open-vault/command/token_capabilities_test.go

package command

import (
	"strings"
	"testing"

	"github.com/hashicorp/vault/api"
	"github.com/mitchellh/cli"
)

func testTokenCapabilitiesCommand(tb testing.TB) (*cli.MockUi, *TokenCapabilitiesCommand) {
	tb.Helper()

	ui := cli.NewMockUi()
	return ui, &TokenCapabilitiesCommand{
		BaseCommand: &BaseCommand{
			UI: ui,
		},
	}
}

func TestTokenCapabilitiesCommand_Run(t *testing.T) {
	t.Parallel()

	cases := []struct {
		name string
		args []string
		out  string
		code int
	}{
		{
			"too_many_args",
			[]string{"foo", "bar", "zip"},
			"Too many arguments",
			1,
		},
	}

	for _, tc := range cases {
		tc := tc

		t.Run(tc.name, func(t *testing.T) {
			t.Parallel()

			client, closer := testVaultServer(t)
			defer closer()

			ui, cmd := testTokenCapabilitiesCommand(t)
			cmd.client = client

			code := cmd.Run(tc.args)
			if code != tc.code {
				t.Errorf("expected %d to be %d", code, tc.code)
			}

			combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
			if !strings.Contains(combined, tc.out) {
				t.Errorf("expected %q to contain %q", combined, tc.out)
			}
		})
	}

	t.Run("token", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		policy := `path "secret/foo" { capabilities = ["read"] }`
		if err := client.Sys().PutPolicy("policy", policy); err != nil {
			t.Error(err)
		}

		secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
			Policies: []string{"policy"},
			TTL:      "30m",
		})
		if err != nil {
			t.Fatal(err)
		}
		if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
			t.Fatalf("missing auth data: %#v", secret)
		}
		token := secret.Auth.ClientToken

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			token, "secret/foo",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "read"
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("local", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		policy := `path "secret/foo" { capabilities = ["read"] }`
		if err := client.Sys().PutPolicy("policy", policy); err != nil {
			t.Error(err)
		}

		secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{
			Policies: []string{"policy"},
			TTL:      "30m",
		})
		if err != nil {
			t.Fatal(err)
		}
		if secret == nil || secret.Auth == nil || secret.Auth.ClientToken == "" {
			t.Fatalf("missing auth data: %#v", secret)
		}
		token := secret.Auth.ClientToken

		client.SetToken(token)

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"secret/foo",
		})
		if exp := 0; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "read"
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("communication_failure", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServerBad(t)
		defer closer()

		ui, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"foo", "bar",
		})
		if exp := 2; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}

		expected := "Error listing capabilities: "
		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
		if !strings.Contains(combined, expected) {
			t.Errorf("expected %q to contain %q", combined, expected)
		}
	})

	t.Run("multiple_paths", func(t *testing.T) {
		t.Parallel()

		client, closer := testVaultServer(t)
		defer closer()

		_, cmd := testTokenCapabilitiesCommand(t)
		cmd.client = client

		code := cmd.Run([]string{
			"secret/foo,secret/bar",
		})
		if exp := 1; code != exp {
			t.Errorf("expected %d to be %d", code, exp)
		}
	})

	t.Run("no_tabs", func(t *testing.T) {
		t.Parallel()

		_, cmd := testTokenCapabilitiesCommand(t)
		assertNoTabs(t, cmd)
	})
}
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`package command`

			`import (`
Update capabilities command 2017-09-05 04:00:00 +00:00			`"strings"`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`"testing"`

Update capabilities command 2017-09-05 04:00:00 +00:00			`"github.com/hashicorp/vault/api"`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`"github.com/mitchellh/cli"`
			`)`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`func testTokenCapabilitiesCommand(tb testing.TB) (cli.MockUi, TokenCapabilitiesCommand) {`
Update capabilities command 2017-09-05 04:00:00 +00:00			`tb.Helper()`

			`ui := cli.NewMockUi()`
Add token as a subcommand 2017-09-08 01:58:13 +00:00			`return ui, &TokenCapabilitiesCommand{`
Update capabilities command 2017-09-05 04:00:00 +00:00			`BaseCommand: &BaseCommand{`
			`UI: ui,`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`},`
			`}`
Update capabilities command 2017-09-05 04:00:00 +00:00			`}`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00
Add token as a subcommand 2017-09-08 01:58:13 +00:00			`func TestTokenCapabilitiesCommand_Run(t *testing.T) {`
Update capabilities command 2017-09-05 04:00:00 +00:00			`t.Parallel()`
test cases for capabilities endpoint 2016-03-05 05:03:55 +00:00
Update capabilities command 2017-09-05 04:00:00 +00:00			`cases := []struct {`
			`name string`
			`args []string`
			`out string`
			`code int`
			`}{`
			`{`
			`"too_many_args",`
			`[]string{"foo", "bar", "zip"},`
			`"Too many arguments",`
			`1,`
			`},`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`}`

