From 5d41a480c3b4301ef63cd66c772cc5251b0de5ce Mon Sep 17 00:00:00 2001 From: Jai <41024828+ChaiWithJai@users.noreply.github.com> Date: Wed, 10 Aug 2022 12:01:00 -0400 Subject: [PATCH] test: add unit tests for namespace matching util (#14078) --- ui/tests/unit/abilities/abstract-test.js | 638 +++++++++++++++++++++++ 1 file changed, 638 insertions(+) create mode 100644 ui/tests/unit/abilities/abstract-test.js diff --git a/ui/tests/unit/abilities/abstract-test.js b/ui/tests/unit/abilities/abstract-test.js new file mode 100644 index 000000000..6afe50716 --- /dev/null +++ b/ui/tests/unit/abilities/abstract-test.js @@ -0,0 +1,638 @@ +import { module, test } from 'qunit'; +import { setupTest } from 'ember-qunit'; +import Service from '@ember/service'; +import setupAbility from 'nomad-ui/tests/helpers/setup-ability'; + +module('Unit | Ability | abstract', function (hooks) { + setupTest(hooks); + setupAbility('abstract')(hooks); + hooks.beforeEach(function () { + const mockSystem = Service.extend({ + init(...args) { + this._super(...args); + + this.features = this.features || []; + }, + }); + + this.owner.register('service:system', mockSystem); + }); + + module('#_findMatchingNamespace', function () { + test('it returns * if no matching namespace and * is specified', function (assert) { + const policyNamespaces = [ + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'default', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + { + Capabilities: [], + PathSpec: 'pablo/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: '*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'madness', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['read', 'list', 'write'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + ]; + + assert.equal( + this.ability._findMatchingNamespace(policyNamespaces, 'pablo'), + '*' + ); + }); + + test('it returns the matching namespace if it exists', function (assert) { + const policyNamespaces = [ + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'default', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + { + Capabilities: [], + PathSpec: 'pablo/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: '*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'pablo', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['read', 'list', 'write'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + ]; + + assert.equal( + this.ability._findMatchingNamespace(policyNamespaces, 'pablo'), + 'pablo' + ); + }); + + test('it handles glob matching suffix', function (assert) { + const policyNamespaces = [ + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'default', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + { + Capabilities: [], + PathSpec: 'pablo/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: '*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'pablo/*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['read', 'list', 'write'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + ]; + + assert.equal( + this.ability._findMatchingNamespace( + policyNamespaces, + 'pablo/picasso/rothkos/rilkes' + ), + 'pablo/*' + ); + }); + + test('it handles glob matching prefix', function (assert) { + const policyNamespaces = [ + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'default', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + { + Capabilities: [], + PathSpec: 'pablo/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: '*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: '*/rilkes', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['read', 'list', 'write'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + ]; + + assert.equal( + this.ability._findMatchingNamespace( + policyNamespaces, + 'pablo/picasso/rothkos/rilkes' + ), + '*/rilkes' + ); + }); + + test('it returns default if no matching namespace and no matching globs', function (assert) { + const policyNamespaces = [ + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'default', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: 'project/*', + }, + { + Capabilities: ['write', 'read', 'destroy', 'list'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + { + Capabilities: [], + PathSpec: 'pablo/*', + }, + ], + }, + }, + { + Capabilities: [ + 'list-jobs', + 'parse-job', + 'read-job', + 'csi-list-volume', + 'csi-read-volume', + 'read-job-scaling', + 'list-scaling-policies', + 'read-scaling-policy', + 'scale-job', + 'submit-job', + 'dispatch-job', + 'read-logs', + 'read-fs', + 'alloc-exec', + 'alloc-lifecycle', + 'csi-mount-volume', + 'csi-write-volume', + 'submit-recommendation', + ], + Name: 'pablo/*', + Policy: 'write', + SecureVariables: { + Paths: [ + { + Capabilities: ['read', 'list', 'write'], + PathSpec: '*', + }, + { + Capabilities: ['read', 'list'], + PathSpec: 'system/*', + }, + ], + }, + }, + ]; + + assert.equal( + this.ability._findMatchingNamespace(policyNamespaces, 'carter'), + 'default' + ); + }); + }); +});