v1.14.6/command/auth_enable_test.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package command

 import (
 	"io/ioutil"
 	"strings"
 	"testing"

 	"github.com/go-test/deep"
 	"github.com/hashicorp/vault/helper/builtinplugins"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/mitchellh/cli"
 )

 func testAuthEnableCommand(tb testing.TB) (*cli.MockUi, *AuthEnableCommand) {
 	tb.Helper()

 	ui := cli.NewMockUi()
 	return ui, &AuthEnableCommand{
 		BaseCommand: &BaseCommand{
 			UI: ui,
 		},
 	}
 }

 func TestAuthEnableCommand_Run(t *testing.T) {
 	t.Parallel()

 	cases := []struct {
 		name string
 		args []string
 		out  string
 		code int
 	}{
 		{
 			"not_enough_args",
 			nil,
 			"Not enough arguments",
 			1,
 		},
 		{
 			"too_many_args",
 			[]string{"foo", "bar"},
 			"Too many arguments",
 			1,
 		},
 		{
 			"not_a_valid_auth",
 			[]string{"nope_definitely_not_a_valid_mount_like_ever"},
 			"",
 			2,
 		},
 	}

 	for _, tc := range cases {
 		tc := tc

 		t.Run(tc.name, func(t *testing.T) {
 			t.Parallel()

 			client, closer := testVaultServer(t)
 			defer closer()

 			ui, cmd := testAuthEnableCommand(t)
 			cmd.client = client

 			code := cmd.Run(tc.args)
 			if code != tc.code {
 				t.Errorf("expected command return code to be %d, got %d", tc.code, code)
 			}

 			combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 			if !strings.Contains(combined, tc.out) {
 				t.Errorf("expected %q in response\n got: %+v", tc.out, combined)
 			}
 		})
 	}

 	t.Run("integration", func(t *testing.T) {
 		t.Parallel()

 		client, closer := testVaultServer(t)
 		defer closer()

 		ui, cmd := testAuthEnableCommand(t)
 		cmd.client = client

 		code := cmd.Run([]string{
 			"-path", "auth_integration/",
 			"-description", "The best kind of test",
 			"-audit-non-hmac-request-keys", "foo,bar",
 			"-audit-non-hmac-response-keys", "foo,bar",
 			"-passthrough-request-headers", "authorization,authentication",
 			"-passthrough-request-headers", "www-authentication",
 			"-allowed-response-headers", "authorization",
 			"-listing-visibility", "unauth",
 			"userpass",
 		})
 		if exp := 0; code != exp {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

 		expected := "Success! Enabled userpass auth method at:"
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
 		}

 		auths, err := client.Sys().ListAuth()
 		if err != nil {
 			t.Fatal(err)
 		}

 		authInfo, ok := auths["auth_integration/"]
 		if !ok {
 			t.Fatalf("expected mount to exist")
 		}
 		if exp := "userpass"; authInfo.Type != exp {
 			t.Errorf("expected %q to be %q", authInfo.Type, exp)
 		}
 		if exp := "The best kind of test"; authInfo.Description != exp {
 			t.Errorf("expected %q to be %q", authInfo.Description, exp)
 		}
 		if diff := deep.Equal([]string{"authorization,authentication", "www-authentication"}, authInfo.Config.PassthroughRequestHeaders); len(diff) > 0 {
 			t.Errorf("Failed to find expected values in PassthroughRequestHeaders. Difference is: %v", diff)
 		}
 		if diff := deep.Equal([]string{"authorization"}, authInfo.Config.AllowedResponseHeaders); len(diff) > 0 {
 			t.Errorf("Failed to find expected values in AllowedResponseHeaders. Difference is: %v", diff)
 		}
 		if diff := deep.Equal([]string{"foo,bar"}, authInfo.Config.AuditNonHMACRequestKeys); len(diff) > 0 {
 			t.Errorf("Failed to find expected values in AuditNonHMACRequestKeys. Difference is: %v", diff)
 		}
 		if diff := deep.Equal([]string{"foo,bar"}, authInfo.Config.AuditNonHMACResponseKeys); len(diff) > 0 {
 			t.Errorf("Failed to find expected values in AuditNonHMACResponseKeys. Difference is: %v", diff)
 		}
 	})

 	t.Run("communication_failure", func(t *testing.T) {
 		t.Parallel()

 		client, closer := testVaultServerBad(t)
 		defer closer()

 		ui, cmd := testAuthEnableCommand(t)
 		cmd.client = client

 		code := cmd.Run([]string{
 			"userpass",
 		})
 		if exp := 2; code != exp {
 			t.Errorf("expected %d to be %d", code, exp)
 		}

 		expected := "Error enabling userpass auth: "
 		combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
 		if !strings.Contains(combined, expected) {
 			t.Errorf("expected %q to contain %q", combined, expected)
 		}
 	})

 	t.Run("no_tabs", func(t *testing.T) {
 		t.Parallel()

