| // Copyright (c) HashiCorp, Inc. |
| // SPDX-License-Identifier: MPL-2.0 |
| |
| package command |
| |
| import ( |
| "strings" |
| "testing" |
| |
| "github.com/mitchellh/cli" |
| ) |
| |
| func testTokenRevokeCommand(tb testing.TB) (*cli.MockUi, *TokenRevokeCommand) { |
| tb.Helper() |
| |
| ui := cli.NewMockUi() |
| return ui, &TokenRevokeCommand{ |
| BaseCommand: &BaseCommand{ |
| UI: ui, |
| }, |
| } |
| } |
| |
| func TestTokenRevokeCommand_Run(t *testing.T) { |
| t.Parallel() |
| |
| validations := []struct { |
| name string |
| args []string |
| out string |
| code int |
| }{ |
| { |
| "bad_mode", |
| []string{"-mode=banana"}, |
| "Invalid mode", |
| 1, |
| }, |
| { |
| "empty", |
| nil, |
| "Not enough arguments", |
| 1, |
| }, |
| { |
| "args_with_self", |
| []string{"-self", "abcd1234"}, |
| "Too many arguments", |
| 1, |
| }, |
| { |
| "too_many_args", |
| []string{"abcd1234", "efgh5678"}, |
| "Too many arguments", |
| 1, |
| }, |
| { |
| "self_and_accessor", |
| []string{"-self", "-accessor"}, |
| "Cannot use -self with -accessor", |
| 1, |
| }, |
| { |
| "self_and_mode", |
| []string{"-self", "-mode=orphan"}, |
| "Cannot use -self with -mode", |
| 1, |
| }, |
| { |
| "accessor_and_mode_orphan", |
| []string{"-accessor", "-mode=orphan", "abcd1234"}, |
| "Cannot use -accessor with -mode=orphan", |
| 1, |
| }, |
| { |
| "accessor_and_mode_path", |
| []string{"-accessor", "-mode=path", "abcd1234"}, |
| "Cannot use -accessor with -mode=path", |
| 1, |
| }, |
| } |
| |
| t.Run("validations", func(t *testing.T) { |
| t.Parallel() |
| |
| for _, tc := range validations { |
| tc := tc |
| |
| t.Run(tc.name, func(t *testing.T) { |
| t.Parallel() |
| |
| client, closer := testVaultServer(t) |
| defer closer() |
| |
| ui, cmd := testTokenRevokeCommand(t) |
| cmd.client = client |
| |
| code := cmd.Run(tc.args) |
| if code != tc.code { |
| t.Errorf("expected %d to be %d", code, tc.code) |
| } |
| |
| combined := ui.OutputWriter.String() + ui.ErrorWriter.String() |
| if !strings.Contains(combined, tc.out) { |
| t.Errorf("expected %q to contain %q", combined, tc.out) |
| } |
| }) |
| } |
| }) |
| |
| t.Run("token", func(t *testing.T) { |
| t.Parallel() |
| |
| client, closer := testVaultServer(t) |
| defer closer() |
| |
| token, _ := testTokenAndAccessor(t, client) |
| |
| ui, cmd := testTokenRevokeCommand(t) |
| cmd.client = client |
| |
| code := cmd.Run([]string{ |
| token, |
| }) |
| if exp := 0; code != exp { |
| t.Errorf("expected %d to be %d", code, exp) |
| } |
| |
| expected := "Success! Revoked token" |
| combined := ui.OutputWriter.String() + ui.ErrorWriter.String() |
| if !strings.Contains(combined, expected) { |
| t.Errorf("expected %q to contain %q", combined, expected) |
| } |
| |
| secret, err := client.Auth().Token().Lookup(token) |
| if secret != nil || err == nil { |
| t.Errorf("expected token to be revoked: %#v", secret) |
| } |
| }) |
| |
| t.Run("self", func(t *testing.T) { |
| t.Parallel() |
| |
| client, closer := testVaultServer(t) |
| defer closer() |
| |
| ui, cmd := testTokenRevokeCommand(t) |
| cmd.client = client |
| |
| code := cmd.Run([]string{ |
| "-self", |
| }) |
| if exp := 0; code != exp { |
| t.Errorf("expected %d to be %d", code, exp) |
| } |
| |
| expected := "Success! Revoked token" |
| combined := ui.OutputWriter.String() + ui.ErrorWriter.String() |
| if !strings.Contains(combined, expected) { |
| t.Errorf("expected %q to contain %q", combined, expected) |
| } |
| |
| secret, err := client.Auth().Token().LookupSelf() |
| if secret != nil || err == nil { |
| t.Errorf("expected token to be revoked: %#v", secret) |
| } |
| }) |
| |
| t.Run("accessor", func(t *testing.T) { |
| t.Parallel() |
| |
| client, closer := testVaultServer(t) |
| defer closer() |
| |
| token, accessor := testTokenAndAccessor(t, client) |
| |
| ui, cmd := testTokenRevokeCommand(t) |
| cmd.client = client |
| |
| code := cmd.Run([]string{ |
| "-accessor", |
| accessor, |
| }) |
| if exp := 0; code != exp { |
| t.Errorf("expected %d to be %d", code, exp) |
| } |
| |
| expected := "Success! Revoked token" |
| combined := ui.OutputWriter.String() + ui.ErrorWriter.String() |
| if !strings.Contains(combined, expected) { |
| t.Errorf("expected %q to contain %q", combined, expected) |
| } |
| |
| secret, err := client.Auth().Token().Lookup(token) |
| if secret != nil || err == nil { |
| t.Errorf("expected token to be revoked: %#v", secret) |
| } |
| }) |
| |
| t.Run("communication_failure", func(t *testing.T) { |
| t.Parallel() |
| |
| client, closer := testVaultServerBad(t) |
| defer closer() |
| |
| ui, cmd := testTokenRevokeCommand(t) |
| cmd.client = client |
| |
| code := cmd.Run([]string{ |
| "abcd1234", |
| }) |
| if exp := 2; code != exp { |
| t.Errorf("expected %d to be %d", code, exp) |
| } |
| |
| expected := "Error revoking token: " |
| combined := ui.OutputWriter.String() + ui.ErrorWriter.String() |
| if !strings.Contains(combined, expected) { |
| t.Errorf("expected %q to contain %q", combined, expected) |
| } |
| }) |
| |
| t.Run("no_tabs", func(t *testing.T) { |
| t.Parallel() |
| |
| _, cmd := testTokenRevokeCommand(t) |
| assertNoTabs(t, cmd) |
| }) |
| } |
