262 lines
6.6 KiB
Go
262 lines
6.6 KiB
Go
package api
|
|
|
|
import (
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/hashicorp/nomad/api/internal/testutil"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestSecureVariables_SimpleCRUD(t *testing.T) {
|
|
testutil.Parallel(t)
|
|
c, s := makeClient(t, nil, nil)
|
|
defer s.Stop()
|
|
|
|
nsv := c.SecureVariables()
|
|
sv1 := NewSecureVariable("my/first/variable")
|
|
sv1.Namespace = "default"
|
|
sv1.Items["k1"] = "v1"
|
|
sv1.Items["k2"] = "v2"
|
|
|
|
sv2 := sv1.Copy()
|
|
sv2.Path = "other/variable/b"
|
|
sv2.Items["k1"] = "otherv1"
|
|
sv2.Items["k2"] = "otherv2"
|
|
|
|
t.Run("1 fail create when no items", func(t *testing.T) {
|
|
|
|
_, err := nsv.Create(&SecureVariable{Path: "bad/var"}, nil)
|
|
require.Error(t, err)
|
|
require.EqualError(t, err, "Unexpected response code: 400 (secure variable missing required Items object)")
|
|
})
|
|
|
|
t.Run("2 create sv1", func(t *testing.T) {
|
|
|
|
_, err := nsv.Create(sv1, nil)
|
|
// TODO: until create and update return secure variables from the server
|
|
// sid we have to pull the object to check it.
|
|
assert.NoError(t, err)
|
|
|
|
get, _, err := nsv.Read(sv1.Path, nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, get)
|
|
|
|
require.Equal(t, sv1.Items, get.Items)
|
|
*sv1 = *get
|
|
})
|
|
|
|
t.Run("2 create sv2", func(t *testing.T) {
|
|
|
|
_, err := nsv.Create(sv2, nil)
|
|
// TODO: until create and update return secure variables from the server
|
|
// sid we have to pull the object to check it.
|
|
// require.NoError(t, err)
|
|
get, _, err := nsv.Read(sv2.Path, nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, get)
|
|
|
|
require.Equal(t, sv2.Items, get.Items)
|
|
*sv2 = *get
|
|
})
|
|
|
|
t.Run("3 update sv1 no change", func(t *testing.T) {
|
|
|
|
// TODO: Need to prevent no-op modifications from happening server-side
|
|
|
|
// _, err := nsv.Update(sv1, nil)
|
|
// assert.NoError(t, err)
|
|
// get, _, err := nsv.Read(sv1.Path, nil)
|
|
// require.NotNil(t, get)
|
|
// require.Equal(t, sv1.ModifyIndex, get.ModifyIndex, "ModifyIndex should not change")
|
|
// require.Equal(t, sv1.Items, get.Items)
|
|
// *sv1 = *get
|
|
})
|
|
|
|
t.Run("4 update sv1", func(t *testing.T) {
|
|
|
|
sv1.Items["new-hotness"] = "yeah!"
|
|
|
|
_, err := nsv.Update(sv1, nil)
|
|
// TODO: until create and update return secure variables from the server
|
|
// sid we have to pull the object to check it.
|
|
// require.NoError(t, err)
|
|
_ = err
|
|
get, _, err := nsv.Read(sv1.Path, nil)
|
|
require.NotNil(t, get)
|
|
require.NotEqual(t, sv1.ModifyIndex, get.ModifyIndex, "ModifyIndex should change")
|
|
|
|
require.Equal(t, sv1.Items, get.Items)
|
|
*sv1 = *get
|
|
})
|
|
|
|
t.Run("5 list vars", func(t *testing.T) {
|
|
|
|
l, _, err := nsv.List(nil)
|
|
require.NoError(t, err)
|
|
require.Len(t, l, 2)
|
|
require.ElementsMatch(t, []*SecureVariableMetadata{sv1.Metadata(), sv2.Metadata()}, l)
|
|
})
|
|
|
|
t.Run("5a list vars opts", func(t *testing.T) {
|
|
|
|
// Since there are two vars in the backend, we should
|
|
// get a NextToken with a page size of 1
|
|
l, qm, err := nsv.List(&QueryOptions{PerPage: 1})
|
|
require.NoError(t, err)
|
|
require.Len(t, l, 1)
|
|
require.Equal(t, sv1.Metadata(), l[0])
|
|
require.NotNil(t, qm.NextToken)
|
|
})
|
|
|
|
t.Run("5b prefixlist", func(t *testing.T) {
|
|
|
|
l, _, err := nsv.PrefixList("my", nil)
|
|
require.NoError(t, err)
|
|
require.Len(t, l, 1)
|
|
require.Equal(t, sv1.Metadata(), l[0])
|
|
})
|
|
|
|
t.Run("6 delete sv1", func(t *testing.T) {
|
|
|
|
_, err := nsv.Delete(sv1.Path, nil)
|
|
require.NoError(t, err)
|
|
_, _, err = nsv.Read(sv1.Path, nil)
|
|
require.EqualError(t, err, ErrVariableNotFound)
|
|
})
|
|
|
|
t.Run("7 list vars after delete", func(t *testing.T) {
|
|
|
|
l, _, err := nsv.List(nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, l)
|
|
require.Len(t, l, 1)
|
|
})
|
|
}
|
|
|
|
func TestSecureVariables_CRUDWithCAS(t *testing.T) {
|
|
testutil.Parallel(t)
|
|
c, s := makeClient(t, nil, nil)
|
|
defer s.Stop()
|
|
|
|
nsv := c.SecureVariables()
|
|
sv1 := &SecureVariable{
|
|
Path: "cas/variable/a",
|
|
Items: map[string]string{
|
|
"key1": "value1",
|
|
"key2": "value2",
|
|
},
|
|
}
|
|
|
|
// Create sv1: should pass without issue
|
|
_, err := nsv.Create(sv1, nil)
|
|
require.NoError(t, err)
|
|
get, _, err := nsv.Read(sv1.Path, nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, get)
|
|
require.Equal(t, sv1.Items, get.Items)
|
|
|
|
// Update sv1 with CAS:
|
|
|
|
// - perform out of band upsert
|
|
oobUpdate := sv1.Copy()
|
|
oobUpdate.Items["new-hotness"] = "yeah!"
