vault/command/agent/auth/token-file/token_file_test.go
Violet Hynes 17be1024e4
VAULT-12564 Add new token_file auto-auth method (#18740)
* VAULT-12564 Work so far on token file auto-auth

* VAULT-12564 remove lifetime watcher struct modifications

* VAULT-12564 add other config items, and clean up

* VAULT-12564 clean-up and more tests

* VAULT-12564 clean-up

* VAULT-12564 lookup-self and some clean-up

* VAULT-12564 safer client usage

* VAULT-12564 some clean-up

* VAULT-12564 changelog

* VAULT-12564 some clean-ups

* VAULT-12564 batch token warning

* VAULT-12564 remove follow_symlink reference

* VAULT-12564 Remove redundant stat, change temp file creation

* VAULT-12564 Remove ability to delete token after auth
2023-01-24 16:09:32 -05:00

82 lines
2.1 KiB
Go

package token_file
import (
"os"
"path/filepath"
"testing"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/agent/auth"
"github.com/hashicorp/vault/sdk/helper/logging"
)
func TestNewTokenFileAuthMethodEmptyConfig(t *testing.T) {
logger := logging.NewVaultLogger(log.Trace)
_, err := NewTokenFileAuthMethod(&auth.AuthConfig{
Logger: logger.Named("auth.method"),
Config: map[string]interface{}{},
})
if err == nil {
t.Fatal("Expected error due to empty config")
}
}
func TestNewTokenFileEmptyFilePath(t *testing.T) {
logger := logging.NewVaultLogger(log.Trace)
_, err := NewTokenFileAuthMethod(&auth.AuthConfig{
Logger: logger.Named("auth.method"),
Config: map[string]interface{}{
"token_file_path": "",
},
})
if err == nil {
t.Fatalf("Expected error when giving empty file path")
}
}
func TestNewTokenFileAuthenticate(t *testing.T) {
tokenFile, err := os.Create(filepath.Join(t.TempDir(), "token_file"))
tokenFileContents := "super-secret-token"
if err != nil {
t.Fatal(err)
}
tokenFileName := tokenFile.Name()
tokenFile.Close() // WriteFile doesn't need it open
os.WriteFile(tokenFileName, []byte(tokenFileContents), 0o666)
defer os.Remove(tokenFileName)
logger := logging.NewVaultLogger(log.Trace)
am, err := NewTokenFileAuthMethod(&auth.AuthConfig{
Logger: logger.Named("auth.method"),
Config: map[string]interface{}{
"token_file_path": tokenFileName,
},
})
if err != nil {
t.Fatal(err)
}
path, headers, data, err := am.Authenticate(nil, nil)
if err != nil {
t.Fatal(err)
}
if path != "auth/token/lookup-self" {
t.Fatalf("Incorrect path, was %s", path)
}
if headers != nil {
t.Fatalf("Expected no headers, instead got %v", headers)
}
if data == nil {
t.Fatal("Data was nil")
}
tokenDataFromAuthMethod := data["token"].(string)
if tokenDataFromAuthMethod != tokenFileContents {
t.Fatalf("Incorrect token file contents return by auth method, expected %s, got %s", tokenFileContents, tokenDataFromAuthMethod)
}
_, err = os.Stat(tokenFileName)
if err != nil {
t.Fatal("Token file removed")
}
}