mirror of
https://github.com/status-im/consul.git
synced 2025-01-12 06:44:41 +00:00
5fb9df1640
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
571 lines
14 KiB
Go
571 lines
14 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package structs
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestStructs_ACLToken_PolicyIDs(t *testing.T) {
|
|
|
|
t.Run("Basic", func(t *testing.T) {
|
|
|
|
token := &ACLToken{
|
|
Policies: []ACLTokenPolicyLink{
|
|
{
|
|
ID: "one",
|
|
},
|
|
{
|
|
ID: "two",
|
|
},
|
|
{
|
|
ID: "three",
|
|
},
|
|
},
|
|
}
|
|
|
|
policyIDs := token.PolicyIDs()
|
|
require.Len(t, policyIDs, 3)
|
|
require.Equal(t, "one", policyIDs[0])
|
|
require.Equal(t, "two", policyIDs[1])
|
|
require.Equal(t, "three", policyIDs[2])
|
|
})
|
|
|
|
t.Run("No Policies", func(t *testing.T) {
|
|
|
|
token := &ACLToken{}
|
|
|
|
policyIDs := token.PolicyIDs()
|
|
require.Len(t, policyIDs, 0)
|
|
})
|
|
}
|
|
|
|
func TestStructs_ACLServiceIdentity_SyntheticPolicy(t *testing.T) {
|
|
|
|
cases := []struct {
|
|
serviceName string
|
|
datacenters []string
|
|
expectRules string
|
|
}{
|
|
{"web", nil, aclServiceIdentityRules("web", nil)},
|
|
{"companion-cube-99", []string{"dc1", "dc2"}, aclServiceIdentityRules("companion-cube-99", nil)},
|
|
}
|
|
|
|
for _, test := range cases {
|
|
name := test.serviceName
|
|
if len(test.datacenters) > 0 {
|
|
name += " [" + strings.Join(test.datacenters, ", ") + "]"
|
|
}
|
|
t.Run(name, func(t *testing.T) {
|
|
svcid := &ACLServiceIdentity{
|
|
ServiceName: test.serviceName,
|
|
Datacenters: test.datacenters,
|
|
}
|
|
|
|
expect := &ACLPolicy{
|
|
Datacenters: test.datacenters,
|
|
Rules: test.expectRules,
|
|
}
|
|
|
|
got := svcid.SyntheticPolicy(nil)
|
|
require.NotEmpty(t, got.ID)
|
|
require.True(t, strings.HasPrefix(got.Name, "synthetic-policy-"))
|
|
// strip irrelevant fields before equality
|
|
got.ID = ""
|
|
got.Name = ""
|
|
got.Description = ""
|
|
got.Hash = nil
|
|
require.Equal(t, expect, got)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestStructs_ACLServiceIdentities_Deduplicate(t *testing.T) {
|
|
identities := ACLServiceIdentities{
|
|
{ServiceName: "web", Datacenters: []string{"dc1"}},
|
|
{ServiceName: "web", Datacenters: []string{"dc2"}},
|
|
{ServiceName: "db", Datacenters: []string{"dc3"}},
|
|
}
|
|
|
|
require.ElementsMatch(t, ACLServiceIdentities{
|
|
{ServiceName: "web", Datacenters: []string{"dc1", "dc2"}},
|
|
{ServiceName: "db", Datacenters: []string{"dc3"}},
|
|
}, identities.Deduplicate())
|
|
|
|
require.Len(t, identities, 3, "original slice shouldn't have been mutated")
|
|
}
|
|
|
|
func TestStructs_ACLNodeIdentities_Deduplicate(t *testing.T) {
|
|
identities := ACLNodeIdentities{
|
|
{NodeName: "web", Datacenter: "dc1"},
|
|
{NodeName: "web", Datacenter: "dc2"},
|
|
{NodeName: "web", Datacenter: "dc1"},
|
|
}
|
|
|
|
require.Equal(t, ACLNodeIdentities{
|
|
{NodeName: "web", Datacenter: "dc1"},
|
|
