mirror of https://github.com/status-im/consul.git
Adds complete ACL support for /v1/query/<query id or name>/execute.
This was already supported by previous changes to the ACL filter, so we just added a test to show it working.
This commit is contained in:
parent
9c785c7022
commit
2404af6f94
|
@ -1417,6 +1417,7 @@ func TestPreparedQuery_Execute(t *testing.T) {
|
||||||
c.ACLDatacenter = "dc1"
|
c.ACLDatacenter = "dc1"
|
||||||
c.ACLMasterToken = "root"
|
c.ACLMasterToken = "root"
|
||||||
c.ACLDefaultPolicy = "deny"
|
c.ACLDefaultPolicy = "deny"
|
||||||
|
c.ACLEnforceVersion8 = false
|
||||||
})
|
})
|
||||||
defer os.RemoveAll(dir1)
|
defer os.RemoveAll(dir1)
|
||||||
defer s1.Shutdown()
|
defer s1.Shutdown()
|
||||||
|
@ -2138,6 +2139,58 @@ func TestPreparedQuery_Execute(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Turn on version 8 ACLs, which will start to filter even with the exec
|
||||||
|
// token.
|
||||||
|
s1.config.ACLEnforceVersion8 = true
|
||||||
|
{
|
||||||
|
req := structs.PreparedQueryExecuteRequest{
|
||||||
|
Datacenter: "dc1",
|
||||||
|
QueryIDOrName: query.Query.ID,
|
||||||
|
QueryOptions: structs.QueryOptions{Token: execToken},
|
||||||
|
}
|
||||||
|
|
||||||
|
var reply structs.PreparedQueryExecuteResponse
|
||||||
|
if err := msgpackrpc.CallWithCodec(codec1, "PreparedQuery.Execute", &req, &reply); err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(reply.Nodes) != 0 ||
|
||||||
|
reply.Datacenter != "dc1" || reply.Failovers != 0 ||
|
||||||
|
reply.Service != query.Query.Service.Service ||
|
||||||
|
!reflect.DeepEqual(reply.DNS, query.Query.DNS) ||
|
||||||
|
!reply.QueryMeta.KnownLeader {
|
||||||
|
t.Fatalf("bad: %v", reply)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Revert version 8 ACLs and make sure the query works again.
|
||||||
|
s1.config.ACLEnforceVersion8 = false
|
||||||
|
{
|
||||||
|
req := structs.PreparedQueryExecuteRequest{
|
||||||
|
Datacenter: "dc1",
|
||||||
|
QueryIDOrName: query.Query.ID,
|
||||||
|
QueryOptions: structs.QueryOptions{Token: execToken},
|
||||||
|
}
|
||||||
|
|
||||||
|
var reply structs.PreparedQueryExecuteResponse
|
||||||
|
if err := msgpackrpc.CallWithCodec(codec1, "PreparedQuery.Execute", &req, &reply); err != nil {
|
||||||
|
t.Fatalf("err: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(reply.Nodes) != 8 ||
|
||||||
|
reply.Datacenter != "dc1" || reply.Failovers != 0 ||
|
||||||
|
reply.Service != query.Query.Service.Service ||
|
||||||
|
!reflect.DeepEqual(reply.DNS, query.Query.DNS) ||
|
||||||
|
!reply.QueryMeta.KnownLeader {
|
||||||
|
t.Fatalf("bad: %v", reply)
|
||||||
|
}
|
||||||
|
for _, node := range reply.Nodes {
|
||||||
|
if node.Node.Node == "node1" || node.Node.Node == "node3" {
|
||||||
|
t.Fatalf("bad: %v", node)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Now fail everything in dc1 and we should get an empty list back.
|
// Now fail everything in dc1 and we should get an empty list back.
|
||||||
for i := 0; i < 10; i++ {
|
for i := 0; i < 10; i++ {
|
||||||
setHealth(fmt.Sprintf("node%d", i+1), structs.HealthCritical)
|
setHealth(fmt.Sprintf("node%d", i+1), structs.HealthCritical)
|
||||||
|
|
Loading…
Reference in New Issue