luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Test request token overriding auto-auth case (#6346)

Browse source
This commit is contained in:
Vishal Nayak 2019-03-05 12:49:58 -05:00 committed by GitHub
parent 1274a8d3d4
commit ffcd85e1af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
command/agent/cache_end_to_end_test.go
View file

@ -278,11 +278,6 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
t.Fatal("secret file exists but was supposed to be removed") t.Fatal("secret file exists but was supposed to be removed")
} }
client.SetToken(string(val))
_, err := client.Auth().Token().LookupSelf()
if err != nil {
t.Fatal(err)
}
return string(val) return string(val)
} }
time.Sleep(250 * time.Millisecond) time.Sleep(250 * time.Millisecond)
@ -302,6 +297,7 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
mux := http.NewServeMux() mux := http.NewServeMux()
mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx)) mux.Handle(consts.AgentPathCacheClear, leaseCache.HandleCacheClear(ctx))
// Passing a non-nil inmemsink tells the agent to use the auto-auth token
mux.Handle("/", cache.Handler(ctx, cacheLogger, leaseCache, inmemSink)) mux.Handle("/", cache.Handler(ctx, cacheLogger, leaseCache, inmemSink))
server := &http.Server{ server := &http.Server{
Handler: mux, Handler: mux,
@ -324,15 +320,22 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
// Wait for listeners to come up // Wait for listeners to come up
time.Sleep(2 * time.Second) time.Sleep(2 * time.Second)
resp, err = testClient.Logical().Read("auth/token/lookup-self") // This block tests that no token on the client is detected by the agent
if err != nil { // and the auto-auth token is used
t.Fatal(err) {
} // Empty the token in the client to ensure that auto-auth token is used
if resp == nil { testClient.SetToken("")
t.Fatalf("failed to use the auto-auth token to perform lookup-self")
resp, err = testClient.Logical().Read("auth/token/lookup-self")
if err != nil {
t.Fatal(err)
}
if resp == nil {
t.Fatalf("failed to use the auto-auth token to perform lookup-self")
}
} }
// The following block tests lease creation caching using the auto-auth token. // This block tests lease creation caching using the auto-auth token.
{ {
resp, err = testClient.Logical().Read("kv/foo") resp, err = testClient.Logical().Read("kv/foo")
if err != nil { if err != nil {
@ -356,8 +359,8 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
} }
} }
// The following block tests auth token creation caching (child, non-orphan // This block tests auth token creation caching (child, non-orphan tokens)
// tokens) using the auto-auth token. // using the auto-auth token.
{ {
resp, err = testClient.Logical().Write("auth/token/create", nil) resp, err = testClient.Logical().Write("auth/token/create", nil)
if err != nil { if err != nil {
@ -378,4 +381,19 @@ func TestCache_UsingAutoAuthToken(t *testing.T) {
t.Fatalf("request ID mismatch, expected second request to be a cached response: %s != %s", origReqID, cacheReqID) t.Fatalf("request ID mismatch, expected second request to be a cached response: %s != %s", origReqID, cacheReqID)
} }
} }
// This blocks tests that despite being allowed to use auto-auth token, the
// token on the request will be prioritized.
{
// Empty the token in the client to ensure that auto-auth token is used
testClient.SetToken(client.Token())
resp, err = testClient.Logical().Read("auth/token/lookup-self")
if err != nil {
t.Fatal(err)
}
if resp == nil || resp.Data["id"] != client.Token() {
t.Fatalf("failed to use the cluster client token to perform lookup-self")
}
}
} }