{NodeName: "web", Datacenter: "dc2"},
|
|
}, identities.Deduplicate())
|
|
|
|
require.Len(t, identities, 3, "original slice shouldn't have been mutated")
|
|
}
|
|
|
|
func TestStructs_ACLToken_SetHash(t *testing.T) {
|
|
|
|
token := ACLToken{
|
|
AccessorID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
|
Description: "test",
|
|
Policies: []ACLTokenPolicyLink{
|
|
{
|
|
ID: "one",
|
|
},
|
|
{
|
|
ID: "two",
|
|
},
|
|
{
|
|
ID: "three",
|
|
},
|
|
},
|
|
}
|
|
|
|
t.Run("Nil Hash - Generate", func(t *testing.T) {
|
|
require.Nil(t, token.Hash)
|
|
h := token.SetHash(false)
|
|
require.NotNil(t, h)
|
|
require.NotEqual(t, []byte{}, h)
|
|
require.Equal(t, h, token.Hash)
|
|
})
|
|
|
|
t.Run("Hash Set - Dont Generate", func(t *testing.T) {
|
|
original := token.Hash
|
|
h := token.SetHash(false)
|
|
require.Equal(t, original, h)
|
|
|
|
token.Description = "changed"
|
|
h = token.SetHash(false)
|
|
require.Equal(t, original, h)
|
|
})
|
|
|
|
t.Run("Hash Set - Generate", func(t *testing.T) {
|
|
original := token.Hash
|
|
h := token.SetHash(true)
|
|
require.NotEqual(t, original, h)
|
|
})
|
|
}
|
|
|
|
func TestStructs_ACLToken_EstimateSize(t *testing.T) {
|
|
|
|
// estimated size here should
|
|
token := ACLToken{
|
|
AccessorID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
|
Description: "test",
|
|
Policies: []ACLTokenPolicyLink{
|
|
{
|
|
ID: "one",
|
|
},
|
|
{
|
|
ID: "two",
|
|
},
|
|
{
|
|
ID: "three",
|
|
},
|
|
},
|
|
}
|
|
|
|
// this test is very contrived. Basically just tests that the
|
|
// math is okay and returns the value.
|
|
require.Equal(t, 128, token.EstimateSize())
|
|
}
|
|
|
|
func TestStructs_ACLToken_Stub(t *testing.T) {
|
|
t.Run("Basic", func(t *testing.T) {
|
|
|
|
token := ACLToken{
|
|
AccessorID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
|
Description: "test",
|
|
Policies: []ACLTokenPolicyLink{
|
|
{
|
|
ID: "one",
|
|
},
|
|
{
|
|
ID: "two",
|
|
},
|
|
{
|
|
ID: "three",
|
|
},
|
|
},
|
|
}
|
|
|
|
stub := token.Stub()
|
|
|
|
require.Equal(t, token.AccessorID, stub.AccessorID)
|
|
require.Equal(t, token.SecretID, stub.SecretID)
|
|
require.Equal(t, token.Description, stub.Description)
|
|
require.Equal(t, token.Policies, stub.Policies)
|
|
require.Equal(t, token.Local, stub.Local)
|
|
require.Equal(t, token.CreateTime, stub.CreateTime)
|
|
require.Equal(t, token.Hash, stub.Hash)
|
|
require.Equal(t, token.CreateIndex, stub.CreateIndex)
|
|
require.Equal(t, token.ModifyIndex, stub.ModifyIndex)
|
|
})
|
|
}
|
|
|
|
func TestStructs_ACLTokens_Sort(t *testing.T) {
|
|
|
|
tokens := ACLTokens{
|
|
&ACLToken{
|
|
AccessorID: "9db509a9-c809-48c1-895d-99f845b7a9d5",
|
|
},
|
|
&ACLToken{
|
|
AccessorID: "6bd01084-1695-43b8-898d-b2dd7874754d",
|
|
},
|
|
&ACLToken{
|
|
AccessorID: "614a4cef-9149-4271-b878-7edb1ad661f8",
|
|
},
|
|
&ACLToken{
|
|
AccessorID: "c9dd9980-8d54-472f-9e5e-74c02143e1f4",
|
|
},
|
|
}
|
|
|
|
tokens.Sort()
|
|
