From 21a9d9c4e5f7d02edc624261261c10dd38e2a85a Mon Sep 17 00:00:00 2001
From: Michael Lange <dingoeatingfuzz@gmail.com>
Date: Sat, 14 Oct 2017 11:01:28 -0700
Subject: [PATCH] Mirage factories for tokens and policies

---
 ui/mirage/config.js            | 34 ++++++++++++++++++++++++++++++++++
 ui/mirage/factories/policy.js  | 18 ++++++++++++++++++
 ui/mirage/factories/token.js   | 27 +++++++++++++++++++++++++++
 ui/mirage/scenarios/default.js | 17 +++++++++++++++++
 ui/mirage/serializers/token.js | 12 ++++++++++++
 5 files changed, 108 insertions(+)
 create mode 100644 ui/mirage/factories/policy.js
 create mode 100644 ui/mirage/factories/token.js
 create mode 100644 ui/mirage/serializers/token.js

diff --git a/ui/mirage/config.js b/ui/mirage/config.js
index 01e61daf1..acc2ea7c0 100644
--- a/ui/mirage/config.js
+++ b/ui/mirage/config.js
@@ -89,6 +89,40 @@ export default function() {
     return JSON.stringify(findLeader(schema));
   });
 
+  this.get('/acl/token/:id', function({ tokens }, req) {
+    const token = tokens.find(req.params.id);
+    const secret = req.requestHeaders['X-Nomad-Token'];
+    const tokenForSecret = tokens.findBy({ secretId: secret });
+
+    // Return the token only if the request header matches the token
+    // or the token is of type management
+    if (token.secretId === secret || (tokenForSecret && tokenForSecret.type === 'management')) {
+      return this.serialize(token);
+    }
+
+    // Return not authorized otherwise
+    return new Response(403, {}, null);
+  });
+
+  this.get('/acl/policy/:id', function({ policies, tokens }, req) {
+    const policy = policies.find(req.params.id);
+    const secret = req.requestHeaders['X-Nomad-Token'];
+    const tokenForSecret = tokens.findBy({ secretId: secret });
+
+    // Return the policy only if the token that matches the request header
+    // includes the policy or if the token that matches the request header
+    // is of type management
+    if (
+      tokenForSecret &&
+      (tokenForSecret.policies.includes(policy) || tokenForSecret.type === 'management')
+    ) {
+      return this.serialize(policy);
+    }
+
+    // Return not authorized otherwise
+    return new Response(403, {}, null);
+  });
+
   // TODO: in the future, this hack may be replaceable with dynamic host name
   // support in pretender: https://github.com/pretenderjs/pretender/issues/210
   HOSTS.forEach(host => {
diff --git a/ui/mirage/factories/policy.js b/ui/mirage/factories/policy.js
new file mode 100644
index 000000000..bc26d1954
--- /dev/null
+++ b/ui/mirage/factories/policy.js
@@ -0,0 +1,18 @@
+import { Factory, faker } from 'ember-cli-mirage';
+
+export default Factory.extend({
+  id: () => faker.hacker.verb(),
+  name() {
+    return this.id;
+  },
+  description: () => (Math.random() > 0.2 ? faker.lorem.sentence() : null),
+  rules: `
+# Allow read only access to the default namespace
+namespace "default" {
+    policy = "read"
+}
+
+node {
+    policy = "read"
+}`,
+});
diff --git a/ui/mirage/factories/token.js b/ui/mirage/factories/token.js
new file mode 100644
index 000000000..7dea16396
--- /dev/null
+++ b/ui/mirage/factories/token.js
@@ -0,0 +1,27 @@
+import { Factory, faker } from 'ember-cli-mirage';
+
+export default Factory.extend({
+  id: () => faker.random.uuid(),
+  accessorId() {
+    return this.id;
+  },
+  secretId: () => faker.random.uuid(),
+  name: () => faker.name.findName(),
+  global: () => faker.random.boolean(),
+  type: i => (i === 0 ? 'management' : 'client'),
+
+  afterCreate(token, server) {
+    const policyIds = Array(faker.random.number({ min: 1, max: 5 }))
+      .fill(0)
+      .map(() => faker.hacker.verb());
+
+    policyIds.forEach(policy => {
+      const dbPolicy = server.db.policies.find(policy);
+      if (!dbPolicy) {
+        server.create('policy', { id: policy });
+      }
+    });
+
+    token.update({ policyIds });
+  },
+});
diff --git a/ui/mirage/scenarios/default.js b/ui/mirage/scenarios/default.js
index 15ae8f10c..700d96b90 100644
--- a/ui/mirage/scenarios/default.js
+++ b/ui/mirage/scenarios/default.js
@@ -5,4 +5,21 @@ export default function(server) {
   server.createList('namespace', 3);
 
   server.createList('job', 15);
+
+  server.createList('token', 3);
+  logTokens(server);
 }
+
+/* eslint-disable */
+function logTokens(server) {
+  console.log('TOKENS:');
+  server.db.tokens.forEach(token => {
+    console.log(`
+Name: ${token.name}
+Secret: ${token.secretId}
+Accessor: ${token.accessorId}
+
+`);
+  });
+}
+/* eslint-enable */
diff --git a/ui/mirage/serializers/token.js b/ui/mirage/serializers/token.js
new file mode 100644
index 000000000..12b830a7d
--- /dev/null
+++ b/ui/mirage/serializers/token.js
@@ -0,0 +1,12 @@
+import ApplicationSerializer from './application';
+
+export default ApplicationSerializer.extend({
+  serializeIds: 'always',
+
+  keyForRelationshipIds(relationship) {
+    if (relationship === 'policies') {
+      return 'Policies';
+    }
+    return ApplicationSerializer.prototype.keyForRelationshipIds.apply(this, arguments);
+  },
+});