mirror of
https://github.com/status-im/consul.git
synced 2025-01-17 17:22:17 +00:00
3e6f1c1fe1
* remove v2 tenancy, catalog, and mesh - Inline the v2tenancy experiment to false - Inline the resource-apis experiment to false - Inline the hcp-v2-resource-apis experiment to false - Remove ACL policy templates and rule language changes related to workload identities (a v2-only concept) (e.g. identity and identity_prefix) - Update the gRPC endpoint used by consul-dataplane to no longer respond specially for v2 - Remove stray v2 references scattered throughout the DNS v1.5 newer implementation. * changelog * go mod tidy on consul containers * lint fixes from ENT --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
123 lines
2.8 KiB
Go
123 lines
2.8 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
//go:build !consulent
|
|
|
|
package structs
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/hashicorp/consul/api"
|
|
)
|
|
|
|
func TestStructs_ACLTemplatedPolicy_SyntheticPolicy(t *testing.T) {
|
|
type testCase struct {
|
|
templatedPolicy *ACLTemplatedPolicy
|
|
expectedPolicy *ACLPolicy
|
|
}
|
|
|
|
testCases := map[string]testCase{
|
|
"service-identity-template": {
|
|
templatedPolicy: &ACLTemplatedPolicy{
|
|
TemplateID: ACLTemplatedPolicyServiceID,
|
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
|
TemplateVariables: &ACLTemplatedPolicyVariables{
|
|
Name: "api",
|
|
},
|
|
},
|
|
expectedPolicy: &ACLPolicy{
|
|
Description: "synthetic policy generated from templated policy: builtin/service",
|
|
Rules: `
|
|
service "api" {
|
|
policy = "write"
|
|
}
|
|
service "api-sidecar-proxy" {
|
|
policy = "write"
|
|
}
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}
|
|
node_prefix "" {
|
|
policy = "read"
|
|
}`,
|
|
},
|
|
},
|
|
"node-identity-template": {
|
|
templatedPolicy: &ACLTemplatedPolicy{
|
|
TemplateID: ACLTemplatedPolicyNodeID,
|
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
|
TemplateVariables: &ACLTemplatedPolicyVariables{
|
|
Name: "web",
|
|
},
|
|
},
|
|
expectedPolicy: &ACLPolicy{
|
|
Description: "synthetic policy generated from templated policy: builtin/node",
|
|
Rules: `
|
|
node "web" {
|
|
policy = "write"
|
|
}
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}`,
|
|
},
|
|
},
|
|
"dns-template": {
|
|
templatedPolicy: &ACLTemplatedPolicy{
|
|
TemplateID: ACLTemplatedPolicyDNSID,
|
|
TemplateName: api.ACLTemplatedPolicyDNSName,
|
|
},
|
|
expectedPolicy: &ACLPolicy{
|
|
Description: "synthetic policy generated from templated policy: builtin/dns",
|
|
Rules: `
|
|
node_prefix "" {
|
|
policy = "read"
|
|
}
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}
|
|
query_prefix "" {
|
|
policy = "read"
|
|
}`,
|
|
},
|
|
},
|
|
"api-gateway-template": {
|
|
templatedPolicy: &ACLTemplatedPolicy{
|
|
TemplateID: ACLTemplatedPolicyAPIGatewayID,
|
|
TemplateName: api.ACLTemplatedPolicyAPIGatewayName,
|
|
TemplateVariables: &ACLTemplatedPolicyVariables{
|
|
Name: "api-gateway",
|
|
},
|
|
},
|
|
expectedPolicy: &ACLPolicy{
|
|
Description: "synthetic policy generated from templated policy: builtin/api-gateway",
|
|
Rules: `mesh = "read"
|
|
node_prefix "" {
|
|
policy = "read"
|
|
}
|
|
service_prefix "" {
|
|
policy = "read"
|
|
}
|
|
service "api-gateway" {
|
|
policy = "write"
|
|
}`,
|
|
},
|
|
},
|
|
}
|
|
|
|
for name, tcase := range testCases {
|
|
t.Run(name, func(t *testing.T) {
|
|
policy, err := tcase.templatedPolicy.SyntheticPolicy(nil)
|
|
|
|
require.NoError(t, err)
|
|
require.Equal(t, tcase.expectedPolicy.Description, policy.Description)
|
|
require.Equal(t, tcase.expectedPolicy.Rules, policy.Rules)
|
|
require.Contains(t, policy.Name, "synthetic-policy-")
|
|
require.NotEmpty(t, policy.Hash)
|
|
require.NotEmpty(t, policy.ID)
|
|
})
|
|
}
|
|
}
|