2020-06-26 22:52:31 +00:00
|
|
|
package aws
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
|
2021-07-20 17:20:23 +00:00
|
|
|
stepwise "github.com/hashicorp/vault-testing-stepwise"
|
|
|
|
dockerEnvironment "github.com/hashicorp/vault-testing-stepwise/environments/docker"
|
2020-06-26 22:52:31 +00:00
|
|
|
"github.com/hashicorp/vault/api"
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestAccBackend_Stepwise_basic(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
envOptions := &stepwise.MountOptions{
|
|
|
|
RegistryName: "aws-sec",
|
|
|
|
PluginType: stepwise.PluginTypeSecrets,
|
|
|
|
PluginName: "aws",
|
|
|
|
MountPathPrefix: "aws-sec",
|
|
|
|
}
|
|
|
|
roleName := "vault-stepwise-role"
|
|
|
|
stepwise.Run(t, stepwise.Case{
|
|
|
|
Precheck: func() { testAccStepwisePreCheck(t) },
|
|
|
|
Environment: dockerEnvironment.NewEnvironment("aws", envOptions),
|
|
|
|
Steps: []stepwise.Step{
|
|
|
|
testAccStepwiseConfig(t),
|
|
|
|
testAccStepwiseWritePolicy(t, roleName, testDynamoPolicy),
|
|
|
|
testAccStepwiseRead(t, "creds", roleName, []credentialTestFunc{listDynamoTablesTest}),
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccStepwiseConfig(t *testing.T) stepwise.Step {
|
|
|
|
return stepwise.Step{
|
|
|
|
Operation: stepwise.UpdateOperation,
|
|
|
|
Path: "config/root",
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
"region": os.Getenv("AWS_DEFAULT_REGION"),
|
|
|
|
"access_key": os.Getenv("TEST_AWS_ACCESS_KEY"),
|
|
|
|
"secret_key": os.Getenv("TEST_AWS_SECRET_KEY"),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccStepwiseWritePolicy(t *testing.T, name string, policy string) stepwise.Step {
|
|
|
|
return stepwise.Step{
|
|
|
|
Operation: stepwise.UpdateOperation,
|
|
|
|
Path: "roles/" + name,
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
"policy_document": policy,
|
|
|
|
"credential_type": "iam_user",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccStepwiseRead(t *testing.T, path, name string, credentialTests []credentialTestFunc) stepwise.Step {
|
|
|
|
return stepwise.Step{
|
|
|
|
Operation: stepwise.ReadOperation,
|
|
|
|
Path: path + "/" + name,
|
|
|
|
Assert: func(resp *api.Secret, err error) error {
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
var d struct {
|
|
|
|
AccessKey string `mapstructure:"access_key"`
|
|
|
|
SecretKey string `mapstructure:"secret_key"`
|
|
|
|
STSToken string `mapstructure:"security_token"`
|
|
|
|
}
|
|
|
|
if err := mapstructure.Decode(resp.Data, &d); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
t.Logf("[WARN] Generated credentials: %v", d)
|
|
|
|
for _, testFunc := range credentialTests {
|
|
|
|
err := testFunc(d.AccessKey, d.SecretKey, d.STSToken)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func testAccStepwisePreCheck(t *testing.T) {
|
|
|
|
initSetup.Do(func() {
|
|
|
|
if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" {
|
|
|
|
t.Logf("[INFO] Test: Using us-west-2 as test region")
|
|
|
|
os.Setenv("AWS_DEFAULT_REGION", "us-west-2")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ensure test variables are set
|
|
|
|
if v := os.Getenv("TEST_AWS_ACCESS_KEY"); v == "" {
|
|
|
|
t.Skip("TEST_AWS_ACCESS_KEY not set")
|
|
|
|
}
|
|
|
|
if v := os.Getenv("TEST_AWS_SECRET_KEY"); v == "" {
|
|
|
|
t.Skip("TEST_AWS_SECRET_KEY not set")
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|