291 lines
6.0 KiB
Go
291 lines
6.0 KiB
Go
package state
|
|
|
|
import (
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/structs"
|
|
"github.com/hashicorp/go-memdb"
|
|
)
|
|
|
|
func TestStateStore_ACLSet_ACLGet(t *testing.T) {
|
|
s := testStateStore(t)
|
|
|
|
// Querying ACLs with no results returns nil
|
|
ws := memdb.NewWatchSet()
|
|
idx, res, err := s.ACLGet(ws, "nope")
|
|
if idx != 0 || res != nil || err != nil {
|
|
t.Fatalf("expected (0, nil, nil), got: (%d, %#v, %#v)", idx, res, err)
|
|
}
|
|
|
|
// Inserting an ACL with empty ID is disallowed
|
|
if err := s.ACLSet(1, &structs.ACL{}); err == nil {
|
|
t.Fatalf("expected %#v, got: %#v", ErrMissingACLID, err)
|
|
}
|
|
if watchFired(ws) {
|
|
t.Fatalf("bad")
|
|
}
|
|
|
|
// Index is not updated if nothing is saved
|
|
if idx := s.maxIndex("acls"); idx != 0 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
// Inserting valid ACL works
|
|
acl := &structs.ACL{
|
|
ID: "acl1",
|
|
Name: "First ACL",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules1",
|
|
}
|
|
if err := s.ACLSet(1, acl); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if !watchFired(ws) {
|
|
t.Fatalf("bad")
|
|
}
|
|
|
|
// Check that the index was updated
|
|
if idx := s.maxIndex("acls"); idx != 1 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
// Retrieve the ACL again
|
|
ws = memdb.NewWatchSet()
|
|
idx, result, err := s.ACLGet(ws, "acl1")
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if idx != 1 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
// Check that the ACL matches the result
|
|
expect := &structs.ACL{
|
|
ID: "acl1",
|
|
Name: "First ACL",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules1",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 1,
|
|
},
|
|
}
|
|
if !reflect.DeepEqual(result, expect) {
|
|
t.Fatalf("bad: %#v", result)
|
|
}
|
|
|
|
// Update the ACL
|
|
acl = &structs.ACL{
|
|
ID: "acl1",
|
|
Name: "First ACL",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules2",
|
|
}
|
|
if err := s.ACLSet(2, acl); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if !watchFired(ws) {
|
|
t.Fatalf("bad")
|
|
}
|
|
|
|
// Index was updated
|
|
if idx := s.maxIndex("acls"); idx != 2 {
|
|
t.Fatalf("bad: %d", idx)
|
|
}
|
|
|
|
// ACL was updated and matches expected value
|
|
expect = &structs.ACL{
|
|
ID: "acl1",
|
|
Name: "First ACL",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules2",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 2,
|
|
},
|
|
}
|
|
if !reflect.DeepEqual(acl, expect) {
|
|
t.Fatalf("bad: %#v", acl)
|
|
}
|
|
}
|
|
|
|
func TestStateStore_ACLList(t *testing.T) {
|
|
s := testStateStore(t)
|
|
|
|
// Listing when no ACLs exist returns nil
|
|
ws := memdb.NewWatchSet()
|
|
idx, res, err := s.ACLList(ws)
|
|
if idx != 0 || res != nil || err != nil {
|
|
t.Fatalf("expected (0, nil, nil), got: (%d, %#v, %#v)", idx, res, err)
|
|
}
|
|
|
|
// Insert some ACLs
|
|
acls := structs.ACLs{
|
|
&structs.ACL{
|
|
ID: "acl1",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules1",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 1,
|
|
},
|
|
},
|
|
&structs.ACL{
|
|
ID: "acl2",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules2",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 2,
|
|
ModifyIndex: 2,
|
|
},
|
|
},
|
|
}
|
|
for _, acl := range acls {
|
|
if err := s.ACLSet(acl.ModifyIndex, acl); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
}
|
|
if !watchFired(ws) {
|
|
t.Fatalf("bad")
|
|
}
|
|
|
|
// Query the ACLs
|
|
idx, res, err = s.ACLList(nil)
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if idx != 2 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
// Check that the result matches
|
|
if !reflect.DeepEqual(res, acls) {
|
|
t.Fatalf("bad: %#v", res)
|
|
}
|
|
}
|
|
|
|
func TestStateStore_ACLDelete(t *testing.T) {
|
|
s := testStateStore(t)
|
|
|
|
// Calling delete on an ACL which doesn't exist returns nil
|
|
if err := s.ACLDelete(1, "nope"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Index isn't updated if nothing is deleted
|
|
if idx := s.maxIndex("acls"); idx != 0 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
// Insert an ACL
|
|
if err := s.ACLSet(1, &structs.ACL{ID: "acl1"}); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Delete the ACL and check that the index was updated
|
|
if err := s.ACLDelete(2, "acl1"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if idx := s.maxIndex("acls"); idx != 2 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
|
|
tx := s.db.Txn(false)
|
|
defer tx.Abort()
|
|
|
|
// Check that the ACL was really deleted
|
|
result, err := tx.First("acls", "id", "acl1")
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if result != nil {
|
|
t.Fatalf("expected nil, got: %#v", result)
|
|
}
|
|
}
|
|
|
|
func TestStateStore_ACL_Snapshot_Restore(t *testing.T) {
|
|
s := testStateStore(t)
|
|
|
|
// Insert some ACLs.
|
|
acls := structs.ACLs{
|
|
&structs.ACL{
|
|
ID: "acl1",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules1",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 1,
|
|
},
|
|
},
|
|
&structs.ACL{
|
|
ID: "acl2",
|
|
Type: structs.ACLTypeClient,
|
|
Rules: "rules2",
|
|
RaftIndex: structs.RaftIndex{
|
|
CreateIndex: 2,
|
|
ModifyIndex: 2,
|
|
},
|
|
},
|
|
}
|
|
for _, acl := range acls {
|
|
if err := s.ACLSet(acl.ModifyIndex, acl); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
}
|
|
|
|
// Snapshot the ACLs.
|
|
snap := s.Snapshot()
|
|
defer snap.Close()
|
|
|
|
// Alter the real state store.
|
|
if err := s.ACLDelete(3, "acl1"); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
|
|
// Verify the snapshot.
|
|
if idx := snap.LastIndex(); idx != 2 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
iter, err := snap.ACLs()
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
var dump structs.ACLs
|
|
for acl := iter.Next(); acl != nil; acl = iter.Next() {
|
|
dump = append(dump, acl.(*structs.ACL))
|
|
}
|
|
if !reflect.DeepEqual(dump, acls) {
|
|
t.Fatalf("bad: %#v", dump)
|
|
}
|
|
|
|
// Restore the values into a new state store.
|
|
func() {
|
|
s := testStateStore(t)
|
|
restore := s.Restore()
|
|
for _, acl := range dump {
|
|
if err := restore.ACL(acl); err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
}
|
|
restore.Commit()
|
|
|
|
// Read the restored ACLs back out and verify that they match.
|
|
idx, res, err := s.ACLList(nil)
|
|
if err != nil {
|
|
t.Fatalf("err: %s", err)
|
|
}
|
|
if idx != 2 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
if !reflect.DeepEqual(res, acls) {
|
|
t.Fatalf("bad: %#v", res)
|
|
}
|
|
|
|
// Check that the index was updated.
|
|
if idx := s.maxIndex("acls"); idx != 2 {
|
|
t.Fatalf("bad index: %d", idx)
|
|
}
|
|
}()
|
|
}
|