From 9dbe34ac05cb159bbc8ac934e3d91386ab21689b Mon Sep 17 00:00:00 2001 From: Piotr Kazmierczak <470696+pkazmierczak@users.noreply.github.com> Date: Fri, 9 Dec 2022 18:47:32 +0100 Subject: [PATCH] bugfix: acl sso auth methods test failures (#15512) This PR fixes unit test failures introduced in f4e89e2 --- command/acl_auth_method_create_test.go | 2 +- command/acl_auth_method_update_test.go | 10 ++++++++++ nomad/acl_endpoint.go | 2 +- nomad/acl_endpoint_test.go | 1 + nomad/state/state_store_acl_sso.go | 2 +- 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/command/acl_auth_method_create_test.go b/command/acl_auth_method_create_test.go index 1fa4ca3dc..7619fc3eb 100644 --- a/command/acl_auth_method_create_test.go +++ b/command/acl_auth_method_create_test.go @@ -87,7 +87,7 @@ func TestACLAuthMethodCreateCommand_Run(t *testing.T) { args = []string{ "-address=" + url, "-token=" + rootACLToken.SecretID, "-name=acl-auth-method-cli-test", - "-type=OIDC", "-token-locality=global", "-default=true", "-max-token-ttl=3600s", + "-type=OIDC", "-token-locality=global", "-default=false", "-max-token-ttl=3600s", fmt.Sprintf("-config=@%s", configFile.Name()), } must.Eq(t, 0, cmd.Run(args)) diff --git a/command/acl_auth_method_update_test.go b/command/acl_auth_method_update_test.go index c1b0caa36..f4f7fbe66 100644 --- a/command/acl_auth_method_update_test.go +++ b/command/acl_auth_method_update_test.go @@ -108,4 +108,14 @@ func TestACLAuthMethodUpdateCommand_Run(t *testing.T) { ui.OutputWriter.Reset() ui.ErrorWriter.Reset() + + // Update a default auth method + code = cmd.Run([]string{ + "-address=" + url, "-token=" + rootACLToken.SecretID, "-default=true", method.Name}) + must.Zero(t, code) + s = ui.OutputWriter.String() + must.StrContains(t, s, method.Name) + + ui.OutputWriter.Reset() + ui.ErrorWriter.Reset() } diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go index d18ac3128..a9469ca23 100644 --- a/nomad/acl_endpoint.go +++ b/nomad/acl_endpoint.go @@ -1727,7 +1727,7 @@ func (a *ACL) UpsertAuthMethods( // a default one for that very type already. if authMethod.Default { existingMethodsDefaultmethod, _ := stateSnapshot.GetDefaultACLAuthMethodByType(nil, authMethod.Type) - if existingMethodsDefaultmethod != nil { + if existingMethodsDefaultmethod != nil && existingMethodsDefaultmethod.Name != authMethod.Name { return structs.NewErrRPCCodedf( http.StatusBadRequest, "default method for type %s already exists: %v", authMethod.Type, existingMethodsDefaultmethod.Name, diff --git a/nomad/acl_endpoint_test.go b/nomad/acl_endpoint_test.go index 790d28f1b..aa200deaa 100644 --- a/nomad/acl_endpoint_test.go +++ b/nomad/acl_endpoint_test.go @@ -3023,6 +3023,7 @@ func TestACLEndpoint_UpsertACLAuthMethods(t *testing.T) { // Create the register request am1 := mock.ACLAuthMethod() am1.Default = true // make sure it's going to be a default method + am1.SetHash() // Lookup the authMethods req := &structs.ACLAuthMethodUpsertRequest{ diff --git a/nomad/state/state_store_acl_sso.go b/nomad/state/state_store_acl_sso.go index 337df25cb..5ce3278e5 100644 --- a/nomad/state/state_store_acl_sso.go +++ b/nomad/state/state_store_acl_sso.go @@ -66,7 +66,7 @@ func (s *StateStore) upsertACLAuthMethodTxn(index uint64, txn *txn, method *stru // with an existing name or a duplicate default for the same type. if method.Default { existingMethodsDefaultmethod, _ := s.GetDefaultACLAuthMethodByType(nil, method.Type) - if existingMethodsDefaultmethod != nil { + if existingMethodsDefaultmethod != nil && existingMethodsDefaultmethod.Name != method.Name { return false, fmt.Errorf( "default ACL auth method for type %s already exists: %v", method.Type, existingMethodsDefaultmethod.Name,