consul/agent/intentions_endpoint_oss_test.go
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00

49 lines
1.1 KiB
Go

// +build !consulent
package agent
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/hashicorp/consul/agent/structs"
"github.com/stretchr/testify/require"
)
func TestOSS_IntentionsCreate_failure(t *testing.T) {
t.Parallel()
a := NewTestAgent(t, "")
defer a.Shutdown()
doCreate := func(t *testing.T, srcNS, dstNS string) {
t.Helper()
args := structs.TestIntention(t)
args.SourceNS = srcNS
args.SourceName = "*"
args.DestinationNS = dstNS
args.DestinationName = "*"
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
resp := httptest.NewRecorder()
_, err := a.srv.IntentionCreate(resp, req)
require.Error(t, err)
}
t.Run("wildcard source namespace", func(t *testing.T) {
doCreate(t, "*", "default")
})
t.Run("wildcard destination namespace", func(t *testing.T) {
doCreate(t, "default", "*")
})
t.Run("wildcard source and destination namespaces", func(t *testing.T) {
doCreate(t, "*", "*")
})
t.Run("non-default source namespace", func(t *testing.T) {
doCreate(t, "foo", "default")
})
t.Run("non-default destination namespace", func(t *testing.T) {
doCreate(t, "default", "foo")
})
}