open-nomad/command/acl_bootstrap_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package command

import (
	"os"
	"testing"

	"github.com/hashicorp/nomad/ci"
	"github.com/hashicorp/nomad/command/agent"
	"github.com/hashicorp/nomad/nomad/mock"
	"github.com/mitchellh/cli"
	"github.com/shoenig/test/must"
	"github.com/stretchr/testify/require"
)

func TestACLBootstrapCommand(t *testing.T) {
	ci.Parallel(t)

	// create a acl-enabled server without bootstrapping the token
	config := func(c *agent.Config) {
		c.ACL.Enabled = true
		c.ACL.PolicyTTL = 0
	}

	srv, _, url := testServer(t, true, config)
	defer srv.Shutdown()

	must.Nil(t, srv.RootToken)

	ui := cli.NewMockUi()
	cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	code := cmd.Run([]string{"-address=" + url})
	must.Zero(t, code)

	out := ui.OutputWriter.String()
	must.StrContains(t, out, "Secret ID")
	require.Contains(t, out, "Expiry Time  = <none>")
}

// If a bootstrap token has already been created, attempts to create more should
// fail.
func TestACLBootstrapCommand_ExistingBootstrapToken(t *testing.T) {
	ci.Parallel(t)

	config := func(c *agent.Config) {
		c.ACL.Enabled = true
	}

	srv, _, url := testServer(t, true, config)
	defer srv.Shutdown()

	must.NotNil(t, srv.RootToken)

	ui := cli.NewMockUi()
	cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	code := cmd.Run([]string{"-address=" + url})
	must.One(t, code)

	out := ui.OutputWriter.String()
	must.StrNotContains(t, out, "Secret ID")
}

// Attempting to bootstrap a token on a non-ACL enabled server should fail.
func TestACLBootstrapCommand_NonACLServer(t *testing.T) {
	ci.Parallel(t)

	srv, _, url := testServer(t, true, nil)
	defer srv.Shutdown()

	ui := cli.NewMockUi()
	cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	code := cmd.Run([]string{"-address=" + url})
	must.One(t, code)

	out := ui.OutputWriter.String()
	must.StrNotContains(t, out, "Secret ID")
}

// Attempting to bootstrap the server with an operator provided token in a file should
// return the same token in the result.
func TestACLBootstrapCommand_WithOperatorFileBootstrapToken(t *testing.T) {
	ci.Parallel(t)
	// create a acl-enabled server without bootstrapping the token
	config := func(c *agent.Config) {
		c.ACL.Enabled = true
		c.ACL.PolicyTTL = 0
	}

	// create a valid token
	mockToken := mock.ACLToken()

	// Create temp file
	file, rm := getTempFile(t, "nomad-token.token")
	t.Cleanup(rm)

	// Write the token to the file
	err := os.WriteFile(file, []byte(mockToken.SecretID), 0700)
	must.NoError(t, err)

	srv, _, url := testServer(t, true, config)
	defer srv.Shutdown()

	must.Nil(t, srv.RootToken)

	ui := cli.NewMockUi()
	cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	code := cmd.Run([]string{"-address=" + url, file})
	must.Zero(t, code)

	out := ui.OutputWriter.String()
	must.StrContains(t, out, mockToken.SecretID)
	require.Contains(t, out, "Expiry Time  = <none>")
}

// Attempting to bootstrap the server with an invalid operator provided token in a file should
// fail.
func TestACLBootstrapCommand_WithBadOperatorFileBootstrapToken(t *testing.T) {
	ci.Parallel(t)

	// create a acl-enabled server without bootstrapping the token
	config := func(c *agent.Config) {
		c.ACL.Enabled = true
		c.ACL.PolicyTTL = 0
	}

	// create a invalid token
	invalidToken := "invalid-token"

	// Create temp file
	file, cleanup := getTempFile(t, "nomad-token.token")
	t.Cleanup(cleanup)

