open-nomad/command/agent/agent_endpoint_test.go

968 lines
26 KiB
Go
Raw Normal View History

2015-09-07 02:08:05 +00:00
package agent
import (
"bytes"
"encoding/json"
2015-09-07 02:08:05 +00:00
"fmt"
2019-10-15 14:33:07 +00:00
"io/ioutil"
2018-01-26 19:12:09 +00:00
"net"
2015-09-07 02:08:05 +00:00
"net/http"
"net/http/httptest"
"net/url"
"strings"
2015-09-07 02:08:05 +00:00
"testing"
2018-01-26 19:12:09 +00:00
"time"
2018-01-26 19:12:09 +00:00
msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc"
2017-10-06 19:02:53 +00:00
"github.com/hashicorp/nomad/acl"
2018-01-26 19:12:09 +00:00
"github.com/hashicorp/nomad/helper/pool"
2017-10-06 19:02:53 +00:00
"github.com/hashicorp/nomad/nomad/mock"
"github.com/hashicorp/nomad/nomad/structs"
"github.com/hashicorp/nomad/testutil"
"github.com/stretchr/testify/require"
2015-09-07 02:08:05 +00:00
)
func TestHTTP_AgentSelf(t *testing.T) {
2017-07-20 05:42:15 +00:00
t.Parallel()
require := require.New(t)
2017-07-20 05:14:36 +00:00
httpTest(t, nil, func(s *TestAgent) {
2015-09-07 02:08:05 +00:00
// Make the HTTP request
req, err := http.NewRequest("GET", "/v1/agent/self", nil)
require.NoError(err)
2015-09-07 02:08:05 +00:00
respW := httptest.NewRecorder()
// Make the request
obj, err := s.Server.AgentSelfRequest(respW, req)
require.NoError(err)
2015-09-07 02:08:05 +00:00
// Check the job
self := obj.(agentSelf)
require.NotNil(self.Config)
require.NotNil(self.Config.ACL)
require.NotEmpty(self.Stats)
// Check the Vault config
require.Empty(self.Config.Vault.Token)
// Assign a Vault token and require it is redacted.
s.Config.Vault.Token = "badc0deb-adc0-deba-dc0d-ebadc0debadc"
respW = httptest.NewRecorder()
obj, err = s.Server.AgentSelfRequest(respW, req)
require.NoError(err)
self = obj.(agentSelf)
require.Equal("<redacted>", self.Config.Vault.Token)
// Assign a ReplicationToken token and require it is redacted.
s.Config.ACL.ReplicationToken = "badc0deb-adc0-deba-dc0d-ebadc0debadc"
respW = httptest.NewRecorder()
obj, err = s.Server.AgentSelfRequest(respW, req)
require.NoError(err)
self = obj.(agentSelf)
require.Equal("<redacted>", self.Config.ACL.ReplicationToken)
2019-09-23 17:07:27 +00:00
// Check the Consul config
require.Empty(self.Config.Consul.Token)
// Assign a Consul token and require it is redacted.
s.Config.Consul.Token = "badc0deb-adc0-deba-dc0d-ebadc0debadc"
respW = httptest.NewRecorder()
obj, err = s.Server.AgentSelfRequest(respW, req)
require.NoError(err)
self = obj.(agentSelf)
require.Equal("<redacted>", self.Config.Consul.Token)
// Check the Circonus config
require.Empty(self.Config.Telemetry.CirconusAPIToken)
// Assign a Consul token and require it is redacted.
