luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-nomad/ui/tests/unit/abilities/job-test.js

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

277 lines
7.4 KiB
JavaScript
Raw Normal View History

[COMPLIANCE] Add Copyright and License Headers
2023-04-10 15:36:59 +00:00
/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
Add Ember ESLint plugin (#8134) This is extracted from #8094, where I have run into some snags. Since these ESLint fixes aren’t actually connected to the Ember 3.16 update but involve changes to many files, we might as well address them separately. Where possible I fixed the problems but in cases where a fix seemed too involved, I added per-line or -file exceptions.
2020-06-09 21:03:28 +00:00
/* eslint-disable ember/avoid-leaking-state-in-ember-objects */
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
import { module, test } from 'qunit';
import { setupTest } from 'ember-qunit';
import Service from '@ember/service';
Refactor ability tests to use a setup hook for ability lookup
2020-01-28 01:32:29 +00:00
import setupAbility from 'nomad-ui/tests/helpers/setup-ability';
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
module('Unit | Ability | job', function (hooks) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
setupTest(hooks);
Refactor ability tests to use a setup hook for ability lookup
2020-01-28 01:32:29 +00:00
setupAbility('job')(hooks);
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it permits job run when ACLs are disabled', function (assert) {
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
const mockToken = Service.extend({
aclEnabled: false,
});
this.owner.register('service:token', mockToken);
assert.ok(this.ability.canRun);
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it permits job run for management tokens', function (assert) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
const mockToken = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
selfToken: { type: 'management' },
});
this.owner.register('service:token', mockToken);
Refactor ability tests to use a setup hook for ability lookup
2020-01-28 01:32:29 +00:00
assert.ok(this.ability.canRun);
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it permits job run for client tokens with a policy that has namespace submit-job', function (assert) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
const mockSystem = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
const mockToken = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
selfToken: { type: 'client' },
selfTokenPolicies: [
{
rulesJSON: {
Namespaces: [
{
Name: 'aNamespace',
Capabilities: ['submit-job'],
},
],
},
},
],
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.can('run job', null, { namespace: 'aNamespace' }));
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it permits job run for client tokens with a policy that has default namespace submit-job and no capabilities for active namespace', function (assert) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
const mockSystem = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
const mockToken = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
selfToken: { type: 'client' },
selfTokenPolicies: [
{
rulesJSON: {
Namespaces: [
{
Name: 'aNamespace',
Capabilities: [],
},
{
Name: 'default',
Capabilities: ['submit-job'],
},
],
},
},
],
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.can('run job', null, { namespace: 'anotherNamespace' }));
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it blocks job run for client tokens with a policy that has no submit-job capability', function (assert) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
const mockSystem = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
const mockToken = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
selfToken: { type: 'client' },
selfTokenPolicies: [
{
rulesJSON: {
Namespaces: [
{
Name: 'aNamespace',
Capabilities: ['list-jobs'],
},
],
},
},
],
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.cannot('run job', null, { namespace: 'aNamespace' }));
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('job scale requires a client token with the submit-job or scale-job capability', function (assert) {
Add canScale ability for jobs
2020-06-18 05:44:35 +00:00
const makePolicies = (namespace, ...capabilities) => [
{
rulesJSON: {
Namespaces: [
{
Name: namespace,
Capabilities: capabilities,
},
],
},
},
];
const mockSystem = Service.extend({
aclEnabled: true,
});
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
selfTokenPolicies: makePolicies('aNamespace'),
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
const tokenService = this.owner.lookup('service:token');
