Skip to content
GitLab
Commit bd82a512 authored by Phil Renaud's avatar Phil Renaud
Browse files

Policy block name changed

parent 9b415c96
Branches unavailable v1.4.3 v1.4.2 v1.4.1 v1.4.0 v1.4.0-rc.1 v1.4.0-beta.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 99 additions and 101 deletions
+99 -101
ui/app/models/variable.js
+ 2
- 2
View file @ bd82a512
......@@ -15,12 +15,12 @@ import { attr } from '@ember-data/model';
*/
/**
* @typedef SecureVariable
* @typedef Variable
* @type {object}
*/
/**
* A Secure Variable has a path, namespace, and an array of key-value pairs within the client.
* A Variable has a path, namespace, and an array of key-value pairs within the client.
* On the server, these key-value pairs are serialized into object structure.
* @class
* @extends Model
......
ui/mirage/factories/token.js
+ 4
- 4
View file @ bd82a512
......@@ -55,7 +55,7 @@ node {
{
Name: '*',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -121,7 +121,7 @@ node {
{
Name: '*',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list'],
......@@ -133,7 +133,7 @@ node {
{
Name: 'namespace-1',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list', 'read', 'destroy', 'create'],
......@@ -145,7 +145,7 @@ node {
{
Name: 'namespace-2',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list', 'read', 'destroy', 'create'],
......
ui/tests/acceptance/secure-variables-test.js
+ 40
- 42
View file @ bd82a512
......@@ -22,8 +22,8 @@ import percySnapshot from '@percy/ember';
import Variables from 'nomad-ui/tests/pages/variables';
import Layout from 'nomad-ui/tests/pages/layout';
const SECURE_TOKEN_ID = '53cur3-v4r14bl35';
const LIMITED_SECURE_TOKEN_ID = 'f3w3r-53cur3-v4r14bl35';
const VARIABLE_TOKEN_ID = '53cur3-v4r14bl35';
const LIMITED_VARIABLE_TOKEN_ID = 'f3w3r-53cur3-v4r14bl35';
module('Acceptance | secure variables', function (hooks) {
setupApplicationTest(hooks);
......@@ -49,7 +49,7 @@ module('Acceptance | secure variables', function (hooks) {
test('it allows access for list-variables allowed ACL rules', async function (assert) {
assert.expect(2);
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
......@@ -61,11 +61,11 @@ module('Acceptance | secure variables', function (hooks) {
test('it correctly traverses to and deletes a variable', async function (assert) {
assert.expect(13);
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
server.db.variables.update({ namespace: 'default' });
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list', 'read', 'destroy'];
......@@ -145,7 +145,7 @@ module('Acceptance | secure variables', function (hooks) {
test('variables prefixed with nomad/jobs/ correctly link to entities', async function (assert) {
assert.expect(23);
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
const variableLinkedJob = server.db.jobs[0];
const variableLinkedGroup = server.db.taskGroups.findBy({
......@@ -207,7 +207,7 @@ module('Acceptance | secure variables', function (hooks) {
assert.dom(relatedEntitiesBox).exists('Related Entities box is present');
assert.ok(
cleanWhitespace(relatedEntitiesBox.textContent).includes(
'This secure variable is accessible by job'
'This variable is accessible by job'
),
'Related Entities box is job-oriented'
);
......@@ -243,7 +243,7 @@ module('Acceptance | secure variables', function (hooks) {
assert.dom(relatedEntitiesBox).exists('Related Entities box is present');
assert.ok(
cleanWhitespace(relatedEntitiesBox.textContent).includes(
'This secure variable is accessible by group'
'This variable is accessible by group'
),
'Related Entities box is group-oriented'
);
......@@ -281,7 +281,7 @@ module('Acceptance | secure variables', function (hooks) {
assert.dom(relatedEntitiesBox).exists('Related Entities box is present');
assert.ok(
cleanWhitespace(relatedEntitiesBox.textContent).includes(
'This secure variable is accessible by task'
'This variable is accessible by task'
),
'Related Entities box is task-oriented'
);
......@@ -342,27 +342,25 @@ module('Acceptance | secure variables', function (hooks) {
test('it passes an accessibility audit', async function (assert) {
assert.expect(1);
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
await a11yAudit(assert);
});
module('create flow', function () {
test('allows a user with correct permissions to create a secure variable', async function (assert) {
test('allows a user with correct permissions to create a variable', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
// End Test Set-up
assert
.dom('[data-test-create-var]')
.exists(
'It should display an enabled button to create a secure variable'
);
.exists('It should display an enabled button to create a variable');
await click('[data-test-create-var]');
assert.equal(currentRouteName(), 'variables.new');
......@@ -402,14 +400,14 @@ module('Acceptance | secure variables', function (hooks) {
window.localStorage.nomadTokenSecret = null;
});
test('prevents users from creating a secure variable without proper permissions', async function (assert) {
