2023-04-10 15:36:59 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Copyright (c) HashiCorp, Inc.
|
|
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
2022-05-05 20:05:13 +00:00
|
|
|
|
/* eslint-disable qunit/require-expect */
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
import {
|
|
|
|
|
|
currentURL,
|
|
|
|
|
|
find,
|
|
|
|
|
|
findAll,
|
|
|
|
|
|
visit,
|
|
|
|
|
|
click,
|
|
|
|
|
|
fillIn,
|
|
|
|
|
|
} from '@ember/test-helpers';
|
2019-03-13 00:04:16 +00:00
|
|
|
|
import { module, skip, test } from 'qunit';
|
|
|
|
|
|
import { setupApplicationTest } from 'ember-qunit';
|
2019-09-26 18:47:07 +00:00
|
|
|
|
import { setupMirage } from 'ember-cli-mirage/test-support';
|
2020-07-28 17:59:14 +00:00
|
|
|
|
import a11yAudit from 'nomad-ui/tests/helpers/a11y-audit';
|
2018-07-10 07:39:02 +00:00
|
|
|
|
import Tokens from 'nomad-ui/tests/pages/settings/tokens';
|
2018-07-11 19:42:43 +00:00
|
|
|
|
import Jobs from 'nomad-ui/tests/pages/jobs/list';
|
|
|
|
|
|
import JobDetail from 'nomad-ui/tests/pages/jobs/detail';
|
|
|
|
|
|
import ClientDetail from 'nomad-ui/tests/pages/clients/detail';
|
2021-04-01 18:21:30 +00:00
|
|
|
|
import Layout from 'nomad-ui/tests/pages/layout';
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
import AccessControl from 'nomad-ui/tests/pages/access-control';
|
2022-05-05 20:05:13 +00:00
|
|
|
|
import percySnapshot from '@percy/ember';
|
2022-09-14 15:27:48 +00:00
|
|
|
|
import faker from 'nomad-ui/mirage/faker';
|
2022-11-28 15:44:52 +00:00
|
|
|
|
import moment from 'moment';
|
|
|
|
|
|
import { run } from '@ember/runloop';
|
2022-12-15 18:11:28 +00:00
|
|
|
|
import { allScenarios } from '../../mirage/scenarios/default';
|
2023-03-29 19:06:25 +00:00
|
|
|
|
import {
|
|
|
|
|
|
selectChoose,
|
|
|
|
|
|
clickTrigger,
|
|
|
|
|
|
} from 'ember-power-select/test-support/helpers';
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
|
|
|
|
|
let job;
|
|
|
|
|
|
let node;
|
2017-10-14 18:53:48 +00:00
|
|
|
|
let managementToken;
|
|
|
|
|
|
let clientToken;
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
module('Acceptance | tokens', function (hooks) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
setupApplicationTest(hooks);
|
2019-03-13 01:09:19 +00:00
|
|
|
|
setupMirage(hooks);
|
2019-03-13 00:04:16 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
hooks.beforeEach(function () {
|
2020-04-03 18:31:19 +00:00
|
|
|
|
window.localStorage.clear();
|
|
|
|
|
|
window.sessionStorage.clear();
|
2022-09-14 15:27:48 +00:00
|
|
|
|
faker.seed(1);
|
2019-03-14 06:44:53 +00:00
|
|
|
|
|
2017-09-19 14:47:10 +00:00
|
|
|
|
server.create('agent');
|
2023-06-22 17:11:44 +00:00
|
|
|
|
server.create('node-pool');
|
2017-09-19 14:47:10 +00:00
|
|
|
|
node = server.create('node');
|
|
|
|
|
|
job = server.create('job');
|
2017-10-14 18:53:48 +00:00
|
|
|
|
managementToken = server.create('token');
|
|
|
|
|
|
clientToken = server.create('token');
|
2019-03-13 00:04:16 +00:00
|
|
|
|
});
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('it passes an accessibility audit', async function (assert) {
|
2021-12-28 19:30:38 +00:00
|
|
|
|
assert.expect(1);
|
|
|
|
|
|
|
2020-07-28 17:59:14 +00:00
|
|
|
|
await Tokens.visit();
|
2020-08-25 15:56:02 +00:00
|
|
|
|
await a11yAudit(assert);
|
2020-07-28 17:59:14 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('the token form sets the token in local storage', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = managementToken;
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.visit();
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
window.localStorage.nomadTokenSecret,
|
|
|
|
|
|
null,
|
|
|
|
|
|
'No token secret set'
|
|
|
|
|
|
);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
assert.ok(document.title.includes('Sign In'));
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.secret(secretId).submit();
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
window.localStorage.nomadTokenSecret,
|
|
|
|
|
|
secretId,
|
|
|
|
|
|
'Token secret was set'
|
|
|
|
|
|
);
|
2017-09-19 14:47:10 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2019-03-13 00:04:16 +00:00
|
|
|
|
// TODO: unskip once store.unloadAll reliably waits for in-flight requests to settle
|
2021-12-28 14:45:20 +00:00
|
|
|
|
skip('the x-nomad-token header gets sent with requests once it is set', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = managementToken;
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await JobDetail.visit({ id: job.id });
|
|
|
|
|
|
await ClientDetail.visit({ id: node.id });
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.ok(
|
|
|
|
|
|
server.pretender.handledRequests.length > 1,
|
|
|
|
|
|
'Requests have been made'
|
|
|
|
|
|
);
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
server.pretender.handledRequests.forEach((req) => {
|
2020-05-21 00:46:29 +00:00
|
|
|
|
assert.notOk(getHeader(req, 'x-nomad-token'), `No token for ${req.url}`);
|
2019-03-13 00:04:16 +00:00
|
|
|
|
});
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 18:35:46 +00:00
|
|
|
|
const requestPosition = server.pretender.handledRequests.length;
|
2018-07-10 07:39:02 +00:00
|
|
|
|
|
2019-03-14 18:35:46 +00:00
|
|
|
|
await Tokens.visit();
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.secret(secretId).submit();
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await JobDetail.visit({ id: job.id });
|
|
|
|
|
|
await ClientDetail.visit({ id: node.id });
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
const newRequests = server.pretender.handledRequests.slice(requestPosition);
|
|
|
|
|
|
assert.ok(newRequests.length > 1, 'New requests have been made');
|
2017-09-19 14:47:10 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
// Cross-origin requests can't have a token
|
2021-12-28 14:45:20 +00:00
|
|
|
|
newRequests.forEach((req) => {
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
getHeader(req, 'x-nomad-token'),
|
|
|
|
|
|
secretId,
|
|
|
|
|
|
`Token set for ${req.url}`
|
|
|
|
|
|
);
|
2017-10-14 18:53:48 +00:00
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('an error message is shown when authenticating a token fails', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = managementToken;
|
|
|
|
|
|
const bogusSecret = 'this-is-not-the-secret';
|
|
|
|
|
|
assert.notEqual(
|
|
|
|
|
|
secretId,
|
|
|
|
|
|
bogusSecret,
|
|
|
|
|
|
'bogus secret is not somehow coincidentally equal to the real secret'
|
|
|
|
|
|
);
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.secret(bogusSecret).submit();
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
window.localStorage.nomadTokenSecret,
|
|
|
|
|
|
null,
|
|
|
|
|
|
'Token secret is discarded on failure'
|
|
|
|
|
|
);
|
2019-03-13 00:04:16 +00:00
|
|
|
|
assert.ok(Tokens.errorMessage, 'Token error message is shown');
|
|
|
|
|
|
assert.notOk(Tokens.successMessage, 'Token success message is not shown');
|
|
|
|
|
|
assert.equal(Tokens.policies.length, 0, 'No token policies are shown');
|
2017-10-14 18:53:48 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('a success message and a special management token message are shown when authenticating succeeds', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = managementToken;
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.secret(secretId).submit();
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2022-05-05 20:05:13 +00:00
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
|
2019-03-13 00:04:16 +00:00
|
|
|
|
assert.ok(Tokens.successMessage, 'Token success message is shown');
|
|
|
|
|
|
