E2E: remove assertion from ACL role test (#19121)

The ACL role test asserts that the role has various permissions by listing jobs
in namespaces. It never creates jobs, because we can make all the assertions we
need by checking the error. But the test included an assertion that the
namespace was empty. Usually this will be the case, but if the previous test
case has not completed its GC (which is sync), then it's possible a stopped job
will be in the namespace. Because this assertion is irrelevant for this test,
remove it.

e2e/acl/acl_role_test.go

@@ -10,7 +10,7 @@ import (
 	"github.com/hashicorp/nomad/api"
 	"github.com/hashicorp/nomad/e2e/e2eutil"
 	"github.com/hashicorp/nomad/helper/uuid"
-	"github.com/stretchr/testify/require"
+	"github.com/shoenig/test/must"
 )
 
 // testACLRole tests basic functionality of ACL roles when used for
@@ -35,8 +35,8 @@ func testACLRole(t *testing.T) {
 		Policies:    []*api.ACLRolePolicyLink{{Name: "404-not-found"}},
 	}
 	aclRoleCreateResp, _, err := nomadClient.ACLRoles().Create(&invalidRole, nil)
-	require.ErrorContains(t, err, "cannot find policy 404-not-found")
-	require.Nil(t, aclRoleCreateResp)
+	must.ErrorContains(t, err, "cannot find policy 404-not-found")
+	must.Nil(t, aclRoleCreateResp)
 
 	// Create a custom namespace to test along with the default.
 	ns := api.Namespace{
@@ -44,7 +44,7 @@ func testACLRole(t *testing.T) {
 		Description: "E2E ACL Role Testing",
 	}
 	_, err = nomadClient.Namespaces().Register(&ns, nil)
-	require.NoError(t, err)
+	must.NoError(t, err)
 
 	cleanUpProcess.Add(ns.Name, NamespaceTestResourceType)
 
@@ -56,7 +56,7 @@ func testACLRole(t *testing.T) {
 		Rules:       fmt.Sprintf(`namespace %q {policy = "read"}`, ns.Name),
 	}
 	_, err = nomadClient.ACLPolicies().Upsert(&customNamespacePolicy, nil)
-	require.NoError(t, err)
+	must.NoError(t, err)
 
 	cleanUpProcess.Add(customNamespacePolicy.Name, ACLPolicyTestResourceType)
 
@@ -67,18 +67,18 @@ func testACLRole(t *testing.T) {
 		Policies:    []*api.ACLRolePolicyLink{{Name: customNamespacePolicy.Name}},
 	}
 	aclRoleCreateResp, _, err = nomadClient.ACLRoles().Create(&validRole, nil)
-	require.NoError(t, err)
-	require.NotNil(t, aclRoleCreateResp)
-	require.NotEmpty(t, aclRoleCreateResp.ID)
-	require.Equal(t, validRole.Name, aclRoleCreateResp.Name)
+	must.NoError(t, err)
+	must.NotNil(t, aclRoleCreateResp)
+	must.NotEq(t, "", aclRoleCreateResp.ID)
+	must.Eq(t, validRole.Name, aclRoleCreateResp.Name)
 
 	cleanUpProcess.Add(aclRoleCreateResp.ID, ACLRoleTestResourceType)
 
 	// Perform a role listing and check we have the expected entries.
 	aclRoleListResp, _, err := nomadClient.ACLRoles().List(nil)
-	require.NoError(t, err)
-	require.Len(t, aclRoleListResp, 1)
-	require.Equal(t, aclRoleCreateResp.ID, aclRoleListResp[0].ID)
+	must.NoError(t, err)
+	must.Len(t, 1, aclRoleListResp)
+	must.Eq(t, aclRoleCreateResp.ID, aclRoleListResp[0].ID)
 
