mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
190 lines
5.1 KiB
Go
190 lines
5.1 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package github
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/helper/namespace"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// TestGitHub_Login tests that we can successfully login with the given config
|
|
func TestGitHub_Login(t *testing.T) {
|
|
b, s := createBackendWithStorage(t)
|
|
|
|
// use a test server to return our mock GH org info
|
|
ts := setupTestServer(t)
|
|
defer ts.Close()
|
|
|
|
// Write the config
|
|
resp, err := b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "config",
|
|
Operation: logical.UpdateOperation,
|
|
Data: map[string]interface{}{
|
|
"organization": "foo-org",
|
|
"base_url": ts.URL, // base_url will call the test server
|
|
},
|
|
Storage: s,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.NoError(t, resp.Error())
|
|
|
|
// Read the config
|
|
resp, err = b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "config",
|
|
Operation: logical.ReadOperation,
|
|
Storage: s,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.NoError(t, resp.Error())
|
|
|
|
// attempt a login
|
|
resp, err = b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "login",
|
|
Operation: logical.UpdateOperation,
|
|
Storage: s,
|
|
})
|
|
|
|
expectedMetaData := map[string]string{
|
|
"org": "foo-org",
|
|
"username": "user-foo",
|
|
}
|
|
assert.Equal(t, expectedMetaData, resp.Auth.Metadata)
|
|
assert.NoError(t, err)
|
|
assert.NoError(t, resp.Error())
|
|
}
|
|
|
|
// TestGitHub_Login_OrgInvalid tests that we cannot login with an ID other than
|
|
// what is set in the config
|
|
func TestGitHub_Login_OrgInvalid(t *testing.T) {
|
|
b, s := createBackendWithStorage(t)
|
|
ctx := namespace.RootContext(nil)
|
|
|
|
// use a test server to return our mock GH org info
|
|
ts := setupTestServer(t)
|
|
defer ts.Close()
|
|
|
|
// write and store config
|
|
config := config{
|
|
Organization: "foo-org",
|
|
OrganizationID: 9999,
|
|
BaseURL: ts.URL + "/", // base_url will call the test server
|
|
}
|
|
entry, err := logical.StorageEntryJSON("config", config)
|
|
if err != nil {
|
|
t.Fatalf("failed creating storage entry")
|
|
}
|
|
if err := s.Put(ctx, entry); err != nil {
|
|
t.Fatalf("writing to in mem storage failed")
|
|
}
|
|
|
|
// attempt a login
|
|
resp, err := b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "login",
|
|
Operation: logical.UpdateOperation,
|
|
Storage: s,
|
|
})
|
|
|
|
assert.Nil(t, resp)
|
|
assert.Error(t, err)
|
|
assert.Equal(t, errors.New("user is not part of required org"), err)
|
|
}
|
|
|
|
// TestGitHub_Login_OrgNameChanged tests that we can successfully login with the
|
|
// given config and emit a warning when the organization name has changed
|
|
func TestGitHub_Login_OrgNameChanged(t *testing.T) {
|
|
b, s := createBackendWithStorage(t)
|
|
ctx := namespace.RootContext(nil)
|
|
|
|
// use a test server to return our mock GH org info
|
|
ts := setupTestServer(t)
|
|
defer ts.Close()
|
|
|
|
// write and store config
|
|
// the name does not match what the API will return but the ID does
|
|
config := config{
|
|
Organization: "old-name",
|
|
OrganizationID: 12345,
|
|
BaseURL: ts.URL + "/", // base_url will call the test server
|
|
}
|
|
entry, err := logical.StorageEntryJSON("config", config)
|
|
if err != nil {
|
|
t.Fatalf("failed creating storage entry")
|
|
}
|
|
if err := s.Put(ctx, entry); err != nil {
|
|
t.Fatalf("writing to in mem storage failed")
|
|
}
|
|
|
|
// attempt a login
|
|
resp, err := b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "login",
|
|
Operation: logical.UpdateOperation,
|
|
Storage: s,
|
|
})
|
|
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, resp.Error())
|
|
assert.Equal(
|
|
t,
|
|
[]string{"the organization name has changed to \"foo-org\". It is recommended to verify and update the organization name in the config: organization_id=12345"},
|
|
resp.Warnings,
|
|
)
|
|
}
|
|
|
|
// TestGitHub_Login_NoOrgID tests that we can successfully login with the given
|
|
// config when no organization ID is present and write the fetched ID to the
|
|
// config
|
|
func TestGitHub_Login_NoOrgID(t *testing.T) {
|
|
b, s := createBackendWithStorage(t)
|
|
ctx := namespace.RootContext(nil)
|
|
|
|
// use a test server to return our mock GH org info
|
|
ts := setupTestServer(t)
|
|
defer ts.Close()
|
|
|
|
// write and store config without Org ID
|
|
config := config{
|
|
Organization: "foo-org",
|
|
BaseURL: ts.URL + "/", // base_url will call the test server
|
|
}
|
|
entry, err := logical.StorageEntryJSON("config", config)
|
|
if err != nil {
|
|
t.Fatalf("failed creating storage entry")
|
|
}
|
|
if err := s.Put(ctx, entry); err != nil {
|
|
t.Fatalf("writing to in mem storage failed")
|
|
}
|
|
|
|
// attempt a login
|
|
resp, err := b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "login",
|
|
Operation: logical.UpdateOperation,
|
|
Storage: s,
|
|
})
|
|
|
|
expectedMetaData := map[string]string{
|
|
"org": "foo-org",
|
|
"username": "user-foo",
|
|
}
|
|
assert.Equal(t, expectedMetaData, resp.Auth.Metadata)
|
|
assert.NoError(t, err)
|
|
assert.NoError(t, resp.Error())
|
|
|
|
// Read the config
|
|
resp, err = b.HandleRequest(context.Background(), &logical.Request{
|
|
Path: "config",
|
|
Operation: logical.ReadOperation,
|
|
Storage: s,
|
|
})
|
|
assert.NoError(t, err)
|
|
assert.NoError(t, resp.Error())
|
|
|
|
// the ID should be set, we grab it from the GET /orgs API
|
|
assert.Equal(t, int64(12345), resp.Data["organization_id"])
|
|
}
|