1cca7abcab
This is extracted from #8094, where I have run into some snags. Since these ESLint fixes aren’t actually connected to the Ember 3.16 update but involve changes to many files, we might as well address them separately. Where possible I fixed the problems but in cases where a fix seemed too involved, I added per-line or -file exceptions.
201 lines
5.3 KiB
JavaScript
201 lines
5.3 KiB
JavaScript
/* eslint-disable ember/avoid-leaking-state-in-ember-objects */
|
|
import { module, test } from 'qunit';
|
|
import { setupTest } from 'ember-qunit';
|
|
import Service from '@ember/service';
|
|
import setupAbility from 'nomad-ui/tests/helpers/setup-ability';
|
|
|
|
module('Unit | Ability | job', function(hooks) {
|
|
setupTest(hooks);
|
|
setupAbility('job')(hooks);
|
|
|
|
test('it permits job run when ACLs are disabled', function(assert) {
|
|
const mockToken = Service.extend({
|
|
aclEnabled: false,
|
|
});
|
|
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
assert.ok(this.ability.canRun);
|
|
});
|
|
|
|
test('it permits job run for management tokens', function(assert) {
|
|
const mockToken = Service.extend({
|
|
aclEnabled: true,
|
|
selfToken: { type: 'management' },
|
|
});
|
|
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
assert.ok(this.ability.canRun);
|
|
});
|
|
|
|
test('it permits job run for client tokens with a policy that has namespace submit-job', function(assert) {
|
|
const mockSystem = Service.extend({
|
|
aclEnabled: true,
|
|
activeNamespace: {
|
|
name: 'aNamespace',
|
|
},
|
|
});
|
|
|
|
const mockToken = Service.extend({
|
|
aclEnabled: true,
|
|
selfToken: { type: 'client' },
|
|
selfTokenPolicies: [
|
|
{
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: 'aNamespace',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
});
|
|
|
|
this.owner.register('service:system', mockSystem);
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
assert.ok(this.ability.canRun);
|
|
});
|
|
|
|
test('it permits job run for client tokens with a policy that has default namespace submit-job and no capabilities for active namespace', function(assert) {
|
|
const mockSystem = Service.extend({
|
|
aclEnabled: true,
|
|
activeNamespace: {
|
|
name: 'anotherNamespace',
|
|
},
|
|
});
|
|
|
|
const mockToken = Service.extend({
|
|
aclEnabled: true,
|
|
selfToken: { type: 'client' },
|
|
selfTokenPolicies: [
|
|
{
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: 'aNamespace',
|
|
Capabilities: [],
|
|
},
|
|
{
|
|
Name: 'default',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
});
|
|
|
|
this.owner.register('service:system', mockSystem);
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
assert.ok(this.ability.canRun);
|
|
});
|
|
|
|
test('it blocks job run for client tokens with a policy that has no submit-job capability', function(assert) {
|
|
const mockSystem = Service.extend({
|
|
aclEnabled: true,
|
|
activeNamespace: {
|
|
name: 'aNamespace',
|
|
},
|
|
});
|
|
|
|
const mockToken = Service.extend({
|
|
aclEnabled: true,
|
|
selfToken: { type: 'client' },
|
|
selfTokenPolicies: [
|
|
{
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: 'aNamespace',
|
|
Capabilities: ['list-jobs'],
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
});
|
|
|
|
this.owner.register('service:system', mockSystem);
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
assert.notOk(this.ability.canRun);
|
|
});
|
|
|
|
test('it handles globs in namespace names', function(assert) {
|
|
const mockSystem = Service.extend({
|
|
aclEnabled: true,
|
|
activeNamespace: {
|
|
name: 'aNamespace',
|
|
},
|
|
});
|
|
|
|
const mockToken = Service.extend({
|
|
aclEnabled: true,
|
|
selfToken: { type: 'client' },
|
|
selfTokenPolicies: [
|
|
{
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: 'production-*',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
{
|
|
Name: 'production-api',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
{
|
|
Name: 'production-web',
|
|
Capabilities: [],
|
|
},
|
|
{
|
|
Name: '*-suffixed',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
{
|
|
Name: '*-more-suffixed',
|
|
Capabilities: [],
|
|
},
|
|
{
|
|
Name: '*-abc-*',
|
|
Capabilities: ['submit-job'],
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
});
|
|
|
|
this.owner.register('service:system', mockSystem);
|
|
this.owner.register('service:token', mockToken);
|
|
|
|
const systemService = this.owner.lookup('service:system');
|
|
|
|
systemService.set('activeNamespace.name', 'production-web');
|
|
assert.notOk(this.ability.canRun);
|
|
|
|
systemService.set('activeNamespace.name', 'production-api');
|
|
assert.ok(this.ability.canRun);
|
|
|
|
systemService.set('activeNamespace.name', 'production-other');
|
|
assert.ok(this.ability.canRun);
|
|
|
|
systemService.set('activeNamespace.name', 'something-suffixed');
|
|
assert.ok(this.ability.canRun);
|
|
|
|
systemService.set('activeNamespace.name', 'something-more-suffixed');
|
|
assert.notOk(
|
|
this.ability.canRun,
|
|
'expected the namespace with the greatest number of matched characters to be chosen'
|
|
);
|
|
|
|
systemService.set('activeNamespace.name', '000-abc-999');
|
|
assert.ok(this.ability.canRun, 'expected to be able to match against more than one wildcard');
|
|
});
|
|
});
|