s.Config.Telemetry.CirconusAPIToken = "badc0deb-adc0-deba-dc0d-ebadc0debadc"
respW = httptest.NewRecorder()
obj, err = s.Server.AgentSelfRequest(respW, req)
require.NoError(err)
self = obj.(agentSelf)
require.Equal("<redacted>", self.Config.Telemetry.CirconusAPIToken)
2015-09-07 02:08:05 +00:00
})
}
2017-10-06 19:02:53 +00:00
func TestHTTP_AgentSelf_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
httpACLTest(t, nil, func(s *TestAgent) {
state := s.Agent.server.State()
// Make the HTTP request
req, err := http.NewRequest("GET", "/v1/agent/self", nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.AgentSelfRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.NodePolicy(acl.PolicyWrite))
setToken(req, token)
_, err := s.Server.AgentSelfRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.AgentPolicy(acl.PolicyWrite))
setToken(req, token)
obj, err := s.Server.AgentSelfRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
self := obj.(agentSelf)
require.NotNil(self.Config)
require.NotNil(self.Stats)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
obj, err := s.Server.AgentSelfRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
self := obj.(agentSelf)
require.NotNil(self.Config)
require.NotNil(self.Stats)
2017-10-06 19:02:53 +00:00
}
})
}
2015-09-07 02:08:05 +00:00
func TestHTTP_AgentJoin(t *testing.T) {
t.Parallel()
2017-07-20 05:14:36 +00:00
httpTest(t, nil, func(s *TestAgent) {
2015-09-07 02:08:05 +00:00
// Determine the join address
member := s.Agent.Server().LocalMember()
addr := fmt.Sprintf("%s:%d", member.Addr, member.Port)
// Make the HTTP request
req, err := http.NewRequest("PUT",
fmt.Sprintf("/v1/agent/join?address=%s&address=%s", addr, addr), nil)
if err != nil {
t.Fatalf("err: %v", err)
}
respW := httptest.NewRecorder()
// Make the request
obj, err := s.Server.AgentJoinRequest(respW, req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Check the job
join := obj.(joinResult)
if join.NumJoined != 2 {
t.Fatalf("bad: %#v", join)
}
if join.Error != "" {
t.Fatalf("bad: %#v", join)
}
})
}
func TestHTTP_AgentMembers(t *testing.T) {
2017-07-20 05:42:15 +00:00
t.Parallel()
2017-07-20 05:14:36 +00:00
httpTest(t, nil, func(s *TestAgent) {
2015-09-07 02:08:05 +00:00
// Make the HTTP request
req, err := http.NewRequest("GET", "/v1/agent/members", nil)
if err != nil {
t.Fatalf("err: %v", err)
}
respW := httptest.NewRecorder()
// Make the request
obj, err := s.Server.AgentMembersRequest(respW, req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Check the job
2016-11-08 21:01:56 +00:00
members := obj.(structs.ServerMembersResponse)
if len(members.Members) != 1 {
t.Fatalf("bad: %#v", members.Members)
2015-09-07 02:08:05 +00:00
}
})
}
2017-10-06 19:02:53 +00:00
func TestHTTP_AgentMembers_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
httpACLTest(t, nil, func(s *TestAgent) {
state := s.Agent.server.State()
// Make the HTTP request
req, err := http.NewRequest("GET", "/v1/agent/members", nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.AgentMembersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.AgentPolicy(acl.PolicyWrite))
setToken(req, token)
_, err := s.Server.AgentMembersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.NodePolicy(acl.PolicyRead))
setToken(req, token)
obj, err := s.Server.AgentMembersRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
members := obj.(structs.ServerMembersResponse)
require.Len(members.Members, 1)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
obj, err := s.Server.AgentMembersRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
members := obj.(structs.ServerMembersResponse)
require.Len(members.Members, 1)
2017-10-06 19:02:53 +00:00
}
})
}
func TestHTTP_AgentMonitor(t *testing.T) {
t.Parallel()
httpTest(t, nil, func(s *TestAgent) {
{
req, err := http.NewRequest("GET", "/v1/agent/monitor?log-level=unknown", nil)
require.Nil(t, err)
resp := newClosableRecorder()
// Make the request
_, err = s.Server.AgentMonitor(resp, req)
if err.(HTTPCodedError).Code() != 400 {
t.Fatalf("expected 400 response, got: %v", resp.Code)
}
}
// check for a specific log
{
req, err := http.NewRequest("GET", "/v1/agent/monitor?log-level=warn", nil)
require.Nil(t, err)
resp := newClosableRecorder()
defer resp.Close()
go func() {
_, err = s.Server.AgentMonitor(resp, req)
require.NoError(t, err)
}()
// send the same log until monitor sink is set up
maxLogAttempts := 10
tried := 0
testutil.WaitForResult(func() (bool, error) {
if tried < maxLogAttempts {
s.Server.logger.Debug("log that should not be sent")
s.Server.logger.Warn("log that should be sent")
tried++
}
got := resp.Body.String()
want := "[WARN] http: log that should be sent"
if strings.Contains(got, want) {
require.NotContains(t, resp.Body.String(), "[DEBUG]")
return true, nil
}
return false, fmt.Errorf("missing expected log, got: %v, want: %v", got, want)
}, func(err error) {
require.Fail(t, err.Error())
})
}
// stream logs for a given node
{
req, err := http.NewRequest("GET", "/v1/agent/monitor?log-level=warn&node-id="+s.client.NodeID(), nil)
require.Nil(t, err)
resp := newClosableRecorder()
defer resp.Close()
go func() {
_, err = s.Server.AgentMonitor(resp, req)
require.NoError(t, err)
}()
// send the same log until monitor sink is set up
maxLogAttempts := 10
tried := 0
2019-10-15 14:33:07 +00:00
out := ""
testutil.WaitForResult(func() (bool, error) {
if tried < maxLogAttempts {
s.Server.logger.Debug("log that should not be sent")
s.Server.logger.Warn("log that should be sent")
tried++
}
2019-10-15 14:33:07 +00:00
output, err := ioutil.ReadAll(resp.Body)
if err != nil {
return false, err
}
2019-10-15 14:33:07 +00:00
out += string(output)
want := "[WARN] http: log that should be sent"
2019-10-15 14:33:07 +00:00
if strings.Contains(out, want) {
require.NotContains(t, resp.Body.String(), "[DEBUG]")
return true, nil
}
2019-10-15 14:33:07 +00:00
return false, fmt.Errorf("missing expected log, got: %v, want: %v", out, want)
}, func(err error) {
require.Fail(t, err.Error())
})
}
})
}
type closableRecorder struct {
*httptest.ResponseRecorder
closer chan bool
}
func newClosableRecorder() *closableRecorder {
r := httptest.NewRecorder()
closer := make(chan bool)
return &closableRecorder{r, closer}
}
func (r *closableRecorder) Close() {
close(r.closer)
}
func (r *closableRecorder) CloseNotify() <-chan bool {
return r.closer
}
2015-09-07 02:08:05 +00:00
func TestHTTP_AgentForceLeave(t *testing.T) {
2017-07-20 05:42:15 +00:00
t.Parallel()
2017-07-20 05:14:36 +00:00
httpTest(t, nil, func(s *TestAgent) {
2015-09-07 02:08:05 +00:00
// Make the HTTP request
req, err := http.NewRequest("PUT", "/v1/agent/force-leave?node=foo", nil)
if err != nil {
t.Fatalf("err: %v", err)
}
respW := httptest.NewRecorder()
// Make the request
_, err = s.Server.AgentForceLeaveRequest(respW, req)
if err != nil {
t.Fatalf("err: %v", err)
}
})
}
2017-10-06 19:02:53 +00:00
func TestHTTP_AgentForceLeave_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
httpACLTest(t, nil, func(s *TestAgent) {
state := s.Agent.server.State()
// Make the HTTP request
req, err := http.NewRequest("PUT", "/v1/agent/force-leave?node=foo", nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.AgentForceLeaveRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.NodePolicy(acl.PolicyRead))
setToken(req, token)
_, err := s.Server.AgentForceLeaveRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.AgentPolicy(acl.PolicyWrite))
setToken(req, token)
_, err := s.Server.AgentForceLeaveRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
_, err := s.Server.AgentForceLeaveRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
2017-10-06 19:02:53 +00:00
}
})
}
func TestHTTP_AgentSetServers(t *testing.T) {
2017-07-20 05:42:15 +00:00
t.Parallel()
require := require.New(t)
2017-07-20 05:14:36 +00:00
httpTest(t, nil, func(s *TestAgent) {
2018-01-26 19:12:09 +00:00
addr := s.Config.AdvertiseAddrs.RPC
testutil.WaitForResult(func() (bool, error) {
conn, err := net.DialTimeout("tcp", addr, 100*time.Millisecond)
if err != nil {
return false, err
}
defer conn.Close()
// Write the Consul RPC byte to set the mode
if _, err := conn.Write([]byte{byte(pool.RpcNomad)}); err != nil {
