add initial implementation for the new consul policy and token api (#366

) * add initial implementation for the new consul policy api * split up environment setup so it can be re-used in travis ci build * move policy handling into acl client to better reflect consul api layout * add token removal and listing functionality * update documentation to reflect enviroment setup changes
rickfast · Jan 30, 2019 · 05289b0 · 05289b0
1 parent d0ba5a5
commit 05289b0
Show file tree

Hide file tree

Showing 14 changed files with 492 additions and 13 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,9 +1,8 @@
 language: java
 services: docker
 before_install:
-  - docker run -d -p 127.0.0.1:8500:8500 consul:1.2.3 agent -dev -client 0.0.0.0 --enable-script-checks=true
+  - ./do setup-environment
 
 jdk:
   - oraclejdk8
 script: mvn clean test
-
diff --git a/README.md b/README.md
@@ -153,13 +153,27 @@ Official instructions are [here](http://immutables.github.io/apt.html), although
 
 ### Integration Tests
 
-Integrations Tests rely on the assumption that a Consul server is running on localhost's default port 8500.
+Integrations Tests rely on the assumption that a Consul server is running on localhost's default port 8500 and another one with enabled ACLs on port 8501.
 
-You can run a Consul server in docker using the following command line:
+A shell skript that sets up the integration test environment is available, to execute all tests run:
 ```
-docker kill dev-consul ; docker rm dev-consul ; docker run -d -p 127.0.0.1:8500:8500 --name=dev-consul consul agent -dev -client 0.0.0.0 --enable-script-checks=true
+./do test
 ```
 
+you can clean up any leftover Docker containers with
+
+```
+./do clean-environment
+```
+
+for local development setup you can use
+
+```
+./do setup-environment
+```
+
+to start the needed docker containers.
+
 ### Eclipse-specific notes
 
 Their instructions for eclipse a bit difficult to grok, but I was able to get eclipse to compile by following the second part of the instructions. Essentially, enable annotation processing, then extend the M2_REPO variable to include the immutables annotation processor. One thing is that documentation is out of date in that it tells you the wrong jar to include - it should be org/immutables/value/2.0.16/value-2.0.16.jar.

