mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-06 14:47:01 +02:00
208 lines
4.4 KiB
Go
208 lines
4.4 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package command
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/cli"
|
|
"github.com/hashicorp/vault/api"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func testReadCommand(tb testing.TB) (*cli.MockUi, *ReadCommand) {
|
|
tb.Helper()
|
|
|
|
ui := cli.NewMockUi()
|
|
return ui, &ReadCommand{
|
|
BaseCommand: &BaseCommand{
|
|
UI: ui,
|
|
},
|
|
}
|
|
}
|
|
|
|
func TestReadCommand_Run(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cases := []struct {
|
|
name string
|
|
args []string
|
|
out string
|
|
code int
|
|
}{
|
|
{
|
|
"not_enough_args",
|
|
[]string{},
|
|
"Not enough arguments",
|
|
1,
|
|
},
|
|
{
|
|
"proper_args",
|
|
[]string{"foo", "bar=baz"},
|
|
"No value found at foo\n",
|
|
2,
|
|
},
|
|
{
|
|
"not_found",
|
|
[]string{"nope/not/once/never"},
|
|
"",
|
|
2,
|
|
},
|
|
{
|
|
"default",
|
|
[]string{"secret/read/foo"},
|
|
"foo",
|
|
0,
|
|
},
|
|
{
|
|
"field",
|
|
[]string{
|
|
"-field", "foo",
|
|
"secret/read/foo",
|
|
},
|
|
"bar",
|
|
0,
|
|
},
|
|
{
|
|
"field_not_found",
|
|
[]string{
|
|
"-field", "not-a-real-field",
|
|
"secret/read/foo",
|
|
},
|
|
"not present in secret",
|
|
1,
|
|
},
|
|
}
|
|
|
|
t.Run("validations", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
for _, tc := range cases {
|
|
tc := tc
|
|
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
if _, err := client.Logical().Write("secret/read/foo", map[string]interface{}{
|
|
"foo": "bar",
|
|
}); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
ui, cmd := testReadCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run(tc.args)
|
|
if code != tc.code {
|
|
t.Errorf("expected %d to be %d", code, tc.code)
|
|
}
|
|
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
if !strings.Contains(combined, tc.out) {
|
|
t.Errorf("%s: expected %q to contain %q", tc.name, combined, tc.out)
|
|
}
|
|
})
|
|
}
|
|
})
|
|
|
|
t.Run("communication_failure", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServerBad(t)
|
|
defer closer()
|
|
|
|
ui, cmd := testReadCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"secret/foo",
|
|
})
|
|
if exp := 2; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
|
|
expected := "Error reading secret/foo: "
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
if !strings.Contains(combined, expected) {
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
}
|
|
})
|
|
|
|
t.Run("no_data_object_from_api_response", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, closer := testVaultServer(t)
|
|
defer closer()
|
|
|
|
ui, cmd := testReadCommand(t)
|
|
cmd.client = client
|
|
|
|
code := cmd.Run([]string{
|
|
"sys/health",
|
|
})
|
|
if exp := 0; code != exp {
|
|
t.Errorf("expected %d to be %d", code, exp)
|
|
}
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
expected := []string{
|
|
"cluster_id", "cluster_name", "initialized", "performance_standby", "replication_dr_mode", "replication_performance_mode", "sealed",
|
|
"server_time_utc", "standby", "version",
|
|
}
|
|
for _, expectedField := range expected {
|
|
if !strings.Contains(combined, expectedField) {
|
|
t.Errorf("expected %q to contain %q", combined, expected)
|
|
}
|
|
}
|
|
})
|
|
|
|
t.Run("no_tabs", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, cmd := testReadCommand(t)
|
|
assertNoTabs(t, cmd)
|
|
})
|
|
}
|
|
|
|
// TestRead_Snapshot tests that the read_snapshot_id query parameter is added
|
|
// to the request when the -snapshot-id flag is used.
|
|
func TestRead_Snapshot(t *testing.T) {
|
|
t.Parallel()
|
|
mockVaultServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
snapID := r.URL.Query().Get("read_snapshot_id")
|
|
if snapID != "abcd" {
|
|
w.WriteHeader(http.StatusBadRequest)
|
|
}
|
|
w.Write([]byte(`{"secret":{"data":{"foo":"bar"}}}`))
|
|
}))
|
|
defer mockVaultServer.Close()
|
|
|
|
cfg := api.DefaultConfig()
|
|
cfg.Address = mockVaultServer.URL
|
|
client, err := api.NewClient(cfg)
|
|
require.NoError(t, err)
|
|
|
|
ui, cmd := testReadCommand(t)
|
|
cmd.client = client
|
|
|
|
// a read command with a snapshot id shouldn't error
|
|
code := cmd.Run([]string{
|
|
"-snapshot-id", "abcd", "path/to/item",
|
|
})
|
|
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
require.Equal(t, 0, code, combined)
|
|
|
|
// check that the raw flag also works with a snapshot id
|
|
code = cmd.Run([]string{
|
|
"-format", "raw", "-snapshot-id", "abcd", "path/to/item",
|
|
})
|
|
combined = ui.OutputWriter.String() + ui.ErrorWriter.String()
|
|
require.Equal(t, 0, code, combined)
|
|
}
|