2017-09-11 17:46:17 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2022-06-03 11:37:24 +00:00
|
|
|
"os"
|
2017-09-11 17:46:17 +00:00
|
|
|
"testing"
|
|
|
|
|
2022-03-15 12:42:43 +00:00
|
|
|
"github.com/hashicorp/nomad/ci"
|
2017-10-24 17:37:03 +00:00
|
|
|
"github.com/hashicorp/nomad/command/agent"
|
2022-06-03 11:37:24 +00:00
|
|
|
"github.com/hashicorp/nomad/nomad/mock"
|
2017-09-11 17:46:17 +00:00
|
|
|
"github.com/mitchellh/cli"
|
2022-08-17 20:22:26 +00:00
|
|
|
"github.com/shoenig/test/must"
|
2022-06-03 11:37:24 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2017-09-11 17:46:17 +00:00
|
|
|
)
|
|
|
|
|
2017-10-25 18:08:15 +00:00
|
|
|
func TestACLBootstrapCommand(t *testing.T) {
|
2022-03-15 12:42:43 +00:00
|
|
|
ci.Parallel(t)
|
2017-10-24 17:37:03 +00:00
|
|
|
|
|
|
|
// create a acl-enabled server without bootstrapping the token
|
|
|
|
config := func(c *agent.Config) {
|
|
|
|
c.ACL.Enabled = true
|
|
|
|
c.ACL.PolicyTTL = 0
|
|
|
|
}
|
|
|
|
|
|
|
|
srv, _, url := testServer(t, true, config)
|
2022-08-17 20:22:26 +00:00
|
|
|
defer stopTestAgent(srv)
|
2017-10-24 17:37:03 +00:00
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
must.Nil(t, srv.RootToken)
|
2017-10-24 17:37:03 +00:00
|
|
|
|
2020-10-05 14:07:41 +00:00
|
|
|
ui := cli.NewMockUi()
|
2017-10-24 17:37:03 +00:00
|
|
|
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
|
|
|
|
|
|
|
|
code := cmd.Run([]string{"-address=" + url})
|
2022-08-17 20:22:26 +00:00
|
|
|
must.Zero(t, code)
|
2017-10-24 17:37:03 +00:00
|
|
|
|
|
|
|
out := ui.OutputWriter.String()
|
2022-08-17 20:22:26 +00:00
|
|
|
must.StrContains(t, out, "Secret ID")
|
2022-08-24 14:14:49 +00:00
|
|
|
require.Contains(t, out, "Expiry Time = <none>")
|
2017-09-11 17:46:17 +00:00
|
|
|
}
|
2017-10-25 18:08:15 +00:00
|
|
|
|
2018-03-11 17:43:19 +00:00
|
|
|
// If a bootstrap token has already been created, attempts to create more should
|
2017-10-25 18:08:15 +00:00
|
|
|
// fail.
|
|
|
|
func TestACLBootstrapCommand_ExistingBootstrapToken(t *testing.T) {
|
2022-03-15 12:42:43 +00:00
|
|
|
ci.Parallel(t)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
|
|
|
config := func(c *agent.Config) {
|
|
|
|
c.ACL.Enabled = true
|
|
|
|
}
|
|
|
|
|
|
|
|
srv, _, url := testServer(t, true, config)
|
2022-08-17 20:22:26 +00:00
|
|
|
defer stopTestAgent(srv)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
must.NotNil(t, srv.RootToken)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
2020-10-05 14:07:41 +00:00
|
|
|
ui := cli.NewMockUi()
|
2017-10-25 18:08:15 +00:00
|
|
|
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
|
|
|
|
|
|
|
|
code := cmd.Run([]string{"-address=" + url})
|
2022-08-17 20:22:26 +00:00
|
|
|
must.One(t, code)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
|
|
|
out := ui.OutputWriter.String()
|
2022-08-17 20:22:26 +00:00
|
|
|
must.StrNotContains(t, out, "Secret ID")
|
2017-10-25 18:08:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Attempting to bootstrap a token on a non-ACL enabled server should fail.
