fixed test and minor refactoring

hashicorp · Aug 23, 2023 · 525e56b · 525e56b
1 parent 78d17e7
commit 525e56b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 24 deletions.
diff --git a/control-plane/subcommand/server-acl-init/anonymous_token.go b/control-plane/subcommand/server-acl-init/anonymous_token.go
@@ -17,9 +17,11 @@ const (
 func (c *Command) configureAnonymousPolicy(consulClient *api.Client) error {
 	exists, err := checkIfAnonymousTokenPolicyExists(consulClient)
 	if err != nil {
+		c.log.Error("Error checking if anonymous token policy exists", "err", err)
 		return err
 	}
 	if exists {
+		c.log.Info("skipping creating anonymous token since it already exists")
 		return nil
 	}
 

diff --git a/control-plane/subcommand/server-acl-init/anonymous_token_test.go b/control-plane/subcommand/server-acl-init/anonymous_token_test.go
@@ -42,33 +42,27 @@ func Test_configureAnonymousPolicy(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	// creates new anonymous token policy
-	errx := cmd.configureAnonymousPolicy(consul)
-	require.NoError(t, errx)
-	var readOnlyPolicy = `acl = "read"`
+	err = cmd.configureAnonymousPolicy(consul)
+	require.NoError(t, err)
 
-	_, _, err = consul.ACL().PolicyCreate(&api.ACLPolicy{
-		Name:  "acl-read-policy",
-		Rules: readOnlyPolicy,
-	}, nil)
+	policy, _, err := consul.ACL().PolicyReadByName(anonymousTokenPolicyName, nil)
 	require.NoError(t, err)
 
-	resp, _, err := consul.ACL().TokenCreate(&api.ACLToken{
-		Policies: []*api.ACLTokenPolicyLink{
-			{
-				Name: "acl-read-policy",
-			},
-		},
-	}, nil)
+	testPolicy := api.ACLPolicy{
+		ID:          policy.ID,
+		Name:        anonymousTokenPolicyName,
+		Description: "Anonymous token Policy",
+		Rules:       `acl = "read"`,
+	}
+	updatedPolicy, _, err := consul.ACL().PolicyUpdate(&testPolicy, &api.WriteOptions{})
 	require.NoError(t, err)
-	readToken := resp.SecretID
 
-	readOnlyClient, errz := api.NewClient(&api.Config{
-		Address: consulHTTPAddr,
-		Token:   readToken,
-	})
-	require.NoError(t, errz)
-	// does not create/update anonymous token policy
-	erry := cmd.configureAnonymousPolicy(readOnlyClient)
-	require.NoError(t, erry)
+	err = cmd.configureAnonymousPolicy(consul)
+	require.NoError(t, err)
+
+	newPolicy, _, err := consul.ACL().PolicyReadByName(anonymousTokenPolicyName, nil)
+	require.NoError(t, err)
+
+	// assert policy rule is still same.
+	require.Equal(t, updatedPolicy, newPolicy)
 }