test('prevents users from creating a variable without proper permissions', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list'];
await Variables.visit();
......@@ -418,7 +416,7 @@ module('Acceptance | secure variables', function (hooks) {
assert
.dom('[data-test-disabled-create-var]')
.exists(
'It should display an disabled button to create a secure variable on the main listings page'
'It should display an disabled button to create a variable on the main listings page'
);
// Reset Token
......@@ -429,7 +427,7 @@ module('Acceptance | secure variables', function (hooks) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visitNew();
// End Test Set-up
......@@ -456,7 +454,7 @@ module('Acceptance | secure variables', function (hooks) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visitNew();
// End Test Set-up
......@@ -476,15 +474,15 @@ module('Acceptance | secure variables', function (hooks) {
});
module('edit flow', function () {
test('allows a user with correct permissions to edit a secure variable', async function (assert) {
test('allows a user with correct permissions to edit a variable', async function (assert) {
assert.expect(8);
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list', 'read', 'write'];
server.db.variables.update({ namespace: 'default' });
......@@ -531,14 +529,14 @@ module('Acceptance | secure variables', function (hooks) {
window.localStorage.nomadTokenSecret = null;
});
test('prevents users from editing a secure variable without proper permissions', async function (assert) {
test('prevents users from editing a variable without proper permissions', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list', 'read'];
await Variables.visit();
......@@ -556,7 +554,7 @@ module('Acceptance | secure variables', function (hooks) {
test('handles conflicts on save', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
// End Test Set-up
......@@ -593,14 +591,14 @@ module('Acceptance | secure variables', function (hooks) {
});
module('delete flow', function () {
test('allows a user with correct permissions to delete a secure variable', async function (assert) {
test('allows a user with correct permissions to delete a variable', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list', 'read', 'destroy'];
server.db.variables.update({ namespace: 'default' });
......@@ -629,14 +627,14 @@ module('Acceptance | secure variables', function (hooks) {
window.localStorage.nomadTokenSecret = null;
});
test('prevents users from delete a secure variable without proper permissions', async function (assert) {
test('prevents users from delete a variable without proper permissions', async function (assert) {
// Arrange Test Set-up
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const policy = server.db.policies.find('Variable Maker');
policy.rulesJSON.Namespaces[0].SecureVariables.Paths.find(
policy.rulesJSON.Namespaces[0].Variables.Paths.find(
(path) => path.PathSpec === '*'
).Capabilities = ['list', 'read'];
await Variables.visit();
......@@ -654,9 +652,9 @@ module('Acceptance | secure variables', function (hooks) {
});
module('read flow', function () {
test('allows a user with correct permissions to read a secure variable', async function (assert) {
test('allows a user with correct permissions to read a variable', async function (assert) {
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
......@@ -674,9 +672,9 @@ module('Acceptance | secure variables', function (hooks) {
window.localStorage.nomadTokenSecret = null;
});
test('prevents users from reading a secure variable without proper permissions', async function (assert) {
test('prevents users from reading a variable without proper permissions', async function (assert) {
allScenarios.variableTestCluster(server);
const variablesToken = server.db.tokens.find(LIMITED_SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(LIMITED_VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
......@@ -699,7 +697,7 @@ module('Acceptance | secure variables', function (hooks) {
// Arrange
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
......@@ -731,7 +729,7 @@ module('Acceptance | secure variables', function (hooks) {
test('does not show namespace filtering if the user only has access to one namespace', async function (assert) {
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const twoTokens = server.db.namespaces.slice(0, 2);
server.db.namespaces.remove(twoTokens);
......@@ -754,7 +752,7 @@ module('Acceptance | secure variables', function (hooks) {
// Arrange
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
await Variables.visit();
await click('[data-test-folder-row]');
......@@ -793,7 +791,7 @@ module('Acceptance | secure variables', function (hooks) {
test('does not show namespace filtering if the user only has access to one namespace', async function (assert) {
allScenarios.variableTestCluster(server);
server.createList('variable', 3);
const variablesToken = server.db.tokens.find(SECURE_TOKEN_ID);
const variablesToken = server.db.tokens.find(VARIABLE_TOKEN_ID);
window.localStorage.nomadTokenSecret = variablesToken.secretId;
const twoTokens = server.db.namespaces.slice(0, 2);
server.db.namespaces.remove(twoTokens);
......
ui/tests/integration/components/variable-paths-test.js
+ 1
- 1
View file @ bd82a512
......@@ -89,7 +89,7 @@ module('Integration | Component | variable-paths', function (hooks) {
{
Name: '*',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list', 'read'],
......
ui/tests/unit/abilities/abstract-test.js
+ 14
- 14
View file @ bd82a512
......@@ -44,7 +44,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'default',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -88,7 +88,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: '*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -128,7 +128,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'madness',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['read', 'list', 'write'],
......@@ -174,7 +174,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'default',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -218,7 +218,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: '*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -258,7 +258,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'pablo',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['read', 'list', 'write'],
......@@ -304,7 +304,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'default',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -348,7 +348,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: '*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -388,7 +388,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'pablo/*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['read', 'list', 'write'],
......@@ -437,7 +437,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'default',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -481,7 +481,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: '*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -521,7 +521,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: '*/rilkes',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['read', 'list', 'write'],
......@@ -570,7 +570,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'default',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['write', 'read', 'destroy', 'list'],
......@@ -614,7 +614,7 @@ module('Unit | Ability | abstract', function (hooks) {
],
Name: 'pablo/*',
Policy: 'write',
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['read', 'list', 'write'],
......
ui/tests/unit/abilities/variable-test.js
+ 38
- 38
View file @ bd82a512
......@@ -48,7 +48,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.ok(this.ability.canList);
});
test('it permits listing variables when token has SecureVariables with list capabilities in its rules', function (assert) {
test('it permits listing variables when token has Variables with list capabilities in its rules', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -59,7 +59,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['list'], PathSpec: '*' }],
},
},
......@@ -74,7 +74,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.ok(this.ability.canList);
});
test('it does not permit listing variables when token has SecureVariables alone in its rules', function (assert) {
test('it does not permit listing variables when token has Variables alone in its rules', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -85,7 +85,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {},
Variables: {},
},
],
},
......@@ -98,7 +98,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.notOk(this.ability.canList);
});
test('it does not permit listing variables when token has a null SecureVariables block', function (assert) {
test('it does not permit listing variables when token has a null Variables block', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -109,7 +109,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: null,
Variables: null,
},
],
},
......@@ -122,7 +122,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.notOk(this.ability.canList);
});
test('it does not permit listing variables when token has a SecureVariables block where paths are without capabilities', function (assert) {
test('it does not permit listing variables when token has a Variables block where paths are without capabilities', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -133,7 +133,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: [], PathSpec: '*' },
{ Capabilities: [], PathSpec: 'foo' },
......@@ -152,7 +152,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.notOk(this.ability.canList);
});
test('it does not permit listing variables when token has no SecureVariables block', function (assert) {