|
|
|
|
func TestACLBootstrapCommand_NonACLServer(t *testing.T) {
|
2022-03-15 12:42:43 +00:00
|
|
|
ci.Parallel(t)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
|
|
|
srv, _, url := testServer(t, true, nil)
|
2022-08-17 20:22:26 +00:00
|
|
|
defer stopTestAgent(srv)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
2020-10-05 14:07:41 +00:00
|
|
|
ui := cli.NewMockUi()
|
2017-10-25 18:08:15 +00:00
|
|
|
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
|
|
|
|
|
|
|
|
code := cmd.Run([]string{"-address=" + url})
|
2022-08-17 20:22:26 +00:00
|
|
|
must.One(t, code)
|
2017-10-25 18:08:15 +00:00
|
|
|
|
|
|
|
out := ui.OutputWriter.String()
|
2022-08-17 20:22:26 +00:00
|
|
|
must.StrNotContains(t, out, "Secret ID")
|
2017-10-25 18:08:15 +00:00
|
|
|
}
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
// Attempting to bootstrap the server with an operator provided token in a file should
|
|
|
|
// return the same token in the result.
|
|
|
|
func TestACLBootstrapCommand_WithOperatorFileBootstrapToken(t *testing.T) {
|
|
|
|
ci.Parallel(t)
|
|
|
|
// create a acl-enabled server without bootstrapping the token
|
|
|
|
config := func(c *agent.Config) {
|
|
|
|
c.ACL.Enabled = true
|
|
|
|
c.ACL.PolicyTTL = 0
|
|
|
|
}
|
|
|
|
|
|
|
|
// create a valid token
|
|
|
|
mockToken := mock.ACLToken()
|
|
|
|
|
|
|
|
// Create temp file
|
2022-08-17 20:22:26 +00:00
|
|
|
file, rm := getTempFile(t, "nomad-token.token")
|
|
|
|
t.Cleanup(rm)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
// Write the token to the file
|
2022-08-17 20:22:26 +00:00
|
|
|
err := os.WriteFile(file, []byte(mockToken.SecretID), 0700)
|
|
|
|
must.NoError(t, err)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
srv, _, url := testServer(t, true, config)
|
2022-08-17 20:22:26 +00:00
|
|
|
defer stopTestAgent(srv)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
must.Nil(t, srv.RootToken)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
ui := cli.NewMockUi()
|
|
|
|
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
|
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
code := cmd.Run([]string{"-address=" + url, file})
|
|
|
|
must.Zero(t, code)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
out := ui.OutputWriter.String()
|
2022-08-17 20:22:26 +00:00
|
|
|
must.StrContains(t, out, mockToken.SecretID)
|
2022-08-24 14:14:49 +00:00
|
|
|
require.Contains(t, out, "Expiry Time = <none>")
|
2022-06-03 11:37:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Attempting to bootstrap the server with an invalid operator provided token in a file should
|
|
|
|
// fail.
|
|
|
|
func TestACLBootstrapCommand_WithBadOperatorFileBootstrapToken(t *testing.T) {
|
|
|
|
ci.Parallel(t)
|
|
|
|
|
|
|
|
// create a acl-enabled server without bootstrapping the token
|
|
|
|
config := func(c *agent.Config) {
|
|
|
|
c.ACL.Enabled = true
|
|
|
|
c.ACL.PolicyTTL = 0
|
|
|
|
}
|
|
|
|
|
|
|
|
// create a invalid token
|
|
|
|
invalidToken := "invalid-token"
|
|
|
|
|
|
|
|
// Create temp file
|
2022-08-17 20:22:26 +00:00
|
|
|
file, cleanup := getTempFile(t, "nomad-token.token")
|
|
|
|
t.Cleanup(cleanup)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
// Write the token to the file
|
2022-08-17 20:22:26 +00:00
|
|
|
err := os.WriteFile(file, []byte(invalidToken), 0700)
|
|
|
|
must.NoError(t, err)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
srv, _, url := testServer(t, true, config)
|
2022-08-17 20:22:26 +00:00
|
|
|
defer stopTestAgent(srv)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
must.Nil(t, srv.RootToken)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
ui := cli.NewMockUi()
|
|
|
|
cmd := &ACLBootstrapCommand{Meta: Meta{Ui: ui, flagAddress: url}}
|
|
|
|
|
2022-08-17 20:22:26 +00:00
|
|
|
code := cmd.Run([]string{"-address=" + url, file})
|
|
|
|
must.One(t, code)
|
2022-06-03 11:37:24 +00:00
|
|
|
|
|
|
|
out := ui.OutputWriter.String()
|
2022-08-17 20:22:26 +00:00
|
|
|
must.StrNotContains(t, out, invalidToken)
|
2022-06-03 11:37:24 +00:00
|
|
|
}
|