assert.notOk(Tokens.errorMessage, 'Token error message is not shown');
|
|
|
|
|
|
assert.ok(Tokens.managementMessage, 'Token management message is shown');
|
|
|
|
|
|
assert.equal(Tokens.policies.length, 0, 'No token policies are shown');
|
2017-10-14 18:53:48 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('a success message and associated policies are shown when authenticating succeeds', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = clientToken;
|
|
|
|
|
|
const policy = clientToken.policies.models[0];
|
|
|
|
|
|
policy.update('description', 'Make sure there is a description');
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.secret(secretId).submit();
|
2017-10-14 18:53:48 +00:00
|
|
|
|
|
2019-03-13 00:04:16 +00:00
|
|
|
|
assert.ok(Tokens.successMessage, 'Token success message is shown');
|
|
|
|
|
|
assert.notOk(Tokens.errorMessage, 'Token error message is not shown');
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.notOk(
|
|
|
|
|
|
Tokens.managementMessage,
|
|
|
|
|
|
'Token management message is not shown'
|
|
|
|
|
|
);
|
2019-03-13 00:04:16 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
Tokens.policies.length,
|
|
|
|
|
|
clientToken.policies.length,
|
|
|
|
|
|
'Each policy associated with the token is listed'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const policyElement = Tokens.policies.objectAt(0);
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(policyElement.name, policy.name, 'Policy Name');
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
policyElement.description,
|
|
|
|
|
|
policy.description,
|
|
|
|
|
|
'Policy Description'
|
|
|
|
|
|
);
|
2019-03-13 00:04:16 +00:00
|
|
|
|
assert.equal(policyElement.rules, policy.rules, 'Policy Rules');
|
2017-09-19 14:47:10 +00:00
|
|
|
|
});
|
2017-10-18 23:42:08 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('setting a token clears the store', async function (assert) {
|
2019-03-13 00:04:16 +00:00
|
|
|
|
const { secretId } = clientToken;
|
2017-10-18 23:42:08 +00:00
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Jobs.visit();
|
2017-10-18 23:42:08 +00:00
|
|
|
|
assert.ok(find('.job-row'), 'Jobs found');
|
|
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.secret(secretId).submit();
|
2017-10-18 23:42:08 +00:00
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
server.pretender.get('/v1/jobs', function () {
|
2017-10-18 23:42:08 +00:00
|
|
|
|
return [200, {}, '[]'];
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2019-03-14 06:44:53 +00:00
|
|
|
|
await Jobs.visit();
|
2017-10-18 23:42:08 +00:00
|
|
|
|
|
2019-03-13 00:04:16 +00:00
|
|
|
|
// If jobs are lingering in the store, they would show up
|
|
|
|
|
|
assert.notOk(find('[data-test-job-row]'), 'No jobs found');
|
|
|
|
|
|
});
|
2017-10-19 02:04:19 +00:00
|
|
|
|
|
2022-11-28 15:44:52 +00:00
|
|
|
|
test('it handles expiring tokens', async function (assert) {
|
|
|
|
|
|
// Soon-expiring token
|
|
|
|
|
|
const expiringToken = server.create('token', {
|
|
|
|
|
|
name: "Time's a-tickin",
|
|
|
|
|
|
expirationTime: moment().add(1, 'm').toDate(),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
|
|
|
|
|
|
// Token with no TTL
|
|
|
|
|
|
await Tokens.secret(clientToken.secretId).submit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-expiry]')
|
|
|
|
|
|
.doesNotExist('No expiry shown for regular token');
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
|
|
|
|
|
|
// https://ember-concurrency.com/docs/testing-debugging/
|
|
|
|
|
|
setTimeout(() => run.cancelTimers(), 500);
|
|
|
|
|
|
|
|
|
|
|
|
// Token with TTL
|
|
|
|
|
|
await Tokens.secret(expiringToken.secretId).submit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-expiry]')
|
|
|
|
|
|
.exists('Expiry shown for TTL-having token');
|
|
|
|
|
|
|
|
|
|
|
|
// TTL Action
|
|
|
|
|
|
await Jobs.visit();
|
|
|
|
|
|
assert
|
2023-03-02 18:52:16 +00:00
|
|
|
|
.dom('.flash-message.alert-warning button')
|
2022-11-28 15:44:52 +00:00
|
|
|
|
.exists('A global alert exists and has a clickable button');
|
|
|
|
|
|
|
2023-03-02 18:52:16 +00:00
|
|
|
|
await click('.flash-message.alert-warning button');
|
2022-11-28 15:44:52 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens',
|
|
|
|
|
|
'Redirected to tokens page on notification action'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('it handles expired tokens', async function (assert) {
|
|
|
|
|
|
const expiredToken = server.create('token', {
|
|
|
|
|
|
name: 'Well past due',
|
|
|
|
|
|
expirationTime: moment().add(-5, 'm').toDate(),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
// GC'd or non-existent token, from localStorage or otherwise
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = expiredToken.secretId;
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-expired]')
|
|
|
|
|
|
.exists('Warning banner shown for expired token');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('it forces redirect on an expired token', async function (assert) {
|
|
|
|
|
|
const expiredToken = server.create('token', {
|
|
|
|
|
|
name: 'Well past due',
|
|
|
|
|
|
expirationTime: moment().add(-5, 'm').toDate(),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = expiredToken.secretId;
|
|
|
|
|
|
const expiredServerError = {
|
|
|
|
|
|
errors: [
|
|
|
|
|
|
{
|
|
|
|
|
|
detail: 'ACL token expired',
|
|
|
|
|
|
},
|
|
|
|
|
|
],
|
|
|
|
|
|
};
|
|
|
|
|
|
server.pretender.get('/v1/jobs', function () {
|
|
|
|
|
|
return [500, {}, JSON.stringify(expiredServerError)];
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
await Jobs.visit();
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens',
|
|
|
|
|
|
'Redirected to tokens page due to an expired token'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('it forces redirect on a not-found token', async function (assert) {
|
|
|
|
|
|
const longDeadToken = server.create('token', {
|
|
|
|
|
|
name: 'dead and gone',
|
|
|
|
|
|
expirationTime: moment().add(-5, 'h').toDate(),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = longDeadToken.secretId;
|
|
|
|
|
|
const notFoundServerError = {
|
|
|
|
|
|
errors: [
|
|
|
|
|
|
{
|
|
|
|
|
|
detail: 'ACL token not found',
|
|
|
|
|
|
},
|
|
|
|
|
|
],
|
|
|
|
|
|
};
|
|
|
|
|
|
server.pretender.get('/v1/jobs', function () {
|
|
|
|
|
|
return [500, {}, JSON.stringify(notFoundServerError)];
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
await Jobs.visit();
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens',
|
|
|
|
|
|
'Redirected to tokens page due to a token not being found'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('it notifies you when your token has 10 minutes remaining', async function (assert) {
|
|
|
|
|
|
let notificationRendered = assert.async();
|
|
|
|
|
|
let notificationNotRendered = assert.async();
|
|
|
|
|
|
window.localStorage.clear();
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
window.localStorage.nomadTokenSecret,
|
|
|
|
|
|
null,
|
|
|
|
|
|
'No token secret set'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.timeout(6000);
|
|
|
|
|
|
const nearlyExpiringToken = server.create('token', {
|
|
|
|
|
|
name: 'Not quite dead yet',
|
|
|
|
|
|
expirationTime: moment().add(10, 'm').add(5, 's').toDate(),
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
|
|
|
|
|
|
// Ember Concurrency makes testing iterations convoluted: https://ember-concurrency.com/docs/testing-debugging/
|
|
|
|
|
|
// Waiting for half a second to validate that there's no warning;
|
|
|
|
|
|
// then a further 5 seconds to validate that there is a warning, and to explicitly cancelAllTimers(),
|
|
|
|
|
|
// short-circuiting our Ember Concurrency loop.