return false, err
}
codec := pool.NewClientCodec(conn)
args := &structs.GenericRequest{}
var leader string
err = msgpackrpc.CallWithCodec(codec, "Status.Leader", args, &leader)
return leader != "", err
}, func(err error) {
t.Fatalf("failed to find leader: %v", err)
})
// Create the request
2017-09-26 22:26:33 +00:00
req, err := http.NewRequest("PUT", "/v1/agent/servers", nil)
require.Nil(err)
// Send the request
2017-09-26 22:26:33 +00:00
respW := httptest.NewRecorder()
_, err = s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
require.Contains(err.Error(), "missing server address")
// Create a valid request
req, err = http.NewRequest("PUT", "/v1/agent/servers?address=127.0.0.1%3A4647&address=127.0.0.2%3A4647&address=127.0.0.3%3A4647", nil)
require.Nil(err)
// Send the request which should fail
respW = httptest.NewRecorder()
_, err = s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
// Retrieve the servers again
req, err = http.NewRequest("GET", "/v1/agent/servers", nil)
require.Nil(err)
respW = httptest.NewRecorder()
// Make the request and check the result
expected := []string{
s.GetConfig().AdvertiseAddrs.RPC,
}
out, err := s.Server.AgentServersRequest(respW, req)
require.Nil(err)
servers := out.([]string)
require.Len(servers, len(expected))
require.Equal(expected, servers)
})
}
2017-10-06 19:02:53 +00:00
func TestHTTP_AgentSetServers_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
httpACLTest(t, nil, func(s *TestAgent) {
state := s.Agent.server.State()
2018-01-26 19:12:09 +00:00
addr := s.Config.AdvertiseAddrs.RPC
testutil.WaitForResult(func() (bool, error) {
conn, err := net.DialTimeout("tcp", addr, 100*time.Millisecond)
if err != nil {
return false, err
}
defer conn.Close()
// Write the Consul RPC byte to set the mode
if _, err := conn.Write([]byte{byte(pool.RpcNomad)}); err != nil {
return false, err
}
codec := pool.NewClientCodec(conn)
args := &structs.GenericRequest{}
var leader string
err = msgpackrpc.CallWithCodec(codec, "Status.Leader", args, &leader)
return leader != "", err
}, func(err error) {
t.Fatalf("failed to find leader: %v", err)
})
2017-10-06 19:02:53 +00:00
// Make the HTTP request
path := fmt.Sprintf("/v1/agent/servers?address=%s", url.QueryEscape(s.GetConfig().AdvertiseAddrs.RPC))
req, err := http.NewRequest("PUT", path, nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.NodePolicy(acl.PolicyRead))
setToken(req, token)
_, err := s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.AgentPolicy(acl.PolicyWrite))
setToken(req, token)
_, err := s.Server.AgentServersRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
_, err := s.Server.AgentServersRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
2017-10-06 19:02:53 +00:00
}
})
}
func TestHTTP_AgentListServers_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
httpACLTest(t, nil, func(s *TestAgent) {
state := s.Agent.server.State()
// Create list request
req, err := http.NewRequest("GET", "/v1/agent/servers", nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
expected := []string{
s.GetConfig().AdvertiseAddrs.RPC,
2017-10-06 19:02:53 +00:00
}
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.NodePolicy(acl.PolicyRead))
setToken(req, token)
_, err := s.Server.AgentServersRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Wait for client to have a server
testutil.WaitForResult(func() (bool, error) {
return len(s.client.GetServers()) != 0, fmt.Errorf("no servers")
}, func(err error) {
t.Fatal(err)
})
2017-10-06 19:02:53 +00:00
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.AgentPolicy(acl.PolicyRead))
setToken(req, token)
out, err := s.Server.AgentServersRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
servers := out.([]string)
require.Len(servers, len(expected))
require.Equal(expected, servers)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
out, err := s.Server.AgentServersRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
servers := out.([]string)
require.Len(servers, len(expected))
require.Equal(expected, servers)
2017-10-06 19:02:53 +00:00
}
})
}