require.Equal(t, tokens[0].AccessorID, "614a4cef-9149-4271-b878-7edb1ad661f8")
|
|
require.Equal(t, tokens[1].AccessorID, "6bd01084-1695-43b8-898d-b2dd7874754d")
|
|
require.Equal(t, tokens[2].AccessorID, "9db509a9-c809-48c1-895d-99f845b7a9d5")
|
|
require.Equal(t, tokens[3].AccessorID, "c9dd9980-8d54-472f-9e5e-74c02143e1f4")
|
|
}
|
|
|
|
func TestStructs_ACLTokenListStubs_Sort(t *testing.T) {
|
|
|
|
tokens := ACLTokenListStubs{
|
|
&ACLTokenListStub{
|
|
AccessorID: "9db509a9-c809-48c1-895d-99f845b7a9d5",
|
|
},
|
|
&ACLTokenListStub{
|
|
AccessorID: "6bd01084-1695-43b8-898d-b2dd7874754d",
|
|
},
|
|
&ACLTokenListStub{
|
|
AccessorID: "614a4cef-9149-4271-b878-7edb1ad661f8",
|
|
},
|
|
&ACLTokenListStub{
|
|
AccessorID: "c9dd9980-8d54-472f-9e5e-74c02143e1f4",
|
|
},
|
|
}
|
|
|
|
tokens.Sort()
|
|
require.Equal(t, tokens[0].AccessorID, "614a4cef-9149-4271-b878-7edb1ad661f8")
|
|
require.Equal(t, tokens[1].AccessorID, "6bd01084-1695-43b8-898d-b2dd7874754d")
|
|
require.Equal(t, tokens[2].AccessorID, "9db509a9-c809-48c1-895d-99f845b7a9d5")
|
|
require.Equal(t, tokens[3].AccessorID, "c9dd9980-8d54-472f-9e5e-74c02143e1f4")
|
|
}
|
|
|
|
func TestStructs_ACLPolicy_Stub(t *testing.T) {
|
|
|
|
policy := &ACLPolicy{
|
|
ID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
Name: "test",
|
|
Description: "test",
|
|
Rules: `acl = "read"`,
|
|
}
|
|
|
|
stub := policy.Stub()
|
|
|
|
require.Equal(t, policy.ID, stub.ID)
|
|
require.Equal(t, policy.Name, stub.Name)
|
|
require.Equal(t, policy.Description, stub.Description)
|
|
require.Equal(t, policy.Datacenters, stub.Datacenters)
|
|
require.Equal(t, policy.Hash, stub.Hash)
|
|
require.Equal(t, policy.CreateIndex, stub.CreateIndex)
|
|
require.Equal(t, policy.ModifyIndex, stub.ModifyIndex)
|
|
}
|
|
|
|
func TestStructs_ACLPolicy_SetHash(t *testing.T) {
|
|
|
|
policy := &ACLPolicy{
|
|
ID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
Name: "test",
|
|
Description: "test",
|
|
Rules: `acl = "read"`,
|
|
}
|
|
|
|
t.Run("Nil Hash - Generate", func(t *testing.T) {
|
|
require.Nil(t, policy.Hash)
|
|
h := policy.SetHash(false)
|
|
require.NotNil(t, h)
|
|
require.NotEqual(t, []byte{}, h)
|
|
require.Equal(t, h, policy.Hash)
|
|
})
|
|
|
|
t.Run("Hash Set - Dont Generate", func(t *testing.T) {
|
|
original := policy.Hash
|
|
h := policy.SetHash(false)
|
|
require.Equal(t, original, h)
|
|
|
|
policy.Description = "changed"
|
|
h = policy.SetHash(false)
|
|
require.Equal(t, original, h)
|
|
})
|
|
|
|
t.Run("Hash Set - Generate", func(t *testing.T) {
|
|
original := policy.Hash
|
|
h := policy.SetHash(true)
|
|
require.NotEqual(t, original, h)
|
|
})
|
|
}
|
|
|
|
func TestStructs_ACLPolicy_EstimateSize(t *testing.T) {
|
|
|
|
policy := ACLPolicy{
|
|
ID: "09d1c059-961a-46bd-a2e4-76adebe35fa5",
|
|
Name: "test",
|
|
Description: "test",
|
|
Rules: `acl = "read"`,
|
|
}
|
|
|
|
// this test is very contrived. Basically just tests that the
|
|
// math is okay and returns the value.