|
|
|
|
|
|
setTimeout(() => {
|
|
|
|
|
|
assert
|
2023-03-02 18:52:16 +00:00
|
|
|
|
.dom('.flash-message.alert-warning')
|
2022-11-28 15:44:52 +00:00
|
|
|
|
.doesNotExist('No notification yet for a token with 10m5s left');
|
|
|
|
|
|
notificationNotRendered();
|
|
|
|
|
|
setTimeout(async () => {
|
2022-11-30 19:33:07 +00:00
|
|
|
|
await percySnapshot(assert, {
|
|
|
|
|
|
percyCSS: '[data-test-expiration-timestamp] { display: none; }',
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2022-11-28 15:44:52 +00:00
|
|
|
|
assert
|
2023-03-02 18:52:16 +00:00
|
|
|
|
.dom('.flash-message.alert-warning')
|
2022-11-28 15:44:52 +00:00
|
|
|
|
.exists('Notification is rendered at the 10m mark');
|
|
|
|
|
|
notificationRendered();
|
|
|
|
|
|
run.cancelTimers();
|
|
|
|
|
|
}, 5000);
|
|
|
|
|
|
}, 500);
|
|
|
|
|
|
await Tokens.secret(nearlyExpiringToken.secretId).submit();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('when the ott query parameter is present upon application load it’s exchanged for a token', async function (assert) {
|
2021-04-01 18:21:30 +00:00
|
|
|
|
const { oneTimeSecret, secretId } = managementToken;
|
|
|
|
|
|
|
|
|
|
|
|
await JobDetail.visit({ id: job.id, ott: oneTimeSecret });
|
2021-04-13 16:56:59 +00:00
|
|
|
|
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.notOk(
|
|
|
|
|
|
currentURL().includes(oneTimeSecret),
|
|
|
|
|
|
'OTT is cleared from the URL after loading'
|
|
|
|
|
|
);
|
2021-04-13 16:56:59 +00:00
|
|
|
|
|
2021-04-01 18:21:30 +00:00
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
window.localStorage.nomadTokenSecret,
|
|
|
|
|
|
secretId,
|
|
|
|
|
|
'Token secret was set'
|
|
|
|
|
|
);
|
2021-04-01 18:21:30 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
2022-11-28 15:44:52 +00:00
|
|
|
|
test('SSO Sign-in flow: Manager', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'vault' });
|
|
|
|
|
|
server.create('auth-method', { name: 'cognito' });
|
|
|
|
|
|
server.create('token', { name: 'Thelonious' });
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert.dom('[data-test-auth-method]').exists({ count: 2 });
|
|
|
|
|
|
await click('button[data-test-auth-method]');
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/oidc-mock'));
|
|
|
|
|
|
let managerButton = [...findAll('button')].filter((btn) =>
|
|
|
|
|
|
btn.textContent.includes('Sign In as Manager')
|
|
|
|
|
|
)[0];
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom(managerButton).exists();
|
|
|
|
|
|
await click(managerButton);
|
|
|
|
|
|
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/settings/tokens'));
|
|
|
|
|
|
assert.dom('[data-test-token-name]').includesText('Token: Manager');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('SSO Sign-in flow: Regular User', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'vault' });
|
|
|
|
|
|
server.create('token', { name: 'Thelonious' });
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert.dom('[data-test-auth-method]').exists({ count: 1 });
|
|
|
|
|
|
await click('button[data-test-auth-method]');
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/oidc-mock'));
|
|
|
|
|
|
let newTokenButton = [...findAll('button')].filter((btn) =>
|
|
|
|
|
|
btn.textContent.includes('Sign In as Thelonious')
|
|
|
|
|
|
)[0];
|
|
|
|
|
|
assert.dom(newTokenButton).exists();
|
|
|
|
|
|
await click(newTokenButton);
|
|
|
|
|
|
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/settings/tokens'));
|
|
|
|
|
|
assert.dom('[data-test-token-name]').includesText('Token: Thelonious');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('It shows an error on failed SSO', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'vault' });
|
|
|
|
|
|
await visit('/settings/tokens?state=failure');
|
|
|
|
|
|
assert.ok(Tokens.ssoErrorMessage);
|
|
|
|
|
|
await Tokens.clearSSOError();
|
|
|
|
|
|
assert.equal(currentURL(), '/settings/tokens', 'State query param cleared');
|
|
|
|
|
|
assert.notOk(Tokens.ssoErrorMessage);
|
|
|
|
|
|
|
|
|
|
|
|
await click('button[data-test-auth-method]');
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/oidc-mock'));
|
|
|
|
|
|
|
|
|
|
|
|
let failureButton = find('.button.error');
|
|
|
|
|
|
assert.dom(failureButton).exists();
|
|
|
|
|
|
await click(failureButton);
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens?state=failure',
|
|
|
|
|
|
'Redirected with failure state'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
assert.ok(Tokens.ssoErrorMessage);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2023-03-29 19:06:25 +00:00
|
|
|
|
test('JWT Sign-in flow: OIDC methods only', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'Vault', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'Auth0', type: 'OIDC' });
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-auth-method]')
|
|
|
|
|
|
.exists({ count: 2 }, 'Both OIDC methods shown');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('label[for="token-input"]')
|
|
|
|
|
|
.hasText(
|
|
|
|
|
|
'Secret ID',
|
|
|
|
|
|
'Secret ID input shown without JWT info when no such method exists'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('JWT Sign-in flow: JWT method', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'Vault', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'Auth0', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'JWT-Local', type: 'JWT' });
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-auth-method]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: 2 },
|
|
|
|
|
|
'The newly added JWT method does not add a 3rd Auth Method button'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('label[for="token-input"]')
|
|
|
|
|
|
.hasText('Secret ID or JWT', 'Secret ID input now shows JWT info');
|
|
|
|
|
|
|
|
|
|
|
|
// Expect to be signed in as a manager
|
|
|
|
|
|
await Tokens.secret(
|
|
|
|
|
|
'aaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.management'
|
|
|
|
|
|
).submit();
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/settings/tokens'));
|
|
|
|
|
|
assert.dom('[data-test-token-name]').includesText('Token: Manager');
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
|
|
|
|
|
|
// Expect to be signed in as a client
|
|
|
|
|
|
await Tokens.secret(
|
|
|
|
|
|
'aaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.whateverlol'
|
|
|
|
|
|
).submit();
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/settings/tokens'));
|
|
|
|
|
|
assert.dom('[data-test-token-name]').includesText(
|
|
|
|
|
|
`Token: ${
|
|
|
|
|
|
server.db.tokens.filter((token) => {
|
|
|
|
|
|
return token.type === 'client';
|
|
|
|
|
|
})[0].name
|
|
|
|
|
|
}`
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
|
|
|
|
|
|
// Expect to an error on bad JWT
|
|
|
|
|
|
await Tokens.secret(
|
|
|
|
|
|
'aaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.bad'
|
|
|
|
|
|
).submit();
|
|
|
|
|
|
assert.ok(currentURL().startsWith('/settings/tokens'));
|
|
|
|
|
|
assert.dom('[data-test-token-error]').exists();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('JWT Sign-in flow: JWT Method Selector, Single JWT', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'Vault', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'Auth0', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'JWT-Local', type: 'JWT' });
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-submit]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: 1 },
