open-vault/api/auth_token_test.go

package api

import (
	"strings"
	"testing"

	"github.com/hashicorp/vault/http"
	"github.com/hashicorp/vault/vault"
)

func TestAuthTokenCreate(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	config := DefaultConfig()
	config.Address = addr

	client, err := NewClient(config)
	if err != nil {
		t.Fatal(err)
	}
	client.SetToken(token)

	secret, err := client.Auth().Token().Create(&TokenCreateRequest{
		Lease: "1h",
	})
	if err != nil {
		t.Fatal(err)
	}
	if secret.Auth.LeaseDuration != 3600 {
		t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)
	}

	renewCreateRequest := &TokenCreateRequest{
		TTL:       "1h",
		Renewable: new(bool),
	}

	secret, err = client.Auth().Token().Create(renewCreateRequest)
	if err != nil {
		t.Fatal(err)
	}
	if secret.Auth.LeaseDuration != 3600 {
		t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)
	}
	if secret.Auth.Renewable {
		t.Errorf("expected non-renewable token")
	}

	*renewCreateRequest.Renewable = true
	secret, err = client.Auth().Token().Create(renewCreateRequest)
	if err != nil {
		t.Fatal(err)
	}
	if secret.Auth.LeaseDuration != 3600 {
		t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)
	}
	if !secret.Auth.Renewable {
		t.Errorf("expected renewable token")
	}
}

func TestAuthTokenLookup(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	config := DefaultConfig()
	config.Address = addr

	client, err := NewClient(config)
	if err != nil {
		t.Fatal(err)
	}
	client.SetToken(token)

	// Create a new token ...
	secret2, err := client.Auth().Token().Create(&TokenCreateRequest{
		Lease: "1h",
	})
	if err != nil {
		t.Fatal(err)
	}

	// lookup details of this token
	secret, err := client.Auth().Token().Lookup(secret2.Auth.ClientToken)
	if err != nil {
		t.Fatalf("unable to lookup details of token, err = %v", err)
	}

	if secret.Data["id"] != secret2.Auth.ClientToken {
		t.Errorf("Did not get back details about our provided token, id returned=%s", secret.Data["id"])
	}

}

func TestAuthTokenLookupSelf(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	config := DefaultConfig()
	config.Address = addr

	client, err := NewClient(config)
	if err != nil {
		t.Fatal(err)
	}
	client.SetToken(token)

	// you should be able to lookup your own token
	secret, err := client.Auth().Token().LookupSelf()
	if err != nil {
		t.Fatalf("should be allowed to lookup self, err = %v", err)
	}

	if secret.Data["id"] != token {
		t.Errorf("Did not get back details about our own (self) token, id returned=%s", secret.Data["id"])
	}
	if secret.Data["display_name"] != "root" {
		t.Errorf("Did not get back details about our own (self) token, display_name returned=%s", secret.Data["display_name"])
	}

}

func TestAuthTokenRenew(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	config := DefaultConfig()
	config.Address = addr

	client, err := NewClient(config)
	if err != nil {
		t.Fatal(err)
	}
	client.SetToken(token)

	// The default root token is not renewable, so this should not work
	_, err = client.Auth().Token().Renew(token, 0)
	if err == nil {
		t.Fatal("should not be allowed to renew root token")
	}
	if !strings.Contains(err.Error(), "lease is not renewable") {
		t.Fatalf("wrong error; got %v", err)
	}

	// Create a new token that should be renewable
	secret, err := client.Auth().Token().Create(&TokenCreateRequest{
		Lease: "1h",
	})
	if err != nil {
		t.Fatal(err)
	}
	client.SetToken(secret.Auth.ClientToken)

	// Now attempt a renew with the new token
	secret, err = client.Auth().Token().Renew(secret.Auth.ClientToken, 3600)
	if err != nil {
		t.Fatal(err)
	}

	if secret.Auth.LeaseDuration != 3600 {
		t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)
	}

	if secret.Auth.Renewable != true {
		t.Error("expected lease to be renewable")
	}

	// Do the same thing with the self variant
	secret, err = client.Auth().Token().RenewSelf(3600)
	if err != nil {
		t.Fatal(err)
	}

	if secret.Auth.LeaseDuration != 3600 {
		t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)
	}

	if secret.Auth.Renewable != true {
		t.Error("expected lease to be renewable")
	}
}
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`package api`

			`import (`
			`"strings"`
			`"testing"`

			`"github.com/hashicorp/vault/http"`
			`"github.com/hashicorp/vault/vault"`
			`)`

			`func TestAuthTokenCreate(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`config := DefaultConfig()`
			`config.Address = addr`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`client.SetToken(token)`

