75 lines
3.6 KiB
Clojure
75 lines
3.6 KiB
Clojure
|
(ns vault.client.mock-test
|
||
|
|
(:require
|
||
|
|
[clojure.string :as str]
|
||
|
|
[clojure.test :refer [deftest testing is]]
|
||
|
|
[vault.core :as vault])
|
||
|
|
(:import
|
||
|
|
(clojure.lang
|
||
|
|
ExceptionInfo)))
|
||
|
|
|
||
|
|
|
||
|
|
(defn mock-client-authenticated
|
||
|
|
"A mock vault client using the secrets found in the given path, defaults to `vault/client/secret-fixture-logical.edn`"
|
||
|
|
([path]
|
||
|
|
(let [client (vault/new-client (str "mock:" path))]
|
||
|
|
(vault/authenticate! client :token "fake-token")
|
||
|
|
client))
|
||
|
|
([]
|
||
|
|
(mock-client-authenticated "vault/client/secret-fixture-logical.edn")))
|
||
|
|
|
||
|
|
|
||
|
|
(deftest create-token!-test
|
||
|
|
(testing "The return value of create-token is correct when not wrapped"
|
||
|
|
(let [result (vault/create-token! (mock-client-authenticated) {:no-default-policy true})]
|
||
|
|
(is (= ["root"] (:policies result)))
|
||
|
|
(is (= false (:renewable result)))
|
||
|
|
(is (= "" (:entity-id result)))
|
||
|
|
(is (= ["root"] (:token-policies result)))
|
||
|
|
(is (not (str/blank? (:accessor result))))
|
||
|
|
(is (= 0 (:lease-duration result)))
|
||
|
|
(is (= "service" (:token-type result)))
|
||
|
|
(is (= false (:orphan result)))
|
||
|
|
(is (not (str/blank? (:client-token result))))
|
||
|
|
(is (contains? result :metadata))))
|
||
|
|
(testing "The return value of create-token is correct when not wrapped and some options are specified"
|
||
|
|
(let [result (vault/create-token! (mock-client-authenticated) {:policies ["hello" "goodbye"]
|
||
|
|
:ttl "7d"})]
|
||
|
|
(is (= ["default" "hello" "goodbye"] (:policies result)))
|
||
|
|
(is (= false (:renewable result)))
|
||
|
|
(is (= "" (:entity-id result)))
|
||
|
|
(is (= ["default" "hello" "goodbye"] (:token-policies result)))
|
||
|
|
(is (not (str/blank? (:accessor result))))
|
||
|
|
(is (= 604800 (:lease-duration result)))
|
||
|
|
(is (= "service" (:token-type result)))
|
||
|
|
(is (= false (:orphan result)))
|
||
|
|
(is (not (str/blank? (:client-token result))))
|
||
|
|
(is (contains? result :metadata))))
|
||
|
|
(testing "The client throws a helpful error for debugging if ttl is incorrectly formatted"
|
||
|
|
(is (thrown-with-msg? ExceptionInfo
|
||
|
|
#"Mock Client doesn't recognize format of ttl"
|
||
|
|
(vault/create-token! (mock-client-authenticated) {:ttl "BLT"}))))
|
||
|
|
(testing "The return value of create-token is correct when not wrapped and some less common options are specified"
|
||
|
|
(let [result (vault/create-token! (mock-client-authenticated) {:policies ["hello" "goodbye"]
|
||
|
|
:ttl "10s"
|
||
|
|
:no-parent true
|
||
|
|
:no-default-policy true
|
||
|
|
:renewable true})]
|
||
|
|
(is (= ["hello" "goodbye"] (:policies result)))
|
||
|
|
(is (= true (:renewable result)))
|
||
|
|
(is (= "" (:entity-id result)))
|
||
|
|
(is (= ["hello" "goodbye"] (:token-policies result)))
|
||
|
|
(is (not (str/blank? (:accessor result))))
|
||
|
|
(is (= 10 (:lease-duration result)))
|
||
|
|
(is (= "service" (:token-type result)))
|
||
|
|
(is (= true (:orphan result)))
|
||
|
|
(is (not (str/blank? (:client-token result))))
|
||
|
|
(is (contains? result :metadata))))
|
||
|
|
(testing "The return value of create-token is correct when wrapped"
|
||
|
|
(let [result (vault/create-token! (mock-client-authenticated) {:wrap-ttl "2h"})]
|
||
|
|
(is (not (str/blank? (:token result))))
|
||
|
|
(is (not (str/blank? (:accessor result))))
|
||
|
|
(is (= 7200 (:ttl result)))
|
||
|
|
(is (not (str/blank? (:creation-time result))))
|
||
|
|
(is (= "auth/token/create" (:creation-path result)))
|
||
|
|
(is (not (str/blank? (:wrapped-accessor result)))))))
|