Skip to content

Commit

Permalink
base64 encode policy strings in tests where we're using them with str…
Browse files Browse the repository at this point in the history
…ing interpolation
  • Loading branch information
meirish committed May 17, 2019
1 parent 056ace2 commit fbdeb6a
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 25 deletions.
10 changes: 5 additions & 5 deletions ui/tests/acceptance/cluster-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const consoleComponent = create(consoleClass);

const tokenWithPolicy = async function(name, policy) {
await consoleComponent.runCommands([
`write sys/policies/acl/${name} policy=${policy}`,
`write sys/policies/acl/${name} policy=${btoa(policy)}`,
`write -field=client_token auth/token/create policies=${name}`,
]);

Expand All @@ -25,11 +25,11 @@ module('Acceptance | cluster', function(hooks) {
});

test('hides nav item if user does not have permission', async function(assert) {
const deny_policies_policy = `'
const deny_policies_policy = `
path "sys/policies/*" {
capabilities = ["deny"]
},
'`;
`;

const userToken = await tokenWithPolicy('hide-policies-nav', deny_policies_policy);
await logout.visit();
Expand All @@ -40,11 +40,11 @@ module('Acceptance | cluster', function(hooks) {
});

test('enterprise nav item links to first route that user has access to', async function(assert) {
const read_rgp_policy = `'
const read_rgp_policy = `
path "sys/policies/rgp" {
capabilities = ["read"]
},
'`;
`;

const userToken = await tokenWithPolicy('show-policies-nav', read_rgp_policy);
await logout.visit();
Expand Down
12 changes: 6 additions & 6 deletions ui/tests/acceptance/enterprise-control-groups-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ module('Acceptance | Enterprise | control groups', function(hooks) {
return logout.visit();
});

const POLICY = `'
const POLICY = `
path "kv/foo" {
capabilities = ["create", "read", "update", "delete", "list"]
control_group = {
Expand All @@ -40,17 +40,17 @@ module('Acceptance | Enterprise | control groups', function(hooks) {
}
}
}
'`;
`;

const AUTHORIZER_POLICY = `'
const AUTHORIZER_POLICY = `
path "sys/control-group/authorize" {
capabilities = ["update"]
}
path "sys/control-group/request" {
capabilities = ["update"]
}
'`;
`;

const ADMIN_USER = 'authorizer';
const ADMIN_PASSWORD = 'test';
Expand All @@ -67,8 +67,8 @@ module('Acceptance | Enterprise | control groups', function(hooks) {
`write auth/userpass/users/${ADMIN_USER} password=${ADMIN_PASSWORD} policies=default`,
`write identity/entity name=${ADMIN_USER} policies=test`,
// write policies for control group + authorization
`write sys/policies/acl/kv-control-group policy=${POLICY}`,
`write sys/policies/acl/authorizer policy=${AUTHORIZER_POLICY}`,
`write sys/policies/acl/kv-control-group policy=${btoa(POLICY)}`,
`write sys/policies/acl/authorizer policy=${btoa(AUTHORIZER_POLICY)}`,
// read out mount to get the accessor
'read -field=accessor sys/internal/ui/mounts/auth/userpass',
]);
Expand Down
2 changes: 1 addition & 1 deletion ui/tests/acceptance/policies/index-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ module('Acceptance | policies/acl', function(hooks) {
test('it allows deletion of policies with dots in names', async function(assert) {
const POLICY = 'path "*" { capabilities = ["list"]}';
let policyName = 'list.policy';
await consoleComponent.runCommands([`write sys/policies/acl/${policyName} policy='${POLICY}'`]);
await consoleComponent.runCommands([`write sys/policies/acl/${policyName} policy=${btoa(POLICY)}`]);
await page.visit({ type: 'acl' });
let policy = page.row.filterBy('name', policyName)[0];
assert.ok(policy, 'policy is shown in the list');
Expand Down
26 changes: 13 additions & 13 deletions ui/tests/acceptance/secrets/backend/kv/secret-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -192,17 +192,17 @@ module('Acceptance | secrets/secret/create', function(hooks) {

test('version 2 with restricted policy still allows creation', async function(assert) {
let backend = 'kv-v2';
const V2_POLICY = `'
const V2_POLICY = `
path "kv-v2/metadata/*" {
capabilities = ["list"]
}
path "kv-v2/data/secret" {
capabilities = ["create", "read", "update"]
}
'`;
`;
await consoleComponent.runCommands([
`write sys/mounts/${backend} type=kv options=version=2`,
`write sys/policies/acl/kv-v2-degrade policy=${V2_POLICY}`,
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
// delete any kv previously written here so that tests can be re-run
'delete kv-v2/metadata/secret',
'write -field=client_token auth/token/create policies=kv-v2-degrade',
Expand All @@ -220,17 +220,17 @@ module('Acceptance | secrets/secret/create', function(hooks) {

test('version 2 with restricted policy still allows edit', async function(assert) {
let backend = 'kv-v2';
const V2_POLICY = `'
const V2_POLICY = `
path "kv-v2/metadata/*" {
capabilities = ["list"]
}
path "kv-v2/data/secret" {
capabilities = ["create", "read", "update"]
}
'`;
`;
await consoleComponent.runCommands([
`write sys/mounts/${backend} type=kv options=version=2`,
`write sys/policies/acl/kv-v2-degrade policy=${V2_POLICY}`,
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
// delete any kv previously written here so that tests can be re-run
'delete kv-v2/metadata/secret',
'write -field=client_token auth/token/create policies=kv-v2-degrade',
Expand Down Expand Up @@ -326,16 +326,16 @@ module('Acceptance | secrets/secret/create', function(hooks) {
});

let setupNoRead = async function(backend, canReadMeta = false) {
const V2_WRITE_ONLY_POLICY = `'
const V2_WRITE_ONLY_POLICY = `
path "${backend}/+/+" {
capabilities = ["create", "update", "list"]
}
path "${backend}/+" {
capabilities = ["list"]
}
'`;
`;

const V2_WRITE_WITH_META_READ_POLICY = `'
const V2_WRITE_WITH_META_READ_POLICY = `
path "${backend}/+/+" {
capabilities = ["create", "update", "list"]
}
Expand All @@ -345,12 +345,12 @@ module('Acceptance | secrets/secret/create', function(hooks) {
path "${backend}/+" {
capabilities = ["list"]
}
'`;
const V1_WRITE_ONLY_POLICY = `'
`;
const V1_WRITE_ONLY_POLICY = `
path "${backend}/+" {
capabilities = ["create", "update", "list"]
}
'`;
`;

let policy;
if (backend === 'kv-v2' && canReadMeta) {
Expand All @@ -364,7 +364,7 @@ module('Acceptance | secrets/secret/create', function(hooks) {
// disable any kv previously enabled kv
`delete sys/mounts/${backend}`,
`write sys/mounts/${backend} type=kv options=version=${backend === 'kv-v2' ? 2 : 1}`,
`write sys/policies/acl/${backend} policy=${policy}`,
`write sys/policies/acl/${backend} policy=${btoa(policy)}`,
`write -field=client_token auth/token/create policies=${backend}`,
]);

Expand Down

0 comments on commit fbdeb6a

Please sign in to comment.