|
|
_, err = nsv.Update(oobUpdate, nil)
|
|
require.NoError(t, err)
|
|
|
|
// - fetch the updated value to get the current ModifyIndex
|
|
nowVal, _, err := nsv.Read(sv1.Path, nil)
|
|
require.NoError(t, err)
|
|
|
|
// - try to do an update with sv1's old state; should fail
|
|
_, err = nsv.CheckedUpdate(sv1, nil)
|
|
require.Error(t, err)
|
|
|
|
// - expect the error to be an ErrCASConflict, so we can cast
|
|
// to it and retrieve the Conflict value
|
|
var conflictErr ErrCASConflict
|
|
require.ErrorAs(t, err, &conflictErr)
|
|
require.Equal(t, nowVal, conflictErr.Conflict)
|
|
|
|
// Delete CAS: try to delete sv1 at old ModifyIndex; should
|
|
// return an ErrCASConflict. Check Conflict.
|
|
_, err = nsv.CheckedDelete(sv1.Path, sv1.ModifyIndex, nil)
|
|
require.Error(t, err)
|
|
require.ErrorAs(t, err, &conflictErr)
|
|
require.Equal(t, nowVal, conflictErr.Conflict)
|
|
|
|
// Delete CAS: delete at the current index; should succeed.
|
|
_, err = nsv.CheckedDelete(nowVal.Path, nowVal.ModifyIndex, nil)
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
func TestSecureVariables_Read(t *testing.T) {
|
|
testutil.Parallel(t)
|
|
c, s := makeClient(t, nil, nil)
|
|
defer s.Stop()
|
|
|
|
nsv := c.SecureVariables()
|
|
tID := fmt.Sprint(time.Now().UTC().UnixNano())
|
|
sv1 := SecureVariable{
|
|
Namespace: "default",
|
|
Path: tID + "/sv1",
|
|
Items: map[string]string{
|
|
"kv1": "val1",
|
|
"kv2": "val2",
|
|
},
|
|
}
|
|
writeTestVariable(t, c, &sv1)
|
|
|
|
testCases := []struct {
|
|
name string
|
|
path string
|
|
expectedError string
|
|
checkValue bool
|
|
expectedValue *SecureVariable
|
|
}{
|
|
{
|
|
name: "not found",
|
|
path: tID + "/not/found",
|
|
expectedError: ErrVariableNotFound,
|
|
checkValue: true,
|
|
expectedValue: nil,
|
|
},
|
|
{
|
|
name: "found",
|
|
path: sv1.Path,
|
|
checkValue: true,
|
|
expectedValue: &sv1,
|
|
},
|
|
}
|
|
for _, tc := range testCases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
get, _, err := nsv.Read(tc.path, nil)
|
|
if tc.expectedError != "" {
|
|
require.EqualError(t, err, tc.expectedError)
|
|
} else {
|
|
require.NoError(t, err)
|
|
}
|
|
if tc.checkValue {
|
|
if tc.expectedValue != nil {
|
|
require.NotNil(t, get)
|
|
require.Equal(t, tc.expectedValue, get)
|
|
} else {
|
|
require.Nil(t, get)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func writeTestVariable(t *testing.T, c *Client, sv *SecureVariable) {
|
|
_, err := c.write("/v1/var/"+sv.Path, sv, nil, nil)
|
|
require.NoError(t, err, "Error writing test variable")
|
|
get := new(SecureVariable)
|
|
_, err = c.query("/v1/var/"+sv.Path, &get, nil)
|
|
require.NoError(t, err, "Error writing test variable")
|
|
*sv = *get
|
|
}
|