consul/command/acl/bindingrule/delete/bindingrule_delete_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package bindingruledelete

import (
	"fmt"
	"strings"
	"testing"

	"github.com/mitchellh/cli"
	"github.com/stretchr/testify/require"

	"github.com/hashicorp/consul/agent"
	"github.com/hashicorp/consul/api"
	"github.com/hashicorp/consul/testrpc"

	// activate testing auth method
	_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
)

func TestBindingRuleDeleteCommand_noTabs(t *testing.T) {
	t.Parallel()

	if strings.ContainsRune(New(cli.NewMockUi()).Help(), '\t') {
		t.Fatal("help has tabs")
	}
}

func TestBindingRuleDeleteCommand(t *testing.T) {
	if testing.Short() {
		t.Skip("too slow for testing.Short")
	}

	t.Parallel()

	a := agent.NewTestAgent(t, `
	primary_datacenter = "dc1"
	acl {
		enabled = true
		tokens {
			initial_management = "root"
		}
	}`)

	defer a.Shutdown()
	testrpc.WaitForLeader(t, a.RPC, "dc1")

	client := a.Client()

	// create an auth method in advance
	{
		_, _, err := client.ACL().AuthMethodCreate(
			&api.ACLAuthMethod{
				Name: "test",
				Type: "testing",
			},
			&api.WriteOptions{Token: "root"},
		)
		require.NoError(t, err)
	}

	createRule := func(t *testing.T) string {
		rule, _, err := client.ACL().BindingRuleCreate(
			&api.ACLBindingRule{
				AuthMethod:  "test",
				Description: "test rule",
				BindType:    api.BindingRuleBindTypeService,
				BindName:    "test-${serviceaccount.name}",
				Selector:    "serviceaccount.namespace==default",
			},
			&api.WriteOptions{Token: "root"},
		)
		require.NoError(t, err)
		return rule.ID
	}

	createDupe := func(t *testing.T) string {
		for {
			// Check for 1-char duplicates.
			rules, _, err := client.ACL().BindingRuleList(
				"test",
				&api.QueryOptions{Token: "root"},
			)
			require.NoError(t, err)

			m := make(map[byte]struct{})
			for _, rule := range rules {
				c := rule.ID[0]

				if _, ok := m[c]; ok {
					return string(c)
				}
				m[c] = struct{}{}
			}

			_ = createRule(t)
		}
	}

	t.Run("id required", func(t *testing.T) {
		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-token=root",
		}

		code := cmd.Run(args)
		require.Equal(t, code, 1)
		require.Contains(t, ui.ErrorWriter.String(), "Must specify the -id parameter")
	})

	t.Run("delete works", func(t *testing.T) {
		id := createRule(t)

		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-token=root",
			"-id", id,
		}

		code := cmd.Run(args)
		require.Equal(t, code, 0)
		require.Empty(t, ui.ErrorWriter.String())

		output := ui.OutputWriter.String()
		require.Contains(t, output, fmt.Sprintf("deleted successfully"))
		require.Contains(t, output, id)

		rule, _, err := client.ACL().BindingRuleRead(
			id,
			&api.QueryOptions{Token: "root"},
		)
		require.NoError(t, err)
		require.Nil(t, rule)
	})

	t.Run("delete works via prefixes", func(t *testing.T) {
		id := createRule(t)

		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-token=root",
			"-id", id[0:5],
		}

		code := cmd.Run(args)
		require.Equal(t, code, 0)
		require.Empty(t, ui.ErrorWriter.String())

		output := ui.OutputWriter.String()
		require.Contains(t, output, fmt.Sprintf("deleted successfully"))
		require.Contains(t, output, id)

		rule, _, err := client.ACL().BindingRuleRead(
			id,
			&api.QueryOptions{Token: "root"},
		)
		require.NoError(t, err)
		require.Nil(t, rule)
	})

	t.Run("delete fails when prefix matches more than one rule", func(t *testing.T) {
		prefix := createDupe(t)

		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-token=root",
			"-id=" + prefix,
		}

		code := cmd.Run(args)
		require.Equal(t, code, 1)
		require.Contains(t, ui.ErrorWriter.String(), "Error determining binding rule ID")
	})

	t.Run("delete notfound", func(t *testing.T) {
		ui := cli.NewMockUi()
		cmd := New(ui)

		args := []string{
			"-http-addr=" + a.HTTPAddr(),
			"-token=root",
			"-id=notfound",
		}

		code := cmd.Run(args)
		require.Equal(t, 1, code)
		require.Contains(t, ui.ErrorWriter.String(), "Error determining binding rule ID: no such rule ID with prefix: notfound")

		output := ui.OutputWriter.String()
		require.Empty(t, output)
	})
}
Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts 2023-03-28 19:12:30 +00:00			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 2023-08-11 13:12:13 +00:00			`// SPDX-License-Identifier: BUSL-1.1`
Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts 2023-03-28 19:12:30 +00:00
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`package bindingruledelete`

			`import (`
			`"fmt"`
			`"strings"`
			`"testing"`

ACL error improvements: incomplete bootstrapping and non-existent token (#16105) * add bootstrapping detail for acl errors * error detail improvements * update acl bootstrapping test coverage * update namespace errors * update test coverage * add changelog * update message for unbootstrapped error * consolidate error message code and update changelog * logout message change 2023-02-08 23:49:44 +00:00			`"github.com/mitchellh/cli"`
			`"github.com/stretchr/testify/require"`

acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`"github.com/hashicorp/consul/agent"`
			`"github.com/hashicorp/consul/api"`
			`"github.com/hashicorp/consul/testrpc"`

			`// activate testing auth method`
			`_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"`
			`)`

