open-nomad/command/acl_bootstrap_test.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

157 lines
3.8 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2017-09-11 17:46:17 +00:00
package command
import (
"os"
2017-09-11 17:46:17 +00:00
"testing"
"github.com/hashicorp/nomad/ci"
2017-10-24 17:37:03 +00:00
"github.com/hashicorp/nomad/command/agent"
"github.com/hashicorp/nomad/nomad/mock"
2017-09-11 17:46:17 +00:00
"github.com/mitchellh/cli"
"github.com/shoenig/test/must"
"github.com/stretchr/testify/require"
2017-09-11 17:46:17 +00:00
)
2017-10-25 18:08:15 +00:00
func TestACLBootstrapCommand(t *testing.T) {
ci.Parallel(t)
2017-10-24 17:37:03 +00:00
// create a acl-enabled server without bootstrapping the token
config := func(c *agent.Config) {
c.ACL.Enabled = true
c.ACL.PolicyTTL = 0
}
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
2017-10-24 17:37:03 +00:00
must.Nil(t, srv.RootToken)
2017-10-24 17:37:03 +00:00
2020-10-05 14:07:41 +00:00
ui := cli.NewMockUi()
2017-10-24 17:37:03 +00:00
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
code := cmd.Run([]string{"-address=" + url})
must.Zero(t, code)
2017-10-24 17:37:03 +00:00
out := ui.OutputWriter.String()
must.StrContains(t, out, "Secret ID")
require.Contains(t, out, "Expiry Time = <none>")
2017-09-11 17:46:17 +00:00
}
2017-10-25 18:08:15 +00:00
2018-03-11 17:43:19 +00:00
// If a bootstrap token has already been created, attempts to create more should
2017-10-25 18:08:15 +00:00
// fail.
func TestACLBootstrapCommand_ExistingBootstrapToken(t *testing.T) {
ci.Parallel(t)
2017-10-25 18:08:15 +00:00
config := func(c *agent.Config) {
c.ACL.Enabled = true
}
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
2017-10-25 18:08:15 +00:00
must.NotNil(t, srv.RootToken)
2017-10-25 18:08:15 +00:00
2020-10-05 14:07:41 +00:00
ui := cli.NewMockUi()
2017-10-25 18:08:15 +00:00
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
code := cmd.Run([]string{"-address=" + url})
must.One(t, code)
2017-10-25 18:08:15 +00:00
out := ui.OutputWriter.String()
must.StrNotContains(t, out, "Secret ID")
2017-10-25 18:08:15 +00:00
}
// Attempting to bootstrap a token on a non-ACL enabled server should fail.
func TestACLBootstrapCommand_NonACLServer(t *testing.T) {
ci.Parallel(t)
2017-10-25 18:08:15 +00:00
srv, _, url := testServer(t, true, nil)
defer srv.Shutdown()
2017-10-25 18:08:15 +00:00
2020-10-05 14:07:41 +00:00
ui := cli.NewMockUi()
2017-10-25 18:08:15 +00:00
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
code := cmd.Run([]string{"-address=" + url})
must.One(t, code)
2017-10-25 18:08:15 +00:00
out := ui.OutputWriter.String()
must.StrNotContains(t, out, "Secret ID")
2017-10-25 18:08:15 +00:00
}
// Attempting to bootstrap the server with an operator provided token in a file should
// return the same token in the result.
func TestACLBootstrapCommand_WithOperatorFileBootstrapToken(t *testing.T) {
ci.Parallel(t)
// create a acl-enabled server without bootstrapping the token
config := func(c *agent.Config) {
c.ACL.Enabled = true
c.ACL.PolicyTTL = 0
}
// create a valid token
mockToken := mock.ACLToken()
// Create temp file
file, rm := getTempFile(t, "nomad-token.token")
t.Cleanup(rm)
// Write the token to the file
err := os.WriteFile(file, []byte(mockToken.SecretID), 0700)
must.NoError(t, err)
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
must.Nil(t, srv.RootToken)
ui := cli.NewMockUi()
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
code := cmd.Run([]string{"-address=" + url, file})
must.Zero(t, code)
out := ui.OutputWriter.String()
must.StrContains(t, out, mockToken.SecretID)
require.Contains(t, out, "Expiry Time = <none>")
}
// Attempting to bootstrap the server with an invalid operator provided token in a file should
// fail.
func TestACLBootstrapCommand_WithBadOperatorFileBootstrapToken(t *testing.T) {
ci.Parallel(t)
// create a acl-enabled server without bootstrapping the token
config := func(c *agent.Config) {
c.ACL.Enabled = true
c.ACL.PolicyTTL = 0
}
// create a invalid token
invalidToken := "invalid-token"
// Create temp file
file, cleanup := getTempFile(t, "nomad-token.token")
t.Cleanup(cleanup)
// Write the token to the file
err := os.WriteFile(file, []byte(invalidToken), 0700)
must.NoError(t, err)
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
must.Nil(t, srv.RootToken)
ui := cli.NewMockUi()
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
code := cmd.Run([]string{"-address=" + url, file})
must.One(t, code)
out := ui.OutputWriter.String()
must.StrNotContains(t, out, invalidToken)
}