diff --git a/do b/do
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+DIR="$( cd "$(dirname "$0")" ; pwd -P )"
+
+CONSUL_DEV_NAME="consul-dev"
+CONSUL_DEV_ACL_NAME="consul-dev-acl"
+
+CONSUL_ACL_CONFIG=$(cat <<EOF
+{
+  "acl": {
+    "enabled": true,
+    "default_policy": "deny",
+    "tokens": {
+      "master": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
+    }
+  }
+}
+EOF
+)
+
+function task_clean_environment {
+    docker rm -f "${CONSUL_DEV_NAME}"
+    docker rm -f "${CONSUL_DEV_ACL_NAME}"
+}
+
+function task_setup_environment {
+    docker run -d -p 127.0.0.1:8500:8500 --name="${CONSUL_DEV_NAME}" consul agent -dev -client 0.0.0.0 --enable-script-checks=true
+    docker run -d -p 127.0.0.1:8501:8500 --name="${CONSUL_DEV_ACL_NAME}"  -e CONSUL_LOCAL_CONFIG="${CONSUL_ACL_CONFIG}" consul agent -dev -client 0.0.0.0 --enable-script-checks=true
+}
+
+function task_test {
+    task_clean_environment
+    task_setup_environment
+
+    (
+        cd "${DIR}"
+        mvn test
+    )
+
+    task_clean_environment
+}
+
+task_usage() {
+  echo "Usage: $0 test | setup-environment | clean-environment"
+  exit 1
+}
+
+arg=${1:-}
+shift || true
+case ${arg} in
+    test) task_test ;;
+    clean-environment) task_clean_environment ;;
+    setup-environment) task_setup_environment ;;
+    *) task_usage ;;
+esac
diff --git a/src/itest/java/com/orbitz/consul/AclTest.java b/src/itest/java/com/orbitz/consul/AclTest.java
@@ -0,0 +1,137 @@
+package com.orbitz.consul;
+
+import com.google.common.net.HostAndPort;
+import com.orbitz.consul.model.acl.*;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.time.Duration;
+import java.util.*;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.*;
+
+public class AclTest {
+
+    protected static Consul client;
+
+    protected static HostAndPort aclClientHostAndPort = HostAndPort.fromParts("localhost", 8501);
+
+    @BeforeClass
+    public static void beforeClass() {
+        client = Consul.builder()
+                .withHostAndPort(aclClientHostAndPort)
+                .withAclToken("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee")
+                .withReadTimeoutMillis(Duration.ofSeconds(2).toMillis())
+                .build();
+    }
+
+    @Test
+    public void listPolicies() {
+        AclClient aclClient = client.aclClient();
+        assertTrue(aclClient.listPolicies().stream().anyMatch(p -> Objects.equals(p.name(), "global-management")));
+    }
+
+    @Test
+    public void testCreateAndReadPolicy() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse policy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+        assertThat(policy.name(), is(policyName));
+
+        policy = aclClient.readPolicy(policy.id());
+        assertThat(policy.name(), is(policyName));
+    }
+
+    @Test
+    public void testUpdatePolicy() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse createdPolicy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+
+        String newPolicyName = UUID.randomUUID().toString();
+        aclClient.updatePolicy(createdPolicy.id(), ImmutablePolicy.builder().name(newPolicyName).build());
+
+        PolicyResponse updatedPolicy = aclClient.readPolicy(createdPolicy.id());
+        assertThat(updatedPolicy.name(), is(newPolicyName));
+    }
+
+    @Test
+    public void testDeletePolicy() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse createdPolicy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+
+        int oldPolicyCount = aclClient.listPolicies().size();
+        aclClient.deletePolicy(createdPolicy.id());
+        int newPolicyCount = aclClient.listPolicies().size();
+
+        assertThat(newPolicyCount, is(oldPolicyCount - 1));
+    }
+
+    @Test
+    public void testCreateAndReadToken() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse createdPolicy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+
+        String tokenDescription = UUID.randomUUID().toString();
+        TokenResponse createdToken = aclClient.createToken(ImmutableToken.builder().description(tokenDescription).local(false).addPolicies(ImmutablePolicyLink.builder().id(createdPolicy.id()).build()).build());
+
+        TokenResponse readToken = aclClient.readToken(createdToken.accessorId());
+
+        assertThat(readToken.description(), is(tokenDescription));
+        assertThat(readToken.policies().get(0).name().get(), is(policyName));
+    }
+
+    @Test
+    public void testReadSelfToken() {
+        AclClient aclClient = client.aclClient();
+
+        TokenResponse selfToken = aclClient.readSelfToken();
+        assertThat(selfToken.description(), is("Master Token"));
+    }
+
+    @Test
+    public void testUpdateToken() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse createdPolicy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+
+        TokenResponse createdToken = aclClient.createToken(ImmutableToken.builder().description("none").local(false).addPolicies(ImmutablePolicyLink.builder().id(createdPolicy.id()).build()).build());
+        String newDescription = UUID.randomUUID().toString();
+        aclClient.updateToken(createdToken.accessorId(), ImmutableToken.builder().local(false).description(newDescription).build());
+
+        TokenResponse readToken = aclClient.readToken(createdToken.accessorId());
+        assertThat(readToken.description(), is(newDescription));
+    }
+
+    @Test
+    public void testListTokens() {
+        AclClient aclClient = client.aclClient();
+
+        assertTrue(aclClient.listTokens().stream().anyMatch(p -> Objects.equals(p.description(), "Anonymous Token")));
+        assertTrue(aclClient.listTokens().stream().anyMatch(p -> Objects.equals(p.description(), "Master Token")));
+    }
+
+    @Test
+    public void testDeleteToken() {
+        AclClient aclClient = client.aclClient();
+
+        String policyName = UUID.randomUUID().toString();
+        PolicyResponse createdPolicy = aclClient.createPolicy(ImmutablePolicy.builder().name(policyName).build());
+        TokenResponse createdToken = aclClient.createToken(ImmutableToken.builder().description(UUID.randomUUID().toString()).local(false).addPolicies(ImmutablePolicyLink.builder().id(createdPolicy.id()).build()).build());
+
+        int oldTokenCount = aclClient.listTokens().size();
+        aclClient.deleteToken(createdToken.accessorId());
+
+        int newTokenCount = aclClient.listTokens().size();
+        assertThat(newTokenCount, is(oldTokenCount - 1));
+    }
+
+}
diff --git a/src/main/java/com/orbitz/consul/AclClient.java b/src/main/java/com/orbitz/consul/AclClient.java
@@ -1,16 +1,11 @@
 package com.orbitz.consul;
 
 import com.orbitz.consul.config.ClientConfig;
-import com.orbitz.consul.model.acl.AclResponse;
-import com.orbitz.consul.model.acl.AclToken;
-import com.orbitz.consul.model.acl.AclTokenId;
+import com.orbitz.consul.model.acl.*;
 import com.orbitz.consul.monitoring.ClientEventCallback;
 import retrofit2.Call;
 import retrofit2.Retrofit;
-import retrofit2.http.Body;
-import retrofit2.http.GET;
-import retrofit2.http.PUT;
-import retrofit2.http.Path;
+import retrofit2.http.*;
 
 import java.util.List;
 
