clean up assertions and messages in unit tests
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
f6037e31bb
commit
e81dd87fe1
@ -132,7 +132,7 @@ class HTTPVaultConnectorBuilderTest {
|
|||||||
TlsException e = assertThrows(
|
TlsException e = assertThrows(
|
||||||
TlsException.class,
|
TlsException.class,
|
||||||
() -> HTTPVaultConnector.builder().fromEnv(),
|
() -> HTTPVaultConnector.builder().fromEnv(),
|
||||||
"Creation with unknown cert path failed."
|
"Creation with unknown cert path failed"
|
||||||
);
|
);
|
||||||
assertTrue(e.getCause() instanceof NoSuchFileException);
|
assertTrue(e.getCause() instanceof NoSuchFileException);
|
||||||
assertEquals(VAULT_CACERT, ((NoSuchFileException) e.getCause()).getFile());
|
assertEquals(VAULT_CACERT, ((NoSuchFileException) e.getCause()).getFile());
|
||||||
|
|||||||
@ -189,9 +189,7 @@ class HTTPVaultConnectorTest {
|
|||||||
"Valid secret path could not be read"
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getData(), "Known secret returned null value");
|
assertNotNull(res.getData(), "Known secret returned null value");
|
||||||
assertEquals(2, res.getData().keySet().size(), "Unexpected value size");
|
assertEquals(Map.of("key1", "value1", "key2", "value2"), res.getData(), "Unexpected data");
|
||||||
assertEquals("value1", res.get("key1"), "Unexpected value");
|
|
||||||
assertEquals("value2", res.get("key2"), "Unexpected value");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -227,31 +225,31 @@ class HTTPVaultConnectorTest {
|
|||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidRequestException.class,
|
InvalidRequestException.class,
|
||||||
() -> connector.write(null, "someValue"),
|
() -> connector.write(null, "someValue"),
|
||||||
"Secret written to null path."
|
"Secret written to null path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to write to invalid path.
|
// Try to write to invalid path.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidRequestException.class,
|
InvalidRequestException.class,
|
||||||
() -> connector.write("", "someValue"),
|
() -> connector.write("", "someValue"),
|
||||||
"Secret written to invalid path."
|
"Secret written to invalid path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to write to a path the user has no access for.
|
// Try to write to a path the user has no access for.
|
||||||
assertThrows(
|
assertThrows(
|
||||||
PermissionDeniedException.class,
|
PermissionDeniedException.class,
|
||||||
() -> connector.write("invalid/path", "someValue"),
|
() -> connector.write("invalid/path", "someValue"),
|
||||||
"Secret written to inaccessible path."
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding.
|
// Perform a valid write/read roundtrip to valid path. Also check UTF8-encoding.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"),
|
() -> connector.write(SECRET_PATH + "/temp", "Abc123äöü,!"),
|
||||||
"Failed to write secret to accessible path."
|
"Failed to write secret to accessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/temp"),
|
() -> connector.read(SECRET_PATH + "/temp"),
|
||||||
"Written secret could not be read."
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assertEquals("Abc123äöü,!", res.get("value"));
|
assertEquals("Abc123äöü,!", res.get("value"));
|
||||||
}
|
}
|
||||||
@ -269,25 +267,25 @@ class HTTPVaultConnectorTest {
|
|||||||
// Write a test secret to vault.
|
// Write a test secret to vault.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/toDelete", "secret content"),
|
() -> connector.write(SECRET_PATH + "/toDelete", "secret content"),
|
||||||
"Secret written to inaccessible path."
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/toDelete"),
|
() -> connector.read(SECRET_PATH + "/toDelete"),
|
||||||
"Written secret could not be read."
