From 7ab54cea7a08ea9f260322bf080a9309be13c30d Mon Sep 17 00:00:00 2001
From: aahel <aahel.guha@hashicorp.com>
Date: Sun, 25 Jun 2023 23:31:13 +0530
Subject: [PATCH] added unit test

---
 .../server-acl-init/create_or_update_test.go  | 90 +++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/control-plane/subcommand/server-acl-init/create_or_update_test.go b/control-plane/subcommand/server-acl-init/create_or_update_test.go
index 6aff677dda..bb16a4d48e 100644
--- a/control-plane/subcommand/server-acl-init/create_or_update_test.go
+++ b/control-plane/subcommand/server-acl-init/create_or_update_test.go
@@ -70,3 +70,93 @@ func TestCreateOrUpdateACLPolicy_ErrorsIfDescriptionDoesNotMatch(t *testing.T) {
 	require.NoError(err)
 	require.Equal(policyDescription, rereadPolicy.Description)
 }
+
+func TestCreateOrUpdateACLPolicy_Update(t *testing.T) {
+	require := require.New(t)
+	ui := cli.NewMockUi()
+	k8s := fake.NewSimpleClientset()
+	cmd := Command{
+		UI:        ui,
+		clientset: k8s,
+		log:       hclog.NewNullLogger(),
+	}
+	cmd.init()
+	// Start Consul.
+	bootToken := "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
+	svr, err := testutil.NewTestServerConfigT(t, func(c *testutil.TestServerConfig) {
+		c.ACL.Enabled = true
+		c.ACL.Tokens.InitialManagement = bootToken
+	})
+	require.NoError(err)
+	defer svr.Stop()
+	svr.WaitForLeader(t)
+
+	// Get a Consul client.
+	consul, err := api.NewClient(&api.Config{
+		Address: svr.HTTPAddr,
+		Token:   bootToken,
+	})
+	require.NoError(err)
+	connectInjectRule, err := cmd.injectRules()
+	require.NoError(err)
+	aclReplRule, err := cmd.aclReplicationRules()
+	require.NoError(err)
+	policyDescription := "policy-description"
+	policyName := "policy-name"
+	policy, _, err := consul.ACL().PolicyCreate(&api.ACLPolicy{
+		Name:        "new-policy-name",
+		Description: "new-policy-desc",
+	}, nil)
+	require.NoError(err)
+	cases := []struct {
+		Name              string
+		ID                string
+		PolicyDescription string
+		PolicyName        string
+		Rules             string
+		Err               error
+		ExpPolicy         *api.ACLPolicy
+	}{
+		{
+			Name:              "create",
+			ID:                "",
+			PolicyDescription: policyDescription,
+			PolicyName:        policyName,
+			Rules:             connectInjectRule,
+			Err:               nil,
+			ExpPolicy: &api.ACLPolicy{
+				Name:        policyName,
+				Description: policyDescription,
+				Rules:       connectInjectRule,
+			},
+		},
+		{
+			Name:              "update",
+			ID:                policy.ID,
+			PolicyDescription: policy.Description,
+			PolicyName:        policy.Name,
+			Rules:             aclReplRule,
+			Err:               nil,
+			ExpPolicy: &api.ACLPolicy{
+				Name:        policyName,
+				Description: policyDescription,
+				Rules:       aclReplRule,
+			},
+		},
+	}
+	for _, tt := range cases {
+		t.Run(tt.Name, func(t *testing.T) {
+			err = cmd.createOrUpdateACLPolicy(api.ACLPolicy{
+				Name:        tt.PolicyName,
+				Description: tt.PolicyDescription,
+				Rules:       tt.Rules,
+			}, consul)
+			require.Equal(tt.Err, err)
+			if tt.ID != "" {
+				readPolicy, _, err := consul.ACL().PolicyRead(tt.ID, nil)
+				require.NoError(err)
+				require.Equal(tt.Rules, readPolicy.Rules)
+			}
+		})
+	}
+}