Fix ACL test failure introduced in dgraph-io#3147 (dgraph-io#3206)

dna2fork · Jul 19, 2019 · 4a32006 · 4a32006
1 parent 61d2166
commit 4a32006
Showing 1 changed file with 29 additions and 27 deletions.
diff --git a/ee/acl/acl_curl_test.go b/ee/acl/acl_curl_test.go
@@ -45,30 +45,30 @@ func TestCurlAuthorization(t *testing.T) {
 	require.NoError(t, err, "login failed")
 
 	// test fail open with the accessJwt
-	queryArgs := func() []string {
-		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", accessJwt),
+	queryArgs := func(jwt string) []string {
+		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt),
 			"-d", query, curlQueryEndpoint}
 	}
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
 
-	mutateArgs := func() []string {
-		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", accessJwt),
+	mutateArgs := func(jwt string) []string {
+		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt),
 			"-d", fmt.Sprintf(`{ set {
 	   _:a <%s>  "string" .
 	   }}`, predicateToWrite), curlMutateEndpoint}
 
 	}
-	verifyCurlCmd(t, mutateArgs(), &FailureConfig{
+	verifyCurlCmd(t, mutateArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
 
-	alterArgs := func() []string {
-		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", accessJwt),
+	alterArgs := func(jwt string) []string {
+		return []string{"-H", fmt.Sprintf("X-Dgraph-AccessToken:%s", jwt),
 			"-d", fmt.Sprintf(`%s: int .`, predicateToAlter), curlAlterEndpoint}
 	}
-	verifyCurlCmd(t, alterArgs(), &FailureConfig{
+	verifyCurlCmd(t, alterArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
 
@@ -77,54 +77,54 @@ func TestCurlAuthorization(t *testing.T) {
 	// JWT
 	glog.Infof("Sleeping for 4 seconds for accessJwt to expire")
 	time.Sleep(4 * time.Second)
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "Token is expired",
 	})
-	verifyCurlCmd(t, mutateArgs(), &FailureConfig{
+	verifyCurlCmd(t, mutateArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "Token is expired",
 	})
-	verifyCurlCmd(t, alterArgs(), &FailureConfig{
+	verifyCurlCmd(t, alterArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "Token is expired",
 	})
 	// login again using the refreshJwt
-	_, refreshJwt, err = z.HttpLogin(&z.LoginParams{
+	accessJwt, refreshJwt, err = z.HttpLogin(&z.LoginParams{
 		Endpoint:   loginEndpoint,
 		RefreshJwt: refreshJwt,
 	})
 	require.NoError(t, err, fmt.Sprintf("login through refresh token failed: %v", err))
 	// verify that the query works again with the new access jwt
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
 
 	createGroupAndAcls(t, unusedGroup, false)
 	// wait for 6 seconds to ensure the new acl have reached all acl caches
 	glog.Infof("Sleeping for 6 seconds for acl caches to be refreshed")
 	time.Sleep(6 * time.Second)
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "Token is expired",
 	})
 	// refresh the jwts again
-	_, refreshJwt, err = z.HttpLogin(&z.LoginParams{
+	accessJwt, refreshJwt, err = z.HttpLogin(&z.LoginParams{
 		Endpoint:   loginEndpoint,
 		RefreshJwt: refreshJwt,
 	})
 	require.NoError(t, err, fmt.Sprintf("login through refresh token failed: %v", err))
 	// verify that with an ACL rule defined, all the operations should be denied when the acsess JWT
 	// does not have the required permissions
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "PermissionDenied",
 	})
-	verifyCurlCmd(t, mutateArgs(), &FailureConfig{
+	verifyCurlCmd(t, mutateArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "PermissionDenied",
 	})
-	verifyCurlCmd(t, alterArgs(), &FailureConfig{
+	verifyCurlCmd(t, alterArgs(accessJwt), &FailureConfig{
 		shouldFail: true,
 		failMsg:    "PermissionDenied",
 	})
@@ -133,27 +133,29 @@ func TestCurlAuthorization(t *testing.T) {
 	glog.Infof("Sleeping for 6 seconds for acl caches to be refreshed")
 	time.Sleep(6 * time.Second)
 	// refresh the jwts again
-	_, _, err = z.HttpLogin(&z.LoginParams{
+	accessJwt, _, err = z.HttpLogin(&z.LoginParams{
 		Endpoint:   loginEndpoint,
 		RefreshJwt: refreshJwt,
 	})
 	require.NoError(t, err, fmt.Sprintf("login through refresh token failed: %v", err))
 	// verify that the operations should be allowed again through the dev group
-	verifyCurlCmd(t, queryArgs(), &FailureConfig{
+	verifyCurlCmd(t, queryArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
-	verifyCurlCmd(t, mutateArgs(), &FailureConfig{
+	verifyCurlCmd(t, mutateArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
-	verifyCurlCmd(t, alterArgs(), &FailureConfig{
+	verifyCurlCmd(t, alterArgs(accessJwt), &FailureConfig{
 		shouldFail: false,
 	})
 }
 
-var curlLoginEndpoint = "localhost:8180/login"
-var curlQueryEndpoint = "localhost:8180/query"
-var curlMutateEndpoint = "localhost:8180/mutate"
-var curlAlterEndpoint = "localhost:8180/alter"
+const (
+	curlLoginEndpoint  = "localhost:8180/login"
+	curlQueryEndpoint  = "localhost:8180/query"
+	curlMutateEndpoint = "localhost:8180/mutate"
+	curlAlterEndpoint  = "localhost:8180/alter"
+)
 
 type ErrorEntry struct {
 	Code    string `json:"code"`