Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of E2E: test enforcement of ACL system into release/1.5.x #16814

Merged
merged 2 commits into from
Apr 6, 2023
Merged

Backport of E2E: test enforcement of ACL system into release/1.5.x #16814

merged 2 commits into from
Apr 6, 2023

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #16796 to be assessed for backporting due to the inclusion of the label backport/1.5.x.

The below text is copied from the body of the original PR.

Follow-up to #16775
Closes #16483

This changeset provides a matrix test of ACL enforcement across several dimensions:

  • anonymous vs bogus vs valid tokens
  • permitted vs not permitted by policy
  • request sent to server vs sent to client (and forwarded)

In order for this test to be meaningful for anonymous requests, I also had to reduce the permissions of the anonymous policy on the E2E cluster. The test runner uses a management token unless there's a test that overrides it that I've missed. I've spot-checked this didn't cause any new breakage on E2E tests but we have a few things like #16803 floating around that make it hard to be sure without digging into all the existing failures we need to work thru.

Test against Nomad 1.5.2, showing how this would have caught #16775:

$ go test -v -count=1 ./auth
=== RUN   TestAuth
=== RUN   TestAuth/AnonServerRequests
=== RUN   TestAuth/BogusServerRequests
=== RUN   TestAuth/InvalidPermissionsServerRequests
=== RUN   TestAuth/ValidPermissionsServerRequests
=== RUN   TestAuth/AnonClientRequests
    assert.go:11:
        auth_test.go:208: expected non-nil error; is nil
        ↪ PostScript | annotation ↷
                expected error when reading namespace
=== RUN   TestAuth/BogusClientRequests
=== RUN   TestAuth/InvalidPermissionsClientRequests
=== RUN   TestAuth/ValidPermissionsClientRequests
--- FAIL: TestAuth (0.22s)
    --- PASS: TestAuth/AnonServerRequests (0.00s)
    --- PASS: TestAuth/BogusServerRequests (0.01s)
    --- PASS: TestAuth/InvalidPermissionsServerRequests (0.01s)
    --- PASS: TestAuth/ValidPermissionsServerRequests (0.02s)
    --- FAIL: TestAuth/AnonClientRequests (0.00s)
    --- PASS: TestAuth/BogusClientRequests (0.01s)
    --- PASS: TestAuth/InvalidPermissionsClientRequests (0.01s)
    --- PASS: TestAuth/ValidPermissionsClientRequests (0.01s)
FAIL
FAIL    github.com/hashicorp/nomad/e2e/auth     0.230s
FAIL

Test against 1.5.3:

$ go test -v -count=1 ./auth
=== RUN   TestAuth
=== RUN   TestAuth/AnonServerRequests
=== RUN   TestAuth/BogusServerRequests
=== RUN   TestAuth/InvalidPermissionsServerRequests
=== RUN   TestAuth/ValidPermissionsServerRequests
=== RUN   TestAuth/AnonClientRequests
=== RUN   TestAuth/BogusClientRequests
=== RUN   TestAuth/InvalidPermissionsClientRequests
=== RUN   TestAuth/ValidPermissionsClientRequests
--- PASS: TestAuth (1.41s)
    --- PASS: TestAuth/AnonServerRequests (0.12s)
    --- PASS: TestAuth/BogusServerRequests (0.08s)
    --- PASS: TestAuth/InvalidPermissionsServerRequests (0.11s)
    --- PASS: TestAuth/ValidPermissionsServerRequests (0.14s)
    --- PASS: TestAuth/AnonClientRequests (0.13s)
    --- PASS: TestAuth/BogusClientRequests (0.14s)
    --- PASS: TestAuth/InvalidPermissionsClientRequests (0.17s)
    --- PASS: TestAuth/ValidPermissionsClientRequests (0.19s)
PASS
ok      github.com/hashicorp/nomad/e2e/auth     1.422s

@hc-github-team-nomad-core hc-github-team-nomad-core force-pushed the backport/e2e-auth-test/lately-awaited-bug branch 2 times, most recently from d8ec0aa to bddf273 Compare April 6, 2023 13:12
@hc-github-team-nomad-core hc-github-team-nomad-core merged commit 6476220 into release/1.5.x Apr 6, 2023
@hc-github-team-nomad-core hc-github-team-nomad-core deleted the backport/e2e-auth-test/lately-awaited-bug branch April 6, 2023 13:12
@shoenig shoenig mentioned this pull request May 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-nomad-core @tgross