2023-03-28 23:48:58 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2023-03-27 10:35:39 -05:00
|
|
|
package resource
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/mock"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
2023-04-11 06:10:14 -05:00
|
|
|
"github.com/hashicorp/consul/acl/resolver"
|
2023-03-27 10:35:39 -05:00
|
|
|
"github.com/hashicorp/consul/internal/resource"
|
2023-04-06 10:40:04 +01:00
|
|
|
"github.com/hashicorp/consul/internal/resource/demo"
|
2023-03-27 10:35:39 -05:00
|
|
|
"github.com/hashicorp/consul/internal/storage"
|
|
|
|
"github.com/hashicorp/consul/proto-public/pbresource"
|
|
|
|
"github.com/hashicorp/consul/proto/private/prototest"
|
|
|
|
)
|
|
|
|
|
2023-04-17 16:33:20 -05:00
|
|
|
func TestRead_InputValidation(t *testing.T) {
|
|
|
|
server := testServer(t)
|
|
|
|
client := testClient(t, server)
|
|
|
|
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-04-17 16:33:20 -05:00
|
|
|
|
|
|
|
testCases := map[string]func(*pbresource.ReadRequest){
|
|
|
|
"no id": func(req *pbresource.ReadRequest) { req.Id = nil },
|
|
|
|
"no type": func(req *pbresource.ReadRequest) { req.Id.Type = nil },
|
|
|
|
"no tenancy": func(req *pbresource.ReadRequest) { req.Id.Tenancy = nil },
|
|
|
|
"no name": func(req *pbresource.ReadRequest) { req.Id.Name = "" },
|
|
|
|
// clone necessary to not pollute DefaultTenancy
|
2023-04-24 08:14:51 -05:00
|
|
|
"tenancy partition not default": func(req *pbresource.ReadRequest) {
|
2023-04-17 16:33:20 -05:00
|
|
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
2023-04-24 08:14:51 -05:00
|
|
|
req.Id.Tenancy.Partition = ""
|
2023-04-17 16:33:20 -05:00
|
|
|
},
|
2023-04-24 08:14:51 -05:00
|
|
|
"tenancy namespace not default": func(req *pbresource.ReadRequest) {
|
2023-04-17 16:33:20 -05:00
|
|
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
2023-04-24 08:14:51 -05:00
|
|
|
req.Id.Tenancy.Namespace = ""
|
2023-04-17 16:33:20 -05:00
|
|
|
},
|
2023-04-24 08:14:51 -05:00
|
|
|
"tenancy peername not local": func(req *pbresource.ReadRequest) {
|
2023-04-17 16:33:20 -05:00
|
|
|
req.Id.Tenancy = clone(req.Id.Tenancy)
|
2023-04-24 08:14:51 -05:00
|
|
|
req.Id.Tenancy.PeerName = ""
|
2023-04-17 16:33:20 -05:00
|
|
|
},
|
|
|
|
}
|
|
|
|
for desc, modFn := range testCases {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
|
|
|
res, err := demo.GenerateV2Artist()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
req := &pbresource.ReadRequest{Id: res.Id}
|
|
|
|
modFn(req)
|
|
|
|
|
|
|
|
_, err = client.Read(testContext(t), req)
|
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-27 10:35:39 -05:00
|
|
|
func TestRead_TypeNotFound(t *testing.T) {
|
2023-04-06 10:40:04 +01:00
|
|
|
server := NewServer(Config{Registry: resource.NewRegistry()})
|
2023-03-27 10:35:39 -05:00
|
|
|
client := testClient(t, server)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
artist, err := demo.GenerateV2Artist()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
_, err = client.Read(context.Background(), &pbresource.ReadRequest{Id: artist.Id})
|
2023-03-27 10:35:39 -05:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
|
2023-04-11 06:10:14 -05:00
|
|
|
require.Contains(t, err.Error(), "resource type demo.v2.artist not registered")
|
2023-03-27 10:35:39 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestRead_ResourceNotFound(t *testing.T) {
|
|
|
|
for desc, tc := range readTestCases() {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
|
|
|
server := testServer(t)
|
2023-04-11 06:10:14 -05:00
|
|
|
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-03-27 10:35:39 -05:00
|
|
|
client := testClient(t, server)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
artist, err := demo.GenerateV2Artist()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
|
2023-03-27 10:35:39 -05:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.NotFound.String(), status.Code(err).String())
|
|
|
|
require.Contains(t, err.Error(), "resource not found")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRead_GroupVersionMismatch(t *testing.T) {
|
|
|
|
for desc, tc := range readTestCases() {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
|
|
|
server := testServer(t)
|
2023-04-11 06:10:14 -05:00
|
|
|
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-03-27 10:35:39 -05:00
|
|
|
client := testClient(t, server)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
artist, err := demo.GenerateV2Artist()
|
2023-03-27 10:35:39 -05:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
_, err = server.Backend.WriteCAS(tc.ctx, artist)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
id := clone(artist.Id)
|
|
|
|
id.Type = demo.TypeV1Artist
|
|
|
|
|
|
|
|
_, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: id})
|
2023-03-27 10:35:39 -05:00
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String())
|
|
|
|
require.Contains(t, err.Error(), "resource was requested with GroupVersion")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRead_Success(t *testing.T) {
|
|
|
|
for desc, tc := range readTestCases() {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
|
|
|
server := testServer(t)
|
2023-04-11 06:10:14 -05:00
|
|
|
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-03-27 10:35:39 -05:00
|
|
|
client := testClient(t, server)
|
2023-04-06 10:40:04 +01:00
|
|
|
|
|
|
|
artist, err := demo.GenerateV2Artist()
|
2023-03-27 10:35:39 -05:00
|
|
|
require.NoError(t, err)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
resource1, err := server.Backend.WriteCAS(tc.ctx, artist)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
rsp, err := client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
|
2023-03-27 10:35:39 -05:00
|
|
|
require.NoError(t, err)
|
|
|
|
prototest.AssertDeepEqual(t, resource1, rsp.Resource)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestRead_VerifyReadConsistencyArg(t *testing.T) {
|
|
|
|
// Uses a mockBackend instead of the inmem Backend to verify the ReadConsistency argument is set correctly.
