open-vault/builtin/logical/aws/backend_test.go

package aws

import (
	"encoding/base64"
	"log"
	"os"
	"testing"
	"time"

	"github.com/hashicorp/aws-sdk-go/aws"
	"github.com/hashicorp/aws-sdk-go/gen/ec2"
	"github.com/hashicorp/vault/logical"
	logicaltest "github.com/hashicorp/vault/logical/testing"
	"github.com/mitchellh/mapstructure"
)

func TestBackend_basic(t *testing.T) {
	logicaltest.Test(t, logicaltest.TestCase{
		PreCheck: func() { testAccPreCheck(t) },
		Backend:  Backend(),
		Steps: []logicaltest.TestStep{
			testAccStepConfig(t),
			testAccStepWritePolicy(t, "test", testPolicy),
			testAccStepReadUser(t, "test"),
		},
	})
}

func testAccPreCheck(t *testing.T) {
	if v := os.Getenv("AWS_ACCESS_KEY_ID"); v == "" {
		t.Fatal("AWS_ACCESS_KEY_ID must be set for acceptance tests")
	}

	if v := os.Getenv("AWS_SECRET_ACCESS_KEY"); v == "" {
		t.Fatal("AWS_SECRET_ACCESS_KEY must be set for acceptance tests")
	}

	if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" {
		log.Println("[INFO] Test: Using us-west-2 as test region")
		os.Setenv("AWS_DEFAULT_REGION", "us-west-2")
	}
}

func testAccStepConfig(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.WriteOperation,
		Path:      "root",
		Data: map[string]interface{}{
			"access_key": os.Getenv("AWS_ACCESS_KEY_ID"),
			"secret_key": os.Getenv("AWS_SECRET_ACCESS_KEY"),
			"region":     os.Getenv("AWS_DEFAULT_REGION"),
		},
	}
}

func testAccStepReadUser(t *testing.T, name string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.ReadOperation,
		Path:      name,
		Check: func(resp *logical.Response) error {
			var d struct {
				AccessKey string `mapstructure:"access_key"`
				SecretKey string `mapstructure:"secret_key"`
			}
			if err := mapstructure.Decode(resp.Data, &d); err != nil {
				return err
			}
			log.Printf("[WARN] Generated credentials: %v", d)

			// Sleep sometime because AWS is eventually consistent
			log.Println("[WARN] Sleeping for 10 seconds waiting for AWS...")
			time.Sleep(10 * time.Second)

			// Build a client and verify that the credentials work
			creds := aws.Creds(d.AccessKey, d.SecretKey, "")
			client := ec2.New(creds, "us-east-1", nil)

			log.Printf("[WARN] Verifying that the generated credentials work...")
			_, err := client.DescribeInstances(&ec2.DescribeInstancesRequest{})
			if err != nil {
				return err
			}

			return nil
		},
	}
}

func testAccStepWritePolicy(t *testing.T, name string, policy string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.WriteOperation,
		Path:      "policy/" + name,
		Data: map[string]interface{}{
			"policy": base64.StdEncoding.EncodeToString([]byte(policy)),
		},
	}
}

const testPolicy = `
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1426528957000",
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}
`
logical/aws 2015-03-20 16:59:48 +00:00			`package aws`

			`import (`
			`"encoding/base64"`
			`"log"`
			`"os"`
			`"testing"`
			`"time"`

			`"github.com/hashicorp/aws-sdk-go/aws"`
			`"github.com/hashicorp/aws-sdk-go/gen/ec2"`
			`"github.com/hashicorp/vault/logical"`
			`logicaltest "github.com/hashicorp/vault/logical/testing"`
			`"github.com/mitchellh/mapstructure"`
			`)`

			`func TestBackend_basic(t *testing.T) {`
			`logicaltest.Test(t, logicaltest.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Backend: Backend(),`
			`Steps: []logicaltest.TestStep{`
			`testAccStepConfig(t),`
			`testAccStepWritePolicy(t, "test", testPolicy),`
			`testAccStepReadUser(t, "test"),`
			`},`
			`})`
			`}`

			`func testAccPreCheck(t *testing.T) {`
			`if v := os.Getenv("AWS_ACCESS_KEY_ID"); v == "" {`
			`t.Fatal("AWS_ACCESS_KEY_ID must be set for acceptance tests")`
			`}`

			`if v := os.Getenv("AWS_SECRET_ACCESS_KEY"); v == "" {`
			`t.Fatal("AWS_SECRET_ACCESS_KEY must be set for acceptance tests")`
			`}`

			`if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" {`
			`log.Println("[INFO] Test: Using us-west-2 as test region")`
			`os.Setenv("AWS_DEFAULT_REGION", "us-west-2")`
			`}`
			`}`

			`func testAccStepConfig(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.WriteOperation,`
			`Path: "root",`
			`Data: map[string]interface{}{`
			`"access_key": os.Getenv("AWS_ACCESS_KEY_ID"),`
			`"secret_key": os.Getenv("AWS_SECRET_ACCESS_KEY"),`
			`"region": os.Getenv("AWS_DEFAULT_REGION"),`
			`},`
			`}`
			`}`

			`func testAccStepReadUser(t *testing.T, name string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.ReadOperation,`
			`Path: name,`
			`Check: func(resp *logical.Response) error {`
			`var d struct {`
			AccessKey string `mapstructure:"access_key"`
			SecretKey string `mapstructure:"secret_key"`
			`}`
			`if err := mapstructure.Decode(resp.Data, &d); err != nil {`
			`return err`
			`}`
			`log.Printf("[WARN] Generated credentials: %v", d)`

			`// Sleep sometime because AWS is eventually consistent`
			`log.Println("[WARN] Sleeping for 10 seconds waiting for AWS...")`
			`time.Sleep(10 * time.Second)`

			`// Build a client and verify that the credentials work`
			`creds := aws.Creds(d.AccessKey, d.SecretKey, "")`
			`client := ec2.New(creds, "us-east-1", nil)`

			`log.Printf("[WARN] Verifying that the generated credentials work...")`
			`_, err := client.DescribeInstances(&ec2.DescribeInstancesRequest{})`
			`if err != nil {`
			`return err`
			`}`

			`return nil`
			`},`
			`}`
			`}`

			`func testAccStepWritePolicy(t *testing.T, name string, policy string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.WriteOperation,`
			`Path: "policy/" + name,`
			`Data: map[string]interface{}{`
			`"policy": base64.StdEncoding.EncodeToString([]byte(policy)),`
			`},`
			`}`
			`}`

			const testPolicy = `
			`{`
			`"Version": "2012-10-17",`
			`"Statement": [`
			`{`
			`"Sid": "Stmt1426528957000",`
			`"Effect": "Allow",`
			`"Action": [`
			`"ec2:*"`
			`],`
			`"Resource": [`
			`"*"`
			`]`
			`}`
			`]`
			`}`
			`