|
|
|
|
|
|
'Submit token/JWT button exists with only a single JWT '
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-submit]')
|
|
|
|
|
|
.hasText(
|
|
|
|
|
|
'Sign in with secret',
|
|
|
|
|
|
'Submit token/JWT button has correct text with only a single JWT '
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret('very-short-secret');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-submit]')
|
|
|
|
|
|
.hasText(
|
|
|
|
|
|
'Sign in with secret',
|
|
|
|
|
|
'A short secret still shows the "secret" verbiage on the button'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(
|
|
|
|
|
|
'aaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.whateverlol'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-submit]')
|
|
|
|
|
|
.hasText(
|
|
|
|
|
|
'Sign in with JWT',
|
|
|
|
|
|
'A JWT-shaped secret will change button text to reflect JWT sign-in'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-select-jwt]')
|
|
|
|
|
|
.doesNotExist('No JWT selector shown with only a single method');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('JWT Sign-in flow: JWT Method Selector, Multiple JWT', async function (assert) {
|
|
|
|
|
|
server.create('auth-method', { name: 'Vault', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', { name: 'Auth0', type: 'OIDC' });
|
|
|
|
|
|
server.create('auth-method', {
|
|
|
|
|
|
name: 'JWT-Local',
|
|
|
|
|
|
type: 'JWT',
|
|
|
|
|
|
default: false,
|
|
|
|
|
|
});
|
|
|
|
|
|
server.create('auth-method', {
|
|
|
|
|
|
name: 'JWT-Regional',
|
|
|
|
|
|
type: 'JWT',
|
|
|
|
|
|
default: false,
|
|
|
|
|
|
});
|
|
|
|
|
|
server.create('auth-method', {
|
|
|
|
|
|
name: 'JWT-Global',
|
|
|
|
|
|
type: 'JWT',
|
|
|
|
|
|
default: true,
|
|
|
|
|
|
});
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-submit]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: 1 },
|
|
|
|
|
|
'Submit token/JWT button exists with only a single JWT '
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-select-jwt]')
|
|
|
|
|
|
.doesNotExist('No JWT selector shown with an empty token/secret');
|
|
|
|
|
|
await Tokens.secret(
|
|
|
|
|
|
'aaaaaaaaaaaaaaaaaaaaaaaaa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.whateverlol'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-select-jwt]')
|
|
|
|
|
|
.exists({ count: 1 }, 'JWT selector shown with multiple JWT methods');
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens?jwtAuthMethod=JWT-Global',
|
|
|
|
|
|
'Default JWT method is selected'
|
|
|
|
|
|
);
|
|
|
|
|
|
await clickTrigger('[data-test-select-jwt]');
|
|
|
|
|
|
assert.dom('.dropdown-options').exists('Dropdown options are shown');
|
|
|
|
|
|
|
|
|
|
|
|
await selectChoose('[data-test-select-jwt]', 'JWT-Regional');
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
currentURL(),
|
|
|
|
|
|
'/settings/tokens?jwtAuthMethod=JWT-Regional',
|
|
|
|
|
|
'Selected JWT method is shown'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2021-12-28 14:45:20 +00:00
|
|
|
|
test('when the ott exchange fails an error is shown', async function (assert) {
|
2021-04-01 18:21:30 +00:00
|
|
|
|
await visit('/?ott=fake');
|
|
|
|
|
|
|
|
|
|
|
|
assert.ok(Layout.error.isPresent);
|
|
|
|
|
|
assert.equal(Layout.error.title, 'Token Exchange Error');
|
2021-12-28 16:08:12 +00:00
|
|
|
|
assert.equal(
|
|
|
|
|
|
Layout.error.message,
|
|
|
|
|
|
'Failed to exchange the one-time token.'
|
|
|
|
|
|
);
|
2021-04-01 18:21:30 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
test('Tokens are shown on the Access Control Policies index page', async function (assert) {
|
2022-12-15 18:11:28 +00:00
|
|
|
|
allScenarios.policiesTestCluster(server);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
let firstPolicy = server.db.policies.sort((a, b) => {
|
|
|
|
|
|
return a.name.localeCompare(b.name);
|
|
|
|
|
|
})[0];
|
2022-12-15 18:11:28 +00:00
|
|
|
|
// Create an expired token
|
|
|
|
|
|
server.create('token', {
|
|
|
|
|
|
name: 'Expired Token',
|
|
|
|
|
|
id: 'just-expired',
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
policyIds: [firstPolicy.name],
|
2022-12-15 18:11:28 +00:00
|
|
|
|
expirationTime: new Date(new Date().getTime() - 10 * 60 * 1000), // 10 minutes ago
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = server.db.tokens[0].secretId;
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await visit('/access-control/policies');
|
|
|
|
|
|
assert.dom('[data-test-policy-total-tokens]').exists();
|
2022-12-15 18:11:28 +00:00
|
|
|
|
const expectedFirstPolicyTokens = server.db.tokens.filter((token) => {
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
return token.policyIds.includes(firstPolicy.name);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
});
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-total-tokens]')
|
|
|
|
|
|
.hasText(expectedFirstPolicyTokens.length.toString());
|
|
|
|
|
|
assert.dom('[data-test-policy-expired-tokens]').hasText('(1 expired)');
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = null;
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens are shown on a policy page', async function (assert) {
|
|
|
|
|
|
allScenarios.policiesTestCluster(server);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
let firstPolicy = server.db.policies.sort((a, b) => {
|
|
|
|
|
|
return a.name.localeCompare(b.name);
|
|
|
|
|
|
})[0];
|
|
|
|
|
|
|
2022-12-15 18:11:28 +00:00
|
|
|
|
// Create an expired token
|
|
|
|
|
|
server.create('token', {
|
|
|
|
|
|
name: 'Expired Token',
|
|
|
|
|
|
id: 'just-expired',
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
policyIds: [firstPolicy.name],
|
2022-12-15 18:11:28 +00:00
|
|
|
|
expirationTime: new Date(new Date().getTime() - 10 * 60 * 1000), // 10 minutes ago
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = server.db.tokens[0].secretId;
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await visit('/access-control/policies');
|
|
|
|
|
|
await click('[data-test-policy-name]');
|
|
|
|
|
|
assert.equal(currentURL(), `/access-control/policies/${firstPolicy.name}`);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
|
|
|
|
|
const expectedFirstPolicyTokens = server.db.tokens.filter((token) => {
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
return token.policyIds.includes(firstPolicy.name);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: expectedFirstPolicyTokens.length },
|
|
|
|
|
|
'Expected number of tokens are shown'
|
|
|
|
|
|
);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
|
|
|
|
|
|
const expiredTokenRow = [...findAll('[data-test-policy-token-row]')].find(
|
|
|
|
|
|
(a) => a.textContent.includes('Expired Token')
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom(expiredTokenRow).exists();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(expiredTokenRow.querySelector('[data-test-token-expiration-time]'))
|
|
|
|
|
|
.hasText('10 minutes ago');
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = null;
|
|
|
|
|
|
});
|
|
|
|
|
|
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
test('Tokens Deletion from Policy page', async function (assert) {
|
2022-12-15 18:11:28 +00:00
|
|
|
|
allScenarios.policiesTestCluster(server);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
let testPolicy = server.db.policies.sort((a, b) => {
|
|
|
|
|
|
return a.name.localeCompare(b.name);
|
|
|
|
|
|
})[0];
|
|
|
|
|
|
|
2023-06-22 14:51:07 +00:00
|
|
|
|
