kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e7ec1b32ce328dfd083a17c40ebb231c6bbc68f
nomad/command/acl_policy_self_test.go
Piotr Kazmierczak cdc308a0eb wi: new endpoint for listing workload attached ACL policies (#25588) 
This introduces a new HTTP endpoint (and an associated CLI command) for querying
ACL policies associated with a workload identity. It allows users that want
to learn about the ACL capabilities from within WI-tasks to know what sort of
policies are enabled.

---------

Co-authored-by: Tim Gross <tgross@hashicorp.com>
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
2025-05-19 19:54:12 +02:00

80 lines
2.0 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package command
import (
"testing"
"github.com/hashicorp/cli"
"github.com/hashicorp/nomad/command/agent"
"github.com/hashicorp/nomad/nomad/mock"
"github.com/hashicorp/nomad/nomad/structs"
"github.com/hashicorp/nomad/testutil"
"github.com/shoenig/test/must"
)
func TestACLPolicySelfCommand_ViaEnvVar(t *testing.T) {
config := func(c *agent.Config) {
c.ACL.Enabled = true
}
srv, _, url := testServer(t, true, config)
defer srv.Shutdown()
state := srv.Agent.Server().State()
// Bootstrap an initial ACL token
token := srv.RootToken
must.NotNil(t, token)
// Create a minimal job
job := mock.MinJob()
// Add a job policy
polArgs := structs.ACLPolicyUpsertRequest{
Policies: []*structs.ACLPolicy{
{
Name: "nw",
Description: "test job can write to nodes",
Rules: `node { policy = "write" }`,
JobACL: &structs.JobACL{
Namespace: job.Namespace,
JobID: job.ID,
},
},
},
WriteRequest: structs.WriteRequest{
Region: job.Region,
AuthToken: token.SecretID,
Namespace: job.Namespace,
},
}
polReply := structs.GenericResponse{}
must.NoError(t, srv.RPC("ACL.UpsertPolicies", &polArgs, &polReply))
must.NonZero(t, polReply.WriteMeta.Index)
ui := cli.NewMockUi()
cmd := &ACLPolicySelfCommand{Meta: Meta{Ui: ui, flagAddress: url}}
allocs := testutil.WaitForRunningWithToken(t, srv.RPC, job, token.SecretID)
must.Len(t, 1, allocs)
alloc, err := state.AllocByID(nil, allocs[0].ID)
must.NoError(t, err)
must.MapContainsKey(t, alloc.SignedIdentities, "t")
wid := alloc.SignedIdentities["t"]
// Fetch info on policies with a JWT
t.Setenv("NOMAD_TOKEN", wid)
code := cmd.Run([]string{"-address=" + url})
must.Zero(t, code)
// Check the output
out := ui.OutputWriter.String()
must.StrContains(t, out, polArgs.Policies[0].Name)
// make sure we put the job ACLs in there, too
must.StrContains(t, out, polArgs.Policies[0].JobACL.JobID)
}
Reference in New Issue View Git Blame Copy Permalink