From 281fc9837ca52efffc4ad137564a7c6b9f331207 Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 25 Mar 2020 08:29:25 -0400 Subject: [PATCH 1/3] tests: relax index checks TestStateStore_Indexes specifically tests for `nodes` index, but asserts on the exact number of indexes present in the state. This is fragile and will break almost everytime we add a state index. --- nomad/state/state_store_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nomad/state/state_store_test.go b/nomad/state/state_store_test.go index ac60093f5..282e67d3c 100644 --- a/nomad/state/state_store_test.go +++ b/nomad/state/state_store_test.go @@ -10,6 +10,7 @@ import ( "time" "github.com/hashicorp/go-memdb" + "github.com/kr/pretty" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -3137,8 +3138,8 @@ func TestStateStore_Indexes(t *testing.T) { } expect := &IndexEntry{"nodes", 1000} - if l := len(out); l != 1 && l != 2 { - t.Fatalf("unexpected number of index entries: %v", out) + if l := len(out); l < 1 { + t.Fatalf("unexpected number of index entries: %v", pretty.Sprint(out)) } for _, index := range out { From b33dbe539bac31eaa831d9778372f37ccad42a52 Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 25 Mar 2020 08:30:22 -0400 Subject: [PATCH 2/3] tests: TestCSIPluginEndpoint_ACLNamespaceAlloc is ent TestCSIPluginEndpoint_ACLNamespaceAlloc uses namespace features not present in OSS. --- nomad/csi_endpoint_test.go | 68 -------------------------------------- 1 file changed, 68 deletions(-) diff --git a/nomad/csi_endpoint_test.go b/nomad/csi_endpoint_test.go index 9a46636ac..4318fb2b4 100644 --- a/nomad/csi_endpoint_test.go +++ b/nomad/csi_endpoint_test.go @@ -567,74 +567,6 @@ func TestCSIPluginEndpoint_RegisterViaFingerprint(t *testing.T) { require.Nil(t, resp2.Plugin) } -// TestCSIPluginEndpoint_ACLNamespaceAlloc checks that allocations are filtered by namespace -// when getting plugins, and enforcing that the client has job-read ACL access to the -// namespace of the allocations -func TestCSIPluginEndpoint_ACLNamespaceAlloc(t *testing.T) { - t.Parallel() - srv, shutdown := TestServer(t, func(c *Config) { - c.NumSchedulers = 0 // Prevent automatic dequeue - }) - defer shutdown() - testutil.WaitForLeader(t, srv.RPC) - state := srv.fsm.State() - - // Setup ACLs - state.BootstrapACLTokens(1, 0, mock.ACLManagementToken()) - srv.config.ACLEnabled = true - codec := rpcClient(t, srv) - listJob := mock.NamespacePolicy(structs.DefaultNamespace, "", []string{acl.NamespaceCapabilityReadJob}) - policy := mock.PluginPolicy("read") + listJob - getToken := mock.CreatePolicyAndToken(t, state, 1001, "plugin-read", policy) - - // Create the plugin and then some allocations to pretend to be the allocs that are - // running the plugin tasks - deleteNodes := CreateTestCSIPlugin(srv.fsm.State(), "foo") - defer deleteNodes() - - plug, _ := state.CSIPluginByID(memdb.NewWatchSet(), "foo") - var allocs []*structs.Allocation - for _, info := range plug.Controllers { - a := mock.Alloc() - a.ID = info.AllocID - allocs = append(allocs, a) - } - for _, info := range plug.Nodes { - a := mock.Alloc() - a.ID = info.AllocID - allocs = append(allocs, a) - } - - require.Equal(t, 3, len(allocs)) - allocs[0].Namespace = "notTheNamespace" - - err := state.UpsertAllocs(1003, allocs) - require.NoError(t, err) - - req := &structs.CSIPluginGetRequest{ - ID: "foo", - QueryOptions: structs.QueryOptions{ - Region: "global", - AuthToken: getToken.SecretID, - }, - } - resp := &structs.CSIPluginGetResponse{} - err = msgpackrpc.CallWithCodec(codec, "CSIPlugin.Get", req, resp) - require.NoError(t, err) - require.Equal(t, 2, len(resp.Plugin.Allocations)) - - for _, a := range resp.Plugin.Allocations { - require.Equal(t, structs.DefaultNamespace, a.Namespace) - } - - p2 := mock.PluginPolicy("read") - t2 := mock.CreatePolicyAndToken(t, state, 1004, "plugin-read2", p2) - req.AuthToken = t2.SecretID - err = msgpackrpc.CallWithCodec(codec, "CSIPlugin.Get", req, resp) - require.NoError(t, err) - require.Equal(t, 0, len(resp.Plugin.Allocations)) -} - func TestCSI_RPCVolumeAndPluginLookup(t *testing.T) { srv, shutdown := TestServer(t, func(c *Config) {}) defer shutdown() From c7cf60c8375bfbfdbc2129967b99a79dd37237f9 Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 25 Mar 2020 08:30:44 -0400 Subject: [PATCH 3/3] tests: test agent to use a noop auditor --- command/agent/agent_test.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/command/agent/agent_test.go b/command/agent/agent_test.go index 9dcd02a98..6950da55b 100644 --- a/command/agent/agent_test.go +++ b/command/agent/agent_test.go @@ -833,8 +833,9 @@ func TestServer_Reload_TLS_DowngradeFromTLS(t *testing.T) { } agent := &Agent{ - logger: logger, - config: agentConfig, + logger: logger, + config: agentConfig, + auditor: &noOpAuditor{}, } newConfig := &Config{