const existingTokens = server.db.tokens.filter((t) =>
|
|
|
|
|
|
t.policyIds.includes(testPolicy.name)
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
// Create an expired token
|
|
|
|
|
|
server.create('token', {
|
|
|
|
|
|
name: 'Doomed Token',
|
|
|
|
|
|
id: 'enjoying-my-day-here',
|
2023-06-22 14:51:07 +00:00
|
|
|
|
policyIds: [testPolicy.name],
|
2022-12-15 18:11:28 +00:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = server.db.tokens[0].secretId;
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await visit('/access-control/policies');
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await click('[data-test-policy-name]:first-child');
|
|
|
|
|
|
assert.equal(currentURL(), `/access-control/policies/${testPolicy.name}`);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]')
|
2023-06-22 14:51:07 +00:00
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: existingTokens.length + 1 },
|
|
|
|
|
|
'Expected number of tokens are shown'
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
const doomedTokenRow = [...findAll('[data-test-policy-token-row]')].find(
|
|
|
|
|
|
(a) => a.textContent.includes('Doomed Token')
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(doomedTokenRow).exists();
|
|
|
|
|
|
|
|
|
|
|
|
await click(doomedTokenRow.querySelector('button'));
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]')
|
2023-06-22 14:51:07 +00:00
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: existingTokens.length },
|
|
|
|
|
|
'One fewer token after deletion'
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = null;
|
|
|
|
|
|
});
|
|
|
|
|
|
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
test('Test Token Creation from Policy Page', async function (assert) {
|
2022-12-15 18:11:28 +00:00
|
|
|
|
allScenarios.policiesTestCluster(server);
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
let testPolicy = server.db.policies.sort((a, b) => {
|
|
|
|
|
|
return a.name.localeCompare(b.name);
|
|
|
|
|
|
})[0];
|
|
|
|
|
|
|
2023-06-22 14:51:07 +00:00
|
|
|
|
const existingTokens = server.db.tokens.filter((t) =>
|
|
|
|
|
|
t.policyIds.includes(testPolicy.name)
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = server.db.tokens[0].secretId;
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await visit('/access-control/policies');
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
await click('[data-test-policy-name]');
|
|
|
|
|
|
assert.equal(currentURL(), `/access-control/policies/${testPolicy.name}`);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]')
|
2023-06-22 14:51:07 +00:00
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: existingTokens.length },
|
|
|
|
|
|
'Expected number of tokens are shown'
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
|
|
|
|
|
|
await click('[data-test-create-test-token]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]')
|
2023-06-22 14:51:07 +00:00
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: existingTokens.length + 1 },
|
|
|
|
|
|
'One more token after test token creation'
|
|
|
|
|
|
);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-policy-token-row]:last-child [data-test-token-name]')
|
2023-06-22 14:51:07 +00:00
|
|
|
|
.hasText(`Example Token for ${testPolicy.name}`);
|
2022-12-15 18:11:28 +00:00
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
window.localStorage.nomadTokenSecret = null;
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2019-03-13 00:04:16 +00:00
|
|
|
|
function getHeader({ requestHeaders }, name) {
|
|
|
|
|
|
// Headers are case-insensitive, but object property look up is not
|
|
|
|
|
|
return (
|
2019-03-13 01:09:19 +00:00
|
|
|
|
requestHeaders[name] ||
|
|
|
|
|
|
requestHeaders[name.toLowerCase()] ||
|
|
|
|
|
|
requestHeaders[name.toUpperCase()]
|
2019-03-13 00:04:16 +00:00
|
|
|
|
);
|
|
|
|
|
|
}
|
[ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) (#18599)
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
2023-09-27 21:02:48 +00:00
|
|
|
|
|
|
|
|
|
|
module('Roles', function (hooks) {
|
|
|
|
|
|
// Set up a token with a role
|
|
|
|
|
|
hooks.beforeEach(function () {
|
|
|
|
|
|
window.localStorage.clear();
|
|
|
|
|
|
window.sessionStorage.clear();
|
|
|
|
|
|
faker.seed(1);
|
|
|
|
|
|
allScenarios.rolesTestCluster(server);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Policies are derived from role', async function (assert) {
|
|
|
|
|
|
assert.expect(19);
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
|
|
|
|
|
|
let token;
|
|
|
|
|
|
|
|
|
|
|
|
// User with 1 role, containing 1 policy, and no direct policies
|
|
|
|
|
|
token = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'High Level Role Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(token.secretId).submit();
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-role]').exists({ count: 1 });
|
|
|
|
|
|
assert.dom('[data-test-role-name]').hasText('high-level');
|
|
|
|
|
|
assert.dom('[data-test-role-policies] li').exists({ count: 1 });
|
|
|
|
|
|
assert.dom('[data-test-role-policies] li').hasText('job-writer');
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-policy]').exists({ count: 1 });
|
|
|
|
|
|
assert.dom('[data-test-policy-name]').hasText('job-writer');
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
|
|
|
|
|
|
// User with 1 role, containing 2 policies, and a direct policy
|
|
|
|
|
|
token = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'Policy And Role Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(token.secretId).submit();
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-role]').exists({ count: 1 });
|
|
|
|
|
|
assert.dom('[data-test-role-name]').hasText('reader');
|
|
|
|
|
|
assert.dom('[data-test-role-policies] li').exists({ count: 2 });
|
|
|
|
|
|
let policyLinks = findAll('[data-test-role-policies] li');
|
|
|
|
|
|
assert.dom(policyLinks[0]).hasText('client-reader');
|
|
|
|
|
|
assert.dom(policyLinks[1]).hasText('job-reader');
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-policy]').exists({ count: 3 });
|
|
|
|
|
|
let policyBlocks = findAll('[data-test-policy-name]');
|
|
|
|
|
|
assert.dom(policyBlocks[0]).hasText('operator');
|
|
|
|
|
|
assert.dom(policyBlocks[1]).hasText('client-reader');
|
|
|
|
|
|
assert.dom(policyBlocks[2]).hasText('job-reader');
|
|
|
|
|
|
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
|
|
|
|
|
|
// User with 2 roles, each containing 1 policy, and one of the policies is also directly on their token
|
|
|
|
|
|
token = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'Multi Role And Policy Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(token.secretId).submit();
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(token.roleIds.length, 2);
|
|
|
|
|
|
assert.equal(token.policyIds.length, 1);
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-role]').exists({ count: 2 });
|
|
|
|
|
|
assert.dom('[data-test-token-policy]').exists({ count: 2 });
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Token priveleges are derived from role', async function (assert) {
|
|
|
|
|
|
// First, check that a node reader can read nodes if the policy to do so only exists at their role level
|
|
|
|
|
|
await visit('/clients');
|
|
|
|
|
|
// Expect to see some nodes
|
|
|
|
|
|
let nodes = server.db.nodes;
|
|
|
|
|
|
assert.dom('[data-test-client-node-row]').exists({ count: nodes.length });
|
|
|
|
|
|
|
|
|
|
|
|
