open-nomad/command/acl_token_info_test.go

package command

import (
	"os"
	"strings"
	"testing"

	"github.com/hashicorp/nomad/acl"
	"github.com/hashicorp/nomad/ci"
	"github.com/hashicorp/nomad/command/agent"
	"github.com/hashicorp/nomad/nomad/mock"
	"github.com/hashicorp/nomad/nomad/structs"
	"github.com/mitchellh/cli"
	"github.com/stretchr/testify/assert"
)

func TestACLTokenInfoCommand_ViaEnvVar(t *testing.T) {
	ci.Parallel(t)
	defer os.Setenv("NOMAD_TOKEN", os.Getenv("NOMAD_TOKEN"))

	assert := assert.New(t)
	config := func(c *agent.Config) {
		c.ACL.Enabled = true
	}

	srv, _, url := testServer(t, true, config)
	defer srv.Shutdown()
	state := srv.Agent.Server().State()

	// Bootstrap an initial ACL token
	token := srv.RootToken
	assert.NotNil(token, "failed to bootstrap ACL token")

	ui := cli.NewMockUi()
	cmd := &ACLTokenInfoCommand{Meta: Meta{Ui: ui, flagAddress: url}}

	// Create a valid token
	mockToken := mock.ACLToken()
	mockToken.Policies = []string{acl.PolicyWrite}
	mockToken.SetHash()
	assert.Nil(state.UpsertACLTokens(structs.MsgTypeTestSetup, 1000, []*structs.ACLToken{mockToken}))

	// Attempt to fetch info on a token without providing a valid management
	// token
	invalidToken := mock.ACLToken()
	os.Setenv("NOMAD_TOKEN", invalidToken.SecretID)
	code := cmd.Run([]string{"-address=" + url, mockToken.AccessorID})
	assert.Equal(1, code)

	// Fetch info on a token with a valid management token
	os.Setenv("NOMAD_TOKEN", token.SecretID)
	code = cmd.Run([]string{"-address=" + url, mockToken.AccessorID})
	assert.Equal(0, code)

	// Fetch info on a token with a valid management token via a CLI option
	os.Setenv("NOMAD_TOKEN", "")
	code = cmd.Run([]string{"-address=" + url, "-token=" + token.SecretID, mockToken.AccessorID})
	assert.Equal(0, code)

	// Check the output
	out := ui.OutputWriter.String()
	if !strings.Contains(out, mockToken.AccessorID) {
		t.Fatalf("bad: %v", out)
	}
}
add acl token info 2017-09-15 18:02:38 +00:00			`package command`

			`import (`
			`"os"`
			`"strings"`
			`"testing"`

			`"github.com/hashicorp/nomad/acl"`
ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`"github.com/hashicorp/nomad/ci"`
add acl token info 2017-09-15 18:02:38 +00:00			`"github.com/hashicorp/nomad/command/agent"`
			`"github.com/hashicorp/nomad/nomad/mock"`
			`"github.com/hashicorp/nomad/nomad/structs"`
			`"github.com/mitchellh/cli"`
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestACLTokenInfoCommand_ViaEnvVar(t *testing.T) {`
ci: swap ci parallelization for unconstrained gomaxprocs 2022-03-15 12:42:43 +00:00			`ci.Parallel(t)`
tests: avoid using os.Setenv for tokens 2020-06-25 16:59:25 +00:00			`defer os.Setenv("NOMAD_TOKEN", os.Getenv("NOMAD_TOKEN"))`

add acl token info 2017-09-15 18:02:38 +00:00			`assert := assert.New(t)`
			`config := func(c *agent.Config) {`
			`c.ACL.Enabled = true`
			`}`

			`srv, _, url := testServer(t, true, config)`
			`defer srv.Shutdown()`
			`state := srv.Agent.Server().State()`

			`// Bootstrap an initial ACL token`
Rename TestAgent.Token to TestAgent.RootToken 2017-10-04 22:06:21 +00:00			`token := srv.RootToken`
add acl token info 2017-09-15 18:02:38 +00:00			`assert.NotNil(token, "failed to bootstrap ACL token")`

cli: move tests to use NewMockUi func. 2020-10-05 14:07:41 +00:00			`ui := cli.NewMockUi()`
add acl token info 2017-09-15 18:02:38 +00:00			`cmd := &ACLTokenInfoCommand{Meta: Meta{Ui: ui, flagAddress: url}}`

			`// Create a valid token`
			`mockToken := mock.ACLToken()`
			`mockToken.Policies = []string{acl.PolicyWrite}`
			`mockToken.SetHash()`
Event Stream: Track ACL changes, unsubscribe on invalidating changes (#9447) * upsertaclpolicies * delete acl policies msgtype * upsert acl policies msgtype * delete acl tokens msgtype * acl bootstrap msgtype wip unsubscribe on token delete test that subscriptions are closed after an ACL token has been deleted Start writing policyupdated test * update test to use before/after policy * add SubscribeWithACLCheck to run acl checks on subscribe * update rpc endpoint to use broker acl check * Add and use subscriptions.closeSubscriptionFunc This fixes the issue of not being able to defer unlocking the mutex on the event broker in the for loop. handle acl policy updates * rpc endpoint test for terminating acl change * add comments Co-authored-by: Kris Hicks <khicks@hashicorp.com> 2020-12-01 16:11:34 +00:00			`assert.Nil(state.UpsertACLTokens(structs.MsgTypeTestSetup, 1000, []*structs.ACLToken{mockToken}))`
add acl token info 2017-09-15 18:02:38 +00:00
			`// Attempt to fetch info on a token without providing a valid management`
			`// token`
			`invalidToken := mock.ACLToken()`
			`os.Setenv("NOMAD_TOKEN", invalidToken.SecretID)`
			`code := cmd.Run([]string{"-address=" + url, mockToken.AccessorID})`
			`assert.Equal(1, code)`

			`// Fetch info on a token with a valid management token`
			`os.Setenv("NOMAD_TOKEN", token.SecretID)`
			`code = cmd.Run([]string{"-address=" + url, mockToken.AccessorID})`
			`assert.Equal(0, code)`

add command to cli add extra verification test 2017-09-16 00:03:22 +00:00			`// Fetch info on a token with a valid management token via a CLI option`
			`os.Setenv("NOMAD_TOKEN", "")`
			`code = cmd.Run([]string{"-address=" + url, "-token=" + token.SecretID, mockToken.AccessorID})`
			`assert.Equal(0, code)`

add acl token info 2017-09-15 18:02:38 +00:00			`// Check the output`
			`out := ui.OutputWriter.String()`
			`if !strings.Contains(out, mockToken.AccessorID) {`
			`t.Fatalf("bad: %v", out)`
			`}`
			`}`