forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
path_config_rotate_root_test.go
79 lines (71 loc) · 2.01 KB
/
path_config_rotate_root_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package awsauth
import (
"context"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/iam/iamiface"
"github.com/hashicorp/go-secure-stdlib/awsutil"
"github.com/hashicorp/vault/sdk/logical"
)
func TestPathConfigRotateRoot(t *testing.T) {
getIAMClient = func(sess *session.Session) iamiface.IAMAPI {
return &awsutil.MockIAM{
CreateAccessKeyOutput: &iam.CreateAccessKeyOutput{
AccessKey: &iam.AccessKey{
AccessKeyId: aws.String("fizz2"),
SecretAccessKey: aws.String("buzz2"),
},
},
DeleteAccessKeyOutput: &iam.DeleteAccessKeyOutput{},
GetUserOutput: &iam.GetUserOutput{
User: &iam.User{
UserName: aws.String("ellen"),
},
},
}
}
ctx := context.Background()
config := logical.TestBackendConfig()
logical.TestBackendConfig()
storage := &logical.InmemStorage{}
config.StorageView = storage
b, err := Backend(config)
if err != nil {
t.Fatal(err)
}
clientConf := &clientConfig{
AccessKey: "fizz1",
SecretKey: "buzz1",
}
entry, err := logical.StorageEntryJSON("config/client", clientConf)
if err != nil {
t.Fatal(err)
}
if err := storage.Put(ctx, entry); err != nil {
t.Fatal(err)
}
req := &logical.Request{
Operation: logical.UpdateOperation,
Path: "config/rotate-root",
Storage: storage,
}
resp, err := b.HandleRequest(ctx, req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\nerr:%v", resp, err)
}
if resp == nil {
t.Fatal("expected nil response to represent a 204")
}
if resp.Data == nil {
t.Fatal("expected resp.Data")
}
if resp.Data["access_key"].(string) != "fizz2" {
t.Fatalf("expected new access key buzz2 but received %s", resp.Data["access_key"])
}
newClientConf, err := b.nonLockedClientConfigEntry(ctx, req.Storage)
if resp.Data["access_key"].(string) != newClientConf.AccessKey {
t.Fatalf("expected new access key buzz2 to be saved to storage but receieved %s", clientConf.AccessKey)
}
}