|
|
|
|
for desc, tc := range readTestCases() {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
2023-04-11 06:10:14 -05:00
|
|
|
server := testServer(t)
|
2023-03-27 10:35:39 -05:00
|
|
|
mockBackend := NewMockBackend(t)
|
2023-04-11 06:10:14 -05:00
|
|
|
server.Backend = mockBackend
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-04-06 10:40:04 +01:00
|
|
|
|
|
|
|
artist, err := demo.GenerateV2Artist()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
mockBackend.On("Read", mock.Anything, mock.Anything, mock.Anything).Return(artist, nil)
|
2023-03-27 10:35:39 -05:00
|
|
|
client := testClient(t, server)
|
|
|
|
|
2023-04-06 10:40:04 +01:00
|
|
|
rsp, err := client.Read(tc.ctx, &pbresource.ReadRequest{Id: artist.Id})
|
2023-03-27 10:35:39 -05:00
|
|
|
require.NoError(t, err)
|
2023-04-06 10:40:04 +01:00
|
|
|
prototest.AssertDeepEqual(t, artist, rsp.Resource)
|
2023-03-27 10:35:39 -05:00
|
|
|
mockBackend.AssertCalled(t, "Read", mock.Anything, tc.consistency, mock.Anything)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-04-25 12:52:35 +01:00
|
|
|
// N.B. Uses key ACLs for now. See demo.RegisterTypes()
|
2023-04-11 06:10:14 -05:00
|
|
|
func TestRead_ACLs(t *testing.T) {
|
|
|
|
type testCase struct {
|
|
|
|
authz resolver.Result
|
|
|
|
code codes.Code
|
|
|
|
}
|
|
|
|
testcases := map[string]testCase{
|
|
|
|
"read hook denied": {
|
|
|
|
authz: AuthorizerFrom(t, demo.ArtistV1ReadPolicy),
|
|
|
|
code: codes.PermissionDenied,
|
|
|
|
},
|
|
|
|
"read hook allowed": {
|
|
|
|
authz: AuthorizerFrom(t, demo.ArtistV2ReadPolicy),
|
|
|
|
code: codes.NotFound,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for desc, tc := range testcases {
|
|
|
|
t.Run(desc, func(t *testing.T) {
|
|
|
|
server := testServer(t)
|
|
|
|
client := testClient(t, server)
|
|
|
|
|
|
|
|
mockACLResolver := &MockACLResolver{}
|
|
|
|
mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything).
|
|
|
|
Return(tc.authz, nil)
|
|
|
|
server.ACLResolver = mockACLResolver
|
2023-04-25 12:52:35 +01:00
|
|
|
demo.RegisterTypes(server.Registry)
|
2023-04-11 06:10:14 -05:00
|
|
|
|
|
|
|
artist, err := demo.GenerateV2Artist()
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
// exercise ACL
|
|
|
|
_, err = client.Read(testContext(t), &pbresource.ReadRequest{Id: artist.Id})
|
|
|
|
require.Error(t, err)
|
|
|
|
require.Equal(t, tc.code.String(), status.Code(err).String())
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-03-27 10:35:39 -05:00
|
|
|
type readTestCase struct {
|
|
|
|
consistency storage.ReadConsistency
|
|
|
|
ctx context.Context
|
|
|
|
}
|
|
|
|
|
|
|
|
func readTestCases() map[string]readTestCase {
|
|
|
|
return map[string]readTestCase{
|
|
|
|
"eventually consistent read": {
|
|
|
|
consistency: storage.EventualConsistency,
|
|
|
|
ctx: context.Background(),
|
|
|
|
},
|
|
|
|
"strongly consistent read": {
|
|
|
|
consistency: storage.StrongConsistency,
|
|
|
|
ctx: metadata.NewOutgoingContext(
|
|
|
|
context.Background(),
|
|
|
|
metadata.New(map[string]string{"x-consul-consistency-mode": "consistent"}),
|
|
|
|
),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|