2015-04-07 21:36:17 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/http"
|
2016-04-01 17:16:05 +00:00
|
|
|
"github.com/hashicorp/vault/meta"
|
2015-04-07 21:36:17 +00:00
|
|
|
"github.com/hashicorp/vault/vault"
|
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
)
|
|
|
|
|
2016-03-11 02:30:57 +00:00
|
|
|
func TestTokenRevokeAccessor(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &TokenRevokeCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2016-03-11 02:30:57 +00:00
|
|
|
ClientToken: token,
|
|
|
|
Ui: ui,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Run it once for client
|
|
|
|
c.Run(args)
|
|
|
|
|
|
|
|
// Create a token
|
|
|
|
client, err := c.Client()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
resp, err := client.Auth().Token().Create(nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Treat the argument as accessor
|
|
|
|
args = append(args, "-accessor")
|
|
|
|
if code := c.Run(args); code == 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify it worked with proper accessor
|
|
|
|
args1 := append(args, resp.Auth.Accessor)
|
|
|
|
if code := c.Run(args1); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fail if mode is set to 'orphan' when accessor is set
|
|
|
|
args2 := append(args, "-mode=\"orphan\"")
|
|
|
|
if code := c.Run(args2); code == 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fail if mode is set to 'path' when accessor is set
|
|
|
|
args3 := append(args, "-mode=\"path\"")
|
|
|
|
if code := c.Run(args3); code == 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-07 21:36:17 +00:00
|
|
|
func TestTokenRevoke(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &TokenRevokeCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2015-04-07 21:36:17 +00:00
|
|
|
ClientToken: token,
|
|
|
|
Ui: ui,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Run it once for client
|
|
|
|
c.Run(args)
|
|
|
|
|
|
|
|
// Create a token
|
|
|
|
client, err := c.Client()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
resp, err := client.Auth().Token().Create(nil)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify it worked
|
|
|
|
args = append(args, resp.Auth.ClientToken)
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
}
|