diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index f6664183a7..ab44f634f2 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -17,8 +17,7 @@ import ( "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/testutil/retry" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/net-rpc-msgpackrpc" - "github.com/stretchr/testify/assert" + msgpackrpc "github.com/hashicorp/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" ) @@ -625,7 +624,6 @@ func TestACLEndpoint_ReplicationStatus(t *testing.T) { func TestACLEndpoint_TokenRead(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -646,8 +644,7 @@ func TestACLEndpoint_TokenRead(t *testing.T) { acl := ACL{srv: s1} - // exists and matches what we created - { + t.Run("exists and matches what we created", func(t *testing.T) { req := structs.ACLTokenGetRequest{ Datacenter: "dc1", TokenID: token.AccessorID, @@ -658,17 +655,16 @@ func TestACLEndpoint_TokenRead(t *testing.T) { resp := structs.ACLTokenResponse{} err := acl.TokenRead(&req, &resp) - assert.NoError(err) + require.NoError(t, err) if !reflect.DeepEqual(resp.Token, token) { t.Fatalf("tokens are not equal: %v != %v", resp.Token, token) } - } + }) - // nil when token does not exist - { + t.Run("nil when token does not exist", func(t *testing.T) { fakeID, err := uuid.GenerateUUID() - assert.NoError(err) + require.NoError(t, err) req := structs.ACLTokenGetRequest{ Datacenter: "dc1", @@ -680,12 +676,11 @@ func TestACLEndpoint_TokenRead(t *testing.T) { resp := structs.ACLTokenResponse{} err = acl.TokenRead(&req, &resp) - assert.Nil(resp.Token) - assert.NoError(err) - } + require.Nil(t, resp.Token) + require.NoError(t, err) + }) - // validates ID format - { + t.Run("validates ID format", func(t *testing.T) { req := structs.ACLTokenGetRequest{ Datacenter: "dc1", TokenID: "definitely-really-certainly-not-a-uuid", @@ -696,14 +691,13 @@ func TestACLEndpoint_TokenRead(t *testing.T) { resp := structs.ACLTokenResponse{} err := acl.TokenRead(&req, &resp) - assert.Nil(resp.Token) - assert.EqualError(err, "failed acl token lookup: failed acl token lookup: index error: UUID must be 36 characters") - } + require.Nil(t, resp.Token) + require.EqualError(t, err, "failed acl token lookup: failed acl token lookup: index error: UUID must be 36 characters") + }) } func TestACLEndpoint_TokenClone(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -718,7 +712,7 @@ func TestACLEndpoint_TokenClone(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") t1, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} @@ -731,19 +725,18 @@ func TestACLEndpoint_TokenClone(t *testing.T) { t2 := structs.ACLToken{} err = acl.TokenClone(&req, &t2) - assert.NoError(err) + require.NoError(t, err) - assert.Equal(t1.Description, t2.Description) - assert.Equal(t1.Policies, t2.Policies) - assert.Equal(t1.Rules, t2.Rules) - assert.Equal(t1.Local, t2.Local) - assert.NotEqual(t1.AccessorID, t2.AccessorID) - assert.NotEqual(t1.SecretID, t2.SecretID) + require.Equal(t, t1.Description, t2.Description) + require.Equal(t, t1.Policies, t2.Policies) + require.Equal(t, t1.Rules, t2.Rules) + require.Equal(t, t1.Local, t2.Local) + require.NotEqual(t, t1.AccessorID, t2.AccessorID) + require.NotEqual(t, t1.SecretID, t2.SecretID) } func TestACLEndpoint_TokenSet(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -760,8 +753,7 @@ func TestACLEndpoint_TokenSet(t *testing.T) { acl := ACL{srv: s1} var tokenID string - // Create it - { + t.Run("Create it", func(t *testing.T) { req := structs.ACLTokenSetRequest{ Datacenter: "dc1", ACLToken: structs.ACLToken{ @@ -775,21 +767,21 @@ func TestACLEndpoint_TokenSet(t *testing.T) { resp := structs.ACLToken{} err := acl.TokenSet(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // Get the token directly to validate that it exists tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID) - assert.NoError(err) + require.NoError(t, err) token := tokenResp.Token - assert.NotNil(token.AccessorID) - assert.Equal(token.Description, "foobar") - assert.Equal(token.AccessorID, resp.AccessorID) + require.NotNil(t, token.AccessorID) + require.Equal(t, token.Description, "foobar") + require.Equal(t, token.AccessorID, resp.AccessorID) tokenID = token.AccessorID - } - // Update it - { + }) + + t.Run("Update it", func(t *testing.T) { req := structs.ACLTokenSetRequest{ Datacenter: "dc1", ACLToken: structs.ACLToken{ @@ -802,21 +794,21 @@ func