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assumeTrue(res != null);
|
assumeTrue(res != null);
|
||||||
|
|
||||||
// Delete secret.
|
// Delete secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.delete(SECRET_PATH + "/toDelete"),
|
() -> connector.delete(SECRET_PATH + "/toDelete"),
|
||||||
"Revocation threw unexpected exception."
|
"Revocation threw unexpected exception"
|
||||||
);
|
);
|
||||||
|
|
||||||
// Try to read again.
|
// Try to read again.
|
||||||
InvalidResponseException e = assertThrows(
|
InvalidResponseException e = assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.read(SECRET_PATH + "/toDelete"),
|
() -> connector.read(SECRET_PATH + "/toDelete"),
|
||||||
"Successfully read deleted secret."
|
"Successfully read deleted secret"
|
||||||
);
|
);
|
||||||
assertEquals(404, e.getStatusCode());
|
assertEquals(404, e.getStatusCode());
|
||||||
}
|
}
|
||||||
@ -305,18 +303,18 @@ class HTTPVaultConnectorTest {
|
|||||||
// Write a test secret to vault.
|
// Write a test secret to vault.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.write(SECRET_PATH + "/toRevoke", "secret content"),
|
() -> connector.write(SECRET_PATH + "/toRevoke", "secret content"),
|
||||||
"Secret written to inaccessible path."
|
"Secret written to inaccessible path"
|
||||||
);
|
);
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.read(SECRET_PATH + "/toRevoke"),
|
() -> connector.read(SECRET_PATH + "/toRevoke"),
|
||||||
"Written secret could not be read."
|
"Written secret could not be read"
|
||||||
);
|
);
|
||||||
assumeTrue(res != null);
|
assumeTrue(res != null);
|
||||||
|
|
||||||
// Revoke secret.
|
// Revoke secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.revoke(SECRET_PATH + "/toRevoke"),
|
() -> connector.revoke(SECRET_PATH + "/toRevoke"),
|
||||||
"Revocation threw unexpected exception."
|
"Revocation threw unexpected exception"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -346,7 +344,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Try to read accessible path with known value.
|
// Try to read accessible path with known value.
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Valid secret path could not be read."
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
||||||
assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version");
|
assertEquals(2, res.getMetadata().getVersion(), "Unexpected secret version");
|
||||||
@ -355,7 +353,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Try to read different version of same secret.
|
// Try to read different version of same secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
|
() -> connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1),
|
||||||
"Valid secret version could not be read."
|
"Valid secret version could not be read"
|
||||||
);
|
);
|
||||||
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
|
assertEquals(1, res.getMetadata().getVersion(), "Unexpected secret version");
|
||||||
assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value");
|
assertEquals(SECRET2_VALUE1, res.get("value"), "Known secret returned invalid value");
|
||||||
@ -374,7 +372,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// First get the current version of the secret.
|
// First get the current version of the secret.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed."
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
int currentVersion = res.getMetadata().getCurrentVersion();
|
int currentVersion = res.getMetadata().getCurrentVersion();
|
||||||
|
|
||||||
@ -383,7 +381,7 @@ class HTTPVaultConnectorTest {
|
|||||||
data.put("value", SECRET2_VALUE3);
|
data.put("value", SECRET2_VALUE3);
|
||||||
SecretVersionResponse res2 = assertDoesNotThrow(
|
SecretVersionResponse res2 = assertDoesNotThrow(
|
||||||
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
|
() -> connector.writeSecretData(MOUNT_KV2, SECRET2_KEY, data),
|
||||||
"Writing secret to KV v2 store failed."
|
"Writing secret to KV v2 store failed"
|
||||||
);
|
);
|
||||||
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
|
assertEquals(currentVersion + 1, res2.getMetadata().getVersion(), "Version not updated after writing secret");
|
||||||
int currentVersion2 = res2.getMetadata().getVersion();
|
int currentVersion2 = res2.getMetadata().getVersion();
|
||||||
@ -391,7 +389,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Verify the content.
|
// Verify the content.
|
||||||
SecretResponse res3 = assertDoesNotThrow(
|
SecretResponse res3 = assertDoesNotThrow(
|
||||||
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretData(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret from KV v2 store failed."
|
"Reading secret from KV v2 store failed"
|
||||||
);
|
);
|
||||||
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
|
assertEquals(SECRET2_VALUE3, res3.get("value"), "Data not updated correctly");
|
||||||
|
|
||||||
@ -421,7 +419,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Read current metadata first.
|
// Read current metadata first.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed."