// Head back and sign in as Clientless Role Token
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
let token = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'Clientless Role Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(token.secretId).submit();
|
|
|
|
|
|
|
|
|
|
|
|
await visit('/clients');
|
|
|
|
|
|
// Expect no rows, and a denied message
|
|
|
|
|
|
assert.dom('[data-test-client-node-row]').doesNotExist();
|
|
|
|
|
|
assert.dom('[data-test-error]').exists();
|
|
|
|
|
|
|
|
|
|
|
|
// Pop over to the jobs page and make sure the Run button is disabled
|
|
|
|
|
|
await visit('/jobs');
|
|
|
|
|
|
assert.dom('[data-test-run-job]').hasTagName('button');
|
|
|
|
|
|
assert.dom('[data-test-run-job]').isDisabled();
|
|
|
|
|
|
|
|
|
|
|
|
// Sign out, and sign back in as a high-level role token
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
token = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'High Level Role Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
await Tokens.secret(token.secretId).submit();
|
|
|
|
|
|
|
|
|
|
|
|
await visit('/jobs');
|
|
|
|
|
|
// Expect the Run button/link to work now
|
|
|
|
|
|
assert.dom('[data-test-run-job]').hasTagName('a');
|
|
|
|
|
|
assert.dom('[data-test-run-job]').hasAttribute('href', '/ui/jobs/run');
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
module('Access Control Tokens section', function (hooks) {
|
|
|
|
|
|
hooks.beforeEach(async function () {
|
|
|
|
|
|
window.localStorage.clear();
|
|
|
|
|
|
window.sessionStorage.clear();
|
|
|
|
|
|
faker.seed(1);
|
|
|
|
|
|
allScenarios.rolesTestCluster(server);
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
const managementToken = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.type === 'management'
|
|
|
|
|
|
);
|
|
|
|
|
|
const { secretId } = managementToken;
|
|
|
|
|
|
await Tokens.secret(secretId).submit();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
hooks.afterEach(async function () {
|
|
|
|
|
|
await Tokens.visit();
|
|
|
|
|
|
await Tokens.clear();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, general', async function (assert) {
|
|
|
|
|
|
assert.equal(currentURL(), '/access-control/tokens');
|
|
|
|
|
|
// Number of token rows equivalent to number in db
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-row]')
|
|
|
|
|
|
.exists({ count: server.db.tokens.length });
|
|
|
|
|
|
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, management token handling', async function (assert) {
|
|
|
|
|
|
// two management tokens, one of which is yours; yours cannot be deleted or clicked into.
|
|
|
|
|
|
assert.dom('[data-test-token-type="management"]').exists({ count: 2 });
|
|
|
|
|
|
const managementToken = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.type === 'management'
|
|
|
|
|
|
);
|
|
|
|
|
|
const managementTokenRow = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) => row.textContent.includes(managementToken.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
const otherManagerRow = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) =>
|
|
|
|
|
|
row.textContent.includes('management') &&
|
|
|
|
|
|
!row.textContent.includes(managementToken.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(managementTokenRow.querySelector('[data-test-token-name] a'))
|
|
|
|
|
|
.doesNotExist('Cannot click into and edit your own token');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(otherManagerRow.querySelector('[data-test-token-name] a'))
|
|
|
|
|
|
.exists('Can click into and edit another manager token');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(
|
|
|
|
|
|
managementTokenRow.querySelector('[data-test-delete-token] button')
|
|
|
|
|
|
)
|
|
|
|
|
|
.isDisabled('Cannot delete your own token');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(otherManagerRow.querySelector('[data-test-delete-token] button'))
|
|
|
|
|
|
.isNotDisabled('Can delete another manager token');
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, table sorting', async function (assert) {
|
|
|
|
|
|
const nameCells = findAll('[data-test-token-name]');
|
|
|
|
|
|
const nameCellText = nameCells.map((cell) => cell.textContent.trim());
|
|
|
|
|
|
const sortedNameCellText = nameCellText.slice().sort();
|
|
|
|
|
|
assert.deepEqual(
|
|
|
|
|
|
nameCellText,
|
|
|
|
|
|
sortedNameCellText,
|
|
|
|
|
|
'Names are sorted alphabetically'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
// Click on the first thead tr th to reverse
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('table.acl-table thead tr th')
|
|
|
|
|
|
.hasAttribute('aria-sort', 'ascending');
|
|
|
|
|
|
await click('table.acl-table thead tr th button');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('table.acl-table thead tr th')
|
|
|
|
|
|
.hasAttribute('aria-sort', 'descending');
|
|
|
|
|
|
|
|
|
|
|
|
const reversedNameCells = findAll('[data-test-token-name]');
|
|
|
|
|
|
const reversedNameCellText = reversedNameCells.map((cell) =>
|
|
|
|
|
|
cell.textContent.trim()
|
|
|
|
|
|
);
|
|
|
|
|
|
const reversedSortedNameCellText = nameCellText.slice().sort().reverse();
|
|
|
|
|
|
|
|
|
|
|
|
assert.deepEqual(
|
|
|
|
|
|
reversedNameCellText,
|
|
|
|
|
|
reversedSortedNameCellText,
|
|
|
|
|
|
'Names are reversed alphabetically'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, deletion', async function (assert) {
|
|
|
|
|
|
const numberOfTokens = server.db.tokens.length;
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-row]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: numberOfTokens },
|
|
|
|
|
|
'Number of tokens matches number in db'
|
|
|
|
|
|
);
|
|
|
|
|
|
const tokenToDelete = server.db.tokens.findBy((t) => t.type === 'client');
|
|
|
|
|
|
const tokenRowToDelete = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) => row.textContent.includes(tokenToDelete.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
await click(
|
|
|
|
|
|
tokenRowToDelete.querySelector('[data-test-delete-token] button')
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-row]')
|
|
|
|
|
|
.exists(
|
|
|
|
|
|
{ count: numberOfTokens - 1 },
|
|
|
|
|
|
'Number of token rows decreased after deletion'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const nameCells = findAll('[data-test-token-name]');
|
|
|
|
|
|
const nameCellText = nameCells.map((cell) => cell.textContent.trim());
|
|
|
|
|
|
assert.notOk(
|
|
|
|
|
|
nameCellText.includes(tokenToDelete.name),
|
|
|
|
|
|
'Deleted token name not found among name cells'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, clicking into a token page', async function (assert) {
|
|
|
|
|
|
const tokenToClick = server.db.tokens.findBy((t) => t.type === 'client');
|
|
|
|
|
|
const tokenRowToClick = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) => row.textContent.includes(tokenToClick.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
await click(tokenRowToClick.querySelector('[data-test-token-name] a'));
|
|
|
|
|
|
assert.equal(currentURL(), `/access-control/tokens/${tokenToClick.id}`);
|
|
|
|
|
|
assert.dom('[data-test-token-name-input]').hasValue(tokenToClick.name);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Tokens index, roles and policies attached to a token show up as links', async function (assert) {
|
|
|
|
|
|
// Staying on the index page, Rows should have a Roles column with either "No Roles" or a bunch of links to roles. Ditto policies.