TestACLEndpoint_TokenSet(t *testing.T) { resp := structs.ACLToken{} err := acl.TokenSet(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // Get the token directly to validate that it exists tokenResp, err := retrieveTestToken(codec, "root", "dc1", resp.AccessorID) - assert.NoError(err) + require.NoError(t, err) token := tokenResp.Token - assert.NotNil(token.AccessorID) - assert.Equal(token.Description, "new-description") - assert.Equal(token.AccessorID, resp.AccessorID) - } + require.NotNil(t, token.AccessorID) + require.Equal(t, token.Description, "new-description") + require.Equal(t, token.AccessorID, resp.AccessorID) + }) } + func TestACLEndpoint_TokenSet_anon(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -830,7 +822,7 @@ func TestACLEndpoint_TokenSet_anon(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") policy, err := upsertTestPolicy(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} @@ -849,17 +841,16 @@ func TestACLEndpoint_TokenSet_anon(t *testing.T) { } token := structs.ACLToken{} err = acl.TokenSet(&tokenUpsertReq, &token) - assert.NoError(err) - assert.NotEmpty(token.SecretID) + require.NoError(t, err) + require.NotEmpty(t, token.SecretID) tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID) - assert.Equal(len(tokenResp.Token.Policies), 1) - assert.Equal(tokenResp.Token.Policies[0].ID, policy.ID) + require.Equal(t, len(tokenResp.Token.Policies), 1) + require.Equal(t, tokenResp.Token.Policies[0].ID, policy.ID) } func TestACLEndpoint_TokenDelete(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -894,13 +885,12 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { joinWAN(t, s2, s1) existingToken, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} acl2 := ACL{srv: s2} - // deletes a token - { + t.Run("deletes a token", func(t *testing.T) { req := structs.ACLTokenDeleteRequest{ Datacenter: "dc1", TokenID: existingToken.AccessorID, @@ -910,16 +900,15 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { var resp string err = acl.TokenDelete(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // Make sure the token is gone tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID) - assert.Nil(tokenResp.Token) - assert.NoError(err) - } + require.Nil(t, tokenResp.Token) + require.NoError(t, err) + }) - // can't delete itself - { + t.Run("can't delete itself", func(t *testing.T) { readReq := structs.ACLTokenGetRequest{ Datacenter: "dc1", TokenID: "root", @@ -931,7 +920,7 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { err := msgpackrpc.CallWithCodec(codec, "ACL.TokenRead", &readReq, &out) - assert.NoError(err) + require.NoError(t, err) req := structs.ACLTokenDeleteRequest{ Datacenter: "dc1", @@ -941,13 +930,12 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { var resp string err = acl.TokenDelete(&req, &resp) - assert.EqualError(err, "Deletion of the request's authorization token is not permitted") - } + require.EqualError(t, err, "Deletion of the request's authorization token is not permitted") + }) - // errors when token doesn't exist - { + t.Run("errors when token doesn't exist", func(t *testing.T) { fakeID, err := uuid.GenerateUUID() - assert.NoError(err) + require.NoError(t, err) req := structs.ACLTokenDeleteRequest{ Datacenter: "dc1", @@ -958,18 +946,17 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { var resp string err = acl.TokenDelete(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // token should be nil tokenResp, err := retrieveTestToken(codec, "root", "dc1", existingToken.AccessorID) - assert.Nil(tokenResp.Token) - assert.NoError(err) - } + require.Nil(t, tokenResp.Token) + require.NoError(t, err) + }) - // don't segfault when attempting to delete non existant token in secondary dc - { + t.Run("don't segfault when attempting to delete non existant token in secondary dc", func(t *testing.T) { fakeID, err := uuid.GenerateUUID() - assert.NoError(err) + require.NoError(t, err) req := structs.ACLTokenDeleteRequest{ Datacenter: "dc2", @@ -982,17 +969,17 @@ func TestACLEndpoint_TokenDelete(t *testing.T) { waitForNewACLs(t, s2) err = acl2.TokenDelete(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // token should be nil tokenResp, err := retrieveTestToken(codec2, "root", "dc1", existingToken.AccessorID) - assert.Nil(tokenResp.Token) - assert.NoError(err) - } + require.Nil(t, tokenResp.Token) + require.NoError(t, err) + }) } + func