| // Copyright (c) HashiCorp, Inc. |
| // SPDX-License-Identifier: MPL-2.0 |
| |
| package aws |
| |
| import ( |
| "os" |
| "sync" |
| "testing" |
| |
| stepwise "github.com/hashicorp/vault-testing-stepwise" |
| dockerEnvironment "github.com/hashicorp/vault-testing-stepwise/environments/docker" |
| "github.com/hashicorp/vault/api" |
| "github.com/mitchellh/mapstructure" |
| ) |
| |
| var stepwiseSetup sync.Once |
| |
| func TestAccBackend_Stepwise_basic(t *testing.T) { |
| t.Parallel() |
| envOptions := &stepwise.MountOptions{ |
| RegistryName: "aws-sec", |
| PluginType: api.PluginTypeSecrets, |
| PluginName: "aws", |
| MountPathPrefix: "aws-sec", |
| } |
| roleName := "vault-stepwise-role" |
| stepwise.Run(t, stepwise.Case{ |
| Precheck: func() { testAccStepwisePreCheck(t) }, |
| Environment: dockerEnvironment.NewEnvironment("aws", envOptions), |
| Steps: []stepwise.Step{ |
| testAccStepwiseConfig(t), |
| testAccStepwiseWritePolicy(t, roleName, testDynamoPolicy), |
| testAccStepwiseRead(t, "creds", roleName, []credentialTestFunc{listDynamoTablesTest}), |
| }, |
| }) |
| } |
| |
| func testAccStepwiseConfig(t *testing.T) stepwise.Step { |
| return stepwise.Step{ |
| Operation: stepwise.UpdateOperation, |
| Path: "config/root", |
| Data: map[string]interface{}{ |
| "region": os.Getenv("AWS_DEFAULT_REGION"), |
| "access_key": os.Getenv("TEST_AWS_ACCESS_KEY"), |
| "secret_key": os.Getenv("TEST_AWS_SECRET_KEY"), |
| }, |
| } |
| } |
| |
| func testAccStepwiseWritePolicy(t *testing.T, name string, policy string) stepwise.Step { |
| return stepwise.Step{ |
| Operation: stepwise.UpdateOperation, |
| Path: "roles/" + name, |
| Data: map[string]interface{}{ |
| "policy_document": policy, |
| "credential_type": "iam_user", |
| }, |
| } |
| } |
| |
| func testAccStepwiseRead(t *testing.T, path, name string, credentialTests []credentialTestFunc) stepwise.Step { |
| return stepwise.Step{ |
| Operation: stepwise.ReadOperation, |
| Path: path + "/" + name, |
| Assert: func(resp *api.Secret, err error) error { |
| if err != nil { |
| return err |
| } |
| var d struct { |
| AccessKey string `mapstructure:"access_key"` |
| SecretKey string `mapstructure:"secret_key"` |
| STSToken string `mapstructure:"security_token"` |
| } |
| if err := mapstructure.Decode(resp.Data, &d); err != nil { |
| return err |
| } |
| t.Logf("[WARN] Generated credentials: %v", d) |
| for _, testFunc := range credentialTests { |
| err := testFunc(d.AccessKey, d.SecretKey, d.STSToken) |
| if err != nil { |
| return err |
| } |
| } |
| return nil |
| }, |
| } |
| } |
| |
| func testAccStepwisePreCheck(t *testing.T) { |
| stepwiseSetup.Do(func() { |
| if v := os.Getenv("AWS_DEFAULT_REGION"); v == "" { |
| t.Logf("[INFO] Test: Using us-west-2 as test region") |
| os.Setenv("AWS_DEFAULT_REGION", "us-west-2") |
| } |
| |
| // Ensure test variables are set |
| if v := os.Getenv("TEST_AWS_ACCESS_KEY"); v == "" { |
| t.Skip("TEST_AWS_ACCESS_KEY not set") |
| } |
| if v := os.Getenv("TEST_AWS_SECRET_KEY"); v == "" { |
| t.Skip("TEST_AWS_SECRET_KEY not set") |
| } |
| }) |
| } |