consul/command/acl/token/formatter_test.go

524 lines
14 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 09:12:13 -04:00
// SPDX-License-Identifier: BUSL-1.1
package token
import (
"flag"
"fmt"
"os"
"path"
"path/filepath"
"testing"
"time"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/api"
)
// update allows golden files to be updated based on the current output.
var update = flag.Bool("update", false, "update golden files")
// golden reads and optionally writes the expected data to the golden file,
// returning the contents as a string.
func golden(t *testing.T, name, got string) string {
t.Helper()
golden := filepath.Join("testdata", name+".golden")
if *update && got != "" {
err := os.WriteFile(golden, []byte(got), 0644)
require.NoError(t, err)
}
expected, err := os.ReadFile(golden)
require.NoError(t, err)
return string(expected)
}
func TestFormatToken(t *testing.T) {
type testCase struct {
token api.ACLToken
overrideGoldenName string
}
timeRef := func(in time.Time) *time.Time {
return &in
}
cases := map[string]testCase{
"basic": {
token: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Description: "test token",
Local: false,
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 42,
ModifyIndex: 100,
},
},
"complex": {
token: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
AuthMethodNamespace: "baz",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "hobbiton",
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bywater",
},
},
Roles: []*api.ACLLink{
{
ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366",
Name: "shire",
},
{
ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791",
Name: "west-farthing",
},
},
ServiceIdentities: []*api.ACLServiceIdentity{
{
ServiceName: "gardener",
Datacenters: []string{"middleearth-northwest"},
},
},
NodeIdentities: []*api.ACLNodeIdentity{
{
NodeName: "bagend",
Datacenter: "middleearth-northwest",
},
},
TemplatedPolicies: []*api.ACLTemplatedPolicy{
{
TemplateName: api.ACLTemplatedPolicyServiceName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "web",
},
Datacenters: []string{"middleearth-northwest", "somewhere-east"},
},
{
TemplateName: api.ACLTemplatedPolicyNodeName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "api",
},
},
},
},
},
}
formatters := map[string]Formatter{
"pretty": newPrettyFormatter(false),
"pretty-meta": newPrettyFormatter(true),
// the JSON formatter ignores the showMeta
"json": newJSONFormatter(false),
}
for name, tcase := range cases {
t.Run(name, func(t *testing.T) {
for fmtName, formatter := range formatters {
t.Run(fmtName, func(t *testing.T) {
actual, err := formatter.FormatToken(&tcase.token)
require.NoError(t, err)
gName := fmt.Sprintf("%s.%s", name, fmtName)
if tcase.overrideGoldenName != "" {
gName = tcase.overrideGoldenName
}
expected := golden(t, path.Join("FormatToken", gName), actual)
require.Equal(t, expected, actual)
})
}
})
}
}
func TestFormatTokenList(t *testing.T) {
type testCase struct {
tokens []*api.ACLTokenListEntry
overrideGoldenName string
}
timeRef := func(in time.Time) *time.Time {
return &in
}
cases := map[string]testCase{
"basic": {
tokens: []*api.ACLTokenListEntry{
{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "257ade69-748c-4022-bafd-76d27d9143f8",
Description: "test token",
Local: false,
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 42,
ModifyIndex: 100,
},
},
},
"complex": {
tokens: []*api.ACLTokenListEntry{
{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "257ade69-748c-4022-bafd-76d27d9143f8",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
AuthMethodNamespace: "baz",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "hobbiton",
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bywater",
},
},
Roles: []*api.ACLLink{
{
ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366",
Name: "shire",
},
{
ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791",
Name: "west-farthing",
},
},
ServiceIdentities: []*api.ACLServiceIdentity{
{
ServiceName: "gardener",
Datacenters: []string{"middleearth-northwest"},
},
},
NodeIdentities: []*api.ACLNodeIdentity{
{
NodeName: "bagend",
Datacenter: "middleearth-northwest",
},
},
TemplatedPolicies: []*api.ACLTemplatedPolicy{
{
TemplateName: api.ACLTemplatedPolicyServiceName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "web",
},
Datacenters: []string{"middleearth-northwest"},
},
{
TemplateName: api.ACLTemplatedPolicyNodeName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "api",
},
},
},
},
},
},
}
formatters := map[string]Formatter{
"pretty": newPrettyFormatter(false),
"pretty-meta": newPrettyFormatter(true),
// the JSON formatter ignores the showMeta
"json": newJSONFormatter(false),
}
for name, tcase := range cases {
t.Run(name, func(t *testing.T) {
for fmtName, formatter := range formatters {
t.Run(fmtName, func(t *testing.T) {
actual, err := formatter.FormatTokenList(tcase.tokens)
require.NoError(t, err)
gName := fmt.Sprintf("%s.%s", name, fmtName)
if tcase.overrideGoldenName != "" {
gName = tcase.overrideGoldenName
}
expected := golden(t, path.Join("FormatTokenList", gName), actual)
