125 lines
3.4 KiB
Go
125 lines
3.4 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package command
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/hashicorp/nomad/ci"
|
|
"github.com/hashicorp/nomad/command/agent"
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
"github.com/hashicorp/nomad/testutil"
|
|
"github.com/mitchellh/cli"
|
|
"github.com/shoenig/test/must"
|
|
)
|
|
|
|
func TestACLAuthMethodUpdateCommand_Run(t *testing.T) {
|
|
ci.Parallel(t)
|
|
|
|
// Build a test server with ACLs enabled.
|
|
srv, _, url := testServer(t, false, func(c *agent.Config) {
|
|
c.ACL.Enabled = true
|
|
})
|
|
defer srv.Shutdown()
|
|
|
|
// Wait for the server to start fully and ensure we have a bootstrap token.
|
|
testutil.WaitForLeader(t, srv.Agent.RPC)
|
|
rootACLToken := srv.RootToken
|
|
must.NotNil(t, rootACLToken)
|
|
|
|
ui := cli.NewMockUi()
|
|
cmd := &ACLAuthMethodUpdateCommand{
|
|
Meta: Meta{
|
|
Ui: ui,
|
|
flagAddress: url,
|
|
},
|
|
}
|
|
|
|
// Try calling the command without setting the method name argument
|
|
must.One(t, cmd.Run([]string{"-address=" + url}))
|
|
must.StrContains(t, ui.ErrorWriter.String(), "This command takes one argument")
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
|
|
// Try calling the command with a method name that doesn't exist
|
|
code := cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, "catch-me-if-you-can"})
|
|
must.One(t, code)
|
|
must.StrContains(t, ui.ErrorWriter.String(), "ACL auth-method not found")
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
|
|
// Create a test auth method
|
|
ttl, _ := time.ParseDuration("3600s")
|
|
method := &structs.ACLAuthMethod{
|
|
Name: "test-auth-method",
|
|
Type: "OIDC",
|
|
MaxTokenTTL: ttl,
|
|
TokenLocality: "local",
|
|
Config: &structs.ACLAuthMethodConfig{
|
|
OIDCDiscoveryURL: "http://example.com",
|
|
},
|
|
}
|
|
method.SetHash()
|
|
must.NoError(t, srv.Agent.Server().State().UpsertACLAuthMethods(1000, []*structs.ACLAuthMethod{method}))
|
|
|
|
// Try an update without setting any parameters to update.
|
|
code = cmd.Run([]string{"-address=" + url, "-token=" + rootACLToken.SecretID, method.Name})
|
|
must.One(t, code)
|
|
must.StrContains(t, ui.ErrorWriter.String(), "Please provide at least one flag to update the ACL auth method")
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
|
|
// Update the token locality
|
|
code = cmd.Run([]string{
|
|
"-address=" + url, "-token=" + rootACLToken.SecretID, "-token-locality=global", method.Name})
|
|
must.Zero(t, code)
|
|
s := ui.OutputWriter.String()
|
|
must.StrContains(t, s, method.Name)
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
|
|
// Update an auth method with a config from file
|
|
configFile, err := os.CreateTemp("", "config.json")
|
|
defer os.Remove(configFile.Name())
|
|
must.Nil(t, err)
|
|
|
|
conf := map[string]interface{}{"OIDCDiscoveryURL": "http://example.com"}
|
|
jsonData, err := json.Marshal(conf)
|
|
must.Nil(t, err)
|
|
|
|
_, err = configFile.Write(jsonData)
|
|
must.Nil(t, err)
|
|
|
|
code = cmd.Run([]string{
|
|
"-address=" + url,
|
|
"-token=" + rootACLToken.SecretID,
|
|
fmt.Sprintf("-config=@%s", configFile.Name()),
|
|
method.Name,
|
|
})
|
|
must.Zero(t, code)
|
|
s = ui.OutputWriter.String()
|
|
must.StrContains(t, s, method.Name)
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
|
|
// Update a default auth method
|
|
code = cmd.Run([]string{
|
|
"-address=" + url, "-token=" + rootACLToken.SecretID, "-default=true", method.Name})
|
|
must.Zero(t, code)
|
|
s = ui.OutputWriter.String()
|
|
must.StrContains(t, s, method.Name)
|
|
|
|
ui.OutputWriter.Reset()
|
|
ui.ErrorWriter.Reset()
|
|
}
|