func TestHTTP_AgentListKeys(t *testing.T) {
2017-07-20 05:42:15 +00:00
t.Parallel()
key1 := "HS5lJ+XuTlYKWaeGYyG+/A=="
httpTest(t, func(c *Config) {
c.Server.EncryptKey = key1
2017-07-20 05:14:36 +00:00
}, func(s *TestAgent) {
req, err := http.NewRequest("GET", "/v1/agent/keyring/list", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
respW := httptest.NewRecorder()
out, err := s.Server.KeyringOperationRequest(respW, req)
require.Nil(t, err)
kresp := out.(structs.KeyringResponse)
require.Len(t, kresp.Keys, 1)
})
}
2017-10-06 19:02:53 +00:00
func TestHTTP_AgentListKeys_ACL(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-06 19:02:53 +00:00
key1 := "HS5lJ+XuTlYKWaeGYyG+/A=="
cb := func(c *Config) {
c.Server.EncryptKey = key1
}
httpACLTest(t, cb, func(s *TestAgent) {
state := s.Agent.server.State()
// Make the HTTP request
req, err := http.NewRequest("GET", "/v1/agent/keyring/list", nil)
require.Nil(err)
2017-10-06 19:02:53 +00:00
// Try request without a token and expect failure
{
respW := httptest.NewRecorder()
_, err := s.Server.KeyringOperationRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with an invalid token and expect failure
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1005, "invalid", mock.AgentPolicy(acl.PolicyRead))
setToken(req, token)
_, err := s.Server.KeyringOperationRequest(respW, req)
require.NotNil(err)
require.Equal(err.Error(), structs.ErrPermissionDenied.Error())
2017-10-06 19:02:53 +00:00
}
// Try request with a valid token
{
respW := httptest.NewRecorder()
token := mock.CreatePolicyAndToken(t, state, 1007, "valid", mock.AgentPolicy(acl.PolicyWrite))
setToken(req, token)
out, err := s.Server.KeyringOperationRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
kresp := out.(structs.KeyringResponse)
require.Len(kresp.Keys, 1)
require.Contains(kresp.Keys, key1)
2017-10-06 19:02:53 +00:00
}
// Try request with a root token
{
respW := httptest.NewRecorder()
setToken(req, s.RootToken)
out, err := s.Server.KeyringOperationRequest(respW, req)
require.Nil(err)
2017-10-06 19:02:53 +00:00
kresp := out.(structs.KeyringResponse)
require.Len(kresp.Keys, 1)
require.Contains(kresp.Keys, key1)
2017-10-06 19:02:53 +00:00
}
})
}
func TestHTTP_AgentInstallKey(t *testing.T) {
t.Parallel()
2017-07-20 05:42:15 +00:00
key1 := "HS5lJ+XuTlYKWaeGYyG+/A=="
key2 := "wH1Bn9hlJ0emgWB1JttVRA=="
httpTest(t, func(c *Config) {
c.Server.EncryptKey = key1
2017-07-20 05:14:36 +00:00
}, func(s *TestAgent) {
b, err := json.Marshal(&structs.KeyringRequest{Key: key2})
if err != nil {
t.Fatalf("err: %v", err)
}
req, err := http.NewRequest("GET", "/v1/agent/keyring/install", bytes.NewReader(b))
if err != nil {
t.Fatalf("err: %s", err)
}
respW := httptest.NewRecorder()
_, err = s.Server.KeyringOperationRequest(respW, req)
if err != nil {
t.Fatalf("err: %s", err)
}
req, err = http.NewRequest("GET", "/v1/agent/keyring/list", bytes.NewReader(b))
if err != nil {
t.Fatalf("err: %s", err)
}
respW = httptest.NewRecorder()
out, err := s.Server.KeyringOperationRequest(respW, req)
if err != nil {
t.Fatalf("err: %s", err)
}
kresp := out.(structs.KeyringResponse)
if len(kresp.Keys) != 2 {
t.Fatalf("bad: %v", kresp)
}
})
}
func TestHTTP_AgentRemoveKey(t *testing.T) {
t.Parallel()
2017-07-20 05:42:15 +00:00
key1 := "HS5lJ+XuTlYKWaeGYyG+/A=="
key2 := "wH1Bn9hlJ0emgWB1JttVRA=="
httpTest(t, func(c *Config) {
c.Server.EncryptKey = key1
2017-07-20 05:14:36 +00:00
}, func(s *TestAgent) {
b, err := json.Marshal(&structs.KeyringRequest{Key: key2})
if err != nil {
t.Fatalf("err: %v", err)
}
req, err := http.NewRequest("GET", "/v1/agent/keyring/install", bytes.NewReader(b))
if err != nil {
t.Fatalf("err: %s", err)
}
respW := httptest.NewRecorder()
_, err = s.Server.KeyringOperationRequest(respW, req)
if err != nil {
t.Fatalf("err: %s", err)
}
req, err = http.NewRequest("GET", "/v1/agent/keyring/remove", bytes.NewReader(b))
if err != nil {
t.Fatalf("err: %s", err)
}
respW = httptest.NewRecorder()
if _, err = s.Server.KeyringOperationRequest(respW, req); err != nil {
t.Fatalf("err: %s", err)
}