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.cannot('scale job', null, { namespace: 'aNamespace' }));
Add canScale ability for jobs
2020-06-18 05:44:35 +00:00
ui: prettify js files
2021-12-28 16:08:12 +00:00
tokenService.set(
'selfTokenPolicies',
makePolicies('aNamespace', 'scale-job')
);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.can('scale job', null, { namespace: 'aNamespace' }));
Add canScale ability for jobs
2020-06-18 05:44:35 +00:00
ui: prettify js files
2021-12-28 16:08:12 +00:00
tokenService.set(
'selfTokenPolicies',
makePolicies('aNamespace', 'submit-job')
);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.can('scale job', null, { namespace: 'aNamespace' }));
Add canScale ability for jobs
2020-06-18 05:44:35 +00:00
ui: prettify js files
2021-12-28 16:08:12 +00:00
tokenService.set(
'selfTokenPolicies',
makePolicies('bNamespace', 'scale-job')
);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.cannot('scale job', null, { namespace: 'aNamespace' }));
Add canScale ability for jobs
2020-06-18 05:44:35 +00:00
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('job dispatch requires a client token with the dispatch-job capability', function (assert) {
ui: add parameterized dispatch interface (#10675) * ui: add parameterized dispatch interface This commit adds a new interface for dispatching parameteried jobs, if the user has the right permissions. The UI can be accessed by viewing a parameterized job and clicking on the "Dispatch Job" button located in the "Job Launches" section. * fix failing lint test * clean up dispatch and remove meta This commit cleans up a few things that had typos and inconsistent naming. In line with this, the custom `meta` view was removed in favor of using the included `AttributesTable`. * ui: encode dispatch job payload and start adding tests * ui: remove unused test imports * ui: redesign job dispatch form * ui: initial acceptance tests for dispatch job * ui: generate parameterized job children with correct id format * ui: fix job dispatch breadcrumb link * ui: refactor job dispatch component into glimmer component and add form validation * ui: remove unused CSS class * ui: align job dispatch button * ui: handle namespace-specific requests on job dispatch * ui: rename payloadMissing to payloadHasError * ui: don't re-fetch job spec on dispatch job * ui: keep overview tab selected on job dispatch page * ui: fix task and task-group linting * ui: URL encode job id on dispatch job tests * ui: fix error when job meta is null * ui: handle job dispatch from adapter * ui: add more tests for dispatch job page * ui: add "job dispatch" capability check * ui: update job dispatch from code review Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-07-20 22:27:41 +00:00
const makePolicies = (namespace, ...capabilities) => [
{
rulesJSON: {
Namespaces: [
{
Name: namespace,
Capabilities: capabilities,
},
],
},
},
];
const mockSystem = Service.extend({
aclEnabled: true,
});
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
selfTokenPolicies: makePolicies('aNamespace'),
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
const tokenService = this.owner.lookup('service:token');
ui: prettify js files
2021-12-28 16:08:12 +00:00
assert.ok(
this.can.cannot('dispatch job', null, { namespace: 'aNamespace' })
);
ui: add parameterized dispatch interface (#10675) * ui: add parameterized dispatch interface This commit adds a new interface for dispatching parameteried jobs, if the user has the right permissions. The UI can be accessed by viewing a parameterized job and clicking on the "Dispatch Job" button located in the "Job Launches" section. * fix failing lint test * clean up dispatch and remove meta This commit cleans up a few things that had typos and inconsistent naming. In line with this, the custom `meta` view was removed in favor of using the included `AttributesTable`. * ui: encode dispatch job payload and start adding tests * ui: remove unused test imports * ui: redesign job dispatch form * ui: initial acceptance tests for dispatch job * ui: generate parameterized job children with correct id format * ui: fix job dispatch breadcrumb link * ui: refactor job dispatch component into glimmer component and add form validation * ui: remove unused CSS class * ui: align job dispatch button * ui: handle namespace-specific requests on job dispatch * ui: rename payloadMissing to payloadHasError * ui: don't re-fetch job spec on dispatch job * ui: keep overview tab selected on job dispatch page * ui: fix task and task-group linting * ui: URL encode job id on dispatch job tests * ui: fix error when job meta is null * ui: handle job dispatch from adapter * ui: add more tests for dispatch job page * ui: add "job dispatch" capability check * ui: update job dispatch from code review Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-07-20 22:27:41 +00:00
