vault-plugin-secrets-tencentcloud/acceptance_test.go at master · firingLi/vault-plugin-secrets-tencentcloud · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
package vault_plugin_secrets_tencentcloud

import (
	"context"
	"os"
	"strings"
	"testing"
	"time"

	"github.com/hashicorp/vault-plugin-secrets-tencentcloud/sdk"
	"github.com/hashicorp/vault/sdk/logical"
)

func newAcceptanceTestEnv(t *testing.T) (*testEnv, error) {
	id := os.Getenv("TENCENTCLOUD_SECRET_ID")
	if id == "" {
		t.Fatal("miss TENCENTCLOUD_SECRET_ID")
	}

	key := os.Getenv("TENCENTCLOUD_SECRET_KEY")
	if key == "" {
		t.Fatal("miss TENCENTCLOUD_SECRET_KEY")
	}

	arn := os.Getenv("TENCENTCLOUD_ARN")
	if arn == "" {
		t.Fatal("miss TENCENTCLOUD_ARN")
	}

	b := newBackend(&sdk.LogRoundTripper{Debug: true})
	conf := &logical.BackendConfig{
		System: &logical.StaticSystemView{
			DefaultLeaseTTLVal: 7200 * time.Second,
			MaxLeaseTTLVal:     7200 * time.Second,
		},
	}
	if err := b.Setup(context.Background(), conf); err != nil {
		return nil, err
	}

	return &testEnv{
		AccessKey: id,
		SecretKey: key,
		RoleARN:   arn,
		Backend:   b,
		Context:   context.Background(),
		Storage:   &logical.InmemStorage{},
	}, nil
}

func runAcceptanceTest() bool {
	env := strings.ToLower(os.Getenv("VAULT_ACC"))

	return env == "1" || env == "true"
}

func TestAcceptanceConfig(t *testing.T) {
	if !runAcceptanceTest() {
		t.SkipNow()
	}

	t.Parallel()

	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
	if err != nil {
		t.Fatal(err)
	}

	t.Run("add config", acceptanceTestEnv.AddConfig)
	t.Run("read config", acceptanceTestEnv.ReadConfig)
	t.Run("update config", acceptanceTestEnv.UpdateConfig)
	t.Run("read updated config", acceptanceTestEnv.ReadUpdatedConfig)
	t.Run("delete config", acceptanceTestEnv.DeleteConfig)
	t.Run("read empty config", acceptanceTestEnv.ReadEmptyConfig)
}

func TestAcceptanceCamUserCreds(t *testing.T) {
	if !runAcceptanceTest() {
		t.SkipNow()
	}

	t.Parallel()

	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
	if err != nil {
		t.Fatal(err)
	}

	t.Run("add config", acceptanceTestEnv.AddConfig)

	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
	t.Run("read policy-based role", acceptanceTestEnv.ReadPolicyBasedRole)
	t.Run("update policy-based role", acceptanceTestEnv.UpdatePolicyBasedRole)
	t.Run("read updated policy-based role", acceptanceTestEnv.ReadUpdatedPolicyBasedRole)
	t.Run("delete policy-based role", acceptanceTestEnv.DeletePolicyBasedRole)

	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
	t.Run("read policy-based creds", acceptanceTestEnv.ReadPolicyBasedCreds)
	t.Run("renew policy-based creds", acceptanceTestEnv.RenewPolicyBasedCreds)
	t.Run("revoke policy-based creds", acceptanceTestEnv.RevokePolicyBasedCreds)
}

func TestAcceptanceAssumedRoleBasedCreds(t *testing.T) {
	if !runAcceptanceTest() {
		t.SkipNow()
	}

	t.Parallel()

	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
	if err != nil {
		t.Fatal(err)
	}

	t.Run("add config", acceptanceTestEnv.AddConfig)

	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
	t.Run("read arn-based role", acceptanceTestEnv.ReadARNBasedRole)
	t.Run("update arn-based role", acceptanceTestEnv.UpdateARNBasedRole)
	t.Run("read updated arn-based role", acceptanceTestEnv.ReadUpdatedARNBasedRole)
	t.Run("delete arn-based role", acceptanceTestEnv.DeleteARNBasedRole)

	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
	t.Run("read arn-based creds", acceptanceTestEnv.ReadARNBasedCreds)
	t.Run("renew arn-based creds", acceptanceTestEnv.RenewARNBasedCreds)
	t.Run("revoke arn-based creds", acceptanceTestEnv.RevokeARNBasedCreds)
}

func TestAcceptanceMultiRoles(t *testing.T) {
	if !runAcceptanceTest() {
		t.SkipNow()
	}

	t.Parallel()

	acceptanceTestEnv, err := newAcceptanceTestEnv(t)
	if err != nil {
		t.Fatal(err)
	}

	t.Run("add config", acceptanceTestEnv.AddConfig)

	t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
	t.Run("read policy-based role", acceptanceTestEnv.ReadPolicyBasedRole)

	t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
	t.Run("read arn-based creds", acceptanceTestEnv.ReadARNBasedCreds)

	t.Run("list two roles", acceptanceTestEnv.ListTwoRoles)
	t.Run("delete arn-based role", acceptanceTestEnv.DeleteARNBasedRole)
	t.Run("list one role", acceptanceTestEnv.ListOneRole)
}