|
|
require.Equal(t, 84, policy.EstimateSize())
|
|
policy.Datacenters = []string{"dc1", "dc2"}
|
|
require.Equal(t, 90, policy.EstimateSize())
|
|
}
|
|
|
|
func TestStructs_ACLPolicies_Sort(t *testing.T) {
|
|
|
|
policies := ACLPolicies{
|
|
&ACLPolicy{
|
|
ID: "9db509a9-c809-48c1-895d-99f845b7a9d5",
|
|
},
|
|
&ACLPolicy{
|
|
ID: "6bd01084-1695-43b8-898d-b2dd7874754d",
|
|
},
|
|
&ACLPolicy{
|
|
ID: "614a4cef-9149-4271-b878-7edb1ad661f8",
|
|
},
|
|
&ACLPolicy{
|
|
ID: "c9dd9980-8d54-472f-9e5e-74c02143e1f4",
|
|
},
|
|
}
|
|
|
|
policies.Sort()
|
|
require.Equal(t, policies[0].ID, "614a4cef-9149-4271-b878-7edb1ad661f8")
|
|
require.Equal(t, policies[1].ID, "6bd01084-1695-43b8-898d-b2dd7874754d")
|
|
require.Equal(t, policies[2].ID, "9db509a9-c809-48c1-895d-99f845b7a9d5")
|
|
require.Equal(t, policies[3].ID, "c9dd9980-8d54-472f-9e5e-74c02143e1f4")
|
|
}
|
|
|
|
func TestStructs_ACLPolicyListStubs_Sort(t *testing.T) {
|
|
|
|
policies := ACLPolicyListStubs{
|
|
&ACLPolicyListStub{
|
|
ID: "9db509a9-c809-48c1-895d-99f845b7a9d5",
|
|
},
|
|
&ACLPolicyListStub{
|
|
ID: "6bd01084-1695-43b8-898d-b2dd7874754d",
|
|
},
|
|
&ACLPolicyListStub{
|
|
ID: "614a4cef-9149-4271-b878-7edb1ad661f8",
|
|
},
|
|
&ACLPolicyListStub{
|
|
ID: "c9dd9980-8d54-472f-9e5e-74c02143e1f4",
|
|
},
|
|
}
|
|
|
|
policies.Sort()
|
|
require.Equal(t, policies[0].ID, "614a4cef-9149-4271-b878-7edb1ad661f8")
|
|
require.Equal(t, policies[1].ID, "6bd01084-1695-43b8-898d-b2dd7874754d")
|
|
require.Equal(t, policies[2].ID, "9db509a9-c809-48c1-895d-99f845b7a9d5")
|
|
require.Equal(t, policies[3].ID, "c9dd9980-8d54-472f-9e5e-74c02143e1f4")
|
|
}
|
|
|
|
func TestStructs_ACLPolicies_resolveWithCache(t *testing.T) {
|
|
|
|
config := ACLCachesConfig{
|
|
Identities: 0,
|
|
Policies: 0,
|
|
ParsedPolicies: 4,
|
|
Authorizers: 0,
|
|
Roles: 0,
|
|
}
|
|
cache, err := NewACLCaches(&config)
|
|
require.NoError(t, err)
|
|
|
|
testPolicies := ACLPolicies{
|
|
&ACLPolicy{
|
|
ID: "5d5653a1-2c2b-4b36-b083-fc9f1398eb7b",
|
|
Name: "policy1",
|
|
Description: "policy1",
|
|
Rules: `node_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 2,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "b35541f0-a88a-48da-bc66-43553c60b628",
|
|
Name: "policy2",
|
|
Description: "policy2",
|
|
Rules: `agent_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 3,
|
|
ModifyIndex: 4,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "383abb79-94ca-46c6-89b7-8ecb69046de9",
|
|
Name: "policy3",
|
|
Description: "policy3",
|
|
Rules: `key_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 5,
|
|
ModifyIndex: 6,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "8bf38965-95e5-4e86-9be7-f6070cc0708b",
|
|
Name: "policy4",
|
|
Description: "policy4",
|
|
Rules: `service_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 7,
|
|
ModifyIndex: 8,
|
|
},
|
|
},
|
|
}
|
|
|
|
t.Run("Cache Misses", func(t *testing.T) {
|
|
policies, err := testPolicies.resolveWithCache(cache, nil)
|
|
require.NoError(t, err)
|
|
require.Len(t, policies, 4)
|
|
require.Len(t, policies[0].NodePrefixes, 1)
|
|
require.Len(t, policies[1].AgentPrefixes, 1)
|
|
require.Len(t, policies[2].KeyPrefixes, 1)
|
|
require.Len(t, policies[3].ServicePrefixes, 1)
|
|
})
|
|
|
|
t.Run("Check Cache", func(t *testing.T) {
|
|
for i := range testPolicies {
|
|
entry := cache.GetParsedPolicy(fmt.Sprintf("%x", testPolicies[i].Hash))
