From a621afe72ce36ffe06fdc1e7a45c142275fd5be0 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 6 Mar 2018 10:51:26 -0800 Subject: [PATCH] agent/consul: convert intention ACLs to testify/assert --- acl/policy_test.go | 17 +- agent/consul/acl_test.go | 23 +-- agent/consul/intention_endpoint_test.go | 199 ++++++++---------------- 3 files changed, 77 insertions(+), 162 deletions(-) diff --git a/acl/policy_test.go b/acl/policy_test.go index 9d3ae8f69c..19468e38b2 100644 --- a/acl/policy_test.go +++ b/acl/policy_test.go @@ -4,6 +4,8 @@ import ( "reflect" "strings" "testing" + + "github.com/stretchr/testify/assert" ) func TestParse_table(t *testing.T) { @@ -69,21 +71,14 @@ service "foo" { for _, tc := range cases { t.Run(tc.Name, func(t *testing.T) { + assert := assert.New(t) actual, err := Parse(tc.Input, nil) - if (err != nil) != (tc.Err != "") { - t.Fatalf("err: %s", err) - } + assert.Equal(tc.Err != "", err != nil, err) if err != nil { - if !strings.Contains(err.Error(), tc.Err) { - t.Fatalf("err: %s", err) - } - + assert.Contains(err.Error(), tc.Err) return } - - if !reflect.DeepEqual(actual, tc.Expected) { - t.Fatalf("bad: %#v", actual) - } + assert.Equal(tc.Expected, actual) }) } } diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go index a37bbf1013..ace1284a86 100644 --- a/agent/consul/acl_test.go +++ b/agent/consul/acl_test.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testutil/retry" + "github.com/stretchr/testify/assert" ) var testACLPolicy = ` @@ -849,6 +850,8 @@ node "node1" { func TestACL_filterIntentions(t *testing.T) { t.Parallel() + assert := assert.New(t) + fill := func() structs.Intentions { return structs.Intentions{ &structs.Intention{ @@ -867,9 +870,7 @@ func TestACL_filterIntentions(t *testing.T) { ixns := fill() filt := newACLFilter(acl.AllowAll(), nil, false) filt.filterIntentions(&ixns) - if len(ixns) != 2 { - t.Fatalf("bad: %#v", ixns) - } + assert.Len(ixns, 2) } // Try restrictive filtering. @@ -877,9 +878,7 @@ func TestACL_filterIntentions(t *testing.T) { ixns := fill() filt := newACLFilter(acl.DenyAll(), nil, false) filt.filterIntentions(&ixns) - if len(ixns) != 0 { - t.Fatalf("bad: %#v", ixns) - } + assert.Len(ixns, 0) } // Policy to see one @@ -888,22 +887,16 @@ service "foo" { policy = "read" } `, nil) - if err != nil { - t.Fatalf("err %v", err) - } + assert.Nil(err) perms, err := acl.New(acl.DenyAll(), policy, nil) - if err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(err) // Filter { ixns := fill() filt := newACLFilter(perms, nil, false) filt.filterIntentions(&ixns) - if len(ixns) != 1 { - t.Fatalf("bad: %#v", ixns) - } + assert.Len(ixns, 1) } } diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go index 5a0a8a7237..a1e1ae7516 100644 --- a/agent/consul/intention_endpoint_test.go +++ b/agent/consul/intention_endpoint_test.go @@ -307,6 +307,8 @@ func TestIntentionApply_deleteGood(t *testing.T) { // Test apply with a deny ACL func TestIntentionApply_aclDeny(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -338,9 +340,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Setup a basic record to create @@ -354,47 +354,38 @@ service "foo" { // Create without a token should error since default deny var reply string err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("bad: %v", err) - } + assert.True(acl.IsErrPermissionDenied(err)) // Now add the token and try again. ixn.WriteRequest.Token = token - if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Read ixn.Intention.ID = reply { req := &structs.IntentionQueryRequest{ - Datacenter: "dc1", - IntentionID: ixn.Intention.ID, + Datacenter: "dc1", + IntentionID: ixn.Intention.ID, + QueryOptions: structs.QueryOptions{Token: "root"}, } var resp structs.IndexedIntentions - if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - if len(resp.Intentions) != 1 { - t.Fatalf("bad: %v", resp) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)) + assert.Len(resp.Intentions, 1) actual := resp.Intentions[0] - if resp.Index != actual.ModifyIndex { - t.Fatalf("bad index: %d", resp.Index) - } + assert.Equal(resp.Index, actual.ModifyIndex) actual.CreateIndex, actual.ModifyIndex = 0, 0 actual.CreatedAt = ixn.Intention.CreatedAt actual.UpdatedAt = ixn.Intention.UpdatedAt - if !reflect.DeepEqual(actual, ixn.Intention) { - t.Fatalf("bad:\n\n%#v\n\n%#v", actual, ixn.Intention) - } + assert.Equal(ixn.Intention, actual) } } // Test apply with delete and a default deny ACL func TestIntentionApply_aclDelete(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -426,9 +417,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Setup a basic record to create @@ -442,24 +431,18 @@ service "foo" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("bad: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Try to do a delete with no token; this should get rejected. ixn.Op = structs.IntentionOpDelete ixn.Intention.ID = reply ixn.WriteRequest.Token = "" err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("bad: %v", err) - } + assert.True(acl.IsErrPermissionDenied(err)) // Try again with the original token. This should go through. ixn.WriteRequest.Token = token - if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Verify it is gone { @@ -469,15 +452,16 @@ service "foo" { } var resp structs.IndexedIntentions err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp) - if err == nil || err.Error() != ErrIntentionNotFound.Error() { - t.Fatalf("err: %v", err) - } + assert.NotNil(err) + assert.Contains(err.Error(), ErrIntentionNotFound.Error()) } } // Test apply with update and a default deny ACL func TestIntentionApply_aclUpdate(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -509,9 +493,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Setup a basic record to create @@ -525,29 +507,25 @@ service "foo" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("bad: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Try to do an