	// Write the token to the file
	err := os.WriteFile(file, []byte(invalidToken), 0700)
	must.NoError(t, err)

	srv, _, url := testServer(t, true, config)
	defer srv.Shutdown()

	must.Nil(t, srv.RootToken)

	ui := cli.NewMockUi()
	cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	code := cmd.Run([]string{"-address=" + url, file})
	must.One(t, code)

	out := ui.OutputWriter.String()
	must.StrNotContains(t, out, invalidToken)
}
[COMPLIANCE] Add Copyright and License Headers 2023-04-10 15:36:59 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

command: Add ACL bootstrap command 2017-09-11 17:46:17 +00:00			`package command`

			`import (`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00			`"os"`
command: Add ACL bootstrap command 2017-09-11 17:46:17 +00:00			`"testing"`

ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`"github.com/hashicorp/nomad/ci"`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00			`"github.com/hashicorp/nomad/command/agent"`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00			`"github.com/hashicorp/nomad/nomad/mock"`
command: Add ACL bootstrap command 2017-09-11 17:46:17 +00:00			`"github.com/mitchellh/cli"`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`"github.com/shoenig/test/must"`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00			`"github.com/stretchr/testify/require"`
command: Add ACL bootstrap command 2017-09-11 17:46:17 +00:00			`)`

add failure test cases 2017-10-25 18:08:15 +00:00			`func TestACLBootstrapCommand(t *testing.T) {`
ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`ci.Parallel(t)`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00
			`// create a acl-enabled server without bootstrapping the token`
			`config := func(c *agent.Config) {`
			`c.ACL.Enabled = true`
			`c.ACL.PolicyTTL = 0`
			`}`

			`srv, _, url := testServer(t, true, config)`
tests: do not return error from testagent shutdown (#15595) 2022-12-21 14:23:58 +00:00			`defer srv.Shutdown()`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.Nil(t, srv.RootToken)`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00
cli: move tests to use NewMockUi func. 2020-10-05 14:07:41 +00:00			`ui := cli.NewMockUi()`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00			`cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

			`code := cmd.Run([]string{"-address=" + url})`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.Zero(t, code)`
add command test for acl bootstrap 2017-10-24 17:37:03 +00:00
			`out := ui.OutputWriter.String()`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.StrContains(t, out, "Secret ID")`
cli: output none when a token has no expiration. 2022-08-24 14:14:49 +00:00			`require.Contains(t, out, "Expiry Time = <none>")`
command: Add ACL bootstrap command 2017-09-11 17:46:17 +00:00			`}`
add failure test cases 2017-10-25 18:08:15 +00:00
spelling: bootstrap 2018-03-11 17:43:19 +00:00			`// If a bootstrap token has already been created, attempts to create more should`
add failure test cases 2017-10-25 18:08:15 +00:00			`// fail.`
			`func TestACLBootstrapCommand_ExistingBootstrapToken(t *testing.T) {`
ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`ci.Parallel(t)`
add failure test cases 2017-10-25 18:08:15 +00:00
			`config := func(c *agent.Config) {`
			`c.ACL.Enabled = true`
			`}`

			`srv, _, url := testServer(t, true, config)`
tests: do not return error from testagent shutdown (#15595) 2022-12-21 14:23:58 +00:00			`defer srv.Shutdown()`
add failure test cases 2017-10-25 18:08:15 +00:00
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.NotNil(t, srv.RootToken)`
add failure test cases 2017-10-25 18:08:15 +00:00
cli: move tests to use NewMockUi func. 2020-10-05 14:07:41 +00:00			`ui := cli.NewMockUi()`
add failure test cases 2017-10-25 18:08:15 +00:00			`cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

			`code := cmd.Run([]string{"-address=" + url})`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.One(t, code)`
add failure test cases 2017-10-25 18:08:15 +00:00
			`out := ui.OutputWriter.String()`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.StrNotContains(t, out, "Secret ID")`
add failure test cases 2017-10-25 18:08:15 +00:00			`}`