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
Integer maxVersions = res.getMetadata().getMaxVersions();
|
Integer maxVersions = res.getMetadata().getMaxVersions();
|
||||||
assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
assumeTrue(10 == res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
||||||
@ -429,13 +427,13 @@ class HTTPVaultConnectorTest {
|
|||||||
// Now update the metadata.
|
// Now update the metadata.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
|
() -> connector.updateSecretMetadata(MOUNT_KV2, SECRET2_KEY, maxVersions + 1, true),
|
||||||
"Updating secret metadata failed."
|
"Updating secret metadata failed"
|
||||||
);
|
);
|
||||||
|
|
||||||
// And verify the result.
|
// And verify the result.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Reading secret metadata failed."
|
"Reading secret metadata failed"
|
||||||
);
|
);
|
||||||
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
assertEquals(maxVersions + 1, res.getMetadata().getMaxVersions(), "Unexpected maximum number of versions");
|
||||||
}
|
}
|
||||||
@ -453,7 +451,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Try to read accessible path with known value.
|
// Try to read accessible path with known value.
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
() -> connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY),
|
||||||
"Valid secret path could not be read."
|
"Valid secret path could not be read"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
assertNotNull(res.getMetadata(), "Metadata not populated for KV v2 secret");
|
||||||
assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version");
|
assertEquals(2, res.getMetadata().getCurrentVersion(), "Unexpected secret version");
|
||||||
@ -642,7 +640,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Authenticate with correct credentials.
|
// Authenticate with correct credentials.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET),
|
() -> connector.authAppRole(APPROLE_ROLE, APPROLE_SECRET),
|
||||||
"Failed to authenticate using AppRole."
|
"Failed to authenticate using AppRole"
|
||||||
);
|
);
|
||||||
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
assertTrue(connector.isAuthorized(), "Authorization flag not set after AppRole login");
|
||||||
|
|
||||||
@ -710,7 +708,6 @@ class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
// Check secret IDs.
|
// Check secret IDs.
|
||||||
res = assertDoesNotThrow(() -> connector.listAppRoleSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed");
|
res = assertDoesNotThrow(() -> connector.listAppRoleSecrets(APPROLE_ROLE_NAME), "AppRole secret listing failed");
|
||||||
assertEquals(1, res.size(), "Unexpected number of AppRole secrets");
|
|
||||||
assertEquals(List.of(APPROLE_SECRET_ACCESSOR), res, "Pre-configured AppRole secret not listed");
|
assertEquals(List.of(APPROLE_SECRET_ACCESSOR), res, "Pre-configured AppRole secret not listed");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -794,19 +791,18 @@ class HTTPVaultConnectorTest {
|
|||||||
// Create role by name with policies.
|
// Create role by name with policies.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
|
() -> connector.createAppRole(roleName3, Collections.singletonList("testpolicy")),
|
||||||
"Creation of role by name failed."
|
"Creation of role by name failed"
|
||||||
);
|
);
|
||||||
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
|
res = assertDoesNotThrow(() -> connector.lookupAppRole(roleName3), "Creation of role by name failed");
|
||||||
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
|
// Note: As of Vault 0.8.3 default policy is not added automatically, so this test should return 1, not 2.
|
||||||
assertEquals(1, res.getRole().getTokenPolicies().size(), "Role lookup returned wrong policy count (before Vault 0.8.3 is should be 2)");
|
assertEquals(List.of("testpolicy"), res.getRole().getTokenPolicies(), "Role lookup returned unexpected policies");
|
||||||
assertTrue(res.getRole().getTokenPolicies().contains("testpolicy"), "Role lookup returned wrong policies");
|
|
||||||
|
|
||||||
// Delete role.
|
// Delete role.
|
||||||
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
|
assertDoesNotThrow(() -> connector.deleteAppRole(roleName3), "Deletion of role failed");
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.lookupAppRole(roleName3),
|
() -> connector.lookupAppRole(roleName3),
|
||||||
"Deleted role could be looked up."
|
"Deleted role could be looked up"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -823,7 +819,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// Create default (random) secret for existing role.
|
// Create default (random) secret for existing role.
|
||||||
AppRoleSecretResponse res = assertDoesNotThrow(
|
AppRoleSecretResponse res = assertDoesNotThrow(
|
||||||
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
|
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME),
|
||||||
"AppRole secret creation failed."
