diff --git a/agent/event_endpoint_test.go b/agent/event_endpoint_test.go index 07311c7f49..476bf0cc1e 100644 --- a/agent/event_endpoint_test.go +++ b/agent/event_endpoint_test.go @@ -9,11 +9,9 @@ import ( "testing" "time" - "github.com/hashicorp/consul/testrpc" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/testrpc" ) func TestEventFire(t *testing.T) { @@ -72,21 +70,7 @@ func TestEventFire_token(t *testing.T) { defer a.Shutdown() testrpc.WaitForLeader(t, a.RPC, "dc1") - // Create an ACL token - args := structs.ACLRequest{ - Datacenter: "dc1", - Op: structs.ACLSet, - ACL: structs.ACL{ - Name: "User token", - Type: structs.ACLTokenTypeClient, - Rules: testEventPolicy, - }, - WriteRequest: structs.WriteRequest{Token: "root"}, - } - var token string - if err := a.RPC("ACL.Apply", &args, &token); err != nil { - t.Fatalf("err: %v", err) - } + token := createToken(t, a, testEventPolicy) type tcase struct { event string diff --git a/agent/local/state_test.go b/agent/local/state_test.go index bcc0e11027..f4be09ba12 100644 --- a/agent/local/state_test.go +++ b/agent/local/state_test.go @@ -8,6 +8,7 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -791,23 +792,7 @@ func TestAgentAntiEntropy_Services_ACLDeny(t *testing.T) { defer a.Shutdown() testrpc.WaitForLeader(t, a.RPC, "dc1") - // Create the ACL - arg := structs.ACLRequest{ - Datacenter: "dc1", - Op: structs.ACLSet, - ACL: structs.ACL{ - Name: "User token", - Type: structs.ACLTokenTypeClient, - Rules: testRegisterRules, - }, - WriteRequest: structs.WriteRequest{ - Token: "root", - }, - } - var token string - if err := a.RPC("ACL.Apply", &arg, &token); err != nil { - t.Fatalf("err: %v", err) - } + token := createToken(t, a, testRegisterRules) // Create service (disallowed) srv1 := &structs.NodeService{ @@ -929,6 +914,40 @@ func TestAgentAntiEntropy_Services_ACLDeny(t *testing.T) { } } +type RPC interface { + RPC(method string, args interface{}, reply interface{}) error +} + +func createToken(t *testing.T, rpc RPC, policyRules string) string { + t.Helper() + + reqPolicy := structs.ACLPolicySetRequest{ + Datacenter: "dc1", + Policy: structs.ACLPolicy{ + Name: "the-policy", + Rules: policyRules, + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + err := rpc.RPC("ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{}) + require.NoError(t, err) + + token, err := uuid.GenerateUUID() + require.NoError(t, err) + + reqToken := structs.ACLTokenSetRequest{ + Datacenter: "dc1", + ACLToken: structs.ACLToken{ + SecretID: token, + Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}}, + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + err = rpc.RPC("ACL.TokenSet", &reqToken, &structs.ACLToken{}) + require.NoError(t, err) + return token +} + func TestAgentAntiEntropy_Checks(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") @@ -1222,23 +1241,7 @@ func TestAgentAntiEntropy_Checks_ACLDeny(t *testing.T) { testrpc.WaitForLeader(t, a.RPC, dc) - // Create the ACL - arg := structs.ACLRequest{ - Datacenter: dc, - Op: structs.ACLSet, - ACL: structs.ACL{ - Name: "User token", - Type: structs.ACLTokenTypeClient, - Rules: testRegisterRules, - }, - WriteRequest: structs.WriteRequest{ - Token: "root", - }, - } - var token string - if err := a.RPC("ACL.Apply", &arg, &token); err != nil { - t.Fatalf("err: %v", err) - } + token := createToken(t, a, testRegisterRules) // Create services using the root token srv1 := &structs.NodeService{ diff --git a/agent/user_event_test.go b/agent/user_event_test.go index 4ab04d690c..3f391ba2f4 100644 --- a/agent/user_event_test.go +++ b/agent/user_event_test.go @@ -4,6 +4,9 @@ import ( "strings" "testing" + "github.com/hashicorp/go-uuid" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -205,21 +208,7 @@ func TestUserEventToken(t *testing.T) { `) defer a.Shutdown() - // Create an ACL token - args := structs.ACLRequest{ - Datacenter: "dc1", - Op: structs.ACLSet, - ACL: structs.ACL{ - Name: "User token", - Type: structs.ACLTokenTypeClient, - Rules: testEventPolicy, - }, - WriteRequest: structs.WriteRequest{Token: "root"}, - } - var token string - if err := a.RPC("ACL.Apply", &args, &token); err != nil { - t.Fatalf("err: %v", err) - } + token := createToken(t, a, testEventPolicy) type tcase struct { name string @@ -241,6 +230,40 @@ func TestUserEventToken(t *testing.T) { } } +type RPC interface { + RPC(method string, args interface{}, reply interface{}) error +} + +func createToken(t *testing.T, rpc RPC, policyRules string) string { + t.Helper() + + reqPolicy := structs.ACLPolicySetRequest{ + Datacenter: "dc1", + Policy: structs.ACLPolicy{ + Name: "the-policy", + Rules: policyRules, + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + err := rpc.RPC("ACL.PolicySet", &reqPolicy, &structs.ACLPolicy{}) + require.NoError(t, err) + + token, err := uuid.GenerateUUID() + require.NoError(t, err) + + reqToken := structs.ACLTokenSetRequest{ + Datacenter: "dc1", + ACLToken: structs.ACLToken{ + SecretID: token, + Policies: []structs.ACLTokenPolicyLink{{Name: "the-policy"}}, + }, + WriteRequest: structs.WriteRequest{Token: "root"}, + } + err = rpc.RPC("ACL.TokenSet", &reqToken, &structs.ACLToken{}) + require.NoError(t, err) + return token +} + const testEventPolicy = ` event "foo" { policy = "deny"