|
|
|
|
|
|
const tokenWithRolesAndPolicies = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'Multi Role And Policy Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
const tokenRowWithRolesAndPolicies = [
|
|
|
|
|
|
...findAll('[data-test-token-row]'),
|
|
|
|
|
|
].find((row) => row.textContent.includes(tokenWithRolesAndPolicies.name));
|
|
|
|
|
|
const rolesCell = tokenRowWithRolesAndPolicies.querySelector(
|
|
|
|
|
|
'[data-test-token-roles]'
|
|
|
|
|
|
);
|
|
|
|
|
|
const policiesCell = tokenRowWithRolesAndPolicies.querySelector(
|
|
|
|
|
|
'[data-test-token-policies]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(rolesCell).exists();
|
|
|
|
|
|
assert.dom(policiesCell).exists();
|
|
|
|
|
|
|
|
|
|
|
|
const rolesCellTags = rolesCell
|
|
|
|
|
|
.querySelector('.tag-group')
|
|
|
|
|
|
.querySelectorAll('span');
|
|
|
|
|
|
const policiesCellTags = policiesCell
|
|
|
|
|
|
.querySelector('.tag-group')
|
|
|
|
|
|
.querySelectorAll('span');
|
|
|
|
|
|
assert.equal(rolesCellTags.length, 2);
|
|
|
|
|
|
assert.equal(policiesCellTags.length, 1);
|
|
|
|
|
|
|
|
|
|
|
|
const policyLessToken = server.db.tokens.findBy(
|
|
|
|
|
|
(t) => t.name === 'High Level Role Token'
|
|
|
|
|
|
);
|
|
|
|
|
|
const policyLessTokenRow = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) => row.textContent.includes(policyLessToken.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
const rolesCell2 = policyLessTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-roles]'
|
|
|
|
|
|
);
|
|
|
|
|
|
const policiesCell2 = policyLessTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-policies]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(rolesCell2).exists();
|
|
|
|
|
|
assert.dom(policiesCell2).exists();
|
|
|
|
|
|
|
|
|
|
|
|
const rolesCellTags2 = rolesCell2
|
|
|
|
|
|
.querySelector('.tag-group')
|
|
|
|
|
|
.querySelectorAll('span');
|
|
|
|
|
|
const policiesCellTags2 = policiesCell2
|
|
|
|
|
|
.querySelector('.tag-group')
|
|
|
|
|
|
.querySelectorAll('span');
|
|
|
|
|
|
assert.equal(rolesCellTags2.length, 1);
|
|
|
|
|
|
assert.equal(policiesCellTags2.length, 0);
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Token page, general', async function (assert) {
|
|
|
|
|
|
const token = server.db.tokens.findBy((t) => t.id === 'cl4y-t0k3n');
|
|
|
|
|
|
await visit(`/access-control/tokens/${token.id}`);
|
|
|
|
|
|
assert.dom('[data-test-token-name-input]').hasValue(token.name);
|
|
|
|
|
|
assert.dom('[data-test-token-accessor]').hasValue(token.accessorId);
|
|
|
|
|
|
assert.dom('[data-test-token-secret]').hasValue(token.secretId);
|
|
|
|
|
|
assert.dom('[data-test-token-type="client"]').isChecked();
|
|
|
|
|
|
assert.dom('[data-test-token-type="management"]').isNotChecked();
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('.expiration-time').hasText('Token expires in an hour');
|
|
|
|
|
|
|
|
|
|
|
|
assert.dom('[data-test-token-roles]').exists();
|
|
|
|
|
|
assert.dom('[data-test-token-policies]').exists();
|
|
|
|
|
|
|
|
|
|
|
|
// All possible policies are shown
|
|
|
|
|
|
const allPolicies = server.db.policies;
|
|
|
|
|
|
const allPolicyRows = findAll('[data-test-token-policies] tbody tr');
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
allPolicyRows.length,
|
|
|
|
|
|
allPolicies.length,
|
|
|
|
|
|
'All policies are shown'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
// The policies/roles belonging to this token are checked
|
|
|
|
|
|
const tokenPolicies = token.policyIds;
|
|
|
|
|
|
|
|
|
|
|
|
const checkedPolicyRows = findAll(
|
|
|
|
|
|
'[data-test-token-policies] tbody tr input:checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
checkedPolicyRows.length,
|
|
|
|
|
|
tokenPolicies.length,
|
|
|
|
|
|
'All policies belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const checkedPolicyNames = checkedPolicyRows.map((row) =>
|
|
|
|
|
|
row
|
|
|
|
|
|
.closest('tr')
|
|
|
|
|
|
.querySelector('[data-test-policy-name]')
|
|
|
|
|
|
.textContent.trim()
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.deepEqual(
|
|
|
|
|
|
checkedPolicyNames.sort(),
|
|
|
|
|
|
tokenPolicies.sort(),
|
|
|
|
|
|
'All policies belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const allRoles = server.db.roles;
|
|
|
|
|
|
const allRoleRows = findAll('[data-test-token-roles] tbody tr');
|
|
|
|
|
|
assert.equal(allRoleRows.length, allRoles.length, 'All roles are shown');
|
|
|
|
|
|
|
|
|
|
|
|
const tokenRoles = token.roleIds;
|
|
|
|
|
|
|
|
|
|
|
|
const checkedRoleRows = findAll(
|
|
|
|
|
|
'[data-test-token-roles] tbody tr input:checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
checkedRoleRows.length,
|
|
|
|
|
|
tokenRoles.length,
|
|
|
|
|
|
'All roles belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const checkedRoleNames = checkedRoleRows.map((row) =>
|
|
|
|
|
|
row
|
|
|
|
|
|
.closest('tr')
|
|
|
|
|
|
.querySelector('[data-test-role-name]')
|
|
|
|
|
|
.textContent.trim()
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert.deepEqual(
|
|
|
|
|
|
checkedRoleNames.sort(),
|
|
|
|
|
|
tokenRoles.sort(),
|
|
|
|
|
|
'All roles belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
});
|
|
|
|
|
|
test('Token name can be edited', async function (assert) {
|
|
|
|
|
|
const token = server.db.tokens.findBy((t) => t.id === 'cl4y-t0k3n');
|
|
|
|
|
|
await visit(`/access-control/tokens/${token.id}`);
|
|
|
|
|
|
assert.dom('[data-test-token-name-input]').hasValue(token.name);
|
|
|
|
|
|
await fillIn('[data-test-token-name-input]', 'Mud-Token');
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
assert.dom('[data-test-token-name="Mud-Token"]').exists({ count: 1 });
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
test('Token policies and roles can be edited', async function (assert) {
|
|
|
|
|
|
const token = server.db.tokens.findBy((t) => t.id === 'cl4y-t0k3n');
|
|
|
|
|
|
await visit(`/access-control/tokens/${token.id}`);
|
|
|
|
|
|
|
|
|
|
|
|
// The policies/roles belonging to this token are checked
|
|
|
|
|
|
const tokenPolicies = token.policyIds;
|
|
|
|
|
|
|
|
|
|
|
|
const checkedPolicyRows = findAll(
|
|
|
|
|
|
'[data-test-token-policies] tbody tr input:checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
