From f91bebcb18ae686c900c8b335a361cc5a21bb033 Mon Sep 17 00:00:00 2001
From: Michael Anthony <5498095+manthonygfp@users.noreply.github.com>
Date: Thu, 17 Nov 2022 11:55:17 -0700
Subject: [PATCH] [QT-309] Ensure environment variables are populated before
 proceeding (#17915)

* Ensure environment variables are populated before proceeding

* DRY up credNames var
---
 builtin/credential/okta/backend_test.go    | 10 +++++++
 command/agent/alicloud_end_to_end_test.go  |  9 +++++++
 command/agent/aws_end_to_end_test.go       |  9 +++++++
 helper/testhelpers/testhelpers.go          | 12 +++++++++
 plugins/database/redshift/redshift_test.go | 31 ++++++++++++++++++++++
 5 files changed, 71 insertions(+)

diff --git a/builtin/credential/okta/backend_test.go b/builtin/credential/okta/backend_test.go
index ee1588ee25..749b511eb0 100644
--- a/builtin/credential/okta/backend_test.go
+++ b/builtin/credential/okta/backend_test.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	log "github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/policyutil"
@@ -35,6 +36,15 @@ func TestBackend_Config(t *testing.T) {
 	if os.Getenv("VAULT_ACC") == "" {
 		t.SkipNow()
 	}
+
+	// Ensure each cred is populated.
+	credNames := []string{
+		"OKTA_USERNAME",
+		"OKTA_PASSWORD",
+		"OKTA_API_TOKEN",
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	defaultLeaseTTLVal := time.Hour * 12
 	maxLeaseTTLVal := time.Hour * 24
 	b, err := Factory(context.Background(), &logical.BackendConfig{
diff --git a/command/agent/alicloud_end_to_end_test.go b/command/agent/alicloud_end_to_end_test.go
index 948f9fa5ac..6461081129 100644
--- a/command/agent/alicloud_end_to_end_test.go
+++ b/command/agent/alicloud_end_to_end_test.go
@@ -20,6 +20,7 @@ import (
 	agentalicloud "github.com/hashicorp/vault/command/agent/auth/alicloud"
 	"github.com/hashicorp/vault/command/agent/sink"
 	"github.com/hashicorp/vault/command/agent/sink/file"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -37,6 +38,14 @@ func TestAliCloudEndToEnd(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	credNames := []string{
+		envVarAlicloudAccessKey,
+		envVarAlicloudSecretKey,
+		envVarAlicloudRoleArn,
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{
 		Logger: logger,
diff --git a/command/agent/aws_end_to_end_test.go b/command/agent/aws_end_to_end_test.go
index ca7b419648..e8ed3a508b 100644
--- a/command/agent/aws_end_to_end_test.go
+++ b/command/agent/aws_end_to_end_test.go
@@ -19,6 +19,7 @@ import (
 	agentaws "github.com/hashicorp/vault/command/agent/auth/aws"
 	"github.com/hashicorp/vault/command/agent/sink"
 	"github.com/hashicorp/vault/command/agent/sink/file"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -47,6 +48,14 @@ func TestAWSEndToEnd(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	credNames := []string{
+		envVarAwsTestAccessKey,
+		envVarAwsTestSecretKey,
+		envVarAwsTestRoleArn,
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{
 		Logger: logger,
diff --git a/helper/testhelpers/testhelpers.go b/helper/testhelpers/testhelpers.go
index f47ba435ca..6899dd4cbe 100644
--- a/helper/testhelpers/testhelpers.go
+++ b/helper/testhelpers/testhelpers.go
@@ -9,6 +9,8 @@ import (
 	"io/ioutil"
 	"math/rand"
 	"net/url"
+	"os"
+	"strings"
 	"sync/atomic"
 	"time"
 
@@ -974,3 +976,13 @@ func SetupLoginMFATOTP(t testing.T, client *api.Client) (*api.Client, string, st
 	SetupMFALoginEnforcement(t, client, enforcementConfig)
 	return entityClient, entityID, methodID
 }
+
+func SkipUnlessEnvVarsSet(t testing.T, envVars []string) {
+	t.Helper()
+
+	for _, i := range envVars {
+		if os.Getenv(i) == "" {
+			t.Skipf("%s must be set for this test to run", strings.Join(envVars, " "))
+		}
+	}
+}
diff --git a/plugins/database/redshift/redshift_test.go b/plugins/database/redshift/redshift_test.go
index 0fb70dec18..24992183e4 100644
--- a/plugins/database/redshift/redshift_test.go
+++ b/plugins/database/redshift/redshift_test.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing"
 	"github.com/hashicorp/vault/sdk/helper/dbtxn"
@@ -41,6 +42,12 @@ var (
 	keyRedshiftUser     = "REDSHIFT_USER"
 	keyRedshiftPassword = "REDSHIFT_PASSWORD"
 
+	credNames = []string{
+		keyRedshiftURL,
+		keyRedshiftUser,
+		keyRedshiftPassword,
+	}
+
 	vaultACC = "VAULT_ACC"
 )
 
@@ -70,6 +77,9 @@ func TestRedshift_Initialize(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, _, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -108,6 +118,9 @@ func TestRedshift_NewUser(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -158,6 +171,9 @@ func TestRedshift_NewUser_NoCreationStatement_ShouldError(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, _, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -201,6 +217,9 @@ func TestRedshift_UpdateUser_Expiration(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -261,6 +280,9 @@ func TestRedshift_UpdateUser_Password(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -315,6 +337,9 @@ func TestRedshift_DeleteUser(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -380,6 +405,9 @@ func TestRedshift_DefaultUsernameTemplate(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -428,6 +456,9 @@ func TestRedshift_CustomUsernameTemplate(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)