|
"AppRole secret creation failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getSecret(), "No secret returned");
|
assertNotNull(res.getSecret(), "No secret returned");
|
||||||
|
|
||||||
@ -831,26 +827,26 @@ class HTTPVaultConnectorTest {
|
|||||||
String secretID = "customSecretId";
|
String secretID = "customSecretId";
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.createAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret creation failed."
|
"AppRole secret creation failed"
|
||||||
);
|
);
|
||||||
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
|
assertEquals(secretID, res.getSecret().getId(), "Unexpected secret ID returned");
|
||||||
|
|
||||||
// Lookup secret.
|
// Lookup secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret lookup failed."
|
"AppRole secret lookup failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res.getSecret(), "No secret information returned");
|
assertNotNull(res.getSecret(), "No secret information returned");
|
||||||
|
|
||||||
// Destroy secret.
|
// Destroy secret.
|
||||||
assertDoesNotThrow(
|
assertDoesNotThrow(
|
||||||
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.destroyAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"AppRole secret destruction failed."
|
"AppRole secret destruction failed"
|
||||||
);
|
);
|
||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
() -> connector.lookupAppRoleSecret(APPROLE_ROLE_NAME, secretID),
|
||||||
"Destroyed AppRole secret successfully read."
|
"Destroyed AppRole secret successfully read"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -905,21 +901,15 @@ class HTTPVaultConnectorTest {
|
|||||||
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
AuthResponse res = assertDoesNotThrow(() -> connector.createToken(token), "Token creation failed");
|
||||||
assertNotNull(res, "No result given");
|
assertNotNull(res, "No result given");
|
||||||
assertEquals("test-id", res.getAuth().getClientToken(), "Invalid token ID returned");
|
assertEquals("test-id", res.getAuth().getClientToken(), "Invalid token ID returned");
|
||||||
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
assertEquals(List.of("root"), res.getAuth().getPolicies(), "Expected inherited root policy");
|
||||||
assertTrue(res.getAuth().getPolicies().contains("root"), "Root policy not inherited");
|
assertEquals(List.of("root"), res.getAuth().getTokenPolicies(), "Expected inherited root policy for token");
|
||||||
assertEquals(1, res.getAuth().getTokenPolicies().size(), "Invalid number of token policies returned");
|
|
||||||
assertTrue(res.getAuth().getTokenPolicies().contains("root"), "Root policy not inherited for token");
|
|
||||||
assertEquals(Token.Type.SERVICE.value(), res.getAuth().getTokenType(), "Unexpected token type");
|
assertEquals(Token.Type.SERVICE.value(), res.getAuth().getTokenType(), "Unexpected token type");
|
||||||
assertNull(res.getAuth().getMetadata(), "Metadata unexpected");
|
assertNull(res.getAuth().getMetadata(), "Metadata unexpected");
|
||||||
assertFalse(res.getAuth().isRenewable(), "Root token should not be renewable");
|
assertFalse(res.getAuth().isRenewable(), "Root token should not be renewable");
|
||||||
assertFalse(res.getAuth().isOrphan(), "Root token should not be orphan");
|
assertFalse(res.getAuth().isOrphan(), "Root token should not be orphan");
|
||||||
|
|
||||||
// Starting with Vault 1.0 a warning "custom ID uses weaker SHA1..." is given.
|
// Starting with Vault 1.0 a warning "custom ID uses weaker SHA1.." is given.
|
||||||
if (VAULT_VERSION.startsWith("1.")) {
|
assertEquals(1, res.getWarnings().size(), "Token creation did not return expected warning");
|
||||||
assertEquals(1, res.getWarnings().size(), "Token creation did not return expected warning");
|
|
||||||
} else {
|
|
||||||
assertNull(res.getWarnings(), "Token creation returned warnings");
|
|
||||||
}
|
|
||||||
|
|
||||||
// Create token with attributes.
|
// Create token with attributes.
|
||||||
Token token2 = Token.builder()
|
Token token2 = Token.builder()
|
||||||
@ -931,8 +921,7 @@ class HTTPVaultConnectorTest {
|
|||||||
.build();
|
.build();
|
||||||
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
|
res = assertDoesNotThrow(() -> connector.createToken(token2), "Token creation failed");
|
||||||
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
|
assertEquals("test-id2", res.getAuth().getClientToken(), "Invalid token ID returned");
|
||||||
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
assertEquals(List.of("testpolicy"), res.getAuth().getPolicies(), "Invalid policies returned");
|
||||||
assertTrue(res.getAuth().getPolicies().contains("testpolicy"), "Custom policy not set");
|
|
||||||
assertNotNull(res.getAuth().getMetadata(), "Metadata not given");
|
assertNotNull(res.getAuth().getMetadata(), "Metadata not given");
|
||||||
assertEquals("bar", res.getAuth().getMetadata().get("foo"), "Metadata not correct");
|
assertEquals("bar", res.getAuth().getMetadata().get("foo"), "Metadata not correct");
|
||||||
assertTrue(res.getAuth().isRenewable(), "Token should be renewable");
|
assertTrue(res.getAuth().isRenewable(), "Token should be renewable");
|
||||||
@ -964,7 +953,7 @@ class HTTPVaultConnectorTest {
|
|||||||
.withType(Token.Type.BATCH)
|
.withType(Token.Type.BATCH)
|
||||||
.build();
|
.build();
|
||||||
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
|
res = assertDoesNotThrow(() -> connector.createToken(token4), "Token creation failed");
|
||||||
assertTrue(res.getAuth().getClientToken().startsWith("b."), "Unexpected token prefix");
|
assertTrue(res.getAuth().getClientToken().startsWith("b"), "Unexpected token prefix");
|
||||||
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
assertEquals(1, res.getAuth().getPolicies().size(), "Invalid number of policies returned");
|
||||||
assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set");
|
assertTrue(res.getAuth().getPolicies().contains("batchpolicy"), "Custom policy policy not set");
|
||||||
assertFalse(res.getAuth().isRenewable(), "Token should not be renewable");
|
assertFalse(res.getAuth().isRenewable(), "Token should not be renewable");
|
||||||
@ -1016,14 +1005,14 @@ class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
boolean creationRes = assertDoesNotThrow(
|
boolean creationRes = assertDoesNotThrow(
|
||||||
() -> connector.createOrUpdateTokenRole(roleName, role),
|
() -> connector.createOrUpdateTokenRole(roleName, role),
|
||||||
"Token role creation failed."
|
"Token role creation failed"
|
||||||
);
|
);
|
||||||
assertTrue(creationRes, "Token role creation failed");
|
assertTrue(creationRes, "Token role creation failed");
|
||||||
|
|
||||||
// Read the role.
|
// Read the role.
|
||||||
TokenRoleResponse res = assertDoesNotThrow(
|
TokenRoleResponse res = assertDoesNotThrow(
|
||||||
() -> connector.readTokenRole(roleName),
|
() -> connector.readTokenRole(roleName),
|
||||||
"Reading token role failed."
|
"Reading token role failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Token role response must not be null");
|
assertNotNull(res, "Token role response must not be null");
|
||||||
assertNotNull(res.getData(), "Token role must not be null");
|
assertNotNull(res.getData(), "Token role must not be null");
|
||||||
@ -1043,7 +1032,7 @@ class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
creationRes = assertDoesNotThrow(
|
creationRes = assertDoesNotThrow(
|
||||||
() -> connector.createOrUpdateTokenRole(role2),
|
() -> connector.createOrUpdateTokenRole(role2),
|
||||||
"Token role update failed."
|
"Token role update failed"
|
||||||
);
|
);
|
||||||
assertTrue(creationRes, "Token role update failed");
|
assertTrue(creationRes, "Token role update failed");
|
||||||
|
|
||||||
@ -1058,8 +1047,7 @@ class HTTPVaultConnectorTest {
|
|||||||
// List roles.
|
// List roles.
|
||||||
List<String> listRes = assertDoesNotThrow(() -> connector.listTokenRoles(), "Listing token roles failed");
|
List<String> listRes = assertDoesNotThrow(() -> connector.listTokenRoles(), "Listing token roles failed");
|
||||||
assertNotNull(listRes, "Token role list must not be null");
|
assertNotNull(listRes, "Token role list must not be null");
|
||||||
assertEquals(1, listRes.size(), "Unexpected number of token roles");
|
assertEquals(List.of(roleName), listRes, "Unexpected token role list");
|
||||||
assertTrue(listRes.contains(roleName), "Unexpected token role in list");
|
|
||||||
|
|
||||||
// Delete the role.