			`// Attempting to bootstrap a token on a non-ACL enabled server should fail.`
			`func TestACLBootstrapCommand_NonACLServer(t *testing.T) {`
ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`ci.Parallel(t)`
add failure test cases 2017-10-25 18:08:15 +00:00
			`srv, _, url := testServer(t, true, nil)`
tests: do not return error from testagent shutdown (#15595) 2022-12-21 14:23:58 +00:00			`defer srv.Shutdown()`
add failure test cases 2017-10-25 18:08:15 +00:00
cli: move tests to use NewMockUi func. 2020-10-05 14:07:41 +00:00			`ui := cli.NewMockUi()`
add failure test cases 2017-10-25 18:08:15 +00:00			`cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

			`code := cmd.Run([]string{"-address=" + url})`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.One(t, code)`
add failure test cases 2017-10-25 18:08:15 +00:00
			`out := ui.OutputWriter.String()`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.StrNotContains(t, out, "Secret ID")`
add failure test cases 2017-10-25 18:08:15 +00:00			`}`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`// Attempting to bootstrap the server with an operator provided token in a file should`
			`// return the same token in the result.`
			`func TestACLBootstrapCommand_WithOperatorFileBootstrapToken(t *testing.T) {`
			`ci.Parallel(t)`
			`// create a acl-enabled server without bootstrapping the token`
			`config := func(c *agent.Config) {`
			`c.ACL.Enabled = true`
			`c.ACL.PolicyTTL = 0`
			`}`

			`// create a valid token`
			`mockToken := mock.ACLToken()`

			`// Create temp file`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`file, rm := getTempFile(t, "nomad-token.token")`
			`t.Cleanup(rm)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`// Write the token to the file`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`err := os.WriteFile(file, []byte(mockToken.SecretID), 0700)`
			`must.NoError(t, err)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`srv, _, url := testServer(t, true, config)`
tests: do not return error from testagent shutdown (#15595) 2022-12-21 14:23:58 +00:00			`defer srv.Shutdown()`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.Nil(t, srv.RootToken)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`ui := cli.NewMockUi()`
			`cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`code := cmd.Run([]string{"-address=" + url, file})`
			`must.Zero(t, code)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`out := ui.OutputWriter.String()`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.StrContains(t, out, mockToken.SecretID)`
cli: output none when a token has no expiration. 2022-08-24 14:14:49 +00:00			`require.Contains(t, out, "Expiry Time = <none>")`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00			`}`

			`// Attempting to bootstrap the server with an invalid operator provided token in a file should`
			`// fail.`
			`func TestACLBootstrapCommand_WithBadOperatorFileBootstrapToken(t *testing.T) {`
			`ci.Parallel(t)`

			`// create a acl-enabled server without bootstrapping the token`
			`config := func(c *agent.Config) {`
			`c.ACL.Enabled = true`
			`c.ACL.PolicyTTL = 0`
			`}`

			`// create a invalid token`
			`invalidToken := "invalid-token"`

			`// Create temp file`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`file, cleanup := getTempFile(t, "nomad-token.token")`
			`t.Cleanup(cleanup)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`// Write the token to the file`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`err := os.WriteFile(file, []byte(invalidToken), 0700)`
			`must.NoError(t, err)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`srv, _, url := testServer(t, true, config)`
tests: do not return error from testagent shutdown (#15595) 2022-12-21 14:23:58 +00:00			`defer srv.Shutdown()`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.Nil(t, srv.RootToken)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`ui := cli.NewMockUi()`
			`cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`code := cmd.Run([]string{"-address=" + url, file})`
			`must.One(t, code)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00
			`out := ui.OutputWriter.String()`
cleanup: first pass at fixing command package warnings This PR is the first of several for cleaning up warnings, and refactoring bits of code in the command package. First pass is over acl_ files and gets some helpers in place. 2022-08-17 20:22:26 +00:00			`must.StrNotContains(t, out, invalidToken)`
Allow Operator Generated bootstrap token (#12520) 2022-06-03 11:37:24 +00:00			`}`