyDelete(t *testing.T) {
|
||||||
var resp string
|
var resp string
|
||||||
|
|
||||||
err = acl.PolicyDelete(&req, &resp)
|
err = acl.PolicyDelete(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Make sure the policy is gone
|
// Make sure the policy is gone
|
||||||
tokenResp, err := retrieveTestPolicy(codec, "root", "dc1", existingPolicy.ID)
|
tokenResp, err := retrieveTestPolicy(codec, "root", "dc1", existingPolicy.ID)
|
||||||
assert.Nil(tokenResp.Policy)
|
require.Nil(t, tokenResp.Policy)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) {
|
func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1402,12 +1382,11 @@ func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) {
|
||||||
|
|
||||||
err := acl.PolicyDelete(&req, &resp)
|
err := acl.PolicyDelete(&req, &resp)
|
||||||
|
|
||||||
assert.EqualError(err, "Delete operation not permitted on the builtin global-management policy")
|
require.EqualError(t, err, "Delete operation not permitted on the builtin global-management policy")
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyList(t *testing.T) {
|
func TestACLEndpoint_PolicyList(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1422,10 +1401,10 @@ func TestACLEndpoint_PolicyList(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
p1, err := upsertTestPolicy(codec, "root", "dc1")
|
p1, err := upsertTestPolicy(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
p2, err := upsertTestPolicy(codec, "root", "dc1")
|
p2, err := upsertTestPolicy(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
|
|
@ -1437,7 +1416,7 @@ func TestACLEndpoint_PolicyList(t *testing.T) {
|
||||||
resp := structs.ACLPolicyListResponse{}
|
resp := structs.ACLPolicyListResponse{}
|
||||||
|
|
||||||
err = acl.PolicyList(&req, &resp)
|
err = acl.PolicyList(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
policies := []string{p1.ID, p2.ID}
|
policies := []string{p1.ID, p2.ID}
|
||||||
var retrievedPolicies []string
|
var retrievedPolicies []string
|
||||||
|
|
@ -1445,12 +1424,11 @@ func TestACLEndpoint_PolicyList(t *testing.T) {
|
||||||
for _, v := range resp.Policies {
|
for _, v := range resp.Policies {
|
||||||
retrievedPolicies = append(retrievedPolicies, v.ID)
|
retrievedPolicies = append(retrievedPolicies, v.ID)
|
||||||
}
|
}
|
||||||
assert.Subset(retrievedPolicies, policies)
|
require.Subset(t, retrievedPolicies, policies)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestACLEndpoint_PolicyResolve(t *testing.T) {
|
func TestACLEndpoint_PolicyResolve(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
assert := assert.New(t)
|
|
||||||
|
|
||||||
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
dir1, s1 := testServerWithConfig(t, func(c *Config) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
|
|
@ -1465,10 +1443,10 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) {
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
p1, err := upsertTestPolicy(codec, "root", "dc1")
|
p1, err := upsertTestPolicy(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
p2, err := upsertTestPolicy(codec, "root", "dc1")
|
p2, err := upsertTestPolicy(codec, "root", "dc1")
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
acl := ACL{srv: s1}
|
acl := ACL{srv: s1}
|
||||||
|
|
||||||
|
|
@ -1491,8 +1469,8 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) {
|
||||||
}
|
}
|
||||||
token := structs.ACLToken{}
|
token := structs.ACLToken{}
|
||||||
err = acl.TokenSet(&tokenUpsertReq, &token)
|
err = acl.TokenSet(&tokenUpsertReq, &token)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
assert.NotEmpty(token.SecretID)
|
require.NotEmpty(t, token.SecretID)
|
||||||
|
|
||||||
resp := structs.ACLPolicyBatchResponse{}
|
resp := structs.ACLPolicyBatchResponse{}
|
||||||
req := structs.ACLPolicyBatchGetRequest{
|
req := structs.ACLPolicyBatchGetRequest{
|
||||||
|
|
@ -1501,14 +1479,14 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) {
|
||||||
QueryOptions: structs.QueryOptions{Token: token.SecretID},
|
QueryOptions: structs.QueryOptions{Token: token.SecretID},
|
||||||
}
|
}
|
||||||
err = acl.PolicyResolve(&req, &resp)
|
err = acl.PolicyResolve(&req, &resp)
|
||||||
assert.NoError(err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
var retrievedPolicies []string
|
var retrievedPolicies []string
|
||||||
|
|
||||||
for _, v := range resp.Policies {
|
for _, v := range resp.Policies {
|
||||||
retrievedPolicies = append(retrievedPolicies, v.ID)
|
retrievedPolicies = append(retrievedPolicies, v.ID)
|
||||||
}
|
}
|
||||||
assert.EqualValues(retrievedPolicies, policies)
|
require.EqualValues(t, retrievedPolicies, policies)
|
||||||
}
|
}
|
||||||
|
|
||||||
// upsertTestToken creates a token for testing purposes
|
// upsertTestToken creates a token for testing purposes
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue