hashicorp · hc-github-team-consul-core · Mar 6, 2023 · Mar 6, 2023 · Mar 6, 2023 · Mar 6, 2023
@@ -22,6 +22,13 @@ func TestTokenUpdateCommand_noTabs(t *testing.T) {
 	}
 }
 
+func create_token(t *testing.T, client *api.Client, aclToken *api.ACLToken, writeOptions *api.WriteOptions) *api.ACLToken {
+	token, _, err := client.ACL().TokenCreate(aclToken, writeOptions)
+	require.NoError(t, err)
+
+	return token
+}
+
 func TestTokenUpdateCommand(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")
@@ -50,13 +57,6 @@ func TestTokenUpdateCommand(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	// create a token
-	token, _, err := client.ACL().TokenCreate(
-		&api.ACLToken{Description: "test"},
-		&api.WriteOptions{Token: "root"},
-	)
-	require.NoError(t, err)
-
 	run := func(t *testing.T, args []string) *api.ACLToken {
 		ui := cli.NewMockUi()
 		cmd := New(ui)
@@ -72,21 +72,29 @@ func TestTokenUpdateCommand(t *testing.T) {
 
 	// update with node identity
 	t.Run("node-identity", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-node-identity=foo:bar",
 			"-description=test token",
 		})
 
-		require.Len(t, token.NodeIdentities, 1)
-		require.Equal(t, "foo", token.NodeIdentities[0].NodeName)
-		require.Equal(t, "bar", token.NodeIdentities[0].Datacenter)
+		require.Len(t, responseToken.NodeIdentities, 1)
+		require.Equal(t, "foo", responseToken.NodeIdentities[0].NodeName)
+		require.Equal(t, "bar", responseToken.NodeIdentities[0].Datacenter)
 	})
 
 	t.Run("node-identity-merge", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t,
+			client,
+			&api.ACLToken{Description: "test", NodeIdentities: []*api.ACLNodeIdentity{{NodeName: "foo", Datacenter: "bar"}}},
+			&api.WriteOptions{Token: "root"},
+		)
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
@@ -95,7 +103,7 @@ func TestTokenUpdateCommand(t *testing.T) {
 			"-merge-node-identities",
 		})
 
-		require.Len(t, token.NodeIdentities, 2)
+		require.Len(t, responseToken.NodeIdentities, 2)
 		expected := []*api.ACLNodeIdentity{
 			{
 				NodeName:   "foo",
@@ -106,88 +114,67 @@ func TestTokenUpdateCommand(t *testing.T) {
 				Datacenter: "baz",
 			},
 		}
-		require.ElementsMatch(t, expected, token.NodeIdentities)
-	})
-
-	// update with append-node-identity
-	t.Run("append-node-identity", func(t *testing.T) {
-
-		token := run(t, []string{
-			"-http-addr=" + a.HTTPAddr(),
-			"-accessor-id=" + token.AccessorID,
-			"-token=root",
-			"-append-node-identity=third:node",
-			"-description=test token",
-		})
-
-		require.Len(t, token.NodeIdentities, 3)
-		require.Equal(t, "third", token.NodeIdentities[2].NodeName)
-		require.Equal(t, "node", token.NodeIdentities[2].Datacenter)
+		require.ElementsMatch(t, expected, responseToken.NodeIdentities)
 	})
 
 	// update with policy by name
 	t.Run("policy-name", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-policy-name=" + policy.Name,
 			"-description=test token",
 		})
 
-		require.Len(t, token.Policies, 1)
+		require.Len(t, responseToken.Policies, 1)
 	})
 
 	// update with policy by id
 	t.Run("policy-id", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-policy-id=" + policy.ID,
 			"-description=test token",
 		})
 
-		require.Len(t, token.Policies, 1)
+		require.Len(t, responseToken.Policies, 1)
 	})
 
 	// update with service-identity
 	t.Run("service-identity", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-service-identity=service:datapalace",
 			"-description=test token",
 		})
 
-		require.Len(t, token.ServiceIdentities, 1)
-		require.Equal(t, "service", token.ServiceIdentities[0].ServiceName)
-	})
-
-	// update with append-service-identity
-	t.Run("append-service-identity", func(t *testing.T) {
-		token := run(t, []string{
-			"-http-addr=" + a.HTTPAddr(),
-			"-accessor-id=" + token.AccessorID,
-			"-token=root",
-			"-append-service-identity=web",
-			"-description=test token",
-		})
-		require.Len(t, token.ServiceIdentities, 2)
-		require.Equal(t, "web", token.ServiceIdentities[1].ServiceName)
+		require.Len(t, responseToken.ServiceIdentities, 1)
+		require.Equal(t, "service", responseToken.ServiceIdentities[0].ServiceName)
 	})
 
