v1.14.6/builtin/logical/aws/stepwise_test.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package aws

 import (
 	"os"
 	"sync"
 	"testing"

 	stepwise "github.com/hashicorp/vault-testing-stepwise"
 	dockerEnvironment "github.com/hashicorp/vault-testing-stepwise/environments/docker"
 	"github.com/hashicorp/vault/api"
 	"github.com/mitchellh/mapstructure"
 )

 var stepwiseSetup sync.Once

 func TestAccBackend_Stepwise_basic(t *testing.T) {
 	t.Parallel()
 	envOptions := &stepwise.MountOptions{
 		RegistryName:    "aws-sec",
 		PluginType:      api.PluginTypeSecrets,
 		PluginName:      "aws",
 		MountPathPrefix: "aws-sec",
 	}
 	roleName := "vault-stepwise-role"
 	stepwise.Run(t, stepwise.Case{
 		Precheck:    func() { testAccStepwisePreCheck(t) },
 		Environment: dockerEnvironment.NewEnvironment("aws", envOptions),
 		Steps: []stepwise.Step{
 			testAccStepwiseConfig(t),
 			testAccStepwiseWritePolicy(t, roleName, testDynamoPolicy),
 			testAccStepwiseRead(t, "creds", roleName, []credentialTestFunc{listDynamoTablesTest}),
 		},
 	})
 }

 func testAccStepwiseConfig(t *testing.T) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "config/root",
 		Data: map[string]interface{}{
 			"region":     os.Getenv("AWS_DEFAULT_REGION"),
 			"access_key": os.Getenv("TEST_AWS_ACCESS_KEY"),
 			"secret_key": os.Getenv("TEST_AWS_SECRET_KEY"),
 		},
 	}
 }

 func testAccStepwiseWritePolicy(t *testing.T, name string, policy string) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.UpdateOperation,
 		Path:      "roles/" + name,
 		Data: map[string]interface{}{
 			"policy_document": policy,
 			"credential_type": "iam_user",
 		},
 	}
 }

 func testAccStepwiseRead(t *testing.T, path, name string, credentialTests []credentialTestFunc) stepwise.Step {
 	return stepwise.Step{
 		Operation: stepwise.ReadOperation,
 		Path:      path + "/" + name,
 		Assert: func(resp *api.Secret, err error) error {
 			if err != nil {
 				return err
 			}
 			var d struct {
 				AccessKey string `mapstructure:"access_key"`
 				SecretKey string `mapstructure:"secret_key"`
 				STSToken  string `mapstructure:"security_token"`
 			}
 			if err := mapstructure.Decode(resp.Data, &d); err != nil {
 				return err
 			}
 			t.Logf("[WARN] Generated credentials: %v", d)
 			for _, testFunc := range credentialTests {
 				err := testFunc(d.AccessKey, d.SecretKey, d.STSToken)
 				if err != nil {
 					return err
 				}
 			}
 			return nil
 		},
 	}
 }

 func testAccStepwisePreCheck(t *testing.T) {
 	stepwiseSetup.Do(func() {
 		if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" {
 			t.Logf("[INFO] Test: Using us-west-2 as test region")
 			os.Setenv("AWS_DEFAULT_REGION", "us-west-2")
 		}

 		// Ensure test variables are set
 		if v := os.Getenv("TEST_AWS_ACCESS_KEY"); v == "" {
 			t.Skip("TEST_AWS_ACCESS_KEY not set")
 		}
 		if v := os.Getenv("TEST_AWS_SECRET_KEY"); v == "" {
 			t.Skip("TEST_AWS_SECRET_KEY not set")
 		}
 	})
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package aws

	import (
	"os"
	"sync"
	"testing"

	stepwise "github.com/hashicorp/vault-testing-stepwise"
	dockerEnvironment "github.com/hashicorp/vault-testing-stepwise/environments/docker"
	"github.com/hashicorp/vault/api"
	"github.com/mitchellh/mapstructure"
	)

	var stepwiseSetup sync.Once

	func TestAccBackend_Stepwise_basic(t *testing.T) {
	t.Parallel()
	envOptions := &stepwise.MountOptions{
	RegistryName: "aws-sec",
	PluginType: api.PluginTypeSecrets,
	PluginName: "aws",
	MountPathPrefix: "aws-sec",
	}
	roleName := "vault-stepwise-role"
	stepwise.Run(t, stepwise.Case{
	Precheck: func() { testAccStepwisePreCheck(t) },
	Environment: dockerEnvironment.NewEnvironment("aws", envOptions),
	Steps: []stepwise.Step{
	testAccStepwiseConfig(t),
	testAccStepwiseWritePolicy(t, roleName, testDynamoPolicy),
	testAccStepwiseRead(t, "creds", roleName, []credentialTestFunc{listDynamoTablesTest}),
	},
	})
	}

	func testAccStepwiseConfig(t *testing.T) stepwise.Step {
	return stepwise.Step{
	Operation: stepwise.UpdateOperation,
	Path: "config/root",
	Data: map[string]interface{}{
	"region": os.Getenv("AWS_DEFAULT_REGION"),
	"access_key": os.Getenv("TEST_AWS_ACCESS_KEY"),
	"secret_key": os.Getenv("TEST_AWS_SECRET_KEY"),
	},
	}
	}

	func testAccStepwiseWritePolicy(t *testing.T, name string, policy string) stepwise.Step {
	return stepwise.Step{
	Operation: stepwise.UpdateOperation,
	Path: "roles/" + name,
	Data: map[string]interface{}{
	"policy_document": policy,
	"credential_type": "iam_user",
	},
	}
	}

	func testAccStepwiseRead(t *testing.T, path, name string, credentialTests []credentialTestFunc) stepwise.Step {
	return stepwise.Step{
	Operation: stepwise.ReadOperation,
	Path: path + "/" + name,
	Assert: func(resp *api.Secret, err error) error {
	if err != nil {
	return err
	}
	var d struct {
	AccessKey string `mapstructure:"access_key"`
	SecretKey string `mapstructure:"secret_key"`
	STSToken string `mapstructure:"security_token"`
	}
	if err := mapstructure.Decode(resp.Data, &d); err != nil {
	return err
	}
	t.Logf("[WARN] Generated credentials: %v", d)
	for _, testFunc := range credentialTests {
	err := testFunc(d.AccessKey, d.SecretKey, d.STSToken)
	if err != nil {
	return err
	}
	}
	return nil
	},
	}
	}

	func testAccStepwisePreCheck(t *testing.T) {
	stepwiseSetup.Do(func() {
	if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" {
	t.Logf("[INFO] Test: Using us-west-2 as test region")
	os.Setenv("AWS_DEFAULT_REGION", "us-west-2")
	}

	// Ensure test variables are set
	if v := os.Getenv("TEST_AWS_ACCESS_KEY"); v == "" {
	t.Skip("TEST_AWS_ACCESS_KEY not set")
	}
	if v := os.Getenv("TEST_AWS_SECRET_KEY"); v == "" {
	t.Skip("TEST_AWS_SECRET_KEY not set")
	}
	})
	}