req, err = http.NewRequest("GET", "/v1/agent/keyring/list", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
respW = httptest.NewRecorder()
out, err := s.Server.KeyringOperationRequest(respW, req)
if err != nil {
t.Fatalf("err: %s", err)
}
kresp := out.(structs.KeyringResponse)
if len(kresp.Keys) != 1 {
t.Fatalf("bad: %v", kresp)
}
})
}
2017-10-13 22:37:44 +00:00
func TestHTTP_AgentHealth_Ok(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-13 22:37:44 +00:00
// Enable ACLs to ensure they're not enforced
httpACLTest(t, nil, func(s *TestAgent) {
// No ?type=
{
req, err := http.NewRequest("GET", "/v1/agent/health", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Client)
require.True(health.Client.Ok)
require.Equal("ok", health.Client.Message)
require.NotNil(health.Server)
require.True(health.Server.Ok)
require.Equal("ok", health.Server.Message)
2017-10-13 22:37:44 +00:00
}
// type=client
{
req, err := http.NewRequest("GET", "/v1/agent/health?type=client", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Client)
require.True(health.Client.Ok)
require.Equal("ok", health.Client.Message)
require.Nil(health.Server)
2017-10-13 22:37:44 +00:00
}
// type=server
{
req, err := http.NewRequest("GET", "/v1/agent/health?type=server", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Server)
require.True(health.Server.Ok)
require.Equal("ok", health.Server.Message)
require.Nil(health.Client)
2017-10-13 22:37:44 +00:00
}
// type=client&type=server
{
req, err := http.NewRequest("GET", "/v1/agent/health?type=client&type=server", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Client)
require.True(health.Client.Ok)
require.Equal("ok", health.Client.Message)
require.NotNil(health.Server)
require.True(health.Server.Ok)
require.Equal("ok", health.Server.Message)
2017-10-13 22:37:44 +00:00
}
})
}
func TestHTTP_AgentHealth_BadServer(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-13 22:37:44 +00:00
// Enable ACLs to ensure they're not enforced
httpACLTest(t, nil, func(s *TestAgent) {
// Set s.Agent.server=nil to make server unhealthy if requested
s.Agent.server = nil
// No ?type= means server is just skipped
{
req, err := http.NewRequest("GET", "/v1/agent/health", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Client)
require.True(health.Client.Ok)
require.Equal("ok", health.Client.Message)
require.Nil(health.Server)
2017-10-13 22:37:44 +00:00
}
// type=server means server is considered unhealthy
{
req, err := http.NewRequest("GET", "/v1/agent/health?type=server", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
_, err = s.Server.HealthRequest(respW, req)
require.NotNil(err)
httpErr, ok := err.(HTTPCodedError)
require.True(ok)
require.Equal(500, httpErr.Code())
require.Equal(`{"server":{"ok":false,"message":"server not enabled"}}`, err.Error())
2017-10-13 22:37:44 +00:00
}
})
}
func TestHTTP_AgentHealth_BadClient(t *testing.T) {
t.Parallel()
require := require.New(t)
2017-10-13 22:37:44 +00:00
// Enable ACLs to ensure they're not enforced
httpACLTest(t, nil, func(s *TestAgent) {
// Set s.Agent.client=nil to make server unhealthy if requested
s.Agent.client = nil
// No ?type= means client is just skipped
{
req, err := http.NewRequest("GET", "/v1/agent/health", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
healthI, err := s.Server.HealthRequest(respW, req)
require.Nil(err)
require.Equal(http.StatusOK, respW.Code)
require.NotNil(healthI)
2017-10-13 22:37:44 +00:00
health := healthI.(*healthResponse)
require.NotNil(health.Server)
require.True(health.Server.Ok)
require.Equal("ok", health.Server.Message)
require.Nil(health.Client)
2017-10-13 22:37:44 +00:00
}
// type=client means client is considered unhealthy
{
req, err := http.NewRequest("GET", "/v1/agent/health?type=client", nil)
require.Nil(err)
2017-10-13 22:37:44 +00:00
respW := httptest.NewRecorder()
_, err = s.Server.HealthRequest(respW, req)
require.NotNil(err)
httpErr, ok := err.(HTTPCodedError)
require.True(ok)
require.Equal(500, httpErr.Code())
require.Equal(`{"client":{"ok":false,"message":"client not enabled"}}`, err.Error())
2017-10-13 22:37:44 +00:00
}
})
}