			`secret, err := client.Auth().Token().Create(&TokenCreateRequest{`
			`Lease: "1h",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
Add renewable flag and API setting for token creation 2016-06-08 15:14:30 +00:00			`if secret.Auth.LeaseDuration != 3600 {`
			`t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)`
			`}`

			`renewCreateRequest := &TokenCreateRequest{`
			`TTL: "1h",`
			`Renewable: new(bool),`
			`}`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00
Add renewable flag and API setting for token creation 2016-06-08 15:14:30 +00:00			`secret, err = client.Auth().Token().Create(renewCreateRequest)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`if secret.Auth.LeaseDuration != 3600 {`
			`t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)`
			`}`
Add renewable flag and API setting for token creation 2016-06-08 15:14:30 +00:00			`if secret.Auth.Renewable {`
			`t.Errorf("expected non-renewable token")`
			`}`

			`*renewCreateRequest.Renewable = true`
			`secret, err = client.Auth().Token().Create(renewCreateRequest)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if secret.Auth.LeaseDuration != 3600 {`
			`t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)`
			`}`
			`if !secret.Auth.Renewable {`
			`t.Errorf("expected renewable token")`
			`}`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`}`

Make token-lookup functionality available via Vault CLI 2015-12-29 20:18:59 +00:00			`func TestAuthTokenLookup(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`config := DefaultConfig()`
			`config.Address = addr`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`client.SetToken(token)`

			`// Create a new token ...`
			`secret2, err := client.Auth().Token().Create(&TokenCreateRequest{`
			`Lease: "1h",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// lookup details of this token`
			`secret, err := client.Auth().Token().Lookup(secret2.Auth.ClientToken)`
			`if err != nil {`
			`t.Fatalf("unable to lookup details of token, err = %v", err)`
			`}`

			`if secret.Data["id"] != secret2.Auth.ClientToken {`
			`t.Errorf("Did not get back details about our provided token, id returned=%s", secret.Data["id"])`
			`}`

			`}`

Corrected HTTP Method for api.TokenAuth.LookupSelf() method 2015-12-28 00:05:15 +00:00			`func TestAuthTokenLookupSelf(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`config := DefaultConfig()`
			`config.Address = addr`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`client.SetToken(token)`

			`// you should be able to lookup your own token`
			`secret, err := client.Auth().Token().LookupSelf()`
			`if err != nil {`
			`t.Fatalf("should be allowed to lookup self, err = %v", err)`
			`}`

			`if secret.Data["id"] != token {`
			`t.Errorf("Did not get back details about our own (self) token, id returned=%s", secret.Data["id"])`
			`}`
			`if secret.Data["display_name"] != "root" {`
			`t.Errorf("Did not get back details about our own (self) token, display_name returned=%s", secret.Data["display_name"])`
			`}`

			`}`

Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`func TestAuthTokenRenew(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`config := DefaultConfig()`
			`config.Address = addr`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`client.SetToken(token)`

			`// The default root token is not renewable, so this should not work`
			`_, err = client.Auth().Token().Renew(token, 0)`
			`if err == nil {`
			`t.Fatal("should not be allowed to renew root token")`
			`}`
			`if !strings.Contains(err.Error(), "lease is not renewable") {`
Add other token role unit tests and some minor other changes. 2016-03-01 17:33:35 +00:00			`t.Fatalf("wrong error; got %v", err)`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`}`

			`// Create a new token that should be renewable`
			`secret, err := client.Auth().Token().Create(&TokenCreateRequest{`
			`Lease: "1h",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`client.SetToken(secret.Auth.ClientToken)`

			`// Now attempt a renew with the new token`
Fix up unit tests to expect new values 2016-01-30 00:36:56 +00:00			`secret, err = client.Auth().Token().Renew(secret.Auth.ClientToken, 3600)`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`if secret.Auth.LeaseDuration != 3600 {`
Fix up unit tests to expect new values 2016-01-30 00:36:56 +00:00			`t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`}`

			`if secret.Auth.Renewable != true {`
			`t.Error("expected lease to be renewable")`
			`}`
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client Fixes #739 2015-10-30 21:27:33 +00:00
			`// Do the same thing with the self variant`
Fix up unit tests to expect new values 2016-01-30 00:36:56 +00:00			`secret, err = client.Auth().Token().RenewSelf(3600)`
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client Fixes #739 2015-10-30 21:27:33 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`if secret.Auth.LeaseDuration != 3600 {`
Fix up unit tests to expect new values 2016-01-30 00:36:56 +00:00			`t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)`
Implement LookupSelf, RevokeSelf, and RenewSelf in the API client Fixes #739 2015-10-30 21:27:33 +00:00			`}`

			`if secret.Auth.Renewable != true {`
			`t.Error("expected lease to be renewable")`
			`}`
Add test coverage for auth tokens 2015-09-03 14:57:17 +00:00			`}`