update without a token; this should get rejected. ixn.Op = structs.IntentionOpUpdate ixn.Intention.ID = reply ixn.WriteRequest.Token = "" err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("bad: %v", err) - } + assert.True(acl.IsErrPermissionDenied(err)) // Try again with the original token; this should go through. ixn.WriteRequest.Token = token - if err = msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) } // Test apply with a management token func TestIntentionApply_aclManagement(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -571,27 +549,23 @@ func TestIntentionApply_aclManagement(t *testing.T) { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("bad: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) ixn.Intention.ID = reply // Update ixn.Op = structs.IntentionOpUpdate - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Delete ixn.Op = structs.IntentionOpDelete - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) } // Test update changing the name where an ACL won't allow it func TestIntentionApply_aclUpdateChange(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -623,9 +597,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Setup a basic record to create @@ -639,9 +611,7 @@ service "foo" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("bad: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) // Try to do an update without a token; this should get rejected. ixn.Op = structs.IntentionOpUpdate @@ -649,14 +619,14 @@ service "foo" { ixn.Intention.DestinationName = "foo" ixn.WriteRequest.Token = token err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("bad: %v", err) - } + assert.True(acl.IsErrPermissionDenied(err)) } // Test reading with ACLs func TestIntentionGet_acl(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -688,9 +658,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Setup a basic record to create @@ -704,9 +672,7 @@ service "foo" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) ixn.Intention.ID = reply // Read without token should be error @@ -718,12 +684,8 @@ service "foo" { var resp structs.IndexedIntentions err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("bad: %v", err) - } - if len(resp.Intentions) != 0 { - t.Fatalf("bad: %v", resp) - } + assert.True(acl.IsErrPermissionDenied(err)) + assert.Len(resp.Intentions, 0) } // Read with token should work @@ -735,12 +697,8 @@ service "foo" { } var resp structs.IndexedIntentions - if err := msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - if len(resp.Intentions) != 1 { - t.Fatalf("bad: %v", resp) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Get", req, &resp)) + assert.Len(resp.Intentions, 1) } } @@ -771,6 +729,8 @@ func TestIntentionList(t *testing.T) { // Test listing with ACLs func TestIntentionList_acl(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -802,9 +762,7 @@ service "foo" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Create a few records @@ -819,9 +777,7 @@ service "foo" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) } // Test with no token @@ -830,13 +786,8 @@ service "foo" { Datacenter: "dc1", } var resp structs.IndexedIntentions - if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - - if len(resp.Intentions) != 0 { - t.Fatalf("bad: %v", resp) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp)) + assert.Len(resp.Intentions, 0) } // Test with management token @@ -846,13 +797,8 @@ service "foo" { QueryOptions: structs.QueryOptions{Token: "root"}, } var resp structs.IndexedIntentions - if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - - if len(resp.Intentions) != 3 { - t.Fatalf("bad: %v", resp) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp)) + assert.Len(resp.Intentions, 3) } // Test with user token @@ -862,13 +808,8 @@ service "foo" { QueryOptions: structs.QueryOptions{Token: token}, } var resp structs.IndexedIntentions - if err := msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - - if len(resp.Intentions) != 1 { - t.Fatalf("bad: %v", resp) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.List", req, &resp)) + assert.Len(resp.Intentions, 1) } } @@ -944,6 +885,8 @@ func TestIntentionMatch_good(t *testing.T) { // Test matching with ACLs func TestIntentionMatch_acl(t *testing.T) { t.Parallel() + + assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" c.ACLMasterToken = "root" @@ -975,9 +918,7 @@ service "bar" { }, WriteRequest: structs.WriteRequest{Token: "root"}, } - if err := msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token)) } // Create some records @@ -1003,9 +944,7 @@ service "bar" { // Create var reply string - if err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply); err != nil { - t.Fatalf("err: %v", err) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)) } } @@ -1025,13 +964,8 @@ service "bar" { } var resp structs.IndexedIntentionMatches err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp) - if !acl.IsErrPermissionDenied(err) { - t.Fatalf("err: %v", err) - } - - if len(resp.Matches) != 0 { - t.Fatalf("bad: %#v", resp.Matches) - } + assert.True(acl.IsErrPermissionDenied(err)) + assert.Len(resp.Matches, 0) } // Test with proper token @@ -1050,13 +984,8 @@ service "bar" { QueryOptions: structs.QueryOptions{Token: token}, } var resp structs.IndexedIntentionMatches - if err := msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp); err != nil { - t.Fatalf("err: %v", err) - } - - if len(resp.Matches) != 1 { - t.Fatalf("bad: %#v", resp.Matches) - } + assert.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Match", req, &resp)) + assert.Len(resp.Matches, 1) expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}} var actual [][]string @@ -1064,8 +993,6 @@ service "bar" { actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName}) } - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad (got, wanted):\n\n%#v\n\n%#v", actual, expected) - } + assert.Equal(expected, actual) } }