open-vault/command/token_revoke_test.go

230 lines
4.6 KiB
Go
Raw Permalink Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2015-04-07 21:36:17 +00:00
package command
import (
2017-09-05 04:05:14 +00:00
"strings"
2015-04-07 21:36:17 +00:00
"testing"
"github.com/mitchellh/cli"
)
2017-09-05 04:05:14 +00:00
func testTokenRevokeCommand(tb testing.TB) (*cli.MockUi, *TokenRevokeCommand) {
tb.Helper()
2017-09-05 04:05:14 +00:00
ui := cli.NewMockUi()
return ui, &TokenRevokeCommand{
BaseCommand: &BaseCommand{
UI: ui,
},
}
}
2017-09-05 04:05:14 +00:00
func TestTokenRevokeCommand_Run(t *testing.T) {
t.Parallel()
validations := []struct {
name string
args []string
out string
code int
}{
{
"bad_mode",
[]string{"-mode=banana"},
"Invalid mode",
1,
},
{
"empty",
nil,
"Not enough arguments",
1,
},
{
"args_with_self",
[]string{"-self", "abcd1234"},
"Too many arguments",
1,
},
{
"too_many_args",
[]string{"abcd1234", "efgh5678"},
"Too many arguments",
1,
},
{
"self_and_accessor",
[]string{"-self", "-accessor"},
"Cannot use -self with -accessor",
1,
},
{
"self_and_mode",
[]string{"-self", "-mode=orphan"},
"Cannot use -self with -mode",
1,
},
{
"accessor_and_mode_orphan",
[]string{"-accessor", "-mode=orphan", "abcd1234"},
"Cannot use -accessor with -mode=orphan",
1,
},
{
"accessor_and_mode_path",
[]string{"-accessor", "-mode=path", "abcd1234"},
"Cannot use -accessor with -mode=path",
1,
2015-04-07 21:36:17 +00:00
},
}
2017-09-05 04:05:14 +00:00
t.Run("validations", func(t *testing.T) {
t.Parallel()
for _, tc := range validations {
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
2017-09-05 04:05:14 +00:00
ui, cmd := testTokenRevokeCommand(t)
cmd.client = client
2017-09-05 04:05:14 +00:00
code := cmd.Run(tc.args)
if code != tc.code {
t.Errorf("expected %d to be %d", code, tc.code)
}
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, tc.out) {
t.Errorf("expected %q to contain %q", combined, tc.out)
}
})
}
})
t.Run("token", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
token, _ := testTokenAndAccessor(t, client)
ui, cmd := testTokenRevokeCommand(t)
cmd.client = client
code := cmd.Run([]string{
token,
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Success! Revoked token"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().Lookup(token)
2017-09-05 04:05:14 +00:00
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}
})
t.Run("self", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
ui, cmd := testTokenRevokeCommand(t)
cmd.client = client
code := cmd.Run([]string{
"-self",
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Success! Revoked token"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().LookupSelf()
2017-09-05 04:05:14 +00:00
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}
})
t.Run("accessor", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
token, accessor := testTokenAndAccessor(t, client)
ui, cmd := testTokenRevokeCommand(t)
cmd.client = client
code := cmd.Run([]string{
"-accessor",
accessor,
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Success! Revoked token"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
secret, err := client.Auth().Token().Lookup(token)
2017-09-05 04:05:14 +00:00
if secret != nil || err == nil {
t.Errorf("expected token to be revoked: %#v", secret)
}
})
t.Run("communication_failure", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerBad(t)
defer closer()
ui, cmd := testTokenRevokeCommand(t)
cmd.client = client
code := cmd.Run([]string{
"abcd1234",
})
if exp := 2; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Error revoking token: "
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("no_tabs", func(t *testing.T) {
t.Parallel()
_, cmd := testTokenRevokeCommand(t)
assertNoTabs(t, cmd)
})
2015-04-07 21:36:17 +00:00
}