deb.open-vault/command/token_capabilities_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package command

import (
	"strings"
	"testing"

	"github.com/hashicorp/vault/api"
	"github.com/mitchellh/cli"
)

func testTokenCapabilitiesCommand(tb testing.TB) (*cli.MockUi, *TokenCapabilitiesCommand) {
	tb.Helper()

	ui := cli.NewMockUi()
	return ui, &TokenCapabilitiesCommand{
		BaseCommand: &BaseCommand{
			UI: ui,
		},
	}
}

func TestTokenCapabilitiesCommand_Run(t *testing.T) {
	t.Parallel()

	cases := []struct {
		name string
		args []string
		out  string
		code int
	}{
		{
			"too_many_args",
			[]string{"foo", "bar", "zip"},
			"Too many arguments",
			1,
		},
	}

	for _, tc := range cases {
		tc := tc

		t.Run(tc.name, func(t *testing.T) {
			t.Parallel()

			client, closer := testVaultServer(t)
			defer closer()

			ui, cmd := testTokenCapabilitiesCommand(t)
			cmd.client = client

			code := cmd.Run(tc.args)
			if code != tc.code {
				t.Errorf("expected %d to be %d", code, tc.code)
			}

			combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
			if !strings.Contains(combined, tc.out) {
				t.Errorf("expected %q to contain %q", combined, tc.out)
			}
		})
	}

	t.Run("token", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		policy := `path "secret/foo" { capabilities = ["read"] }`
		if err := client.Sys().PutPolicy("policy", policy); err != nil {
			t.Error(err)
		}

		secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
			Policies: []string{"policy"},
			TTL:      "30m",
		})
		if err != nil {
			t.Fatal(err)
		}
		if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
			t.Fatalf("missing auth data: %#v", secret)
		}
		token := secret.Auth.ClientToken

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			token, "secret/foo",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "read"
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("local", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		policy := `path "secret/foo" { capabilities = ["read"] }`
		if err := client.Sys().PutPolicy("policy", policy); err != nil {
			t.Error(err)
		}

		secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
			Policies: []string{"policy"},
			TTL:      "30m",
		})
		if err != nil {
			t.Fatal(err)
		}
		if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
			t.Fatalf("missing auth data: %#v", secret)
		}
		token := secret.Auth.ClientToken

		client.SetToken(token)

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"secret/foo",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "read"
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("communication_failure", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServerBad(t)
		defer closer()

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"foo", "bar",
		})
		if exp := 2; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "Error listing capabilities: "
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("multiple_paths", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		_, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"secret/foo,secret/bar",
		})
		if exp := 1; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}
	})

	t.Run("no_tabs", func(t *testing.T) {
		t.Parallel()

		_, cmd := testTokenCapabilitiesCommand(t)
		assertNoTabs(t, cmd)
	})
}
New upstream version 1.14.8 2024-04-20 12:23:50 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

			`package command`

			`import (`
			`"strings"`
			`"testing"`

			`"github.com/hashicorp/vault/api"`
			`"github.com/mitchellh/cli"`
			`)`

			`func testTokenCapabilitiesCommand(tb testing.TB) (cli.MockUi, TokenCapabilitiesCommand) {`
			`tb.Helper()`

			`ui := cli.NewMockUi()`
			`return ui, &TokenCapabilitiesCommand{`
			`BaseCommand: &BaseCommand{`
			`UI: ui,`
			`},`
			`}`
			`}`

			`func TestTokenCapabilitiesCommand_Run(t *testing.T) {`
			`t.Parallel()`

			`cases := []struct {`
			`name string`
			`args []string`
			`out string`
			`code int`
			`}{`
			`{`
			`"too_many_args",`
			`[]string{"foo", "bar", "zip"},`
			`"Too many arguments",`
			`1,`
			`},`
			`}`

			`for _, tc := range cases {`
			`tc := tc`

			`t.Run(tc.name, func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			`ui, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run(tc.args)`
			`if code != tc.code {`
			`t.Errorf("expected %d to be %d", code, tc.code)`
			`}`

			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, tc.out) {`
			`t.Errorf("expected %q to contain %q", combined, tc.out)`
			`}`
			`})`
			`}`

			`t.Run("token", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			policy := `path "secret/foo" { capabilities = ["read"] }`
			`if err := client.Sys().PutPolicy("policy", policy); err != nil {`
			`t.Error(err)`
			`}`

			`secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{`
			`Policies: []string{"policy"},`
			`TTL: "30m",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if secret == nil \|\| secret.Auth == nil \|\| secret.Auth.ClientToken == "" {`
			`t.Fatalf("missing auth data: %#v", secret)`
			`}`
			`token := secret.Auth.ClientToken`

			`ui, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run([]string{`
			`token, "secret/foo",`
			`})`
			`if exp := 0; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "read"`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

			`t.Run("local", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			policy := `path "secret/foo" { capabilities = ["read"] }`
			`if err := client.Sys().PutPolicy("policy", policy); err != nil {`
			`t.Error(err)`
			`}`

			`secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{`
			`Policies: []string{"policy"},`
			`TTL: "30m",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if secret == nil \|\| secret.Auth == nil \|\| secret.Auth.ClientToken == "" {`
			`t.Fatalf("missing auth data: %#v", secret)`
			`}`
			`token := secret.Auth.ClientToken`

			`client.SetToken(token)`

			`ui, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"secret/foo",`
			`})`
			`if exp := 0; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "read"`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

			`t.Run("communication_failure", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServerBad(t)`
			`defer closer()`

			`ui, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"foo", "bar",`
			`})`
			`if exp := 2; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "Error listing capabilities: "`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

			`t.Run("multiple_paths", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			`_, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"secret/foo,secret/bar",`
			`})`
			`if exp := 1; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`
			`})`

			`t.Run("no_tabs", func(t *testing.T) {`
			`t.Parallel()`

			`_, cmd := testTokenCapabilitiesCommand(t)`
			`assertNoTabs(t, cmd)`
			`})`
			`}`