ui: prettify js files
2021-12-28 16:08:12 +00:00
tokenService.set(
'selfTokenPolicies',
makePolicies('aNamespace', 'dispatch-job')
);
ui: add parameterized dispatch interface (#10675) * ui: add parameterized dispatch interface This commit adds a new interface for dispatching parameteried jobs, if the user has the right permissions. The UI can be accessed by viewing a parameterized job and clicking on the "Dispatch Job" button located in the "Job Launches" section. * fix failing lint test * clean up dispatch and remove meta This commit cleans up a few things that had typos and inconsistent naming. In line with this, the custom `meta` view was removed in favor of using the included `AttributesTable`. * ui: encode dispatch job payload and start adding tests * ui: remove unused test imports * ui: redesign job dispatch form * ui: initial acceptance tests for dispatch job * ui: generate parameterized job children with correct id format * ui: fix job dispatch breadcrumb link * ui: refactor job dispatch component into glimmer component and add form validation * ui: remove unused CSS class * ui: align job dispatch button * ui: handle namespace-specific requests on job dispatch * ui: rename payloadMissing to payloadHasError * ui: don't re-fetch job spec on dispatch job * ui: keep overview tab selected on job dispatch page * ui: fix task and task-group linting * ui: URL encode job id on dispatch job tests * ui: fix error when job meta is null * ui: handle job dispatch from adapter * ui: add more tests for dispatch job page * ui: add "job dispatch" capability check * ui: update job dispatch from code review Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
2021-07-20 22:27:41 +00:00
assert.ok(this.can.can('dispatch job', null, { namespace: 'aNamespace' }));
});
ui: fix auto-fixable linting errors
2021-12-28 14:45:20 +00:00
test('it handles globs in namespace names', function (assert) {
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
const mockSystem = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
const mockToken = Service.extend({
Account for disabled ACLs in ability tests
2020-01-31 00:34:35 +00:00
aclEnabled: true,
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
selfToken: { type: 'client' },
selfTokenPolicies: [
{
rulesJSON: {
Namespaces: [
{
Name: 'production-*',
Capabilities: ['submit-job'],
},
{
Name: 'production-api',
Capabilities: ['submit-job'],
},
{
Name: 'production-web',
Capabilities: [],
},
{
Name: '*-suffixed',
Capabilities: ['submit-job'],
},
{
Name: '*-more-suffixed',
Capabilities: [],
},
{
Name: '*-abc-*',
Capabilities: ['submit-job'],
},
],
},
},
],
});
this.owner.register('service:system', mockSystem);
this.owner.register('service:token', mockToken);
ui: prettify js files
2021-12-28 16:08:12 +00:00
assert.ok(
[bugfix, ui] Allow running jobs from a namespace-limited token (#13659) * Allow running jobs from a namespace-limited token * qpNamespace cleanup * Looks like parse can deal with a * namespace * A little diff cleanup * Defensive destructuring * Removing accidental friendly-fire on can-scale * Testfix: Job run buttons from jobs index * Testfix: activeRegion job adapter string * Testfix: unit tests for job abilities correctly reflect the any-namespace rule * Testfix: job editor test looks for requests with namespace applied on plan
2022-07-11 16:33:17 +00:00
this.can.can(
'run job',
null,
{ namespace: 'production-web' },
'The existence of a single namespace where a job can be run means that can run is enabled'
)
ui: prettify js files
2021-12-28 16:08:12 +00:00
);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(this.can.can('run job', null, { namespace: 'production-api' }));
assert.ok(this.can.can('run job', null, { namespace: 'production-other' }));
assert.ok(
ui: prettify js files
2021-12-28 16:08:12 +00:00
this.can.can('run job', null, { namespace: 'something-suffixed' })
);
ui: Update namespaces design (#10444) This rethinks namespaces as a filter on list pages rather than a global setting. The biggest net-new feature here is being able to select All (*) to list all jobs or CSI volumes across namespaces.
2021-04-29 20:00:59 +00:00
assert.ok(
this.can.can('run job', null, { namespace: '000-abc-999' }),
'expected to be able to match against more than one wildcard'
);
ui: Change Run Job availability based on ACLs (#5944) This builds on API changes in #6017 and #6021 to conditionally turn off the “Run Job” button based on the current token’s capabilities, or the capabilities of the anonymous policy if no token is present. If you try to visit the job-run route directly, it redirects to the job list.
2020-01-20 20:57:01 +00:00
});
});
Reference in a new issue Copy permalink