@@ -49,6 +44,50 @@ public List<AclResponse> listAcls() {
         return http.extract(api.listAcls());
     }
 
+    public PolicyResponse createPolicy(Policy policy) {
+        return http.extract(api.createPolicy(policy));
+    }
+
+    public PolicyResponse readPolicy(String id) {
+        return http.extract(api.readPolicy(id));
+    }
+
+    public PolicyResponse updatePolicy(String id, Policy policy) {
+        return http.extract(api.updatePolicy(id, policy));
+    }
+
+    public void deletePolicy(String id) {
+        http.extract(api.deletePolicy(id));
+    }
+
+    public List<PolicyResponse> listPolicies() {
+        return http.extract(api.listPolicies());
+    }
+
+    public TokenResponse createToken(Token token) {
+        return http.extract(api.createToken(token));
+    }
+
+    public TokenResponse readToken(String id) {
+        return http.extract(api.readToken(id));
+    }
+
+    public TokenResponse readSelfToken() {
+        return http.extract(api.readToken("self"));
+    }
+
+    public TokenResponse updateToken(String id, Token token) {
+        return http.extract(api.updateToken(id, token));
+    }
+
+    public List<TokenListResponse> listTokens() {
+        return http.extract(api.listTokens());
+    }
+
+    public void deleteToken(String id) {
+        http.extract(api.deleteToken(id));
+    }
+
     interface Api {
 
         @PUT("acl/create")
@@ -68,5 +107,36 @@ interface Api {
 
         @GET("acl/list")
         Call<List<AclResponse>> listAcls();
+
+        @PUT("acl/policy")
+        Call<PolicyResponse> createPolicy(@Body Policy policy);
+
+        @GET("acl/policy/{id}")
+        Call<PolicyResponse> readPolicy(@Path("id") String id);
+
+        @PUT("acl/policy/{id}")
+        Call<PolicyResponse> updatePolicy(@Path("id") String id, @Body Policy policy);
+
+        @DELETE("acl/policy/{id}")
+        Call<Void> deletePolicy(@Path("id") String id);
+
+        @GET("acl/policies")
+        Call<List<PolicyResponse>> listPolicies();
+
+        @PUT("acl/token")
+        Call<TokenResponse> createToken(@Body Token token);
+
+        @GET("acl/token/{id}")
+        Call<TokenResponse> readToken(@Path("id") String id);
+
+        @PUT("acl/token/{id}")
+        Call<TokenResponse> updateToken(@Path("id") String id, @Body Token token);
+
+        @GET("acl/tokens")
+        Call<List<TokenListResponse>> listTokens();
+
+        @DELETE("acl/token/{id}")
+        Call<Void> deleteToken(@Path("id") String id);
     }
+
 }
diff --git a/src/main/java/com/orbitz/consul/Consul.java b/src/main/java/com/orbitz/consul/Consul.java
@@ -3,7 +3,6 @@
 import java.net.MalformedURLException;
 import java.net.Proxy;
 import java.net.URL;
-import java.time.Instant;
 import java.util.Collection;
 import java.util.Map;
 import java.util.concurrent.ExecutorService;

diff --git a/src/main/java/com/orbitz/consul/model/acl/BasePolicyResponse.java b/src/main/java/com/orbitz/consul/model/acl/BasePolicyResponse.java
@@ -0,0 +1,27 @@
+package com.orbitz.consul.model.acl;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import java.math.BigInteger;
+import java.util.Optional;
+
+public abstract class BasePolicyResponse {
+
+    @JsonProperty("ID")
+    public abstract String id();
+
+    @JsonProperty("Name")
+    public abstract String name();
+
+    @JsonProperty("Datacenters")
+    public abstract Optional<String> datacenters();
+
+    @JsonProperty("Hash")
+    public abstract String hash();
+
+    @JsonProperty("CreateIndex")
+    public abstract BigInteger createIndex();
+
+    @JsonProperty("ModifyIndex")
+    public abstract BigInteger modifyIndex();
+}