2023-08-11 09:12:13 -04:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
|
2023-04-26 11:57:10 +01:00
|
|
|
package testing
|
|
|
|
|
|
|
|
import (
|
2023-10-27 08:55:02 -05:00
|
|
|
"testing"
|
|
|
|
|
2023-04-26 11:57:10 +01:00
|
|
|
"github.com/stretchr/testify/require"
|
2023-12-05 13:00:06 -06:00
|
|
|
|
|
|
|
"github.com/hashicorp/go-uuid"
|
2023-08-04 11:27:48 -07:00
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
2023-04-26 11:57:10 +01:00
|
|
|
"github.com/hashicorp/consul/acl/resolver"
|
2023-08-04 11:27:48 -07:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2023-04-26 11:57:10 +01:00
|
|
|
)
|
|
|
|
|
2023-08-04 11:27:48 -07:00
|
|
|
func randomACLIdentity(t *testing.T) structs.ACLIdentity {
|
|
|
|
id, err := uuid.GenerateUUID()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
return &structs.ACLToken{AccessorID: id}
|
|
|
|
}
|
|
|
|
|
|
|
|
func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result {
|
|
|
|
policies := []*acl.Policy{}
|
|
|
|
for _, policyStr := range policyStrs {
|
|
|
|
policy, err := acl.NewPolicyFromSource(policyStr, nil, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
policies = append(policies, policy)
|
|
|
|
}
|
|
|
|
|
|
|
|
authz, err := acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), policies, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
return resolver.Result{
|
|
|
|
Authorizer: authz,
|
|
|
|
ACLIdentity: randomACLIdentity(t),
|
|
|
|
}
|
|
|
|
}
|