open-vault/command/token_capabilities_test.go

195 lines
4.1 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2016-03-03 17:24:28 +00:00
package command
import (
2017-09-05 04:00:00 +00:00
"strings"
2016-03-03 17:24:28 +00:00
"testing"
2017-09-05 04:00:00 +00:00
"github.com/hashicorp/vault/api"
2016-03-03 17:24:28 +00:00
"github.com/mitchellh/cli"
)
2017-09-08 01:58:13 +00:00
func testTokenCapabilitiesCommand(tb testing.TB) (*cli.MockUi, *TokenCapabilitiesCommand) {
2017-09-05 04:00:00 +00:00
tb.Helper()
ui := cli.NewMockUi()
2017-09-08 01:58:13 +00:00
return ui, &TokenCapabilitiesCommand{
2017-09-05 04:00:00 +00:00
BaseCommand: &BaseCommand{
UI: ui,
2016-03-03 17:24:28 +00:00
},
}
2017-09-05 04:00:00 +00:00
}
2016-03-03 17:24:28 +00:00
2017-09-08 01:58:13 +00:00
func TestTokenCapabilitiesCommand_Run(t *testing.T) {
2017-09-05 04:00:00 +00:00
t.Parallel()
2016-03-05 05:03:55 +00:00
2017-09-05 04:00:00 +00:00
cases := []struct {
name string
args []string
out string
code int
}{
{
"too_many_args",
[]string{"foo", "bar", "zip"},
"Too many arguments",
1,
},
2016-03-03 17:24:28 +00:00
}
2017-09-05 04:00:00 +00:00
for _, tc := range cases {
tc := tc
2016-03-05 05:03:55 +00:00
2017-09-05 04:00:00 +00:00
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
2017-09-08 01:58:13 +00:00
ui, cmd := testTokenCapabilitiesCommand(t)
cmd.client = client
2016-03-05 05:03:55 +00:00
2017-09-05 04:00:00 +00:00
code := cmd.Run(tc.args)
if code != tc.code {
t.Errorf("expected %d to be %d", code, tc.code)
}
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, tc.out) {
t.Errorf("expected %q to contain %q", combined, tc.out)
}
})
2016-03-03 17:24:28 +00:00
}
2017-09-05 04:00:00 +00:00
t.Run("token", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
policy := `path "secret/foo" { capabilities = ["read"] }`
if err := client.Sys().PutPolicy("policy", policy); err != nil {
2017-09-05 04:00:00 +00:00
t.Error(err)
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
2017-09-05 04:00:00 +00:00
Policies: []string{"policy"},
TTL: "30m",
})
if err != nil {
t.Fatal(err)
}
if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
t.Fatalf("missing auth data: %#v", secret)
}
token := secret.Auth.ClientToken
2017-09-08 01:58:13 +00:00
ui, cmd := testTokenCapabilitiesCommand(t)
2017-09-05 04:00:00 +00:00
cmd.client = client
code := cmd.Run([]string{
token, "secret/foo",
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "read"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("local", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
policy := `path "secret/foo" { capabilities = ["read"] }`
if err := client.Sys().PutPolicy("policy", policy); err != nil {
2017-09-05 04:00:00 +00:00
t.Error(err)
}
secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
2017-09-05 04:00:00 +00:00
Policies: []string{"policy"},
TTL: "30m",
})
if err != nil {
t.Fatal(err)
}
if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
t.Fatalf("missing auth data: %#v", secret)
}
token := secret.Auth.ClientToken
client.SetToken(token)
2017-09-08 01:58:13 +00:00
ui, cmd := testTokenCapabilitiesCommand(t)
2017-09-05 04:00:00 +00:00
cmd.client = client
code := cmd.Run([]string{
"secret/foo",
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "read"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("communication_failure", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerBad(t)
defer closer()
2017-09-08 01:58:13 +00:00
ui, cmd := testTokenCapabilitiesCommand(t)
2017-09-05 04:00:00 +00:00
cmd.client = client
code := cmd.Run([]string{
"foo", "bar",
})
if exp := 2; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Error listing capabilities: "
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("multiple_paths", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
_, cmd := testTokenCapabilitiesCommand(t)
cmd.client = client
code := cmd.Run([]string{
"secret/foo,secret/bar",
})
if exp := 1; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
})
2017-09-05 04:00:00 +00:00
t.Run("no_tabs", func(t *testing.T) {
t.Parallel()
2017-09-08 01:58:13 +00:00
_, cmd := testTokenCapabilitiesCommand(t)
2017-09-05 04:00:00 +00:00
assertNoTabs(t, cmd)
})
2016-03-03 17:24:28 +00:00
}