package hana import ( "context" "database/sql" "fmt" "os" "strings" "testing" "time" "github.com/hashicorp/vault/sdk/database/dbplugin" ) func TestHANA_Initialize(t *testing.T) { if os.Getenv("HANA_URL") == "" || os.Getenv("VAULT_ACC") != "1" { t.SkipNow() } connURL := os.Getenv("HANA_URL") connectionDetails := map[string]interface{}{ "connection_url": connURL, } db := new() _, err := db.Init(context.Background(), connectionDetails, true) if err != nil { t.Fatalf("err: %s", err) } if !db.Initialized { t.Fatal("Database should be initialized") } err = db.Close() if err != nil { t.Fatalf("err: %s", err) } } // this test will leave a lingering user on the system func TestHANA_CreateUser(t *testing.T) { if os.Getenv("HANA_URL") == "" || os.Getenv("VAULT_ACC") != "1" { t.SkipNow() } connURL := os.Getenv("HANA_URL") connectionDetails := map[string]interface{}{ "connection_url": connURL, } db := new() _, err := db.Init(context.Background(), connectionDetails, true) if err != nil { t.Fatalf("err: %s", err) } usernameConfig := dbplugin.UsernameConfig{ DisplayName: "test-test", RoleName: "test-test", } // Test with no configured Creation Statement _, _, err = db.CreateUser(context.Background(), dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Hour)) if err == nil { t.Fatal("Expected error when no creation statement is provided") } statements := dbplugin.Statements{ Creation: []string{testHANARole}, } username, password, err := db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour)) if err != nil { t.Fatalf("err: %s", err) } if err = testCredsExist(t, connURL, username, password); err != nil { t.Fatalf("Could not connect with new credentials: %s", err) } } func TestHANA_RevokeUser(t *testing.T) { if os.Getenv("HANA_URL") == "" || os.Getenv("VAULT_ACC") != "1" { t.SkipNow() } connURL := os.Getenv("HANA_URL") connectionDetails := map[string]interface{}{ "connection_url": connURL, } db := new() _, err := db.Init(context.Background(), connectionDetails, true) if err != nil { t.Fatalf("err: %s", err) } statements := dbplugin.Statements{ Creation: []string{testHANARole}, } usernameConfig := dbplugin.UsernameConfig{ DisplayName: "test-test", RoleName: "test-test", } // Test default revoke statements username, password, err := db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour)) if err != nil { t.Fatalf("err: %s", err) } if err = testCredsExist(t, connURL, username, password); err != nil { t.Fatalf("Could not connect with new credentials: %s", err) } err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) } if err := testCredsExist(t, connURL, username, password); err == nil { t.Fatal("Credentials were not revoked") } // Test custom revoke statement username, password, err = db.CreateUser(context.Background(), statements, usernameConfig, time.Now().Add(time.Hour)) if err != nil { t.Fatalf("err: %s", err) } if err = testCredsExist(t, connURL, username, password); err != nil { t.Fatalf("Could not connect with new credentials: %s", err) } statements.Revocation = []string{testHANADrop} err = db.RevokeUser(context.Background(), statements, username) if err != nil { t.Fatalf("err: %s", err) } if err := testCredsExist(t, connURL, username, password); err == nil { t.Fatal("Credentials were not revoked") } } func testCredsExist(t testing.TB, connURL, username, password string) error { // Log in with the new creds parts := strings.Split(connURL, "@") connURL = fmt.Sprintf("hdb://%s:%s@%s", username, password, parts[1]) db, err := sql.Open("hdb", connURL) if err != nil { return err } defer db.Close() return db.Ping() } const testHANARole = ` CREATE USER {{name}} PASSWORD {{password}} VALID UNTIL '{{expiration}}';` const testHANADrop = ` DROP USER {{name}} CASCADE;`