forked from mch1307/vaultlib
-
Notifications
You must be signed in to change notification settings - Fork 1
/
vault_test.go
115 lines (109 loc) · 3.53 KB
/
vault_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package vaultlib
import (
"encoding/json"
"os"
"reflect"
"testing"
"time"
)
func TestVaultClient_getKVInfo(t *testing.T) {
conf := NewConfig()
conf.Address = "http://localhost:8200"
cred := AppRoleCredentials{
RoleID: vaultRoleID,
SecretID: vaultSecretID,
}
conf.AppRoleCredentials = &cred
badReqConf := NewConfig()
badReqConf.Address = "https://localhost:8200"
noCred := AppRoleCredentials{
RoleID: "",
SecretID: "",
}
noCredConf := NewConfig()
noCredConf.AppRoleCredentials = &noCred
type fields struct {
Config *Config
}
type args struct {
path string
}
tests := []struct {
name string
fields fields
args args
wantVersion string
wantName string
wantErr bool
}{
{"foundV1", fields{conf}, args{"kv_v1/path/my-secret"}, "1", "kv_v1/path/", false},
{"foundV2", fields{conf}, args{"kv_v2/path/my-secret"}, "2", "kv_v2/path/", false},
{"notFound", fields{conf}, args{"notExist/my-secret"}, "", "", true},
{"badRequest", fields{badReqConf}, args{"notExist/my-secret"}, "", "", true},
{"NoCred", fields{noCredConf}, args{"notExist/my-secret"}, "", "", true},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c, _ := NewClient(tt.fields.Config)
gotVersion, gotName, err := c.getKVInfo(tt.args.path)
if (err != nil) != tt.wantErr {
t.Errorf("Client.getKVInfo() error = %v, wantErr %v", err, tt.wantErr)
return
}
if gotVersion != tt.wantVersion {
t.Errorf("Client.getKVInfo() gotVersion = %v, want %v", gotVersion, tt.wantVersion)
}
if gotName != tt.wantName {
t.Errorf("Client.getKVInfo() gotName = %v, want %v", gotName, tt.wantName)
}
})
}
}
func TestVaultClient_GetSecret(t *testing.T) {
_ = os.Unsetenv("VAULT_TOKEN")
conf := NewConfig()
conf.AppRoleCredentials.RoleID = vaultRoleID
conf.AppRoleCredentials.SecretID = vaultSecretID
vc, err := NewClient(conf)
if err != nil {
t.Errorf("Failed to get vault cli %v", err)
}
conf.Address = "https://localhost:8200"
badCli, _ := NewClient(conf)
conf.Address = "http://localhost:8200"
conf.AppRoleCredentials.RoleID = noKVRoleID
conf.AppRoleCredentials.SecretID = noKVSecretID
// noPrivCli, _ := NewClient(conf)
expectedJSON := []byte(`{"json-secret":{"first-secret":"first-value","second-secret":"second-value"}}`)
tests := []struct {
name string
cli *Client
path string
wantKv map[string]string
wantJSON json.RawMessage
wantErr bool
}{
{"kvv1", vc, "kv_v1/path/my-secret", map[string]string{"my-v1-secret": "my-v1-secret-value"}, nil, false},
{"kvv2", vc, "kv_v2/path/my-secret", map[string]string{"my-first-secret": "my-first-secret-value",
"my-second-secret": "my-second-secret-value"}, nil, false},
{"json-secretV2", vc, "kv_v2/path/json-secret", map[string]string{}, expectedJSON, false},
{"json-secretV1", vc, "kv_v1/path/json-secret", map[string]string{}, expectedJSON, false},
{"invalidURL", badCli, "kv_v1/path/my-secret", map[string]string{}, nil, true},
//{"missingPrivileges", noPrivCli, "kv_v1/path/my-secret", map[string]string{}, nil, true},
}
//wait so that token renewal takes place
time.Sleep(12 * time.Second)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := tt.cli
res, err := c.GetSecret(tt.path)
if (err != nil) != tt.wantErr {
t.Errorf("Client.GetSecret() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(res.KV, tt.wantKv) || !reflect.DeepEqual(res.JSONSecret, tt.wantJSON) {
t.Errorf("Client.GetSecret() = %v, want %v", res.KV, tt.wantKv)
}
})
}
}