|
|
require.NotNil(t, entry)
|
|
|
|
// set this to detect using from the cache next time
|
|
testPolicies[i].Rules = "invalid"
|
|
}
|
|
})
|
|
|
|
t.Run("Cache Hits", func(t *testing.T) {
|
|
policies, err := testPolicies.resolveWithCache(cache, nil)
|
|
require.NoError(t, err)
|
|
require.Len(t, policies, 4)
|
|
require.Len(t, policies[0].NodePrefixes, 1)
|
|
require.Len(t, policies[1].AgentPrefixes, 1)
|
|
require.Len(t, policies[2].KeyPrefixes, 1)
|
|
require.Len(t, policies[3].ServicePrefixes, 1)
|
|
})
|
|
}
|
|
|
|
func TestStructs_ACLPolicies_Compile(t *testing.T) {
|
|
|
|
config := ACLCachesConfig{
|
|
Identities: 0,
|
|
Policies: 0,
|
|
ParsedPolicies: 4,
|
|
Authorizers: 2,
|
|
Roles: 0,
|
|
}
|
|
cache, err := NewACLCaches(&config)
|
|
require.NoError(t, err)
|
|
|
|
testPolicies := ACLPolicies{
|
|
&ACLPolicy{
|
|
ID: "5d5653a1-2c2b-4b36-b083-fc9f1398eb7b",
|
|
Name: "policy1",
|
|
Description: "policy1",
|
|
Rules: `node_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 1,
|
|
ModifyIndex: 2,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "b35541f0-a88a-48da-bc66-43553c60b628",
|
|
Name: "policy2",
|
|
Description: "policy2",
|
|
Rules: `agent_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 3,
|
|
ModifyIndex: 4,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "383abb79-94ca-46c6-89b7-8ecb69046de9",
|
|
Name: "policy3",
|
|
Description: "policy3",
|
|
Rules: `key_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 5,
|
|
ModifyIndex: 6,
|
|
},
|
|
},
|
|
&ACLPolicy{
|
|
ID: "8bf38965-95e5-4e86-9be7-f6070cc0708b",
|
|
Name: "policy4",
|
|
Description: "policy4",
|
|
Rules: `service_prefix "" { policy = "read" }`,
|
|
RaftIndex: RaftIndex{
|
|
CreateIndex: 7,
|
|
ModifyIndex: 8,
|
|
},
|
|
},
|
|
}
|
|
|
|
t.Run("Cache Miss", func(t *testing.T) {
|
|
authz, err := testPolicies.Compile(cache, nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, authz)
|
|
|
|
require.Equal(t, acl.Allow, authz.NodeRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.AgentRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.KeyRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.ServiceRead("foo", nil))
|
|
require.Equal(t, acl.Default, authz.ACLRead(nil))
|
|
})
|
|
|
|
t.Run("Check Cache", func(t *testing.T) {
|
|
entry := cache.GetAuthorizer(testPolicies.HashKey())
|
|
require.NotNil(t, entry)
|
|
authz := entry.Authorizer
|
|
require.NotNil(t, authz)
|
|
|
|
require.Equal(t, acl.Allow, authz.NodeRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.AgentRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.KeyRead("foo", nil))
|
|
require.Equal(t, acl.Allow, authz.ServiceRead("foo", nil))
|
|
require.Equal(t, acl.Default, authz.ACLRead(nil))
|
|
|
|
// setup the cache for the next test
|
|
cache.PutAuthorizer(testPolicies.HashKey(), acl.DenyAll())
|
|
})
|
|
|
|
t.Run("Cache Hit", func(t *testing.T) {
|
|
authz, err := testPolicies.Compile(cache, nil)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, authz)
|
|
|
|
// we reset the Authorizer in the cache so now everything should be defaulted
|
|
require.Equal(t, acl.Deny, authz.NodeRead("foo", nil))
|
|
require.Equal(t, acl.Deny, authz.AgentRead("foo", nil))
|
|
require.Equal(t, acl.Deny, authz.KeyRead("foo", nil))
|
|
require.Equal(t, acl.Deny, authz.ServiceRead("foo", nil))
|
|
require.Equal(t, acl.Deny, authz.ACLRead(nil))
|
|
})
|
|
}
|