Mirage factories for tokens and policies

This commit is contained in:
Michael Lange 2017-10-14 11:01:28 -07:00
parent d177cf90c3
commit 21a9d9c4e5
5 changed files with 108 additions and 0 deletions

View file

@ -89,6 +89,40 @@ export default function() {
return JSON.stringify(findLeader(schema));
});
this.get('/acl/token/:id', function({ tokens }, req) {
const token = tokens.find(req.params.id);
const secret = req.requestHeaders['X-Nomad-Token'];
const tokenForSecret = tokens.findBy({ secretId: secret });
// Return the token only if the request header matches the token
// or the token is of type management
if (token.secretId === secret || (tokenForSecret && tokenForSecret.type === 'management')) {
return this.serialize(token);
}
// Return not authorized otherwise
return new Response(403, {}, null);
});
this.get('/acl/policy/:id', function({ policies, tokens }, req) {
const policy = policies.find(req.params.id);
const secret = req.requestHeaders['X-Nomad-Token'];
const tokenForSecret = tokens.findBy({ secretId: secret });
// Return the policy only if the token that matches the request header
// includes the policy or if the token that matches the request header
// is of type management
if (
tokenForSecret &&
(tokenForSecret.policies.includes(policy) || tokenForSecret.type === 'management')
) {
return this.serialize(policy);
}
// Return not authorized otherwise
return new Response(403, {}, null);
});
// TODO: in the future, this hack may be replaceable with dynamic host name
// support in pretender: https://github.com/pretenderjs/pretender/issues/210
HOSTS.forEach(host => {

View file

@ -0,0 +1,18 @@
import { Factory, faker } from 'ember-cli-mirage';
export default Factory.extend({
id: () => faker.hacker.verb(),
name() {
return this.id;
},
description: () => (Math.random() > 0.2 ? faker.lorem.sentence() : null),
rules: `
# Allow read only access to the default namespace
namespace "default" {
policy = "read"
}
node {
policy = "read"
}`,
});

View file

@ -0,0 +1,27 @@
import { Factory, faker } from 'ember-cli-mirage';
export default Factory.extend({
id: () => faker.random.uuid(),
accessorId() {
return this.id;
},
secretId: () => faker.random.uuid(),
name: () => faker.name.findName(),
global: () => faker.random.boolean(),
type: i => (i === 0 ? 'management' : 'client'),
afterCreate(token, server) {
const policyIds = Array(faker.random.number({ min: 1, max: 5 }))
.fill(0)
.map(() => faker.hacker.verb());
policyIds.forEach(policy => {
const dbPolicy = server.db.policies.find(policy);
if (!dbPolicy) {
server.create('policy', { id: policy });
}
});
token.update({ policyIds });
},
});

View file

@ -5,4 +5,21 @@ export default function(server) {
server.createList('namespace', 3);
server.createList('job', 15);
server.createList('token', 3);
logTokens(server);
}
/* eslint-disable */
function logTokens(server) {
console.log('TOKENS:');
server.db.tokens.forEach(token => {
console.log(`
Name: ${token.name}
Secret: ${token.secretId}
Accessor: ${token.accessorId}
`);
});
}
/* eslint-enable */

View file

@ -0,0 +1,12 @@
import ApplicationSerializer from './application';
export default ApplicationSerializer.extend({
serializeIds: 'always',
keyForRelationshipIds(relationship) {
if (relationship === 'policies') {
return 'Policies';
}
return ApplicationSerializer.prototype.keyForRelationshipIds.apply(this, arguments);
},
});