status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/command/acl/authmethod/update/authmethod_update_test.go

963 lines
22 KiB
Go
Raw Normal View History

Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts
2023-03-28 19:12:30 +00:00
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts
2023-03-28 19:12:30 +00:00
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
package authmethodupdate
import (
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
"encoding/json"
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
"io"
removes ioutil usage everywhere which was deprecated in go1.16 (#15297) * update go version to 1.18 for api and sdk, go mod tidy * removes ioutil usage everywhere which was deprecated in go1.16 in favour of io and os packages. Also introduces a lint rule which forbids use of ioutil going forward. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-10 16:26:01 +00:00
"os"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
"path/filepath"
"strings"
"testing"
syncing changes back from enterprise (#12701)
2022-04-05 20:46:56 +00:00
"github.com/hashicorp/go-uuid"
"github.com/mitchellh/cli"
"github.com/stretchr/testify/require"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
"github.com/hashicorp/consul/agent"
"github.com/hashicorp/consul/agent/connect"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/command/acl"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/testrpc"
// activate testing auth method
_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
)
func TestAuthMethodUpdateCommand_noTabs(t *testing.T) {
t.Parallel()
if strings.ContainsRune(New(cli.NewMockUi()).Help(), '\t') {
t.Fatal("help has tabs")
}
}
func TestAuthMethodUpdateCommand(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Parallel()
Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' | \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g'
2020-03-31 19:59:56 +00:00
a := agent.NewTestAgent(t, `
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
t.Run("update without name", func(t *testing.T) {
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Cannot update an auth method without specifying the -name parameter")
})
t.Run("update nonexistent method", func(t *testing.T) {
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
name := getTestName(t)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-name", name,
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Auth method not found with name")
})
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "test-" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "testing",
Description: "test",
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
cli: ensure 'acl auth-method update' doesn't deep merge the Config field (#7839)
2020-05-11 19:21:17 +00:00
finalName := createAuthMethod(t)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Run("update all fields", func(t *testing.T) {
cli: ensure 'acl auth-method update' doesn't deep merge the Config field (#7839)
2020-05-11 19:21:17 +00:00
name := finalName
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
"-display-name", "updated display",
"-description", "updated description",
"-config", `{ "SessionID": "foo" }`,
}
ui := cli.NewMockUi()
cmd := New(ui)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
cli: ensure 'acl auth-method update' doesn't deep merge the Config field (#7839)
2020-05-11 19:21:17 +00:00
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
got := getTestMethod(t, client, name)
expect := &api.ACLAuthMethod{
Name: name,
Type: "testing",
DisplayName: "updated display",
Description: "updated description",
Config: map[string]interface{}{
"SessionID": "foo",
},
}
require.Equal(t, expect, got)
})
t.Run("update config field and prove no merging happens", func(t *testing.T) {
name := finalName
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-display-name", "updated display",
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
"-description", "updated description",
cli: ensure 'acl auth-method update' doesn't deep merge the Config field (#7839)
2020-05-11 19:21:17 +00:00
"-config", `{ "Data": { "foo": "bar"} }`,
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
got := getTestMethod(t, client, name)
expect := &api.ACLAuthMethod{
Name: name,
Type: "testing",
DisplayName: "updated display",
Description: "updated description",
cli: ensure 'acl auth-method update' doesn't deep merge the Config field (#7839)
2020-05-11 19:21:17 +00:00
Config: map[string]interface{}{
"Data": map[string]interface{}{
"foo": "bar",
},
},
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
}
require.Equal(t, expect, got)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
})
}
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
func TestAuthMethodUpdateCommand_JSON(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
t.Parallel()
Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' | \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g'
2020-03-31 19:59:56 +00:00
a := agent.NewTestAgent(t, `
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
t.Run("update without name", func(t *testing.T) {
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-format=json",
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Cannot update an auth method without specifying the -name parameter")
})
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "test-" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "testing",
Description: "test",
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
t.Run("update all fields", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-display-name", "updated display",
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
"-description", "updated description",
"-format=json",
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
output := ui.OutputWriter.String()
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
var jsonOutput json.RawMessage
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
require.NoError(t, json.Unmarshal([]byte(output), &jsonOutput))
got := getTestMethod(t, client, name)
expect := &api.ACLAuthMethod{
Name: name,
Type: "testing",
DisplayName: "updated display",
Description: "updated description",
Config: map[string]interface{}{},
}
require.Equal(t, expect, got)
Add ACL CLI commands output format option. Add command level formatter, that incapsulates command output printing logiс that depends on the command `-format` option. Move Print* functions from acl_helpers to prettyFormatter. Add jsonFormatter.