assert.equal(
|
|
|
|
|
|
checkedPolicyRows.length,
|
|
|
|
|
|
tokenPolicies.length,
|
|
|
|
|
|
'All policies belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
const checkedPolicyNames = checkedPolicyRows.map((row) =>
|
|
|
|
|
|
row
|
|
|
|
|
|
.closest('tr')
|
|
|
|
|
|
.querySelector('[data-test-policy-name]')
|
|
|
|
|
|
.textContent.trim()
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.deepEqual(
|
|
|
|
|
|
checkedPolicyNames.sort(),
|
|
|
|
|
|
tokenPolicies.sort(),
|
|
|
|
|
|
'All policies belonging to this token are checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
// Try unchecking ALL checked roles and policies and saving
|
|
|
|
|
|
// First, find all checked ones
|
|
|
|
|
|
const checkedPolicies = findAll(
|
|
|
|
|
|
'[data-test-token-policies] tbody tr input:checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
const checkedRoles = findAll(
|
|
|
|
|
|
'[data-test-token-roles] tbody tr input:checked'
|
|
|
|
|
|
);
|
|
|
|
|
|
// Then uncheck them
|
|
|
|
|
|
checkedPolicies.forEach((policy) => {
|
|
|
|
|
|
policy.click();
|
|
|
|
|
|
});
|
|
|
|
|
|
checkedRoles.forEach((role) => {
|
|
|
|
|
|
role.click();
|
|
|
|
|
|
});
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-critical').exists();
|
|
|
|
|
|
|
|
|
|
|
|
// Try selecting a single role
|
|
|
|
|
|
await click('[data-test-token-roles] tbody tr input');
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
// Policies cell for our clay token should read "No Policies"
|
|
|
|
|
|
const clayToken = server.db.tokens.findBy((t) => t.id === 'cl4y-t0k3n');
|
|
|
|
|
|
const clayTokenRow = [...findAll('[data-test-token-row]')].find((row) =>
|
|
|
|
|
|
row.textContent.includes(clayToken.name)
|
|
|
|
|
|
);
|
|
|
|
|
|
const policiesCell = clayTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-policies]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(policiesCell).exists();
|
|
|
|
|
|
assert.dom(policiesCell).hasText('No Policies');
|
|
|
|
|
|
|
|
|
|
|
|
// Roles cell should have 1 tag
|
|
|
|
|
|
const rolesCell = clayTokenRow.querySelector('[data-test-token-roles]');
|
|
|
|
|
|
const rolesCellTags = rolesCell
|
|
|
|
|
|
.querySelector('.tag-group')
|
|
|
|
|
|
.querySelectorAll('span');
|
|
|
|
|
|
assert.equal(rolesCellTags.length, 1);
|
|
|
|
|
|
});
|
|
|
|
|
|
test('Token can be deleted', async function (assert) {
|
|
|
|
|
|
const token = server.db.tokens.findBy((t) => t.id === 'cl4y-t0k3n');
|
|
|
|
|
|
await visit(`/access-control/tokens/${token.id}`);
|
|
|
|
|
|
await click('[data-test-delete-token]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
assert.dom('[data-test-token-name="cl4y-t0k3n"]').doesNotExist();
|
|
|
|
|
|
});
|
|
|
|
|
|
test('New Token creation', async function (assert) {
|
|
|
|
|
|
await click('[data-test-create-token]');
|
|
|
|
|
|
assert.equal(currentURL(), '/access-control/tokens/new');
|
|
|
|
|
|
await fillIn('[data-test-token-name-input]', 'Timeless Token');
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-name="Timeless Token"]')
|
|
|
|
|
|
.exists({ count: 1 });
|
|
|
|
|
|
const newTokenRow = [...findAll('[data-test-token-row]')].find((row) =>
|
|
|
|
|
|
row.textContent.includes('Timeless Token')
|
|
|
|
|
|
);
|
|
|
|
|
|
const newTokenExpirationCell = newTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-expiration-time]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(newTokenExpirationCell).hasText('Never');
|
|
|
|
|
|
|
|
|
|
|
|
// Now create one with a TTL
|
|
|
|
|
|
await click('[data-test-create-token]');
|
|
|
|
|
|
assert.equal(currentURL(), '/access-control/tokens/new');
|
|
|
|
|
|
await fillIn('[data-test-token-name-input]', 'TTL Token');
|
|
|
|
|
|
// Select the "8 hours" radio within the .expiration-time div
|
|
|
|
|
|
await click('.expiration-time input[value="8h"]');
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
assert.dom('[data-test-token-name="TTL Token"]').exists({ count: 1 });
|
|
|
|
|
|
const ttlTokenRow = [...findAll('[data-test-token-row]')].find((row) =>
|
|
|
|
|
|
row.textContent.includes('TTL Token')
|
|
|
|
|
|
);
|
|
|
|
|
|
const ttlTokenExpirationCell = ttlTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-expiration-time]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert.dom(ttlTokenExpirationCell).hasText('in 8 hours');
|
|
|
|
|
|
|
|
|
|
|
|
// Now create one with an expiration time
|
|
|
|
|
|
await click('[data-test-create-token]');
|
|
|
|
|
|
assert.equal(currentURL(), '/access-control/tokens/new');
|
|
|
|
|
|
await fillIn('[data-test-token-name-input]', 'Expiring Token');
|
|
|
|
|
|
// select the Custom radio button
|
|
|
|
|
|
await click('.expiration-time input[value="custom"]');
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-expiration-time-input]')
|
|
|
|
|
|
.exists('HTML datetime-local picker exists');
|
|
|
|
|
|
await percySnapshot(assert);
|
|
|
|
|
|
// select a date/time for 100 minutes into the future in GMT
|
|
|
|
|
|
const soon = new Date();
|
|
|
|
|
|
soon.setMinutes(soon.getMinutes() + 100);
|
|
|
|
|
|
var tzoffset = new Date().getTimezoneOffset() * 60000; //offset in milliseconds
|
|
|
|
|
|
var soonString = new Date(soon - tzoffset).toISOString().slice(0, -1);
|
|
|
|
|
|
await fillIn('[data-test-token-expiration-time-input]', soonString);
|
|
|
|
|
|
await click('[data-test-token-save]');
|
|
|
|
|
|
assert.dom('.flash-message.alert-success').exists();
|
|
|
|
|
|
await AccessControl.visitTokens();
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom('[data-test-token-name="Expiring Token"]')
|
|
|
|
|
|
.exists({ count: 1 });
|
|
|
|
|
|
const expiringTokenRow = [...findAll('[data-test-token-row]')].find(
|
|
|
|
|
|
(row) => row.textContent.includes('Expiring Token')
|
|
|
|
|
|
);
|
|
|
|
|
|
const expiringTokenExpirationCell = expiringTokenRow.querySelector(
|
|
|
|
|
|
'[data-test-token-expiration-time]'
|
|
|
|
|
|
);
|
|
|
|
|
|
assert
|
|
|
|
|
|
.dom(expiringTokenExpirationCell)
|
|
|
|
|
|
.hasText('in 2 hours', 'Expiration time is relativized and rounded');
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
2019-03-13 00:04:16 +00:00
|
|
|
|
});
|