|
// Delete the role.
|
||||||
creationRes = assertDoesNotThrow(() -> connector.deleteTokenRole(roleName), "Token role deletion failed");
|
creationRes = assertDoesNotThrow(() -> connector.deleteTokenRole(roleName), "Token role deletion failed");
|
||||||
@ -1084,7 +1072,7 @@ class HTTPVaultConnectorTest {
|
|||||||
|
|
||||||
List<AuthBackend> supportedBackends = assertDoesNotThrow(
|
List<AuthBackend> supportedBackends = assertDoesNotThrow(
|
||||||
() -> connector.getAuthBackends(),
|
() -> connector.getAuthBackends(),
|
||||||
"Could not list supported auth backends."
|
"Could not list supported auth backends"
|
||||||
);
|
);
|
||||||
assertEquals(4, supportedBackends.size());
|
assertEquals(4, supportedBackends.size());
|
||||||
assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
|
assertTrue(supportedBackends.containsAll(List.of(AuthBackend.TOKEN, AuthBackend.USERPASS, AuthBackend.APPID, AuthBackend.APPROLE)));
|
||||||
@ -1237,7 +1225,7 @@ class HTTPVaultConnectorTest {
|
|||||||
bw = new BufferedWriter(new FileWriter(configFile));
|
bw = new BufferedWriter(new FileWriter(configFile));
|
||||||
bw.write(config.toString());
|
bw.write(config.toString());
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new IllegalStateException("Unable to generate config file.", e);
|
throw new IllegalStateException("Unable to generate config file", e);
|
||||||
} finally {
|
} finally {
|
||||||
try {
|
try {
|
||||||
if (bw != null)
|
if (bw != null)
|
||||||
@ -1251,7 +1239,7 @@ class HTTPVaultConnectorTest {
|
|||||||
try {
|
try {
|
||||||
vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile.toString());
|
vaultProcess = Runtime.getRuntime().exec("vault server -config " + configFile.toString());
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path.", e);
|
throw new IllegalStateException("Unable to start vault. Make sure vault binary is in your executable path", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
return config;
|
return config;
|
||||||
@ -1300,7 +1288,7 @@ class HTTPVaultConnectorTest {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
throw new IllegalStateException("Unable to find a free TCP port.");
|
throw new IllegalStateException("Unable to find a free TCP port");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -22,6 +22,7 @@ import de.stklcode.jvault.connector.model.AppRole;
|
|||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.*;
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
@ -92,7 +93,7 @@ class AppRoleResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
AppRoleResponse res = assertDoesNotThrow(
|
AppRoleResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class),
|
() -> new ObjectMapper().readValue(RES_JSON, AppRoleResponse.class),
|
||||||
"AuthResponse deserialization failed."
|
"AuthResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
// Extract role data.
|
// Extract role data.
|
||||||
@ -102,8 +103,7 @@ class AppRoleResponseTest {
|
|||||||
assertEquals(ROLE_TOKEN_MAX_TTL, role.getTokenMaxTtl(), "Incorrect token max TTL");
|
assertEquals(ROLE_TOKEN_MAX_TTL, role.getTokenMaxTtl(), "Incorrect token max TTL");
|
||||||
assertEquals(ROLE_SECRET_TTL, role.getSecretIdTtl(), "Incorrect secret ID TTL");
|
assertEquals(ROLE_SECRET_TTL, role.getSecretIdTtl(), "Incorrect secret ID TTL");
|
||||||
assertEquals(ROLE_SECRET_NUM_USES, role.getSecretIdNumUses(), "Incorrect secret ID umber of uses");
|
assertEquals(ROLE_SECRET_NUM_USES, role.getSecretIdNumUses(), "Incorrect secret ID umber of uses");
|
||||||
assertEquals(1, role.getTokenPolicies().size(), "Incorrect number of policies");
|
assertEquals(List.of(ROLE_POLICY), role.getTokenPolicies(), "Incorrect policies");
|
||||||
assertEquals(ROLE_POLICY, role.getTokenPolicies().get(0), "Incorrect role policies");
|
|
||||||
assertEquals(ROLE_PERIOD, role.getTokenPeriod(), "Incorrect role period");
|
assertEquals(ROLE_PERIOD, role.getTokenPeriod(), "Incorrect role period");
|
||||||
assertEquals(ROLE_BIND_SECRET, role.getBindSecretId(), "Incorrect role bind secret ID flag");
|
assertEquals(ROLE_BIND_SECRET, role.getBindSecretId(), "Incorrect role bind secret ID flag");
|
||||||
assertNull(role.getTokenBoundCidrs(), "Incorrect bound CIDR list");
|
assertNull(role.getTokenBoundCidrs(), "Incorrect bound CIDR list");
|
||||||
|
|||||||
@ -103,7 +103,7 @@ class AuthResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
AuthResponse res = assertDoesNotThrow(
|
AuthResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_JSON, AuthResponse.class),
|
() -> new ObjectMapper().readValue(RES_JSON, AuthResponse.class),
|
||||||
"AuthResponse deserialization failed."