2020-02-15 15:06:05 +00:00
})
}
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
func TestAuthMethodUpdateCommand_noMerge(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Parallel()
Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' | \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g'
2020-03-31 19:59:56 +00:00
a := agent.NewTestAgent(t, `
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
t.Run("update without name", func(t *testing.T) {
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Cannot update an auth method without specifying the -name parameter")
})
t.Run("update nonexistent method", func(t *testing.T) {
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
name := getTestName(t)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-name", name,
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Auth method not found with name")
})
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "test-" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "testing",
Description: "test",
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
t.Run("update all fields", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-display-name", "updated display",
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
"-description", "updated description",
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0, "err: %s", ui.ErrorWriter.String())
require.Empty(t, ui.ErrorWriter.String())
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
got := getTestMethod(t, client, name)
expect := &api.ACLAuthMethod{
Name: name,
Type: "testing",
DisplayName: "updated display",
Description: "updated description",
}
require.Equal(t, expect, got)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
})
}
func TestAuthMethodUpdateCommand_k8s(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Parallel()
testDir := testutil.TempDir(t, "acl")
Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' | \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g'
2020-03-31 19:59:56 +00:00
a := agent.NewTestAgent(t, `
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
ca := connect.TestCA(t, nil)
ca2 := connect.TestCA(t, nil)
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "k8s-" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "kubernetes",
Description: "test",
Config: map[string]interface{}{
"Host": "https://foo.internal:8443",
"CACert": ca.RootCert,
"ServiceAccountJWT": acl.TestKubernetesJWT_A,
},
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
t.Run("update all fields", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
"-display-name", "updated display",
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", ca2.RootCert,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
got := getTestMethod(t, client, name)
expect := &api.ACLAuthMethod{
Name: name,
Type: "kubernetes",
DisplayName: "updated display",
Description: "updated description",
Config: map[string]interface{}{
"Host": "https://foo-new.internal:8443",
"CACert": ca2.RootCert,
"ServiceAccountJWT": acl.TestKubernetesJWT_B,
},
}
require.Equal(t, expect, got)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
// also just double check our convenience parsing
config, err := api.ParseKubernetesAuthMethodConfig(got.Config)
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
ca2File := filepath.Join(testDir, "ca2.crt")
removes ioutil usage everywhere which was deprecated in go1.16 (#15297) * update go version to 1.18 for api and sdk, go mod tidy * removes ioutil usage everywhere which was deprecated in go1.16 in favour of io and os packages. Also introduces a lint rule which forbids use of ioutil going forward. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-10 16:26:01 +00:00
require.NoError(t, os.WriteFile(ca2File, []byte(ca2.RootCert), 0600))
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Run("update all fields with cert file", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", "@" + ca2File,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
t.Run("update all fields but k8s host", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
"-description", "updated description",
"-kubernetes-ca-cert", ca2.RootCert,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
t.Run("update all fields but k8s ca cert", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
t.Run("update all fields but k8s jwt", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", ca2.RootCert,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_A, config.ServiceAccountJWT)
})
}
func TestAuthMethodUpdateCommand_k8s_noMerge(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Parallel()
testDir := testutil.TempDir(t, "acl")
Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' | \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g'
2020-03-31 19:59:56 +00:00
a := agent.NewTestAgent(t, `
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
ca := connect.TestCA(t, nil)
ca2 := connect.TestCA(t, nil)
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "k8s-" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "kubernetes",
Description: "test",
Config: map[string]interface{}{
"Host": "https://foo.internal:8443",
"CACert": ca.RootCert,
"ServiceAccountJWT": acl.TestKubernetesJWT_A,
},
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
t.Run("update missing k8s host", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
"-description", "updated description",
"-kubernetes-ca-cert", ca2.RootCert,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Missing required '-kubernetes-host' flag")
})
t.Run("update missing k8s ca cert", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Missing required '-kubernetes-ca-cert' flag")
})
t.Run("update missing k8s jwt", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", ca2.RootCert,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 1)
require.Contains(t, ui.ErrorWriter.String(), "Missing required '-kubernetes-service-account-jwt' flag")
})
t.Run("update all fields", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", ca2.RootCert,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