 	// Create our ACL token which is linked to the created ACL role.
 	token := api.ACLToken{
@@ -87,8 +87,8 @@ func testACLRole(t *testing.T) {
 		Roles: []*api.ACLTokenRoleLink{{ID: aclRoleCreateResp.ID}},
 	}
 	aclTokenCreateResp, _, err := nomadClient.ACLTokens().Create(&token, nil)
-	require.NoError(t, err)
-	require.NotNil(t, aclTokenCreateResp)
+	must.NoError(t, err)
+	must.NotNil(t, aclTokenCreateResp)
 
 	cleanUpProcess.Add(aclTokenCreateResp.AccessorID, ACLTokenTestResourceType)
 
@@ -98,12 +98,11 @@ func testACLRole(t *testing.T) {
 	customNSQueryMeta := api.QueryOptions{Namespace: ns.Name, AuthToken: aclTokenCreateResp.SecretID}
 	defaultNSQueryMeta := api.QueryOptions{Namespace: "default", AuthToken: aclTokenCreateResp.SecretID}
 
-	jobListResp, _, err := nomadClient.Jobs().List(&customNSQueryMeta)
-	require.NoError(t, err)
-	require.Empty(t, jobListResp)
+	_, _, err = nomadClient.Jobs().List(&customNSQueryMeta)
+	must.NoError(t, err)
 
-	jobListResp, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
-	require.ErrorContains(t, err, "Permission denied")
+	_, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
+	must.ErrorContains(t, err, "Permission denied")
 
 	// Create an ACL policy which grants read access to the default namespace.
 	defaultNamespacePolicy := api.ACLPolicy{
@@ -112,7 +111,7 @@ func testACLRole(t *testing.T) {
 		Rules:       `namespace "default" {policy = "read"}`,
 	}
 	_, err = nomadClient.ACLPolicies().Upsert(&defaultNamespacePolicy, nil)
-	require.NoError(t, err)
+	must.NoError(t, err)
 
 	cleanUpProcess.Add(defaultNamespacePolicy.Name, ACLPolicyTestResourceType)
 
@@ -122,35 +121,34 @@ func testACLRole(t *testing.T) {
 		Name: defaultNamespacePolicy.Name,
 	})
 	aclRoleUpdateResp, _, err := nomadClient.ACLRoles().Update(aclRoleCreateResp, nil)
-	require.NoError(t, err)
-	require.Equal(t, aclRoleCreateResp.ID, aclRoleUpdateResp.ID)
-	require.Len(t, aclRoleUpdateResp.Policies, 2)
+	must.NoError(t, err)
+	must.Eq(t, aclRoleCreateResp.ID, aclRoleUpdateResp.ID)
+	must.Len(t, 2, aclRoleUpdateResp.Policies)
 
 	// Try listing the jobs in the default namespace again to ensure we now
 	// have permission due to the updated role.
-	jobListResp, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
-	require.NoError(t, err)
-	require.Empty(t, jobListResp)
+	_, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
+	must.NoError(t, err)
 
 	// Delete a policy from under the role.
 	_, err = nomadClient.ACLPolicies().Delete(defaultNamespacePolicy.Name, nil)
-	require.NoError(t, err)
+	must.NoError(t, err)
 
 	cleanUpProcess.Remove(defaultNamespacePolicy.Name, ACLPolicyTestResourceType)
 
 	// The permission to list the job in the default namespace should now be
 	// revoked.
-	jobListResp, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
-	require.ErrorContains(t, err, "Permission denied")
+	_, _, err = nomadClient.Jobs().List(&defaultNSQueryMeta)
+	must.ErrorContains(t, err, "Permission denied")
 
 	// Delete the ACL role.
 	_, err = nomadClient.ACLRoles().Delete(aclRoleUpdateResp.ID, nil)
-	require.NoError(t, err)
+	must.NoError(t, err)
 
 	cleanUpProcess.Remove(aclRoleUpdateResp.ID, ACLRoleTestResourceType)
 
 	// We should now not be able to list jobs in the custom namespace either as
 	// the token does not have any permissions.
-	jobListResp, _, err = nomadClient.Jobs().List(&customNSQueryMeta)
-	require.ErrorContains(t, err, "Permission denied")
+	_, _, err = nomadClient.Jobs().List(&customNSQueryMeta)
+	must.ErrorContains(t, err, "Permission denied")
 }