Refactor a test to make it run in enterprise too

hashicorp · Jan 13, 2020 · 0915ede · 0915ede
1 parent f8c808c
commit 0915ede
Showing 1 changed file with 26 additions and 51 deletions.
diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go
@@ -1501,100 +1501,75 @@ service "bar" {
 func TestIntentionCheck_match(t *testing.T) {
 	t.Parallel()
 
-	require := require.New(t)
-	dir1, s1 := testServerWithConfig(t, func(c *Config) {
-		c.ACLDatacenter = "dc1"
-		c.ACLsEnabled = true
-		c.ACLMasterToken = "root"
-		c.ACLDefaultPolicy = "deny"
-	})
+	dir1, s1 := testACLServerWithConfig(t, nil, false)
 	defer os.RemoveAll(dir1)
 	defer s1.Shutdown()
 	codec := rpcClient(t, s1)
 	defer codec.Close()
 
 	testrpc.WaitForLeader(t, s1.RPC, "dc1")
 
-	// Create an ACL with service read permissions. This will grant permission.
-	var token string
-	{
-		var rules = `
-service "bar" {
-	policy = "read"
-}`
-
-		req := structs.ACLRequest{
-			Datacenter: "dc1",
-			Op:         structs.ACLSet,
-			ACL: structs.ACL{
-				Name:  "User token",
-				Type:  structs.ACLTokenTypeClient,
-				Rules: rules,
-			},
-			WriteRequest: structs.WriteRequest{Token: "root"},
-		}
-		require.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
-	}
+	token, err := upsertTestTokenWithPolicyRules(codec, TestDefaultMasterToken, "dc1", `service "api" { policy = "read" }`)
+	require.NoError(t, err)
 
 	// Create some intentions
 	{
 		insert := [][]string{
-			{"foo", "*", "foo", "*"},
-			{"foo", "*", "foo", "bar"},
-			{"bar", "*", "foo", "bar"}, // duplicate destination different source
+			{"web", "db"},
+			{"api", "db"},
+			{"web", "api"},
 		}
 
 		for _, v := range insert {
 			ixn := structs.IntentionRequest{
 				Datacenter: "dc1",
 				Op:         structs.IntentionOpCreate,
 				Intention: &structs.Intention{
-					SourceNS:        v[0],
-					SourceName:      v[1],
-					DestinationNS:   v[2],
-					DestinationName: v[3],
+					SourceNS:        "default",
+					SourceName:      v[0],
+					DestinationNS:   "default",
+					DestinationName: v[1],
 					Action:          structs.IntentionActionAllow,
 				},
+				WriteRequest: structs.WriteRequest{Token: TestDefaultMasterToken},
 			}
-			ixn.WriteRequest.Token = "root"
-
 			// Create
 			var reply string
-			require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
+			require.NoError(t, msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply))
 		}
 	}
 
 	// Check
 	req := &structs.IntentionQueryRequest{
 		Datacenter: "dc1",
 		Check: &structs.IntentionQueryCheck{
-			SourceNS:        "foo",
-			SourceName:      "qux",
-			DestinationNS:   "foo",
-			DestinationName: "bar",
+			SourceNS:        "default",
+			SourceName:      "web",
+			DestinationNS:   "default",
+			DestinationName: "api",
 			SourceType:      structs.IntentionSourceConsul,
 		},
+		QueryOptions: structs.QueryOptions{Token: token.SecretID},
 	}
-	req.Token = token
 	var resp structs.IntentionQueryCheckResponse
-	require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
-	require.True(resp.Allowed)
+	require.NoError(t, msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
+	require.True(t, resp.Allowed)
 
 	// Test no match for sanity
 	{
 		req := &structs.IntentionQueryRequest{
 			Datacenter: "dc1",
 			Check: &structs.IntentionQueryCheck{
-				SourceNS:        "baz",
-				SourceName:      "qux",
-				DestinationNS:   "foo",
-				DestinationName: "bar",
+				SourceNS:        "default",
+				SourceName:      "db",
+				DestinationNS:   "default",
+				DestinationName: "api",
 				SourceType:      structs.IntentionSourceConsul,
 			},
+			QueryOptions: structs.QueryOptions{Token: token.SecretID},
 		}
-		req.Token = token
 		var resp structs.IntentionQueryCheckResponse
-		require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
-		require.False(resp.Allowed)
+		require.NoError(t, msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
+		require.False(t, resp.Allowed)
 	}
 }