 		_, cmd := testAuthEnableCommand(t)
 		assertNoTabs(t, cmd)
 	})

 	t.Run("mount_all", func(t *testing.T) {
 		t.Parallel()

 		client, closer := testVaultServerAllBackends(t)
 		defer closer()

 		files, err := ioutil.ReadDir("../builtin/credential")
 		if err != nil {
 			t.Fatal(err)
 		}

 		var backends []string
 		for _, f := range files {
 			if f.IsDir() {
 				backends = append(backends, f.Name())
 			}
 		}

 		modFile, err := ioutil.ReadFile("../go.mod")
 		if err != nil {
 			t.Fatal(err)
 		}
 		modLines := strings.Split(string(modFile), "\n")
 		for _, p := range modLines {
 			splitLine := strings.Split(strings.TrimSpace(p), " ")
 			if len(splitLine) == 0 {
 				continue
 			}
 			potPlug := strings.TrimPrefix(splitLine[0], "github.com/hashicorp/")
 			if strings.HasPrefix(potPlug, "vault-plugin-auth-") {
 				backends = append(backends, strings.TrimPrefix(potPlug, "vault-plugin-auth-"))
 			}
 		}
 		// Since "pcf" plugin in the Vault registry is also pointed at the "vault-plugin-auth-cf"
 		// repository, we need to manually append it here so it'll tie out with our expected number
 		// of credential backends.
 		backends = append(backends, "pcf")

 		// Add 1 to account for the "token" backend, which is visible when you walk the filesystem but
 		// is treated as special and excluded from the registry.
 		// Subtract 1 to account for "oidc" which is an alias of "jwt" and not a separate plugin.
 		expected := len(builtinplugins.Registry.Keys(consts.PluginTypeCredential))
 		if len(backends) != expected {
 			t.Fatalf("expected %d credential backends, got %d", expected, len(backends))
 		}

 		for _, b := range backends {
 			var expectedResult int = 0

 			// Not a builtin
 			if b == "token" {
 				continue
 			}

 			ui, cmd := testAuthEnableCommand(t)
 			cmd.client = client

 			actualResult := cmd.Run([]string{
 				b,
 			})

 			// Need to handle deprecated builtins specially
 			status, _ := builtinplugins.Registry.DeprecationStatus(b, consts.PluginTypeCredential)
 			if status == consts.PendingRemoval || status == consts.Removed {
 				expectedResult = 2
 			}

 			if actualResult != expectedResult {
 				t.Errorf("type: %s - got: %d, expected: %d - %s", b, actualResult, expectedResult, ui.OutputWriter.String()+ui.ErrorWriter.String())
 			}
 		}
 	})
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package command

	import (
	"io/ioutil"
	"strings"
	"testing"

	"github.com/go-test/deep"
	"github.com/hashicorp/vault/helper/builtinplugins"
	"github.com/hashicorp/vault/sdk/helper/consts"
	"github.com/mitchellh/cli"
	)

	func testAuthEnableCommand(tb testing.TB) (cli.MockUi, AuthEnableCommand) {
	tb.Helper()

	ui := cli.NewMockUi()
	return ui, &AuthEnableCommand{
	BaseCommand: &BaseCommand{
	UI: ui,
	},
	}
	}

	func TestAuthEnableCommand_Run(t *testing.T) {
	t.Parallel()

	cases := []struct {
	name string
	args []string
	out string
	code int
	}{
	{
	"not_enough_args",
	nil,
	"Not enough arguments",
	1,
	},
	{
	"too_many_args",
	[]string{"foo", "bar"},
	"Too many arguments",
	1,
	},
	{
	"not_a_valid_auth",
	[]string{"nope_definitely_not_a_valid_mount_like_ever"},
	"",
	2,
	},
	}

	for _, tc := range cases {
	tc := tc

	t.Run(tc.name, func(t *testing.T) {
	t.Parallel()

	client, closer := testVaultServer(t)
	defer closer()

	ui, cmd := testAuthEnableCommand(t)
	cmd.client = client

	code := cmd.Run(tc.args)
	if code != tc.code {
	t.Errorf("expected command return code to be %d, got %d", tc.code, code)
	}

	combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
	if !strings.Contains(combined, tc.out) {
	t.Errorf("expected %q in response\n got: %+v", tc.out, combined)
	}
	})
	}

	t.Run("integration", func(t *testing.T) {
	t.Parallel()

	client, closer := testVaultServer(t)
	defer closer()

	ui, cmd := testAuthEnableCommand(t)
	cmd.client = client

	code := cmd.Run([]string{
	"-path", "auth_integration/",
	"-description", "The best kind of test",
	"-audit-non-hmac-request-keys", "foo,bar",
	"-audit-non-hmac-response-keys", "foo,bar",
	"-passthrough-request-headers", "authorization,authentication",
	"-passthrough-request-headers", "www-authentication",
	"-allowed-response-headers", "authorization",
	"-listing-visibility", "unauth",
	"userpass",
	})
	if exp := 0; code != exp {
	t.Errorf("expected %d to be %d", code, exp)
	}