			`func TestBindingRuleDeleteCommand_noTabs(t *testing.T) {`
			`t.Parallel()`

			`if strings.ContainsRune(New(cli.NewMockUi()).Help(), '\t') {`
			`t.Fatal("help has tabs")`
			`}`
			`}`

			`func TestBindingRuleDeleteCommand(t *testing.T) {`
testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ``` 2020-12-07 18:42:55 +00:00			`if testing.Short() {`
			`t.Skip("too slow for testing.Short")`
			`}`

acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`t.Parallel()`

Remove name from NewTestAgent Using: git grep -l 'NewTestAgent(t, t.Name(),' \| \ xargs sed -i -e 's/NewTestAgent(t, t.Name(),/NewTestAgent(t,/g' 2020-03-31 19:59:56 +00:00			a := agent.NewTestAgent(t, `
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`primary_datacenter = "dc1"`
			`acl {`
			`enabled = true`
			`tokens {`
Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00			`initial_management = "root"`
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`}`
			}`)

			`defer a.Shutdown()`
			`testrpc.WaitForLeader(t, a.RPC, "dc1")`

			`client := a.Client()`

			`// create an auth method in advance`
			`{`
			`_, _, err := client.ACL().AuthMethodCreate(`
			`&api.ACLAuthMethod{`
			`Name: "test",`
			`Type: "testing",`
			`},`
			`&api.WriteOptions{Token: "root"},`
			`)`
			`require.NoError(t, err)`
			`}`

			`createRule := func(t *testing.T) string {`
			`rule, _, err := client.ACL().BindingRuleCreate(`
			`&api.ACLBindingRule{`
			`AuthMethod: "test",`
			`Description: "test rule",`
			`BindType: api.BindingRuleBindTypeService,`
			`BindName: "test-${serviceaccount.name}",`
			`Selector: "serviceaccount.namespace==default",`
			`},`
			`&api.WriteOptions{Token: "root"},`
			`)`
			`require.NoError(t, err)`
			`return rule.ID`
			`}`

			`createDupe := func(t *testing.T) string {`
			`for {`
			`// Check for 1-char duplicates.`
			`rules, _, err := client.ACL().BindingRuleList(`
			`"test",`
			`&api.QueryOptions{Token: "root"},`
			`)`
			`require.NoError(t, err)`

			`m := make(map[byte]struct{})`
			`for _, rule := range rules {`
			`c := rule.ID[0]`

			`if _, ok := m[c]; ok {`
			`return string(c)`
			`}`
			`m[c] = struct{}{}`
			`}`

			`_ = createRule(t)`
			`}`
			`}`

			`t.Run("id required", func(t *testing.T) {`
			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-token=root",`
			`}`

			`code := cmd.Run(args)`
			`require.Equal(t, code, 1)`
			`require.Contains(t, ui.ErrorWriter.String(), "Must specify the -id parameter")`
			`})`

			`t.Run("delete works", func(t *testing.T) {`
			`id := createRule(t)`

			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-token=root",`
			`"-id", id,`
			`}`

			`code := cmd.Run(args)`
			`require.Equal(t, code, 0)`
			`require.Empty(t, ui.ErrorWriter.String())`

			`output := ui.OutputWriter.String()`
			`require.Contains(t, output, fmt.Sprintf("deleted successfully"))`
			`require.Contains(t, output, id)`

			`rule, _, err := client.ACL().BindingRuleRead(`
			`id,`
			`&api.QueryOptions{Token: "root"},`
			`)`
			`require.NoError(t, err)`
			`require.Nil(t, rule)`
			`})`

			`t.Run("delete works via prefixes", func(t *testing.T) {`
			`id := createRule(t)`

			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-token=root",`
			`"-id", id[0:5],`
			`}`

			`code := cmd.Run(args)`
			`require.Equal(t, code, 0)`
			`require.Empty(t, ui.ErrorWriter.String())`

			`output := ui.OutputWriter.String()`
			`require.Contains(t, output, fmt.Sprintf("deleted successfully"))`
			`require.Contains(t, output, id)`

			`rule, _, err := client.ACL().BindingRuleRead(`
			`id,`
			`&api.QueryOptions{Token: "root"},`
			`)`
			`require.NoError(t, err)`
			`require.Nil(t, rule)`
			`})`

			`t.Run("delete fails when prefix matches more than one rule", func(t *testing.T) {`
			`prefix := createDupe(t)`

			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-token=root",`
			`"-id=" + prefix,`
			`}`

			`code := cmd.Run(args)`
			`require.Equal(t, code, 1)`
			`require.Contains(t, ui.ErrorWriter.String(), "Error determining binding rule ID")`
			`})`
ACL error improvements: incomplete bootstrapping and non-existent token (#16105) * add bootstrapping detail for acl errors * error detail improvements * update acl bootstrapping test coverage * update namespace errors * update test coverage * add changelog * update message for unbootstrapped error * consolidate error message code and update changelog * logout message change 2023-02-08 23:49:44 +00:00
			`t.Run("delete notfound", func(t *testing.T) {`
			`ui := cli.NewMockUi()`
			`cmd := New(ui)`

			`args := []string{`
			`"-http-addr=" + a.HTTPAddr(),`
			`"-token=root",`
			`"-id=notfound",`
			`}`

			`code := cmd.Run(args)`
			`require.Equal(t, 1, code)`
			`require.Contains(t, ui.ErrorWriter.String(), "Error determining binding rule ID: no such rule ID with prefix: notfound")`

			`output := ui.OutputWriter.String()`
			`require.Empty(t, output)`
			`})`
acl: adding support for kubernetes auth provider login (#5600) * auth providers * binding rules * auth provider for kubernetes * login/logout 2019-04-26 17:49:28 +00:00			`}`