|
"AuthResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
// Extract auth data.
|
// Extract auth data.
|
||||||
@ -120,7 +120,6 @@ class AuthResponseTest {
|
|||||||
assertTrue(data.getPolicies().containsAll(Set.of(AUTH_POLICY_1, AUTH_POLICY_2)));
|
assertTrue(data.getPolicies().containsAll(Set.of(AUTH_POLICY_1, AUTH_POLICY_2)));
|
||||||
assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
|
assertEquals(2, data.getTokenPolicies().size(), "Incorrect number of token policies");
|
||||||
assertTrue(data.getTokenPolicies().containsAll(Set.of(AUTH_POLICY_2, AUTH_POLICY_1)), "Incorrect token policies");
|
assertTrue(data.getTokenPolicies().containsAll(Set.of(AUTH_POLICY_2, AUTH_POLICY_1)), "Incorrect token policies");
|
||||||
assertEquals(1, data.getMetadata().size(), "Incorrect auth metadata size");
|
assertEquals(Map.of(AUTH_META_KEY, AUTH_META_VALUE), data.getMetadata(), "Incorrect auth metadata");
|
||||||
assertEquals(AUTH_META_VALUE, data.getMetadata().get(AUTH_META_KEY), "Incorrect auth metadata");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -59,7 +59,7 @@ class HealthResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
HealthResponse res = assertDoesNotThrow(
|
HealthResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_JSON, HealthResponse.class),
|
() -> new ObjectMapper().readValue(RES_JSON, HealthResponse.class),
|
||||||
"Health deserialization failed."
|
"Health deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");
|
assertEquals(CLUSTER_ID, res.getClusterID(), "Incorrect cluster ID");
|
||||||
|
|||||||
@ -69,7 +69,7 @@ class MetadataResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
MetadataResponse res = assertDoesNotThrow(
|
MetadataResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(META_JSON, MetadataResponse.class),
|
() -> new ObjectMapper().readValue(META_JSON, MetadataResponse.class),
|
||||||
"MetadataResponse deserialization failed."
|
"MetadataResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
assertNotNull(res.getMetadata(), "Parsed metadata is NULL");
|
||||||
|
|||||||
@ -70,7 +70,7 @@ class SealResponseTest {
|
|||||||
// First test sealed Vault's response.
|
// First test sealed Vault's response.
|
||||||
SealResponse res = assertDoesNotThrow(
|
SealResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_SEALED, SealResponse.class),
|
() -> new ObjectMapper().readValue(RES_SEALED, SealResponse.class),
|
||||||
"TokenResponse deserialization failed."
|
"TokenResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
||||||
@ -89,7 +89,7 @@ class SealResponseTest {
|
|||||||
// Not test unsealed Vault's response.
|
// Not test unsealed Vault's response.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class),
|
() -> new ObjectMapper().readValue(RES_UNSEALED, SealResponse.class),
|
||||||
"TokenResponse deserialization failed."
|
"TokenResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
assertEquals(TYPE, res.getType(), "Incorrect seal type");
|
||||||
|
|||||||
@ -145,7 +145,7 @@ class SecretResponseTest {
|
|||||||
assertThrows(
|
assertThrows(
|
||||||
InvalidResponseException.class,
|
InvalidResponseException.class,
|
||||||
() -> res.get(KEY_LIST, Double.class),
|
() -> res.get(KEY_LIST, Double.class),
|
||||||
"JSON parsing to incorrect type succeeded."
|
"JSON parsing to incorrect type succeeded"
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,14 +156,14 @@ class SecretResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
SecretResponse res = assertDoesNotThrow(
|
SecretResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(SECRET_JSON, SecretResponse.class),
|
() -> new ObjectMapper().readValue(SECRET_JSON, SecretResponse.class),
|
||||||
"SecretResponse deserialization failed."