require.Equal(t, expected, actual)
})
}
})
}
}
type testCase struct {
tokenExpanded api.ACLTokenExpanded
overrideGoldenName string
}
func timeRef(in time.Time) *time.Time {
return &in
}
var expandedTokenTestCases = map[string]testCase{
"basic": {
tokenExpanded: api.ACLTokenExpanded{
ExpandedPolicies: []api.ACLPolicy{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "foo",
Description: "user policy on token",
Rules: `service_prefix "" {
policy = "read"
}`,
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bar",
Description: "other user policy on token",
Rules: `operator = "read"`,
},
},
AgentACLDefaultPolicy: "allow",
AgentACLDownPolicy: "deny",
ResolvedByAgent: "leader",
ACLToken: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Description: "test token",
Local: false,
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 42,
ModifyIndex: 100,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "foo",
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bar",
},
},
},
},
},
"complex": {
tokenExpanded: api.ACLTokenExpanded{
ExpandedPolicies: []api.ACLPolicy{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "hobbiton",
Description: "user policy on token",
Rules: `service_prefix "" {
policy = "read"
}`,
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bywater",
Description: "other user policy on token",
Rules: `operator = "read"`,
},
{
ID: "6204f4cd-4709-441c-ac1b-cb029e940263",
Name: "shire-policy",
Description: "policy for shire role",
Rules: `operator = "write"`,
},
{
ID: "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93",
Name: "west-farthing-policy",
Description: "policy for west-farthing role",
Rules: `service "foo" {
policy = "read"
}`,
},
{
ID: "2b582ff1-4a43-457f-8a2b-30a8265e29a5",
Name: "default-policy-1",
Description: "default policy 1",
Rules: `key "foo" { policy = "write" }`,
},
{
ID: "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea",
Name: "default-policy-2",
Description: "default policy 2",
Rules: `key "bar" { policy = "read" }`,
},
},
ExpandedRoles: []api.ACLRole{
{
ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366",
Name: "shire",
Description: "shire role",
Policies: []*api.ACLRolePolicyLink{
{
ID: "6204f4cd-4709-441c-ac1b-cb029e940263",
},
},
ServiceIdentities: []*api.ACLServiceIdentity{
{
ServiceName: "foo",
Datacenters: []string{"middleearth-southwest"},
},
},
},
{
ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791",
Name: "west-farthing",
Description: "west-farthing role",
Policies: []*api.ACLRolePolicyLink{
{
ID: "e86f0d1f-71b1-4690-bdfd-ff8c2cd4ae93",
},
},
NodeIdentities: []*api.ACLNodeIdentity{
{
NodeName: "bar",
Datacenter: "middleearth-southwest",
},
},
},
{
ID: "56033f2b-e1a6-4905-b71d-e011c862bc65",
Name: "ns-default",
Description: "default role",
Policies: []*api.ACLRolePolicyLink{
{
ID: "b55dce64-f2cc-4eb5-8e5f-50e90e63c6ea",
},
},
ServiceIdentities: []*api.ACLServiceIdentity{
{
ServiceName: "web",
Datacenters: []string{"middleearth-northeast"},
},
},
NodeIdentities: []*api.ACLNodeIdentity{
{
NodeName: "db",
Datacenter: "middleearth-northwest",
},
},
},
},
NamespaceDefaultPolicyIDs: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"},
NamespaceDefaultRoleIDs: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"},
AgentACLDefaultPolicy: "deny",
AgentACLDownPolicy: "extend-cache",
ResolvedByAgent: "server-1",
ACLToken: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
AuthMethodNamespace: "baz",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
Name: "hobbiton",
},
{
ID: "18788457-584c-4812-80d3-23d403148a90",
Name: "bywater",
},
},
Roles: []*api.ACLLink{
{
ID: "3b0a78fe-b9c3-40de-b8ea-7d4d6674b366",
Name: "shire",
},
{
ID: "6c9d1e1d-34bc-4d55-80f3-add0890ad791",
Name: "west-farthing",
},
},
ServiceIdentities: []*api.ACLServiceIdentity{
{
ServiceName: "gardener",
Datacenters: []string{"middleearth-northwest"},
},
},
NodeIdentities: []*api.ACLNodeIdentity{
{
NodeName: "bagend",
Datacenter: "middleearth-northwest",
},
},
TemplatedPolicies: []*api.ACLTemplatedPolicy{
{
TemplateName: api.ACLTemplatedPolicyServiceName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "web",
},
Datacenters: []string{"middleearth-northwest"},
},
{
TemplateName: api.ACLTemplatedPolicyNodeName,
TemplateVariables: &api.ACLTemplatedPolicyVariables{
Name: "api",
},
},
},
},
},
},
}
func testFormatTokenExpanded(t *testing.T, dirPath string) {
formatters := map[string]Formatter{
"pretty": newPrettyFormatter(false),
"pretty-meta": newPrettyFormatter(true),
// the JSON formatter ignores the showMeta
"json": newJSONFormatter(false),
}
for name, tcase := range expandedTokenTestCases {
t.Run(name, func(t *testing.T) {
for fmtName, formatter := range formatters {
t.Run(fmtName, func(t *testing.T) {
actual, err := formatter.FormatTokenExpanded(&tcase.tokenExpanded)
require.NoError(t, err)
gName := fmt.Sprintf("%s.%s", name, fmtName)
if tcase.overrideGoldenName != "" {
gName = tcase.overrideGoldenName
}
expected := golden(t, path.Join(dirPath, gName), actual)
require.Equal(t, expected, actual)
})
}
})
}
}