Update capabilities command 2017-09-05 04:00:00 +00:00			`for _, tc := range cases {`
			`tc := tc`
test cases for capabilities endpoint 2016-03-05 05:03:55 +00:00
Update capabilities command 2017-09-05 04:00:00 +00:00			`t.Run(tc.name, func(t *testing.T) {`
			`t.Parallel()`

Always use a local test server (#4207) Some commands didn't setup a local test server since they didn't need it. Other commands didn't setup a local test server because Seth forgot. Long story short, I kept seeing weird requests to my Vault server when I ran tests, and that should never happen. This ensures all test requests will go to a test Vault instance. Benchmarks show this adds 0.4s to the command test suite. 2018-03-28 14:34:37 +00:00			`client, closer := testVaultServer(t)`
			`defer closer()`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`ui, cmd := testTokenCapabilitiesCommand(t)`
Always use a local test server (#4207) Some commands didn't setup a local test server since they didn't need it. Other commands didn't setup a local test server because Seth forgot. Long story short, I kept seeing weird requests to my Vault server when I ran tests, and that should never happen. This ensures all test requests will go to a test Vault instance. Benchmarks show this adds 0.4s to the command test suite. 2018-03-28 14:34:37 +00:00			`cmd.client = client`
test cases for capabilities endpoint 2016-03-05 05:03:55 +00:00
Update capabilities command 2017-09-05 04:00:00 +00:00			`code := cmd.Run(tc.args)`
			`if code != tc.code {`
			`t.Errorf("expected %d to be %d", code, tc.code)`
			`}`

			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, tc.out) {`
			`t.Errorf("expected %q to contain %q", combined, tc.out)`
			`}`
			`})`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`}`
Update capabilities command 2017-09-05 04:00:00 +00:00
			`t.Run("token", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			policy := `path "secret/foo" { capabilities = ["read"] }`
			`if err := client.Sys().PutPolicy("policy", policy); err != nil {`
			`t.Error(err)`
			`}`

			`secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{`
			`Policies: []string{"policy"},`
			`TTL: "30m",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if secret == nil \|\| secret.Auth == nil \|\| secret.Auth.ClientToken == "" {`
			`t.Fatalf("missing auth data: %#v", secret)`
			`}`
			`token := secret.Auth.ClientToken`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`ui, cmd := testTokenCapabilitiesCommand(t)`
Update capabilities command 2017-09-05 04:00:00 +00:00			`cmd.client = client`

			`code := cmd.Run([]string{`
			`token, "secret/foo",`
			`})`
			`if exp := 0; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "read"`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

			`t.Run("local", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			policy := `path "secret/foo" { capabilities = ["read"] }`
			`if err := client.Sys().PutPolicy("policy", policy); err != nil {`
			`t.Error(err)`
			`}`

			`secret, err := client.Auth().Token().Create(&api.TokenCreateRequest{`
			`Policies: []string{"policy"},`
			`TTL: "30m",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if secret == nil \|\| secret.Auth == nil \|\| secret.Auth.ClientToken == "" {`
			`t.Fatalf("missing auth data: %#v", secret)`
			`}`
			`token := secret.Auth.ClientToken`

			`client.SetToken(token)`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`ui, cmd := testTokenCapabilitiesCommand(t)`
Update capabilities command 2017-09-05 04:00:00 +00:00			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"secret/foo",`
			`})`
			`if exp := 0; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "read"`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

			`t.Run("communication_failure", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServerBad(t)`
			`defer closer()`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`ui, cmd := testTokenCapabilitiesCommand(t)`
Update capabilities command 2017-09-05 04:00:00 +00:00			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"foo", "bar",`
			`})`
			`if exp := 2; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`

			`expected := "Error listing capabilities: "`
			`combined := ui.OutputWriter.String() + ui.ErrorWriter.String()`
			`if !strings.Contains(combined, expected) {`
			`t.Errorf("expected %q to contain %q", combined, expected)`
			`}`
			`})`

Fix panic when running capabilities CLI command with multiple paths (#4553) * Fix panic using 'vault token capabilities' with more than one path Fixes #4552 * Add test 2018-05-11 15:58:12 +00:00			`t.Run("multiple_paths", func(t *testing.T) {`
			`t.Parallel()`

			`client, closer := testVaultServer(t)`
			`defer closer()`

			`_, cmd := testTokenCapabilitiesCommand(t)`
			`cmd.client = client`

			`code := cmd.Run([]string{`
			`"secret/foo,secret/bar",`
			`})`
			`if exp := 1; code != exp {`
			`t.Errorf("expected %d to be %d", code, exp)`
			`}`
			`})`

Update capabilities command 2017-09-05 04:00:00 +00:00			`t.Run("no_tabs", func(t *testing.T) {`
			`t.Parallel()`

Add token as a subcommand 2017-09-08 01:58:13 +00:00			`_, cmd := testTokenCapabilitiesCommand(t)`
Update capabilities command 2017-09-05 04:00:00 +00:00			`assertNoTabs(t, cmd)`
			`})`
Test files for capabilities endpoint 2016-03-03 17:24:28 +00:00			`}`