TestACLEndpoint_TokenDelete_anon(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1017,16 +1004,15 @@ func TestACLEndpoint_TokenDelete_anon(t *testing.T) { var resp string err := acl.TokenDelete(&req, &resp) - assert.EqualError(err, "Delete operation not permitted on the anonymous token") + require.EqualError(t, err, "Delete operation not permitted on the anonymous token") // Make sure the token is still there tokenResp, err := retrieveTestToken(codec, "root", "dc1", structs.ACLTokenAnonymousID) - assert.NotNil(tokenResp.Token) + require.NotNil(t, tokenResp.Token) } func TestACLEndpoint_TokenList(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1041,10 +1027,10 @@ func TestACLEndpoint_TokenList(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") t1, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) t2, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} @@ -1056,7 +1042,7 @@ func TestACLEndpoint_TokenList(t *testing.T) { resp := structs.ACLTokenListResponse{} err = acl.TokenList(&req, &resp) - assert.NoError(err) + require.NoError(t, err) tokens := []string{t1.AccessorID, t2.AccessorID} var retrievedTokens []string @@ -1064,12 +1050,11 @@ func TestACLEndpoint_TokenList(t *testing.T) { for _, v := range resp.Tokens { retrievedTokens = append(retrievedTokens, v.AccessorID) } - assert.Subset(retrievedTokens, tokens) + require.Subset(t, retrievedTokens, tokens) } func TestACLEndpoint_TokenBatchRead(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1084,10 +1069,10 @@ func TestACLEndpoint_TokenBatchRead(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") t1, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) t2, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} tokens := []string{t1.AccessorID, t2.AccessorID} @@ -1101,14 +1086,14 @@ func TestACLEndpoint_TokenBatchRead(t *testing.T) { resp := structs.ACLTokenBatchResponse{} err = acl.TokenBatchRead(&req, &resp) - assert.NoError(err) + require.NoError(t, err) var retrievedTokens []string for _, v := range resp.Tokens { retrievedTokens = append(retrievedTokens, v.AccessorID) } - assert.EqualValues(retrievedTokens, tokens) + require.EqualValues(t, retrievedTokens, tokens) } func TestACLEndpoint_PolicyRead(t *testing.T) { @@ -1152,7 +1137,6 @@ func TestACLEndpoint_PolicyRead(t *testing.T) { func TestACLEndpoint_PolicyBatchRead(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1167,10 +1151,10 @@ func TestACLEndpoint_PolicyBatchRead(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") t1, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) t2, err := upsertTestToken(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} tokens := []string{t1.AccessorID, t2.AccessorID} @@ -1184,19 +1168,18 @@ func TestACLEndpoint_PolicyBatchRead(t *testing.T) { resp := structs.ACLTokenBatchResponse{} err = acl.TokenBatchRead(&req, &resp) - assert.NoError(err) + require.NoError(t, err) var retrievedTokens []string for _, v := range resp.Tokens { retrievedTokens = append(retrievedTokens, v.AccessorID) } - assert.EqualValues(retrievedTokens, tokens) + require.EqualValues(t, retrievedTokens, tokens) } func TestACLEndpoint_PolicySet(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1227,18 +1210,18 @@ func TestACLEndpoint_PolicySet(t *testing.T) { resp := structs.ACLPolicy{} err := acl.PolicySet(&req, &resp) - assert.NoError(err) - assert.NotNil(resp.ID) + require.NoError(t, err) + require.NotNil(t, resp.ID) // Get the policy directly to validate that it exists policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID) - assert.NoError(err) + require.NoError(t, err) policy := policyResp.Policy - assert.NotNil(policy.ID) - assert.Equal(policy.Description, "foobar") - assert.Equal(policy.Name, "baz") - assert.Equal(policy.Rules, "service \"\" { policy = \"read\" }") + require.NotNil(t, policy.ID) + require.Equal(t, policy.Description, "foobar") + require.Equal(t, policy.Name, "baz") + require.Equal(t, policy.Rules, "service \"\" { policy = \"read\" }") policyID = policy.ID } @@ -1258,24 +1241,23 @@ func TestACLEndpoint_PolicySet(t *testing.T) { resp := structs.ACLPolicy{} err := acl.PolicySet(&req, &resp) - assert.NoError(err) - assert.NotNil(resp.ID) + require.NoError(t, err) + require.NotNil(t, resp.ID) // Get the policy directly to validate that it exists policyResp, err := retrieveTestPolicy(codec, "root", "dc1", resp.ID) - assert.NoError(err) + require.NoError(t, err) policy := policyResp.Policy - assert.NotNil(policy.ID) - assert.Equal(policy.Description, "bat") - assert.Equal(policy.Name, "bar") - assert.Equal(policy.Rules, "service \"\" { policy = \"write\" }") + require.NotNil(t, policy.ID) + require.Equal(t, policy.Description, "bat") + require.Equal(t, policy.Name, "bar") + require.Equal(t, policy.Rules, "service \"\" { policy = \"write\" }") } } func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1306,7 +1288,7 @@ func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) { resp := structs.ACLPolicy{} err := acl.PolicySet(&req, &resp) - assert.EqualError(err, "Changing the Rules for the builtin global-management policy is not permitted") + require.EqualError(t, err, "Changing the Rules for the builtin global-management policy is not permitted") } // Can rename it @@ -1323,22 +1305,21 @@ func TestACLEndpoint_PolicySet_globalManagement(t *testing.T) { resp := structs.ACLPolicy{} err := acl.PolicySet(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // Get the policy again policyResp, err := retrieveTestPolicy(codec, "root", "dc1", structs.ACLPolicyGlobalManagementID) - assert.NoError(err) + require.NoError(t, err) policy := policyResp.Policy - assert.Equal(policy.ID, structs.ACLPolicyGlobalManagementID) - assert.Equal(policy.Name, "foobar") + require.Equal(t, policy.ID, structs.ACLPolicyGlobalManagementID) + require.Equal(t, policy.Name, "foobar") } } func TestACLEndpoint_PolicyDelete(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1368,16 +1349,15 @@ func TestACLEndpoint_PolicyDelete(t *testing.T) { var resp string err = acl.PolicyDelete(&req, &resp) - assert.NoError(err) + require.NoError(t, err) // Make sure the policy is gone tokenResp, err := retrieveTestPolicy(codec, "root", "dc1", existingPolicy.ID) - assert.Nil(tokenResp.Policy) + require.Nil(t, tokenResp.Policy) } func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1402,12 +1382,11 @@ func TestACLEndpoint_PolicyDelete_globalManagement(t *testing.T) { err := acl.PolicyDelete(&req, &resp) - assert.EqualError(err, "Delete operation not permitted on the builtin global-management policy") + require.EqualError(t, err, "Delete operation not permitted on the builtin global-management policy") } func TestACLEndpoint_PolicyList(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1422,10 +1401,10 @@ func TestACLEndpoint_PolicyList(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") p1, err := upsertTestPolicy(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) p2, err := upsertTestPolicy(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} @@ -1437,7 +1416,7 @@ func TestACLEndpoint_PolicyList(t *testing.T) { resp := structs.ACLPolicyListResponse{} err = acl.PolicyList(&req, &resp) - assert.NoError(err) + require.NoError(t, err) policies := []string{p1.ID, p2.ID} var retrievedPolicies []string @@ -1445,12 +1424,11 @@ func TestACLEndpoint_PolicyList(t *testing.T) { for _, v := range resp.Policies { retrievedPolicies = append(retrievedPolicies, v.ID) } - assert.Subset(retrievedPolicies, policies) + require.Subset(t, retrievedPolicies, policies) } func TestACLEndpoint_PolicyResolve(t *testing.T) { t.Parallel() - assert := assert.New(t) dir1, s1 := testServerWithConfig(t, func(c *Config) { c.ACLDatacenter = "dc1" @@ -1465,10 +1443,10 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") p1, err := upsertTestPolicy(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) p2, err := upsertTestPolicy(codec, "root", "dc1") - assert.NoError(err) + require.NoError(t, err) acl := ACL{srv: s1} @@ -1491,8 +1469,8 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) { } token := structs.ACLToken{} err = acl.TokenSet(&tokenUpsertReq, &token) - assert.NoError(err) - assert.NotEmpty(token.SecretID) + require.NoError(t, err) + require.NotEmpty(t, token.SecretID) resp := structs.ACLPolicyBatchResponse{} req := structs.ACLPolicyBatchGetRequest{ @@ -1501,14 +1479,14 @@ func TestACLEndpoint_PolicyResolve(t *testing.T) { QueryOptions: structs.QueryOptions{Token: token.SecretID}, } err = acl.PolicyResolve(&req, &resp) - assert.NoError(err) + require.NoError(t, err) var retrievedPolicies []string for _, v := range resp.Policies { retrievedPolicies = append(retrievedPolicies, v.ID) } - assert.EqualValues(retrievedPolicies, policies) + require.EqualValues(t, retrievedPolicies, policies) } // upsertTestToken creates a token for testing purposes