ca2File := filepath.Join(testDir, "ca2.crt")
removes ioutil usage everywhere which was deprecated in go1.16 (#15297) * update go version to 1.18 for api and sdk, go mod tidy * removes ioutil usage everywhere which was deprecated in go1.16 in favour of io and os packages. Also introduces a lint rule which forbids use of ioutil going forward. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-10 16:26:01 +00:00
require.NoError(t, os.WriteFile(ca2File, []byte(ca2.RootCert), 0600))
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout
2019-04-26 17:49:28 +00:00
t.Run("update all fields with cert file", func(t *testing.T) {
name := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-no-merge",
"-name=" + name,
"-description", "updated description",
"-kubernetes-host", "https://foo-new.internal:8443",
"-kubernetes-ca-cert", "@" + ca2File,
"-kubernetes-service-account-jwt", acl.TestKubernetesJWT_B,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, code, 0)
require.Empty(t, ui.ErrorWriter.String())
method, _, err := client.ACL().AuthMethodRead(
name,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "updated description", method.Description)
config, err := api.ParseKubernetesAuthMethodConfig(method.Config)
require.NoError(t, err)
require.Equal(t, "https://foo-new.internal:8443", config.Host)
require.Equal(t, ca2.RootCert, config.CACert)
require.Equal(t, acl.TestKubernetesJWT_B, config.ServiceAccountJWT)
})
}
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
func TestAuthMethodUpdateCommand_config(t *testing.T) {
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```
2020-12-07 18:42:55 +00:00
if testing.Short() {
t.Skip("too slow for testing.Short")
}
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
t.Parallel()
testDir := testutil.TempDir(t, "auth-method")
a := agent.NewTestAgent(t, `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
Remove references to "master" ACL tokens in tests (#11751)
2021-12-07 12:48:50 +00:00
initial_management = "root"
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
}
}`)
defer a.Shutdown()
testrpc.WaitForLeader(t, a.RPC, "dc1")
client := a.Client()
createAuthMethod := func(t *testing.T) string {
id, err := uuid.GenerateUUID()
require.NoError(t, err)
methodName := "test" + id
_, _, err = client.ACL().AuthMethodCreate(
&api.ACLAuthMethod{
Name: methodName,
Type: "testing",
Description: "test",
Config: map[string]interface{}{
"SessionID": "big",
},
},
&api.WriteOptions{Token: "root"},
)
require.NoError(t, err)
return methodName
}
readUpdate := func(t *testing.T, methodName string) {
method, _, err := client.ACL().AuthMethodRead(
methodName,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
require.Equal(t, "update", method.Config["SessionID"])
}
t.Run("config file", func(t *testing.T) {
methodName := createAuthMethod(t)
configFile := filepath.Join(testDir, "config.json")
jsonConfig := `{"SessionID":"update"}`
removes ioutil usage everywhere which was deprecated in go1.16 (#15297) * update go version to 1.18 for api and sdk, go mod tidy * removes ioutil usage everywhere which was deprecated in go1.16 in favour of io and os packages. Also introduces a lint rule which forbids use of ioutil going forward. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-10 16:26:01 +00:00
require.NoError(t, os.WriteFile(configFile, []byte(jsonConfig), 0644))
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + methodName,
"-no-merge=true",
"-config=@" + configFile,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, 0, code)
require.Empty(t, ui.ErrorWriter.String())
readUpdate(t, methodName)
})
t.Run("config stdin", func(t *testing.T) {
methodName := createAuthMethod(t)
ui := cli.NewMockUi()
cmd := New(ui)
stdinR, stdinW := io.Pipe()
cmd.testStdin = stdinR
go func() {
stdinW.Write([]byte(`{"SessionID":"update"}`))
stdinW.Close()
}()
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + methodName,
"-no-merge=true",
"-config=-",
}
code := cmd.Run(args)
require.Equal(t, 0, code)
require.Empty(t, ui.ErrorWriter.String())
readUpdate(t, methodName)
})
t.Run("config string", func(t *testing.T) {
methodName := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + methodName,
"-no-merge=true",
"-config=" + `{"SessionID":"update"}`,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, 0, code)
require.Empty(t, ui.ErrorWriter.String())
readUpdate(t, methodName)
})
t.Run("config with no merge", func(t *testing.T) {
methodName := createAuthMethod(t)
args := []string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=" + methodName,
"-no-merge=false",
"-config=" + `{"SessionID":"update"}`,
}
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(args)
require.Equal(t, 0, code)
require.Empty(t, ui.ErrorWriter.String())
readUpdate(t, methodName)
})
}
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
func getTestMethod(t *testing.T, client *api.Client, methodName string) *api.ACLAuthMethod {
t.Helper()
method, _, err := client.ACL().AuthMethodRead(
methodName,
&api.QueryOptions{Token: "root"},
)
require.NoError(t, err)
require.NotNil(t, method)
// zero these out since we don't really care
method.CreateIndex = 0
method.ModifyIndex = 0
test: make auth method cli crud test helper ignore the default namespace (#7799)
2020-05-06 20:09:47 +00:00
if method.Namespace == "default" {
method.Namespace = ""
}
syncing changes back from enterprise (#12701)
2022-04-05 20:46:56 +00:00
if method.Partition == "default" {
method.Partition = ""
}
test: make auth method cli crud test helper ignore the default namespace (#7799)
2020-05-06 20:09:47 +00:00
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
return method
}
func getTestName(t *testing.T) string {
t.Helper()
id, err := uuid.GenerateUUID()
require.NoError(t, err)
return "test-" + id
cli: Add -config flag to "acl authmethod update/create" (#7776)
2020-05-04 21:21:28 +00:00
acl: add DisplayName field to auth methods (#7769) Also add a few missing acl fields in the api.
2020-05-04 20:18:25 +00:00
}