package workload_id import ( "fmt" "io" "net/http" "testing" "github.com/hashicorp/nomad/e2e/e2eutil" "github.com/hashicorp/nomad/helper/uuid" "github.com/shoenig/test" "github.com/shoenig/test/must" ) // TestTaskAPI runs subtests exercising the Task API related functionality. // Bundled with Workload Identity as that's a prereq for the Task API to work. func TestTaskAPI(t *testing.T) { nomad := e2eutil.NomadClient(t) e2eutil.WaitForLeader(t, nomad) e2eutil.WaitForNodesReady(t, nomad, 1) t.Run("testTaskAPI_Auth", testTaskAPIAuth) t.Run("testTaskAPI_Windows", testTaskAPIWindows) } func testTaskAPIAuth(t *testing.T) { nomad := e2eutil.NomadClient(t) jobID := "api-auth-" + uuid.Short() jobIDs := []string{jobID} t.Cleanup(e2eutil.CleanupJobsAndGC(t, &jobIDs)) // start job allocs := e2eutil.RegisterAndWaitForAllocs(t, nomad, "./input/api-auth.nomad.hcl", jobID, "") must.Len(t, 1, allocs) allocID := allocs[0].ID // wait for batch alloc to complete alloc := e2eutil.WaitForAllocStopped(t, nomad, allocID) must.Eq(t, alloc.ClientStatus, "complete") assertions := []struct { task string suffix string }{ { task: "none", suffix: http.StatusText(http.StatusUnauthorized), }, { task: "bad", suffix: http.StatusText(http.StatusForbidden), }, { task: "docker-wid", suffix: `"ok":true}}`, }, { task: "exec-wid", suffix: `"ok":true}}`, }, } // Ensure the assertions and input file match must.Len(t, len(assertions), alloc.Job.TaskGroups[0].Tasks, must.Sprintf("test and jobspec mismatch")) for _, tc := range assertions { logFile := fmt.Sprintf("alloc/logs/%s.stdout.0", tc.task) fd, err := nomad.AllocFS().Cat(alloc, logFile, nil) must.NoError(t, err) logBytes, err := io.ReadAll(fd) must.NoError(t, err) logs := string(logBytes) ps := must.Sprintf("Task: %s Logs: <