mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 02:28:09 +00:00
6f1749a88e
* Add renewing by accessor * Add accessor renewing test and fix bug * Update website docs * Remove extra newline * Add command-level test
228 lines
4.4 KiB
Go
228 lines
4.4 KiB
Go
package command
|
|
|
|
import (
|
|
"encoding/json"
|
|
"strconv"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/mitchellh/cli"
|
|
)
|
|
|
|
func testTokenRenewCommand(tb testing.TB) (*cli.MockUi, *TokenRenewCommand) {
|
|
tb.Helper()
|
|
|
|
ui := cli.NewMockUi()
|
|
return ui, &TokenRenewCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}
|
|
}
|
|
|
|
func TestTokenRenewCommand_Run(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cases := []struct {
|
|
name string
|
|
args []string
|
|
out string
|
|
code int
|
|
}{
|
|
{
|
|
"too_many_args",
|
|
[]string{"foo", "bar", "baz"},
|
|
"Too many arguments",
|
|
1,
|
|
},
|
|
{
|
|
"default",
|
|
nil,
|
|
"",
|
|
0,
|
|
},
|
|
{
|
|
"increment",
|
|
[]string{"-increment", "60s"},
|
|
"",
|
|
0,
|
|
},
|
|
{
|
|
"increment_no_suffix",
|
|
[]string{"-increment", "60"},
|
|
"",
|
|
0,
|
|
},
|
|
}
|
|
|
|
t.Run("validations", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
for _, tc := range cases {
|
|
tc := tc
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
// Login with the token so we can renew-self.
|
|
token, _ := testTokenAndAccessor(t, client)
|
|
client.SetToken(token)
|
|
|
|
ui, cmd := testTokenRenewCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run(tc.args)
|
|
if code != tc.code {
|
|
t.Errorf("expected %d to be %d", code, tc.code)
|
|
}
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
if !strings.Contains(combined, tc.out) {
|
|
t.Errorf("expected %q to contain %q", combined, tc.out)
|
|
}
|
|
})
|
|
}
|
|
})
|
|
|
|
t.Run("token", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
token, _ := testTokenAndAccessor(t, client)
|
|
|
|
_, cmd := testTokenRenewCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"-increment", "30m",
|
|
token,
|
|
})
|
|
if exp := 0; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
|
|
secret, err := client.Auth().Token().Lookup(token)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
str := string(secret.Data["ttl"].(json.Number))
|
|
ttl, err := strconv.ParseInt(str, 10, 64)
|
|
if err != nil {
|
|
t.Fatalf("bad ttl: %#v", secret.Data["ttl"])
|
|
}
|
|
if exp := int64(1800); ttl > exp {
|
|
t.Errorf("expected %d to be <= to %d", ttl, exp)
|
|
}
|
|
})
|
|
|
|
t.Run("accessor", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
token, accessor := testTokenAndAccessor(t, client)
|
|
|
|
_, cmd := testTokenRenewCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"-increment", "30m",
|
|
"-accessor",
|
|
accessor,
|
|
})
|
|
if exp := 0; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
|
|
secret, err := client.Auth().Token().Lookup(token)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
str := string(secret.Data["ttl"].(json.Number))
|
|
ttl, err := strconv.ParseInt(str, 10, 64)
|
|
if err != nil {
|
|
t.Fatalf("bad ttl: %#v", secret.Data["ttl"])
|
|
}
|
|
if exp := int64(1800); ttl > exp {
|
|
t.Errorf("expected %d to be <= to %d", ttl, exp)
|
|
}
|
|
})
|
|
|
|
t.Run("self", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
token, _ := testTokenAndAccessor(t, client)
|
|
|
|
// Get the old token and login as the new token. We need the old token
|
|
// to query after the lookup, but we need the new token on the client.
|
|
oldToken := client.Token()
|
|
client.SetToken(token)
|
|
|
|
_, cmd := testTokenRenewCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"-increment", "30m",
|
|
})
|
|
if exp := 0; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
|
|
client.SetToken(oldToken)
|
|
secret, err := client.Auth().Token().Lookup(token)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
str := string(secret.Data["ttl"].(json.Number))
|
|
ttl, err := strconv.ParseInt(str, 10, 64)
|
|
if err != nil {
|
|
t.Fatalf("bad ttl: %#v", secret.Data["ttl"])
|
|
}
|
|
if exp := int64(1800); ttl > exp {
|
|
t.Errorf("expected %d to be <= to %d", ttl, exp)
|
|
}
|
|
})
|
|
|
|
t.Run("communication_failure", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServerBad(t)
|
|
defer closer()
|
|
|
|
ui, cmd := testTokenRenewCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"foo/bar",
|
|
})
|
|
if exp := 2; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
|
|
expected := "Error renewing token: "
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
if !strings.Contains(combined, expected) {
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
}
|
|
})
|
|
|
|
t.Run("no_tabs", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, cmd := testTokenRenewCommand(t)
|
|
assertNoTabs(t, cmd)
|
|
})
|
|
}
|