2015-03-29 23:42:45 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2015-03-30 18:07:31 +00:00
|
|
|
"fmt"
|
2015-05-23 18:22:35 +00:00
|
|
|
"io"
|
2015-03-30 17:55:41 +00:00
|
|
|
"io/ioutil"
|
|
|
|
"os"
|
2015-03-30 18:07:31 +00:00
|
|
|
"path/filepath"
|
2015-04-02 00:01:10 +00:00
|
|
|
"strings"
|
2015-03-29 23:42:45 +00:00
|
|
|
"testing"
|
|
|
|
|
2015-04-06 16:53:43 +00:00
|
|
|
"github.com/hashicorp/vault/api"
|
2015-03-31 22:15:08 +00:00
|
|
|
"github.com/hashicorp/vault/http"
|
2016-04-01 17:16:05 +00:00
|
|
|
"github.com/hashicorp/vault/meta"
|
2015-03-31 22:15:08 +00:00
|
|
|
"github.com/hashicorp/vault/vault"
|
2015-03-29 23:42:45 +00:00
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
)
|
|
|
|
|
2015-04-02 00:01:10 +00:00
|
|
|
func TestAuth_methods(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2015-04-02 00:01:10 +00:00
|
|
|
ClientToken: token,
|
|
|
|
Ui: ui,
|
2016-04-01 18:23:15 +00:00
|
|
|
TokenHelper: DefaultTokenHelper,
|
2015-04-02 00:01:10 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
"-methods",
|
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
output := ui.OutputWriter.String()
|
|
|
|
if !strings.Contains(output, "token") {
|
|
|
|
t.Fatalf("bad: %#v", output)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-30 17:55:41 +00:00
|
|
|
func TestAuth_token(t *testing.T) {
|
2015-03-31 22:15:08 +00:00
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
2015-03-30 17:55:41 +00:00
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2016-04-01 18:23:15 +00:00
|
|
|
Ui: ui,
|
|
|
|
TokenHelper: DefaultTokenHelper,
|
2015-03-30 17:55:41 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
2015-03-31 22:15:08 +00:00
|
|
|
"-address", addr,
|
|
|
|
token,
|
2015-03-30 17:55:41 +00:00
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
2016-04-01 20:02:18 +00:00
|
|
|
helper, err := c.TokenHelper()
|
2015-03-30 17:55:41 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
actual, err := helper.Get()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
2015-03-31 22:15:08 +00:00
|
|
|
if actual != token {
|
2015-03-30 17:55:41 +00:00
|
|
|
t.Fatalf("bad: %s", actual)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-05 20:36:28 +00:00
|
|
|
func TestAuth_token_nostore(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
|
|
|
Meta: meta.Meta{
|
|
|
|
Ui: ui,
|
|
|
|
TokenHelper: DefaultTokenHelper,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
"-no-store",
|
|
|
|
token,
|
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
helper, err := c.TokenHelper()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
actual, err := helper.Get()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actual != "" {
|
|
|
|
t.Fatalf("bad: %s", actual)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-23 18:22:35 +00:00
|
|
|
func TestAuth_stdin(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
stdinR, stdinW := io.Pipe()
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2016-04-01 18:23:15 +00:00
|
|
|
Ui: ui,
|
|
|
|
TokenHelper: DefaultTokenHelper,
|
2015-05-23 18:22:35 +00:00
|
|
|
},
|
|
|
|
testStdin: stdinR,
|
|
|
|
}
|
|
|
|
|
|
|
|
go func() {
|
|
|
|
stdinW.Write([]byte(token))
|
|
|
|
stdinW.Close()
|
|
|
|
}()
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
"-",
|
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-29 02:23:26 +00:00
|
|
|
func TestAuth_badToken(t *testing.T) {
|
|
|
|
core, _, _ := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2016-04-01 18:23:15 +00:00
|
|
|
Ui: ui,
|
|
|
|
TokenHelper: DefaultTokenHelper,
|
2015-04-29 02:23:26 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
"not-a-valid-token",
|
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 1 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-06 16:40:47 +00:00
|
|
|
func TestAuth_method(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := http.TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
testAuthInit(t)
|
|
|
|
|
|
|
|
ui := new(cli.MockUi)
|
|
|
|
c := &AuthCommand{
|
|
|
|
Handlers: map[string]AuthHandler{
|
|
|
|
"test": &testAuthHandler{},
|
|
|
|
},
|
2016-04-01 17:16:05 +00:00
|
|
|
Meta: meta.Meta{
|
2016-04-01 18:23:15 +00:00
|
|
|
Ui: ui,
|
|
|
|
TokenHelper: DefaultTokenHelper,
|
2015-04-06 16:40:47 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
args := []string{
|
|
|
|
"-address", addr,
|
|
|
|
"-method=test",
|
2015-04-08 06:29:49 +00:00
|
|
|
"foo=" + token,
|
2015-04-06 16:40:47 +00:00
|
|
|
}
|
|
|
|
if code := c.Run(args); code != 0 {
|
|
|
|
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
|
|
|
|
}
|
|
|
|
|
2016-04-01 20:02:18 +00:00
|
|
|
helper, err := c.TokenHelper()
|
2015-04-06 16:40:47 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
actual, err := helper.Get()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if actual != token {
|
|
|
|
t.Fatalf("bad: %s", actual)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-30 17:55:41 +00:00
|
|
|
func testAuthInit(t *testing.T) {
|
|
|
|
td, err := ioutil.TempDir("", "vault")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
2015-03-30 18:07:31 +00:00
|
|
|
// Set the HOME env var so we get that right
|
2015-03-30 17:55:41 +00:00
|
|
|
os.Setenv("HOME", td)
|
2015-03-30 18:07:31 +00:00
|
|
|
|
|
|
|
// Write a .vault config to use our custom token helper
|
|
|
|
config := fmt.Sprintf(
|
2015-12-14 21:23:04 +00:00
|
|
|
"token_helper = \"\"\n")
|
2015-03-30 18:07:31 +00:00
|
|
|
ioutil.WriteFile(filepath.Join(td, ".vault"), []byte(config), 0644)
|
|
|
|
}
|
|
|
|
|
2015-04-06 16:40:47 +00:00
|
|
|
type testAuthHandler struct{}
|
|
|
|
|
2015-04-06 16:53:43 +00:00
|
|
|
func (h *testAuthHandler) Auth(c *api.Client, m map[string]string) (string, error) {
|
2015-04-06 16:40:47 +00:00
|
|
|
return m["foo"], nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *testAuthHandler) Help() string { return "" }
|