package vault import ( "testing" "github.com/go-test/deep" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/logical" ) // TestOIDC_Path_OIDC_ProviderAssignment tests CRUD operations for assignments func TestOIDC_Path_OIDC_ProviderAssignment(t *testing.T) { c, _, _ := TestCoreUnsealed(t) ctx := namespace.RootContext(nil) storage := &logical.InmemStorage{} // Create a test assignment "test-assignment" -- should succeed resp, err := c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.CreateOperation, Storage: storage, }) expectSuccess(t, resp, err) // Read "test-assignment" and validate resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.ReadOperation, Storage: storage, }) expectSuccess(t, resp, err) expected := map[string]interface{}{ "groups": []string{}, "entities": []string{}, } if diff := deep.Equal(expected, resp.Data); diff != nil { t.Fatal(diff) } // Update "test-assignment" -- should succeed resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.UpdateOperation, Data: map[string]interface{}{ "groups": "my-group", "entities": "my-entity", }, Storage: storage, }) expectSuccess(t, resp, err) // Read "test-assignment" again and validate resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.ReadOperation, Storage: storage, }) expectSuccess(t, resp, err) expected = map[string]interface{}{ "groups": []string{"my-group"}, "entities": []string{"my-entity"}, } if diff := deep.Equal(expected, resp.Data); diff != nil { t.Fatal(diff) } // Delete test-assignment -- should succeed resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.DeleteOperation, Storage: storage, }) expectSuccess(t, resp, err) // Read "test-assignment" again and validate resp, _ = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.ReadOperation, Storage: storage, }) if resp != nil { t.Fatalf("expected nil but got resp: %#v", resp) } } // TestOIDC_Path_OIDC_ProviderAssignment_Update tests Update operations for assignments func TestOIDC_Path_OIDC_ProviderAssignment_Update(t *testing.T) { c, _, _ := TestCoreUnsealed(t) ctx := namespace.RootContext(nil) storage := &logical.InmemStorage{} // Create a test assignment "test-assignment" -- should succeed resp, err := c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.CreateOperation, Storage: storage, Data: map[string]interface{}{ "groups": "my-group", "entities": "my-entity", }, }) expectSuccess(t, resp, err) // Read "test-assignment" and validate resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.ReadOperation, Storage: storage, }) expectSuccess(t, resp, err) expected := map[string]interface{}{ "groups": []string{"my-group"}, "entities": []string{"my-entity"}, } if diff := deep.Equal(expected, resp.Data); diff != nil { t.Fatal(diff) } // Update "test-assignment" -- should succeed resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.UpdateOperation, Data: map[string]interface{}{ "groups": "my-group2", }, Storage: storage, }) expectSuccess(t, resp, err) // Read "test-assignment" again and validate resp, err = c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment", Operation: logical.ReadOperation, Storage: storage, }) expectSuccess(t, resp, err) expected = map[string]interface{}{ "groups": []string{"my-group2"}, "entities": []string{"my-entity"}, } if diff := deep.Equal(expected, resp.Data); diff != nil { t.Fatal(diff) } } // TestOIDC_Path_OIDC_ProviderAssignment_List tests the List operation for assignments func TestOIDC_Path_OIDC_ProviderAssignment_List(t *testing.T) { c, _, _ := TestCoreUnsealed(t) ctx := namespace.RootContext(nil) storage := &logical.InmemStorage{} // Prepare two assignments, test-assignment1 and test-assignment2 c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment1", Operation: logical.CreateOperation, Storage: storage, }) c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment2", Operation: logical.CreateOperation, Storage: storage, }) // list assignments respListAssignments, listErr := c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment", Operation: logical.ListOperation, Storage: storage, }) expectSuccess(t, respListAssignments, listErr) // validate list response expectedStrings := map[string]interface{}{"test-assignment1": true, "test-assignment2": true} expectStrings(t, respListAssignments.Data["keys"].([]string), expectedStrings) // delete test-assignment2 c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment/test-assignment2", Operation: logical.DeleteOperation, Storage: storage, }) // list assignments again and validate response respListAssignmentAfterDelete, listErrAfterDelete := c.identityStore.HandleRequest(ctx, &logical.Request{ Path: "oidc/assignment", Operation: logical.ListOperation, Storage: storage, }) expectSuccess(t, respListAssignmentAfterDelete, listErrAfterDelete) // validate list response delete(expectedStrings, "test-assignment2") expectStrings(t, respListAssignmentAfterDelete.Data["keys"].([]string), expectedStrings) }