	expected := "Success! Enabled userpass auth method at:"
	combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
	if !strings.Contains(combined, expected) {
	t.Errorf("expected %q to contain %q", combined, expected)
	}

	auths, err := client.Sys().ListAuth()
	if err != nil {
	t.Fatal(err)
	}

	authInfo, ok := auths["auth_integration/"]
	if !ok {
	t.Fatalf("expected mount to exist")
	}
	if exp := "userpass"; authInfo.Type != exp {
	t.Errorf("expected %q to be %q", authInfo.Type, exp)
	}
	if exp := "The best kind of test"; authInfo.Description != exp {
	t.Errorf("expected %q to be %q", authInfo.Description, exp)
	}
	if diff := deep.Equal([]string{"authorization,authentication", "www-authentication"}, authInfo.Config.PassthroughRequestHeaders); len(diff) > 0 {
	t.Errorf("Failed to find expected values in PassthroughRequestHeaders. Difference is: %v", diff)
	}
	if diff := deep.Equal([]string{"authorization"}, authInfo.Config.AllowedResponseHeaders); len(diff) > 0 {
	t.Errorf("Failed to find expected values in AllowedResponseHeaders. Difference is: %v", diff)
	}
	if diff := deep.Equal([]string{"foo,bar"}, authInfo.Config.AuditNonHMACRequestKeys); len(diff) > 0 {
	t.Errorf("Failed to find expected values in AuditNonHMACRequestKeys. Difference is: %v", diff)
	}
	if diff := deep.Equal([]string{"foo,bar"}, authInfo.Config.AuditNonHMACResponseKeys); len(diff) > 0 {
	t.Errorf("Failed to find expected values in AuditNonHMACResponseKeys. Difference is: %v", diff)
	}
	})

	t.Run("communication_failure", func(t *testing.T) {
	t.Parallel()

	client, closer := testVaultServerBad(t)
	defer closer()

	ui, cmd := testAuthEnableCommand(t)
	cmd.client = client

	code := cmd.Run([]string{
	"userpass",
	})
	if exp := 2; code != exp {
	t.Errorf("expected %d to be %d", code, exp)
	}

	expected := "Error enabling userpass auth: "
	combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
	if !strings.Contains(combined, expected) {
	t.Errorf("expected %q to contain %q", combined, expected)
	}
	})

	t.Run("no_tabs", func(t *testing.T) {
	t.Parallel()

	_, cmd := testAuthEnableCommand(t)
	assertNoTabs(t, cmd)
	})

	t.Run("mount_all", func(t *testing.T) {
	t.Parallel()

	client, closer := testVaultServerAllBackends(t)
	defer closer()

	files, err := ioutil.ReadDir("../builtin/credential")
	if err != nil {
	t.Fatal(err)
	}

	var backends []string
	for _, f := range files {
	if f.IsDir() {
	backends = append(backends, f.Name())
	}
	}

	modFile, err := ioutil.ReadFile("../go.mod")
	if err != nil {
	t.Fatal(err)
	}
	modLines := strings.Split(string(modFile), "\n")
	for _, p := range modLines {
	splitLine := strings.Split(strings.TrimSpace(p), " ")
	if len(splitLine) == 0 {
	continue
	}
	potPlug := strings.TrimPrefix(splitLine[0], "github.com/hashicorp/")
	if strings.HasPrefix(potPlug, "vault-plugin-auth-") {
	backends = append(backends, strings.TrimPrefix(potPlug, "vault-plugin-auth-"))
	}
	}
	// Since "pcf" plugin in the Vault registry is also pointed at the "vault-plugin-auth-cf"
	// repository, we need to manually append it here so it'll tie out with our expected number
	// of credential backends.
	backends = append(backends, "pcf")

	// Add 1 to account for the "token" backend, which is visible when you walk the filesystem but
	// is treated as special and excluded from the registry.
	// Subtract 1 to account for "oidc" which is an alias of "jwt" and not a separate plugin.
	expected := len(builtinplugins.Registry.Keys(consts.PluginTypeCredential))
	if len(backends) != expected {
	t.Fatalf("expected %d credential backends, got %d", expected, len(backends))
	}

	for _, b := range backends {
	var expectedResult int = 0

	// Not a builtin
	if b == "token" {
	continue
	}

	ui, cmd := testAuthEnableCommand(t)
	cmd.client = client

	actualResult := cmd.Run([]string{
	b,
	})

	// Need to handle deprecated builtins specially
	status, _ := builtinplugins.Registry.DeprecationStatus(b, consts.PluginTypeCredential)
	if status == consts.PendingRemoval \|\| status == consts.Removed {
	expectedResult = 2
	}

	if actualResult != expectedResult {
	t.Errorf("type: %s - got: %d, expected: %d - %s", b, actualResult, expectedResult, ui.OutputWriter.String()+ui.ErrorWriter.String())
	}
	}
	})
	}