open-vault/builtin/credential/app-id/backend_test.go

package appId

import (
	"context"
	"fmt"
	"testing"

	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
	"github.com/hashicorp/vault/sdk/helper/salt"
	"github.com/hashicorp/vault/sdk/logical"
)

func TestBackend_basic(t *testing.T) {
	var b *backend
	var err error
	var storage logical.Storage
	factory := func(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
		b, err = Backend(conf)
		if err != nil {
			t.Fatal(err)
		}
		storage = conf.StorageView
		if err := b.Setup(ctx, conf); err != nil {
			return nil, err
		}
		return b, nil
	}
	logicaltest.Test(t, logicaltest.TestCase{
		CredentialFactory: factory,
		Steps: []logicaltest.TestStep{
			testAccStepMapAppId(t),
			testAccStepMapUserId(t),
			testAccLogin(t, ""),
			testAccLoginAppIDInPath(t, ""),
			testAccLoginInvalid(t),
			testAccStepDeleteUserId(t),
			testAccLoginDeleted(t),
		},
	})

	req := &logical.Request{
		Path:      "map/app-id",
		Operation: logical.ListOperation,
		Storage:   storage,
	}
	resp, err := b.HandleRequest(context.Background(), req)
	if err != nil {
		t.Fatal(err)
	}
	if resp == nil {
		t.Fatal("nil response")
	}
	keys := resp.Data["keys"].([]string)
	if len(keys) != 1 {
		t.Fatalf("expected 1 key, got %d", len(keys))
	}
	bSalt, err := b.Salt(context.Background())
	if err != nil {
		t.Fatal(err)
	}
	if keys[0] != "s"+bSalt.SaltIDHashFunc("foo", salt.SHA256Hash) {
		t.Fatal("value was improperly salted")
	}
}

func TestBackend_cidr(t *testing.T) {
	logicaltest.Test(t, logicaltest.TestCase{
		CredentialFactory: Factory,
		Steps: []logicaltest.TestStep{
			testAccStepMapAppIdDisplayName(t),
			testAccStepMapUserIdCidr(t, "192.168.1.0/16"),
			testAccLoginCidr(t, "192.168.1.5", false),
			testAccLoginCidr(t, "10.0.1.5", true),
			testAccLoginCidr(t, "", true),
		},
	})
}

func TestBackend_displayName(t *testing.T) {
	logicaltest.Test(t, logicaltest.TestCase{
		CredentialFactory: Factory,
		Steps: []logicaltest.TestStep{
			testAccStepMapAppIdDisplayName(t),
			testAccStepMapUserId(t),
			testAccLogin(t, "tubbin"),
			testAccLoginAppIDInPath(t, "tubbin"),
			testAccLoginInvalid(t),
			testAccStepDeleteUserId(t),
			testAccLoginDeleted(t),
		},
	})
}

func testAccStepMapAppId(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "map/app-id/foo",
		Data: map[string]interface{}{
			"value": "foo,bar",
		},
	}
}

func testAccStepMapAppIdDisplayName(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "map/app-id/foo",
		Data: map[string]interface{}{
			"display_name": "tubbin",
			"value":        "foo,bar",
		},
	}
}

func testAccStepMapUserId(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "map/user-id/42",
		Data: map[string]interface{}{
			"value": "foo",
		},
	}
}

func testAccStepDeleteUserId(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.DeleteOperation,
		Path:      "map/user-id/42",
	}
}

func testAccStepMapUserIdCidr(t *testing.T, cidr string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "map/user-id/42",
		Data: map[string]interface{}{
			"value":      "foo",
			"cidr_block": cidr,
		},
	}
}

func testAccLogin(t *testing.T, display string) logicaltest.TestStep {
	checkTTL := func(resp *logical.Response) error {
		if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" {
			return fmt.Errorf("invalid TTL: got %s", resp.Auth.LeaseOptions.TTL)
		}
		return nil
	}
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "login",
		Data: map[string]interface{}{
			"app_id":  "foo",
			"user_id": "42",
		},
		Unauthenticated: true,

