-
Notifications
You must be signed in to change notification settings - Fork 4.1k
/
approle_test.go
98 lines (82 loc) · 2.31 KB
/
approle_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
package approle
import (
"encoding/json"
"fmt"
"net"
"net/http"
"os"
"strings"
"testing"
"github.com/hashicorp/vault/api"
)
// testHTTPServer creates a test HTTP server that handles requests until
// the listener returned is closed.
func testHTTPServer(
t *testing.T, handler http.Handler) (*api.Config, net.Listener) {
ln, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil {
t.Fatalf("err: %s", err)
}
server := &http.Server{Handler: handler}
go server.Serve(ln)
config := api.DefaultConfig()
config.Address = fmt.Sprintf("http://%s", ln.Addr())
return config, ln
}
func init() {
os.Setenv("VAULT_TOKEN", "")
}
func TestLogin(t *testing.T) {
allowedRoleID := "my-role-id"
allowedSecretID := "my-secret-id"
content := []byte(allowedSecretID)
tmpfile, err := os.CreateTemp("", "file-containing-secret-id")
if err != nil {
t.Fatalf("error creating temp file: %v", err)
}
defer os.Remove(tmpfile.Name()) // clean up
if _, err := tmpfile.Write(content); err != nil {
t.Fatalf("error writing to temp file: %v", err)
}
if err := tmpfile.Close(); err != nil {
t.Fatalf("error closing temp file: %v", err)
}
// a response to return if the correct values were passed to login
authSecret := &api.Secret{
Auth: &api.SecretAuth{
ClientToken: "a-client-token",
},
}
authBytes, err := json.Marshal(authSecret)
if err != nil {
t.Fatalf("error marshaling json: %v", err)
}
handler := func(w http.ResponseWriter, req *http.Request) {
payload := make(map[string]interface{})
err := json.NewDecoder(req.Body).Decode(&payload)
if err != nil {
t.Fatalf("error decoding json: %v", err)
}
if payload["role_id"] == allowedRoleID && payload["secret_id"] == allowedSecretID {
w.Write(authBytes)
}
}
config, ln := testHTTPServer(t, http.HandlerFunc(handler))
defer ln.Close()
config.Address = strings.ReplaceAll(config.Address, "127.0.0.1", "localhost")
client, err := api.NewClient(config)
if err != nil {
t.Fatalf("error initializing Vault client: %v", err)
}
appRoleAuth, err := NewAppRoleAuth("my-role-id", tmpfile.Name())
if err != nil {
t.Fatalf("error initializing AppRoleAuth: %v", err)
}
authInfo, err := client.Auth().Login(appRoleAuth)
if err != nil {
t.Fatalf("error logging in: %v", err)
}
if authInfo == nil {
t.Fatalf("no authentication info returned by login")
}
}