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertSecretData(res);
|
assertSecretData(res);
|
||||||
|
|
||||||
// KV v2 secret.
|
// KV v2 secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(SECRET_JSON_V2, SecretResponse.class),
|
() -> new ObjectMapper().readValue(SECRET_JSON_V2, SecretResponse.class),
|
||||||
"SecretResponse deserialization failed."
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertSecretData(res);
|
assertSecretData(res);
|
||||||
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
||||||
@ -177,7 +177,7 @@ class SecretResponseTest {
|
|||||||
// Deleted KV v2 secret.
|
// Deleted KV v2 secret.
|
||||||
res = assertDoesNotThrow(
|
res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(SECRET_JSON_V2_2, SecretResponse.class),
|
() -> new ObjectMapper().readValue(SECRET_JSON_V2_2, SecretResponse.class),
|
||||||
"SecretResponse deserialization failed."
|
"SecretResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertSecretData(res);
|
assertSecretData(res);
|
||||||
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
assertNotNull(res.getMetadata(), "SecretResponse does not contain metadata");
|
||||||
|
|||||||
@ -119,7 +119,7 @@ class TokenResponseTest {
|
|||||||
void jsonRoundtrip() {
|
void jsonRoundtrip() {
|
||||||
TokenResponse res = assertDoesNotThrow(
|
TokenResponse res = assertDoesNotThrow(
|
||||||
() -> new ObjectMapper().readValue(RES_JSON, TokenResponse.class),
|
() -> new ObjectMapper().readValue(RES_JSON, TokenResponse.class),
|
||||||
"TokenResponse deserialization failed."
|
"TokenResponse deserialization failed"
|
||||||
);
|
);
|
||||||
assertNotNull(res, "Parsed response is NULL");
|
assertNotNull(res, "Parsed response is NULL");
|
||||||
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
|
assertEquals(RES_LEASE_DURATION, res.getLeaseDuration(), "Incorrect lease duration");
|
||||||
@ -139,8 +139,7 @@ class TokenResponseTest {
|
|||||||
assertEquals(TOKEN_ID, data.getId(), "Incorrect token ID");
|
assertEquals(TOKEN_ID, data.getId(), "Incorrect token ID");
|
||||||
assertEquals(TOKEN_ISSUE_TIME, data.getIssueTimeString(), "Incorrect token issue time");
|
assertEquals(TOKEN_ISSUE_TIME, data.getIssueTimeString(), "Incorrect token issue time");
|
||||||
assertEquals(ZonedDateTime.parse(TOKEN_ISSUE_TIME), data.getIssueTime(), "Incorrect parsed token issue time");
|
assertEquals(ZonedDateTime.parse(TOKEN_ISSUE_TIME), data.getIssueTime(), "Incorrect parsed token issue time");
|
||||||
assertEquals(1, data.getMeta().size(), "Incorrect token metadata size");
|
assertEquals(Map.of(TOKEN_META_KEY, TOKEN_META_VALUE), data.getMeta(), "Incorrect token metadata");
|
||||||
assertEquals(TOKEN_META_VALUE, data.getMeta().get(TOKEN_META_KEY), "Incorrect token metadata");
|
|
||||||
assertEquals(TOKEN_NUM_USES, data.getNumUses(), "Incorrect token number of uses");
|
assertEquals(TOKEN_NUM_USES, data.getNumUses(), "Incorrect token number of uses");
|
||||||
assertEquals(TOKEN_ORPHAN, data.isOrphan(), "Incorrect token orphan flag");
|
assertEquals(TOKEN_ORPHAN, data.isOrphan(), "Incorrect token orphan flag");
|
||||||
assertEquals(TOKEN_PATH, data.getPath(), "Incorrect token path");
|
assertEquals(TOKEN_PATH, data.getPath(), "Incorrect token path");
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user