kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
36d423ceda6230b9bf2df60efe30e2df312d31f3
nomad/command/setup_vault_test.go
Tim Gross da592ab1b7 testing: fix vault setup test's reliance on specific Raft index (#25806) 
The test for `nomad setup vault` command expects a specific `CreateIndex` for the
job it creates. Any Raft write when a server comes up or establishes leadership
can cause this test to break. Interpolate the expected index as we've done for
other indexes on the job to make this test less brittle.

Ref: https://github.com/hashicorp/nomad-enterprise/pull/2673#issuecomment-2847619747
2025-05-02 14:30:10 -04:00

153 lines
3.5 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package command
import (
"fmt"
"testing"
"github.com/hashicorp/cli"
"github.com/hashicorp/nomad/api"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/command/agent"
"github.com/hashicorp/nomad/helper/pointer"
"github.com/shoenig/test/must"
)
func TestSetupVaultCommand_Run(t *testing.T) {
ci.Parallel(t)
// Start in dev mode so we get a node registration
srv, client, url := testServer(t, true, func(c *agent.Config) {
c.DevMode = true
c.Vaults[0].Name = "default"
c.Vaults[0].Enabled = pointer.Of(true)
})
defer srv.Shutdown()
// Register a job with a vault block but without an identity for Vault.
job := testJob("test")
job.TaskGroups[0].Tasks[0].Vault = &api.Vault{
Cluster: "default",
Policies: []string{"test"},
}
_, _, err := client.Jobs().Register(job, nil)
must.NoError(t, err)
job, _, err = client.Jobs().Info(*job.ID, nil)
must.NoError(t, err)
testCases := []struct {
name string
args []string
expectedErr string
expectedRC int
expectedOut string
}{
{
name: "-check flags",
args: []string{
"-json",
"-t", "{{.}}",
"-verbose",
},
expectedRC: 1,
expectedErr: "The -json, -verbose, and -t options can only be used with -check",
},
{
name: "-check",
args: []string{
"-check",
"-address", url,
},
expectedRC: 0,
expectedOut: `
Jobs Without Workload Identity for Vault
The following jobs access Vault but are not configured for workload identity.
You should redeploy them before fully migrating to workload identities with
Vault to prevent unexpected errors if their tokens need to be recreated.
Refer to https://developer.hashicorp.com/nomad/s/vault-workload-identity-migration
for more information.
ID Namespace Type Status
test default batch pending
`,
},
{
name: "-check with -json",
args: []string{
"-check",
"-json",
"-address", url,
},
expectedRC: 0,
expectedOut: fmt.Sprintf(`{
"JobsWithoutVaultIdentity": [
{
"CreateIndex": %d,
"Datacenters": [
"dc1"
],
"ID": "test",
"JobModifyIndex": %d,
"JobSummary": null,
"ModifyIndex": %d,
"Name": "test",
"Namespace": "default",
"ParameterizedJob": false,
"ParentID": "",
"Periodic": false,
"Priority": 1,
"Status": "pending",
"StatusDescription": "",
"Stop": false,
"SubmitTime": %d,
"Type": "batch"
}
],
"OutdatedNodes": [],
"VaultTokens": null
}
`, *job.CreateIndex, *job.CreateIndex, *job.ModifyIndex, *job.SubmitTime),
},
{
name: "-check with -t",
args: []string{
"-check",
"-t", "{{with index .JobsWithoutVaultIdentity 0}}{{.ID}}{{end}}",
"-address", url,
},
expectedRC: 0,
expectedOut: "test\n",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
ui := cli.NewMockUi()
meta := Meta{Ui: ui}
defer func() {
if t.Failed() {
fmt.Println(ui.ErrorWriter.String())
fmt.Println(ui.OutputWriter.String())
}
}()
cmd := &SetupVaultCommand{Meta: meta}
got := cmd.Run(tc.args)
must.Eq(t, tc.expectedRC, got)
if tc.expectedErr != "" {
must.StrContains(t, ui.ErrorWriter.String(), tc.expectedErr)
} else {
must.Eq(t, ui.ErrorWriter.String(), "")
must.Eq(t, ui.OutputWriter.String(), tc.expectedOut)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink