5c2a08de6d
* Update browserslist * Add browserslistrc * ember-cli-update --to 3.26, fix conflicts * Run codemodes that start with ember-* * More codemods - before cp* * More codemods (curly data-test-*) * WIP ember-basic-dropdown template errors * updates ember-basic-dropdown and related deps to fix build issues * updates basic dropdown instances to new version API * updates more deps -- ember-template-lint is working again * runs no-implicit-this codemod * creates and runs no-quoteless-attributes codemod * runs angle brackets codemod * updates lint:hbs globs to only touch hbs files * removes yield only templates * creates and runs deprecated args transform * supresses lint error for invokeAction on LinkTo component * resolves remaining ambiguous path lint errors * resolves simple-unless lint errors * adds warnings for deprecated tagName arg on LinkTo components * adds warnings for remaining curly component invocation * updates global template lint rules * resolves remaining template lint errors * disables some ember specfic lint rules that target pre octane patterns * js lint fix run * resolves remaining js lint errors * fixes test run * adds npm-run-all dep * fixes test attribute issues * fixes console acceptance tests * fixes tests * adds yield only wizard/tutorial-active template * fixes more tests * attempts to fix more flaky tests * removes commented out settled in transit test * updates deprecations workflow and adds initializer to filter by version * updates flaky policies acl old test * updates to flaky transit test * bumps ember deps down to LTS version * runs linters after main merge * fixes client count tests after bad merge conflict fixes * fixes client count history test * more updates to lint config * another round of hbs lint fixes after extending stylistic rule * updates lint-staged commands * removes indent eslint rule since it seems to break things * fixes bad attribute in transform-edit-form template * test fixes * fixes enterprise tests * adds changelog * removes deprecated ember-concurrency-test-waiters dep and adds @ember/test-waiters * flaky test fix Co-authored-by: hashishaw <cshaw@hashicorp.com>
127 lines
4.4 KiB
JavaScript
127 lines
4.4 KiB
JavaScript
import { module, test } from 'qunit';
|
|
import { setupTest } from 'ember-qunit';
|
|
import { SUDO_PATHS, SUDO_PATH_PREFIXES } from 'vault/models/capabilities';
|
|
|
|
import { run } from '@ember/runloop';
|
|
|
|
module('Unit | Model | capabilities', function (hooks) {
|
|
setupTest(hooks);
|
|
|
|
test('it exists', function (assert) {
|
|
let model = run(() => this.owner.lookup('service:store').createRecord('capabilities'));
|
|
assert.ok(!!model);
|
|
});
|
|
|
|
test('it reads capabilities', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: 'foo',
|
|
capabilities: ['list', 'read'],
|
|
})
|
|
);
|
|
|
|
assert.ok(model.get('canRead'));
|
|
assert.ok(model.get('canList'));
|
|
assert.notOk(model.get('canUpdate'));
|
|
assert.notOk(model.get('canDelete'));
|
|
});
|
|
|
|
test('it allows everything if root is present', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: 'foo',
|
|
capabilities: ['root', 'deny', 'read'],
|
|
})
|
|
);
|
|
assert.ok(model.get('canRead'));
|
|
assert.ok(model.get('canCreate'));
|
|
assert.ok(model.get('canUpdate'));
|
|
assert.ok(model.get('canDelete'));
|
|
assert.ok(model.get('canList'));
|
|
});
|
|
|
|
test('it denies everything if deny is present', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: 'foo',
|
|
capabilities: ['sudo', 'deny', 'read'],
|
|
})
|
|
);
|
|
assert.notOk(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'));
|
|
assert.notOk(model.get('canUpdate'));
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
|
|
test('it requires sudo on sudo paths', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: SUDO_PATHS[0],
|
|
capabilities: ['sudo', 'read'],
|
|
})
|
|
);
|
|
assert.ok(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'), 'sudo requires the capability to be set as well');
|
|
assert.notOk(model.get('canUpdate'));
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
|
|
test('it requires sudo on sudo paths prefixes', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: SUDO_PATH_PREFIXES[0] + '/foo',
|
|
capabilities: ['sudo', 'read'],
|
|
})
|
|
);
|
|
assert.ok(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'), 'sudo requires the capability to be set as well');
|
|
assert.notOk(model.get('canUpdate'));
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
|
|
test('it does not require sudo on sys/leases/revoke if update capability is present and path is not fully a sudo prefix', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: 'sys/leases/revoke',
|
|
capabilities: ['update', 'read'],
|
|
})
|
|
);
|
|
assert.ok(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'), 'sudo requires the capability to be set as well');
|
|
assert.ok(model.get('canUpdate'), 'should not require sudo if it has update');
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
|
|
test('it requires sudo on prefix path even if capability is present', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: SUDO_PATH_PREFIXES[0] + '/aws',
|
|
capabilities: ['update', 'read'],
|
|
})
|
|
);
|
|
assert.notOk(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'));
|
|
assert.notOk(model.get('canUpdate'), 'should still require sudo');
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
|
|
test('it does not require sudo on prefix path if both update and sudo capabilities are present', function (assert) {
|
|
let model = run(() =>
|
|
this.owner.lookup('service:store').createRecord('capabilities', {
|
|
path: SUDO_PATH_PREFIXES[0] + '/aws',
|
|
capabilities: ['sudo', 'update', 'read'],
|
|
})
|
|
);
|
|
assert.ok(model.get('canRead'));
|
|
assert.notOk(model.get('canCreate'));
|
|
assert.ok(model.get('canUpdate'), 'should not require sudo');
|
|
assert.notOk(model.get('canDelete'));
|
|
assert.notOk(model.get('canList'));
|
|
});
|
|
});
|