open-nomad/nomad/consul_policy_oss_test.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

52 lines
1.3 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
//go:build !ent
package nomad
import (
"testing"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/command/agent/consul"
"github.com/hashicorp/nomad/helper/testlog"
"github.com/shoenig/test/must"
)
func TestConsulACLsAPI_hasSufficientPolicy_oss(t *testing.T) {
ci.Parallel(t)
try := func(t *testing.T, namespace, task string, token *api.ACLToken, exp bool) {
logger := testlog.HCLogger(t)
cAPI := &consulACLsAPI{
aclClient: consul.NewMockACLsAPI(logger),
logger: logger,
}
result, err := cAPI.canWriteService(namespace, task, token)
must.NoError(t, err)
must.Eq(t, exp, result)
}
// In Nomad OSS, group consul namespace will always be empty string.
t.Run("no namespace with default token", func(t *testing.T) {
t.Run("no useful policy or role", func(t *testing.T) {
try(t, "", "service1", consul.ExampleOperatorToken0, false)
})
t.Run("working policy only", func(t *testing.T) {
try(t, "", "service1", consul.ExampleOperatorToken1, true)
})
t.Run("working role only", func(t *testing.T) {
try(t, "", "service1", consul.ExampleOperatorToken4, true)
})
t.Run("working service identity only", func(t *testing.T) {
try(t, "", "service1", consul.ExampleOperatorToken6, true)
})
})
}