		Check: logicaltest.TestCheckMulti(
			logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}),
			logicaltest.TestCheckAuthDisplayName(display),
			checkTTL,
		),
	}
}

func testAccLoginAppIDInPath(t *testing.T, display string) logicaltest.TestStep {
	checkTTL := func(resp *logical.Response) error {
		if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" {
			return fmt.Errorf("invalid TTL: got %s", resp.Auth.LeaseOptions.TTL)
		}
		return nil
	}
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "login/foo",
		Data: map[string]interface{}{
			"user_id": "42",
		},
		Unauthenticated: true,

		Check: logicaltest.TestCheckMulti(
			logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}),
			logicaltest.TestCheckAuthDisplayName(display),
			checkTTL,
		),
	}
}

func testAccLoginCidr(t *testing.T, ip string, err bool) logicaltest.TestStep {
	check := logicaltest.TestCheckError()
	if !err {
		check = logicaltest.TestCheckAuth([]string{"bar", "default", "foo"})
	}

	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "login",
		Data: map[string]interface{}{
			"app_id":  "foo",
			"user_id": "42",
		},
		ErrorOk:         err,
		Unauthenticated: true,
		RemoteAddr:      ip,

		Check: check,
	}
}

func testAccLoginInvalid(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "login",
		Data: map[string]interface{}{
			"app_id":  "foo",
			"user_id": "48",
		},
		ErrorOk:         true,
		Unauthenticated: true,

		Check: logicaltest.TestCheckError(),
	}
}

func testAccLoginDeleted(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "login",
		Data: map[string]interface{}{
			"app_id":  "foo",
			"user_id": "42",
		},
		ErrorOk:         true,
		Unauthenticated: true,

		Check: logicaltest.TestCheckError(),
	}
}
credential/app-id 2015-04-05 01:40:21 +00:00			`package appId`

			`import (`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`"context"`
Added renewal capability to app-id backend 2016-02-12 01:36:07 +00:00			`"fmt"`
credential/app-id 2015-04-05 01:40:21 +00:00			`"testing"`

Switch to go modules (#6585) * Switch to go modules * Make fmt 2019-04-13 07:44:06 +00:00			`logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"`
Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/helper/salt"`
			`"github.com/hashicorp/vault/sdk/logical"`
credential/app-id 2015-04-05 01:40:21 +00:00			`)`

			`func TestBackend_basic(t *testing.T) {`
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs 2017-07-20 17:28:40 +00:00			`var b *backend`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`var err error`
			`var storage logical.Storage`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`factory := func(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`b, err = Backend(conf)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`storage = conf.StorageView`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`if err := b.Setup(ctx, conf); err != nil {`
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs 2017-07-20 17:28:40 +00:00			`return nil, err`
			`}`
			`return b, nil`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`}`
credential/app-id 2015-04-05 01:40:21 +00:00			`logicaltest.Test(t, logicaltest.TestCase{`
Run all builtins as plugins (#5536) 2018-11-07 01:21:24 +00:00			`CredentialFactory: factory,`
credential/app-id 2015-04-05 01:40:21 +00:00			`Steps: []logicaltest.TestStep{`
			`testAccStepMapAppId(t),`
			`testAccStepMapUserId(t),`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`testAccLogin(t, ""),`
Add the ability to specify the app-id in the login path. This makes it easier to use prefix revocation for tokens. Ping #424 2016-03-14 20:24:01 +00:00			`testAccLoginAppIDInPath(t, ""),`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`testAccLoginInvalid(t),`
credential/app-id: Test DeleteOperation 2015-05-14 12:30:02 +00:00			`testAccStepDeleteUserId(t),`
			`testAccLoginDeleted(t),`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`},`
			`})`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00
			`req := &logical.Request{`
			`Path: "map/app-id",`
			`Operation: logical.ListOperation,`
			`Storage: storage,`
			`}`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`resp, err := b.HandleRequest(context.Background(), req)`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if resp == nil {`
			`t.Fatal("nil response")`
			`}`
			`keys := resp.Data["keys"].([]string)`
			`if len(keys) != 1 {`
			`t.Fatalf("expected 1 key, got %d", len(keys))`
			`}`
Add context to the NewSalt function (#4102) 2018-03-08 19:21:11 +00:00			`bSalt, err := b.Salt(context.Background())`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
SHA2-256 salting for AppID (#3806) * Use SHA2-256 hash with prefix to upgrade the paths * test the SHA1 upgrade to SHA256 * Remove hash identifier and the delimiter; use 's' instead * Added API test to verify the correctness of the fix * Fix broken test * remove unneeded test 2018-01-18 00:48:32 +00:00			`if keys[0] != "s"+bSalt.SaltIDHashFunc("foo", salt.SHA256Hash) {`
Add unsalted test to app-id 2017-06-05 15:37:16 +00:00			`t.Fatal("value was improperly salted")`
			`}`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`}`

credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`func TestBackend_cidr(t *testing.T) {`
			`logicaltest.Test(t, logicaltest.TestCase{`
Run all builtins as plugins (#5536) 2018-11-07 01:21:24 +00:00			`CredentialFactory: Factory,`
credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`Steps: []logicaltest.TestStep{`
			`testAccStepMapAppIdDisplayName(t),`
			`testAccStepMapUserIdCidr(t, "192.168.1.0/16"),`
			`testAccLoginCidr(t, "192.168.1.5", false),`
			`testAccLoginCidr(t, "10.0.1.5", true),`
			`testAccLoginCidr(t, "", true),`
			`},`
			`})`
			`}`

credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`func TestBackend_displayName(t *testing.T) {`
			`logicaltest.Test(t, logicaltest.TestCase{`
Run all builtins as plugins (#5536) 2018-11-07 01:21:24 +00:00			`CredentialFactory: Factory,`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`Steps: []logicaltest.TestStep{`
			`testAccStepMapAppIdDisplayName(t),`
			`testAccStepMapUserId(t),`
			`testAccLogin(t, "tubbin"),`
Add the ability to specify the app-id in the login path. This makes it easier to use prefix revocation for tokens. Ping #424 2016-03-14 20:24:01 +00:00			`testAccLoginAppIDInPath(t, "tubbin"),`
credential/app-id 2015-04-05 01:40:21 +00:00			`testAccLoginInvalid(t),`
credential/app-id: Test DeleteOperation 2015-05-14 12:30:02 +00:00			`testAccStepDeleteUserId(t),`
			`testAccLoginDeleted(t),`
credential/app-id 2015-04-05 01:40:21 +00:00			`},`
			`})`
			`}`

			`func testAccStepMapAppId(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id 2015-04-05 01:40:21 +00:00			`Path: "map/app-id/foo",`
			`Data: map[string]interface{}{`
			`"value": "foo,bar",`
			`},`
			`}`
			`}`

credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`func testAccStepMapAppIdDisplayName(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`Path: "map/app-id/foo",`
			`Data: map[string]interface{}{`
			`"display_name": "tubbin",`
			`"value": "foo,bar",`
			`},`
			`}`
			`}`

credential/app-id 2015-04-05 01:40:21 +00:00			`func testAccStepMapUserId(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id 2015-04-05 01:40:21 +00:00			`Path: "map/user-id/42",`
			`Data: map[string]interface{}{`
			`"value": "foo",`
			`},`
			`}`
			`}`

credential/app-id: Test DeleteOperation 2015-05-14 12:30:02 +00:00			`func testAccStepDeleteUserId(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.DeleteOperation,`
			`Path: "map/user-id/42",`
			`}`
			`}`

credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`func testAccStepMapUserIdCidr(t *testing.T, cidr string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`Path: "map/user-id/42",`
			`Data: map[string]interface{}{`
			`"value": "foo",`
			`"cidr_block": cidr,`
			`},`
			`}`
			`}`

credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`func testAccLogin(t *testing.T, display string) logicaltest.TestStep {`
Added renewal capability to app-id backend 2016-02-12 01:36:07 +00:00			`checkTTL := func(resp *logical.Response) error {`
Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 22:32:49 +00:00			`if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" {`
Add logic for using Auth.Period when handling auth login/renew requests (#3677) * Add logic for using Auth.Period when handling auth login/renew requests * Set auth.TTL if not set in handleLoginRequest * Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken * Get sysView from le.Path, revert tests * Add back auth.Policies * Fix TokenStore tests, add resp warning when capping values * Use switch for ttl/period check on RenewToken * Move comments around 2017-12-15 18:30:05 +00:00			`return fmt.Errorf("invalid TTL: got %s", resp.Auth.LeaseOptions.TTL)`
Added renewal capability to app-id backend 2016-02-12 01:36:07 +00:00			`}`
			`return nil`
			`}`
credential/app-id 2015-04-05 01:40:21 +00:00			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id 2015-04-05 01:40:21 +00:00			`Path: "login",`
			`Data: map[string]interface{}{`
			`"app_id": "foo",`
			`"user_id": "42",`
			`},`
			`Unauthenticated: true,`

credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`Check: logicaltest.TestCheckMulti(`
Add the ability to specify the app-id in the login path. This makes it easier to use prefix revocation for tokens. Ping #424 2016-03-14 20:24:01 +00:00			`logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}),`
			`logicaltest.TestCheckAuthDisplayName(display),`
			`checkTTL,`
			`),`
			`}`
			`}`

			`func testAccLoginAppIDInPath(t *testing.T, display string) logicaltest.TestStep {`
			`checkTTL := func(resp *logical.Response) error {`
Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 22:32:49 +00:00			`if resp.Auth.LeaseOptions.TTL.String() != "768h0m0s" {`
Add logic for using Auth.Period when handling auth login/renew requests (#3677) * Add logic for using Auth.Period when handling auth login/renew requests * Set auth.TTL if not set in handleLoginRequest * Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken * Get sysView from le.Path, revert tests * Add back auth.Policies * Fix TokenStore tests, add resp warning when capping values * Use switch for ttl/period check on RenewToken * Move comments around 2017-12-15 18:30:05 +00:00			`return fmt.Errorf("invalid TTL: got %s", resp.Auth.LeaseOptions.TTL)`
Add the ability to specify the app-id in the login path. This makes it easier to use prefix revocation for tokens. Ping #424 2016-03-14 20:24:01 +00:00			`}`
			`return nil`
			`}`
			`return logicaltest.TestStep{`
			`Operation: logical.UpdateOperation,`
			`Path: "login/foo",`
			`Data: map[string]interface{}{`
			`"user_id": "42",`
			`},`
			`Unauthenticated: true,`

			`Check: logicaltest.TestCheckMulti(`
			`logicaltest.TestCheckAuth([]string{"bar", "default", "foo"}),`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`logicaltest.TestCheckAuthDisplayName(display),`
Added renewal capability to app-id backend 2016-02-12 01:36:07 +00:00			`checkTTL,`
credential/app-id: support associating a name with app ID [GH-9] 2015-04-17 17:00:48 +00:00			`),`
credential/app-id 2015-04-05 01:40:21 +00:00			`}`
			`}`

credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`func testAccLoginCidr(t *testing.T, ip string, err bool) logicaltest.TestStep {`
			`check := logicaltest.TestCheckError()`
			`if !err {`
Add the ability to specify the app-id in the login path. This makes it easier to use prefix revocation for tokens. Ping #424 2016-03-14 20:24:01 +00:00			`check = logicaltest.TestCheckAuth([]string{"bar", "default", "foo"})`
credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`}`

			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id: allow restriction by CIDR block [GH-10] 2015-04-17 17:14:39 +00:00			`Path: "login",`
			`Data: map[string]interface{}{`
			`"app_id": "foo",`
			`"user_id": "42",`
			`},`
			`ErrorOk: err,`
			`Unauthenticated: true,`
			`RemoteAddr: ip,`

			`Check: check,`
			`}`
			`}`

credential/app-id 2015-04-05 01:40:21 +00:00			`func testAccLoginInvalid(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id 2015-04-05 01:40:21 +00:00			`Path: "login",`
			`Data: map[string]interface{}{`
			`"app_id": "foo",`
			`"user_id": "48",`
			`},`
			`ErrorOk: true,`
			`Unauthenticated: true,`

			`Check: logicaltest.TestCheckError(),`
			`}`
			`}`
credential/app-id: Test DeleteOperation 2015-05-14 12:30:02 +00:00
			`func testAccLoginDeleted(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
credential/app-id: Test DeleteOperation 2015-05-14 12:30:02 +00:00			`Path: "login",`
			`Data: map[string]interface{}{`
			`"app_id": "foo",`
			`"user_id": "42",`
			`},`
			`ErrorOk: true,`
			`Unauthenticated: true,`

			`Check: logicaltest.TestCheckError(),`
			`}`
			`}`