open-vault/command/auth_test.go

package command

import (
	"strings"
	"testing"

	"github.com/mitchellh/cli"

	credToken "github.com/hashicorp/vault/builtin/credential/token"
	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
	"github.com/hashicorp/vault/command/token"
)

func testAuthCommand(tb testing.TB) (*cli.MockUi, *AuthCommand) {
	tb.Helper()

	ui := cli.NewMockUi()
	return ui, &AuthCommand{
		BaseCommand: &BaseCommand{
			UI: ui,

			// Override to our own token helper
			tokenHelper: token.NewTestingTokenHelper(),
		},
		Handlers: map[string]LoginHandler{
			"token":    &credToken.CLIHandler{},
			"userpass": &credUserpass.CLIHandler{},
		},
	}
}

func TestAuthCommand_Run(t *testing.T) {
	t.Parallel()

	// TODO: remove in 0.9.0
	t.Run("deprecated_methods", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		ui, cmd := testAuthCommand(t)
		cmd.client = client

		// vault auth -methods -> vault auth list
		code := cmd.Run([]string{"-methods"})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
		}
		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()

		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
			t.Errorf("expected %q to contain %q", stderr, expected)
		}

		if expected := "token/"; !strings.Contains(stdout, expected) {
			t.Errorf("expected %q to contain %q", stdout, expected)
		}
	})

	t.Run("deprecated_method_help", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		ui, cmd := testAuthCommand(t)
		cmd.client = client

		// vault auth -method=foo -method-help -> vault auth help foo
		code := cmd.Run([]string{
			"-method=userpass",
			"-method-help",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
		}
		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()

		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
			t.Errorf("expected %q to contain %q", stderr, expected)
		}

		if expected := "vault login"; !strings.Contains(stdout, expected) {
			t.Errorf("expected %q to contain %q", stdout, expected)
		}
	})

	t.Run("deprecated_login", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		if err := client.Sys().EnableAuth("my-auth", "userpass", ""); err != nil {
			t.Fatal(err)
		}
		if _, err := client.Logical().Write("auth/my-auth/users/test", map[string]interface{}{
			"password": "test",
			"policies": "default",
		}); err != nil {
			t.Fatal(err)
		}

		ui, cmd := testAuthCommand(t)
		cmd.client = client

		// vault auth ARGS -> vault login ARGS
		code := cmd.Run([]string{
			"-method", "userpass",
			"-path", "my-auth",
			"username=test",
			"password=test",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
		}
		stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()

		if expected := "WARNING!"; !strings.Contains(stderr, expected) {
			t.Errorf("expected %q to contain %q", stderr, expected)
		}

		if expected := "Success! You are now authenticated."; !strings.Contains(stdout, expected) {
			t.Errorf("expected %q to contain %q", stdout, expected)
		}
	})

	t.Run("no_tabs", func(t *testing.T) {
		t.Parallel()

		_, cmd := testAuthCommand(t)
		assertNoTabs(t, cmd)
	})
}
command/auth: boilerplate 2015-03-29 23:42:45 +00:00			`package command`

			`import (`
command/mounts: columnize 2015-04-02 00:01:10 +00:00			`"strings"`
command/auth: boilerplate 2015-03-29 23:42:45 +00:00			`"testing"`

Update auth command 2017-09-05 03:59:24 +00:00			`"github.com/mitchellh/cli"`
Change auth helper interface to api.Secret. (#3263) This allows us to properly handle wrapped responses. Fixes #3217 2017-08-31 20:57:00 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`credToken "github.com/hashicorp/vault/builtin/credential/token"`
			`credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"`
			`"github.com/hashicorp/vault/command/token"`
command/auth: boilerplate 2015-03-29 23:42:45 +00:00			`)`