 	// update with no description shouldn't delete the current description
 	t.Run("merge-description", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client, &api.ACLToken{Description: "test token"}, &api.WriteOptions{Token: "root"})
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-policy-name=" + policy.Name,
 		})
 
-		require.Equal(t, "test token", token.Description)
+		require.Equal(t, "test token", responseToken.Description)
 	})
 }
 
@@ -219,27 +206,13 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	// create a token
-	token, _, err := client.ACL().TokenCreate(
-		&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
-		&api.WriteOptions{Token: "root"},
-	)
-	require.NoError(t, err)
-
 	//secondary policy
 	secondPolicy, _, policyErr := client.ACL().PolicyCreate(
 		&api.ACLPolicy{Name: "secondary-policy"},
 		&api.WriteOptions{Token: "root"},
 	)
 	require.NoError(t, policyErr)
 
-	//third policy
-	thirdPolicy, _, policyErr := client.ACL().PolicyCreate(
-		&api.ACLPolicy{Name: "third-policy"},
-		&api.WriteOptions{Token: "root"},
-	)
-	require.NoError(t, policyErr)
-
 	run := func(t *testing.T, args []string) *api.ACLToken {
 		ui := cli.NewMockUi()
 		cmd := New(ui)
@@ -255,28 +228,85 @@ func TestTokenUpdateCommandWithAppend(t *testing.T) {
 
 	// update with append-policy-name
 	t.Run("append-policy-name", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client,
+			&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
+			&api.WriteOptions{Token: "root"},
+		)
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
 			"-append-policy-name=" + secondPolicy.Name,
 			"-description=test token",
 		})
 
-		require.Len(t, token.Policies, 2)
+		require.Len(t, responseToken.Policies, 2)
 	})
 
 	// update with append-policy-id
 	t.Run("append-policy-id", func(t *testing.T) {
-		token := run(t, []string{
+		token := create_token(t, client,
+			&api.ACLToken{Description: "test", Policies: []*api.ACLTokenPolicyLink{{Name: policy.Name}}},
+			&api.WriteOptions{Token: "root"},
+		)
+
+		responseToken := run(t, []string{
 			"-http-addr=" + a.HTTPAddr(),
 			"-accessor-id=" + token.AccessorID,
 			"-token=root",
-			"-append-policy-id=" + thirdPolicy.ID,
+			"-append-policy-id=" + secondPolicy.ID,
 			"-description=test token",
 		})
 
-		require.Len(t, token.Policies, 3)
+		require.Len(t, responseToken.Policies, 2)
+	})
+
+	// update with append-node-identity
+	t.Run("append-node-identity", func(t *testing.T) {
+		token := create_token(t, client,
+			&api.ACLToken{
+				Description:    "test",
+				Policies:       []*api.ACLTokenPolicyLink{{Name: policy.Name}},
+				NodeIdentities: []*api.ACLNodeIdentity{{NodeName: "namenode", Datacenter: "somewhere"}},
+			},
+			&api.WriteOptions{Token: "root"},
+		)
+
+		responseToken := run(t, []string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-accessor-id=" + token.AccessorID,
+			"-token=root",
+			"-append-node-identity=third:node",
+			"-description=test token",
+		})
+
+		require.Len(t, responseToken.NodeIdentities, 2)
+		require.Equal(t, "third", responseToken.NodeIdentities[1].NodeName)
+		require.Equal(t, "node", responseToken.NodeIdentities[1].Datacenter)
+	})
+
+	// update with append-service-identity
+	t.Run("append-service-identity", func(t *testing.T) {
+		token := create_token(t, client,
+			&api.ACLToken{
+				Description:       "test",
+				Policies:          []*api.ACLTokenPolicyLink{{Name: policy.Name}},
+				ServiceIdentities: []*api.ACLServiceIdentity{{ServiceName: "service"}},
+			},
+			&api.WriteOptions{Token: "root"},
+		)
+
+		responseToken := run(t, []string{
+			"-http-addr=" + a.HTTPAddr(),
+			"-accessor-id=" + token.AccessorID,
+			"-token=root",
+			"-append-service-identity=web",
+			"-description=test token",
+		})
+
+		require.Len(t, responseToken.ServiceIdentities, 2)
+		require.Equal(t, "web", responseToken.ServiceIdentities[1].ServiceName)
 	})
 }
 
@@ -310,12 +340,7 @@ func TestTokenUpdateCommand_JSON(t *testing.T) {
 	)
 	require.NoError(t, err)
 
-	// create a token
-	token, _, err := client.ACL().TokenCreate(
-		&api.ACLToken{Description: "test"},
-		&api.WriteOptions{Token: "root"},
-	)
-	require.NoError(t, err)
+	token := create_token(t, client, &api.ACLToken{Description: "test"}, &api.WriteOptions{Token: "root"})
 
 	t.Run("update with policy by name", func(t *testing.T) {
 		cmd := New(ui)