2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2015-04-07 21:36:17 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
2017-09-05 04:05:14 +00:00
|
|
|
"strings"
|
2015-04-07 21:36:17 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/mitchellh/cli"
|
|
|
|
)
|
|
|
|
|
2017-09-05 04:05:14 +00:00
|
|
|
func testTokenRevokeCommand(tb testing.TB) (*cli.MockUi, *TokenRevokeCommand) {
|
|
|
|
tb.Helper()
|
2016-03-11 02:30:57 +00:00
|
|
|
|
2017-09-05 04:05:14 +00:00
|
|
|
ui := cli.NewMockUi()
|
|
|
|
return ui, &TokenRevokeCommand{
|
|
|
|
BaseCommand: &BaseCommand{
|
|
|
|
UI: ui,
|
2016-03-11 02:30:57 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-05 04:05:14 +00:00
|
|
|
func TestTokenRevokeCommand_Run(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
validations := []struct {
|
|
|
|
name string
|
|
|
|
args []string
|
|
|
|
out string
|
|
|
|
code int
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
"bad_mode",
|
|
|
|
[]string{"-mode=banana"},
|
|
|
|
"Invalid mode",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"empty",
|
|
|
|
nil,
|
|
|
|
"Not enough arguments",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"args_with_self",
|
|
|
|
[]string{"-self", "abcd1234"},
|
|
|
|
"Too many arguments",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"too_many_args",
|
|
|
|
[]string{"abcd1234", "efgh5678"},
|
|
|
|
"Too many arguments",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"self_and_accessor",
|
|
|
|
[]string{"-self", "-accessor"},
|
|
|
|
"Cannot use -self with -accessor",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"self_and_mode",
|
|
|
|
[]string{"-self", "-mode=orphan"},
|
|
|
|
"Cannot use -self with -mode",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"accessor_and_mode_orphan",
|
|
|
|
[]string{"-accessor", "-mode=orphan", "abcd1234"},
|
|
|
|
"Cannot use -accessor with -mode=orphan",
|
|
|
|
1,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"accessor_and_mode_path",
|
|
|
|
[]string{"-accessor", "-mode=path", "abcd1234"},
|
|
|
|
"Cannot use -accessor with -mode=path",
|
|
|
|
1,
|
2015-04-07 21:36:17 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2017-09-05 04:05:14 +00:00
|
|
|
t.Run("validations", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
for _, tc := range validations {
|
|
|
|
tc := tc
|
|
|
|
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
2018-03-28 14:34:37 +00:00
|
|
|
client, closer := testVaultServer(t)
|
|
|
|
defer closer()
|
|
|
|
|
2017-09-05 04:05:14 +00:00
|
|
|
ui, cmd := testTokenRevokeCommand(t)
|
2018-03-28 14:34:37 +00:00
|
|
|
cmd.client = client
|
2017-09-05 04:05:14 +00:00
|
|
|
|
|
|
|
code := cmd.Run(tc.args)
|
|
|
|
if code != tc.code {
|
|
|
|
t.Errorf("expected %d to be %d", code, tc.code)
|
|
|
|
}
|
|
|
|
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
|
|
if !strings.Contains(combined, tc.out) {
|
|
|
|
t.Errorf("expected %q to contain %q", combined, tc.out)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("token", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, closer := testVaultServer(t)
|
|
|
|
defer closer()
|
|
|
|
|
|
|
|
token, _ := testTokenAndAccessor(t, client)
|
|
|
|
|
|
|
|
ui, cmd := testTokenRevokeCommand(t)
|
|
|
|
cmd.client = client
|
|
|
|
|
|
|
|
code := cmd.Run([]string{
|
|
|
|
token,
|
|
|
|
})
|
|
|
|
if exp := 0; code != exp {
|
|
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := "Success! Revoked token"
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
|
|
if !strings.Contains(combined, expected) {
|
|
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
|
|
}
|
|
|
|
|
2022-04-07 19:12:58 +00:00
|
|
|
secret, err := client.Auth().Token().Lookup(token)
|
2017-09-05 04:05:14 +00:00
|
|
|
if secret != nil || err == nil {
|
|
|
|
t.Errorf("expected token to be revoked: %#v", secret)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("self", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, closer := testVaultServer(t)
|
|
|
|
defer closer()
|
|
|
|
|
|
|
|
ui, cmd := testTokenRevokeCommand(t)
|
|
|
|
cmd.client = client
|
|
|
|
|
|
|
|
code := cmd.Run([]string{
|
|
|
|
"-self",
|
|
|
|
})
|
|
|
|
if exp := 0; code != exp {
|
|
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := "Success! Revoked token"
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
|
|
if !strings.Contains(combined, expected) {
|
|
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
|
|
}
|
|
|
|
|
2022-04-07 19:12:58 +00:00
|
|
|
secret, err := client.Auth().Token().LookupSelf()
|
2017-09-05 04:05:14 +00:00
|
|
|
if secret != nil || err == nil {
|
|
|
|
t.Errorf("expected token to be revoked: %#v", secret)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("accessor", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, closer := testVaultServer(t)
|
|
|
|
defer closer()
|
|
|
|
|
|
|
|
token, accessor := testTokenAndAccessor(t, client)
|
|
|
|
|
|
|
|
ui, cmd := testTokenRevokeCommand(t)
|
|
|
|
cmd.client = client
|
|
|
|
|
|
|
|
code := cmd.Run([]string{
|
|
|
|
"-accessor",
|
|
|
|
accessor,
|
|
|
|
})
|
|
|
|
if exp := 0; code != exp {
|
|
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := "Success! Revoked token"
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
|
|
if !strings.Contains(combined, expected) {
|
|
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
|
|
}
|
|
|
|
|
2022-04-07 19:12:58 +00:00
|
|
|
secret, err := client.Auth().Token().Lookup(token)
|
2017-09-05 04:05:14 +00:00
|
|
|
if secret != nil || err == nil {
|
|
|
|
t.Errorf("expected token to be revoked: %#v", secret)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("communication_failure", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
client, closer := testVaultServerBad(t)
|
|
|
|
defer closer()
|
|
|
|
|
|
|
|
ui, cmd := testTokenRevokeCommand(t)
|
|
|
|
cmd.client = client
|
|
|
|
|
|
|
|
code := cmd.Run([]string{
|
|
|
|
"abcd1234",
|
|
|
|
})
|
|
|
|
if exp := 2; code != exp {
|
|
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := "Error revoking token: "
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
|
|
if !strings.Contains(combined, expected) {
|
|
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("no_tabs", func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
_, cmd := testTokenRevokeCommand(t)
|
|
|
|
assertNoTabs(t, cmd)
|
|
|
|
})
|
2015-04-07 21:36:17 +00:00
|
|
|
}
|