Update auth command 2017-09-05 03:59:24 +00:00			`func testAuthCommand(tb testing.TB) (cli.MockUi, AuthCommand) {`
			`tb.Helper()`
command/auth: setting tokens works 2015-03-30 17:55:41 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`ui := cli.NewMockUi()`
			`return ui, &AuthCommand{`
			`BaseCommand: &BaseCommand{`
			`UI: ui,`
command/auth: setting tokens works 2015-03-30 17:55:41 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`// Override to our own token helper`
			`tokenHelper: token.NewTestingTokenHelper(),`
Change auth helper interface to api.Secret. (#3263) This allows us to properly handle wrapped responses. Fixes #3217 2017-08-31 20:57:00 +00:00			`},`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`Handlers: map[string]LoginHandler{`
Update auth command 2017-09-05 03:59:24 +00:00			`"token": &credToken.CLIHandler{},`
			`"userpass": &credUserpass.CLIHandler{},`
Change auth helper interface to api.Secret. (#3263) This allows us to properly handle wrapped responses. Fixes #3217 2017-08-31 20:57:00 +00:00			`},`
			`}`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
Change auth helper interface to api.Secret. (#3263) This allows us to properly handle wrapped responses. Fixes #3217 2017-08-31 20:57:00 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`func TestAuthCommand_Run(t *testing.T) {`
			`t.Parallel()`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`// TODO: remove in 0.9.0`
			`t.Run("deprecated_methods", func(t *testing.T) {`
Update auth command 2017-09-05 03:59:24 +00:00			`t.Parallel()`
Add test for stdin input Shamelessly borrowed this pattern from write_test.go 2015-05-23 18:22:35 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`client, closer := testVaultServer(t)`
			`defer closer()`
Check for invalid token when authing via cli If a token does not exist, the Read request returns without an error, but the secret returned is `nil`, so we need to check for that. Closes #75 2015-04-29 02:23:26 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`ui, cmd := testAuthCommand(t)`
			`cmd.client = client`
Check for invalid token when authing via cli If a token does not exist, the Read request returns without an error, but the secret returned is `nil`, so we need to check for that. Closes #75 2015-04-29 02:23:26 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`// vault auth -methods -> vault auth list`
			`code := cmd.Run([]string{"-methods"})`
Update auth command 2017-09-05 03:59:24 +00:00			`if exp := 0; code != exp {`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()`
Update auth command 2017-09-05 03:59:24 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "WARNING!"; !strings.Contains(stderr, expected) {`
			`t.Errorf("expected %q to contain %q", stderr, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "token/"; !strings.Contains(stdout, expected) {`
			`t.Errorf("expected %q to contain %q", stdout, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
			`})`
command/auth: test for other methods 2015-04-06 16:40:47 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`t.Run("deprecated_method_help", func(t *testing.T) {`
Update auth command 2017-09-05 03:59:24 +00:00			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			`ui, cmd := testAuthCommand(t)`
			`cmd.client = client`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`// vault auth -method=foo -method-help -> vault auth help foo`
Update auth command 2017-09-05 03:59:24 +00:00			`code := cmd.Run([]string{`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`"-method=userpass",`
			`"-method-help",`
Update auth command 2017-09-05 03:59:24 +00:00			`})`
			`if exp := 0; code != exp {`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()`
Update auth command 2017-09-05 03:59:24 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "WARNING!"; !strings.Contains(stderr, expected) {`
			`t.Errorf("expected %q to contain %q", stderr, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "vault login"; !strings.Contains(stdout, expected) {`
			`t.Errorf("expected %q to contain %q", stdout, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
			`})`
command/auth: test for other methods 2015-04-06 16:40:47 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`t.Run("deprecated_login", func(t *testing.T) {`
Update auth command 2017-09-05 03:59:24 +00:00			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if err := client.Sys().EnableAuth("my-auth", "userpass", ""); err != nil {`
Update auth command 2017-09-05 03:59:24 +00:00			`t.Fatal(err)`
			`}`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if _, err := client.Logical().Write("auth/my-auth/users/test", map[string]interface{}{`
Update auth command 2017-09-05 03:59:24 +00:00			`"password": "test",`
			`"policies": "default",`
			`}); err != nil {`
			`t.Fatal(err)`
			`}`

			`ui, cmd := testAuthCommand(t)`
			`cmd.client = client`

Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`// vault auth ARGS -> vault login ARGS`
Update auth command 2017-09-05 03:59:24 +00:00			`code := cmd.Run([]string{`
			`"-method", "userpass",`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`"-path", "my-auth",`
Update auth command 2017-09-05 03:59:24 +00:00			`"username=test",`
			`"password=test",`
			`})`
			`if exp := 0; code != exp {`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`stdout, stderr := ui.OutputWriter.String(), ui.ErrorWriter.String()`
command/auth: test for other methods 2015-04-06 16:40:47 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "WARNING!"; !strings.Contains(stderr, expected) {`
			`t.Errorf("expected %q to contain %q", stderr, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
command/auth: tests work wihtout vault installed 2015-03-30 18:07:31 +00:00
Introduce auth as a subcommand 2017-09-08 01:56:39 +00:00			`if expected := "Success! You are now authenticated."; !strings.Contains(stdout, expected) {`
			`t.Errorf("expected %q to contain %q", stdout, expected)`
Update auth command 2017-09-05 03:59:24 +00:00			`}`
			`})`
command/auth: tests work wihtout vault installed 2015-03-30 18:07:31 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`t.Run("no_tabs", func(t *testing.T) {`
			`t.Parallel()`
command/auth: test for other methods 2015-04-06 16:40:47 +00:00
Update auth command 2017-09-05 03:59:24 +00:00			`_, cmd := testAuthCommand(t)`
			`assertNoTabs(t, cmd)`
			`})`
command/auth: test for other methods 2015-04-06 16:40:47 +00:00			`}`