test('it does not permit listing variables when token has no Variables block', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -175,7 +175,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.notOk(this.ability.canList);
});
test('it permits listing variables when token multiple namespaces, only one of which having a SecureVariables block', function (assert) {
test('it permits listing variables when token multiple namespaces, only one of which having a Variables block', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -186,19 +186,19 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: null,
Variables: null,
},
{
Name: 'nonsense',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: [], PathSpec: '*' }],
},
},
{
Name: 'shenanigans',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['list'], PathSpec: 'foo/bar/baz' },
],
......@@ -249,7 +249,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.ok(this.ability.canWrite);
});
test('it permits creating variables when token has SecureVariables with write capabilities in its rules', function (assert) {
test('it permits creating variables when token has Variables with write capabilities in its rules', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -260,7 +260,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: '*' }],
},
},
......@@ -286,14 +286,14 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['list'], PathSpec: 'foo/bar' }],
},
},
{
Name: 'pablo',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: 'foo/bar' }],
},
},
......@@ -344,7 +344,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.ok(this.ability.canDestroy);
});
test('it permits destroying variables when token has SecureVariables with write capabilities in its rules', function (assert) {
test('it permits destroying variables when token has Variables with write capabilities in its rules', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -355,7 +355,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['destroy'], PathSpec: '*' }],
},
},
......@@ -381,14 +381,14 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['list'], PathSpec: 'foo/bar' }],
},
},
{
Name: 'pablo',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['destroy'], PathSpec: 'foo/bar' }],
},
},
......@@ -439,7 +439,7 @@ module('Unit | Ability | variable', function (hooks) {
assert.ok(this.ability.canRead);
});
test('it permits reading variables when token has SecureVariables with read capabilities in its rules', function (assert) {
test('it permits reading variables when token has Variables with read capabilities in its rules', function (assert) {
const mockToken = Service.extend({
aclEnabled: true,
selfToken: { type: 'client' },
......@@ -450,7 +450,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['read'], PathSpec: '*' }],
},
},
......@@ -476,14 +476,14 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['list'], PathSpec: 'foo/bar' }],
},
},
{
Name: 'pablo',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['read'], PathSpec: 'foo/bar' }],
},
},
......@@ -513,7 +513,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: 'foo' }],
},
},
......@@ -546,7 +546,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['write'], PathSpec: 'foo/*' },
{ Capabilities: ['write'], PathSpec: 'foo/bar/*' },
......@@ -582,7 +582,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: 'foo/*' }],
},
},
......@@ -615,7 +615,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['write'], PathSpec: '*/bar' },
{ Capabilities: ['write'], PathSpec: '*/bar/baz' },
......@@ -651,7 +651,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['write'], PathSpec: '*/bar' },
{ Capabilities: ['write'], PathSpec: 'foo/*' },
......@@ -687,7 +687,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
'Path "*"': {
Capabilities: ['write'],
},
......@@ -1082,14 +1082,14 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: 'foo' }],
},
},
{
Name: 'bar',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['read', 'write'], PathSpec: 'foo' },
],
......@@ -1129,14 +1129,14 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'default',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [{ Capabilities: ['write'], PathSpec: 'foo' }],
},
},
{
Name: 'bar',
Capabilities: [],
SecureVariables: {
Variables: {
Paths: [
{ Capabilities: ['read', 'write'], PathSpec: 'foo' },
],
......@@ -1176,7 +1176,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: '*',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list'],
......@@ -1188,7 +1188,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'namespace-1',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list', 'read', 'destroy', 'create'],
......@@ -1200,7 +1200,7 @@ module('Unit | Ability | variable', function (hooks) {
{
Name: 'namespace-2',
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
SecureVariables: {
Variables: {
Paths: [
{
Capabilities: ['list', 'read', 'destroy', 'create'],
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

免费DevSecOps平台,让您的项目体验完整的DevSecOps流程,让项目更安全