diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java index 3c5c0079..f696f096 100644 --- a/src/main/java/com/bettercloud/vault/api/Auth.java +++ b/src/main/java/com/bettercloud/vault/api/Auth.java @@ -719,7 +719,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl, final JsonObject request = Json.object().add("iam_request_url", iamRequestUrl) .add("iam_request_body", iamRequestBody) .add("iam_request_headers", iamRequestHeaders) - .add("iam_request_method", "POST"); + .add("iam_http_request_method", "POST"); if(role != null) { request.add("role", role); } diff --git a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java index 2215939c..afe9f405 100644 --- a/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java +++ b/src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java @@ -2,17 +2,16 @@ import com.bettercloud.vault.Vault; import com.bettercloud.vault.VaultConfig; +import com.bettercloud.vault.VaultException; import com.bettercloud.vault.json.Json; import com.bettercloud.vault.json.JsonObject; import com.bettercloud.vault.vault.VaultTestUtils; import com.bettercloud.vault.vault.mock.AuthRequestValidatingMockVault; import org.apache.commons.io.IOUtils; import org.eclipse.jetty.server.Server; -import org.junit.Ignore; import org.junit.Test; import javax.servlet.http.HttpServletRequest; -import java.util.HashSet; import java.util.function.Predicate; import static org.junit.Assert.assertEquals; @@ -20,35 +19,55 @@ public class AuthBackendAwsTests { - @Ignore @Test - public void testLoginByAwsEc2() throws Exception { - final Predicate isValidEc2pkcs7Request = (request) -> { - JsonObject requestBody = readRequestBody(request); - return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && - requestBody.getString("pkcs7", "") == "pkcs7"; - }; - + public void testLoginByAwsEc2Id() throws Exception { final Predicate isValidEc2IdRequest = (request) -> { - JsonObject requestBody = readRequestBody(request); - return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && - requestBody.getString("identity", "") == "identity" && - requestBody.getString("signature", "") == "signature"; + try { + JsonObject requestBody = readRequestBody(request); + return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && + requestBody.getString("identity", "").equals("identity") && + requestBody.getString("signature", "").equals("signature"); + } catch (Exception e) { + return false; + } }; + final AuthRequestValidatingMockVault mockVault = new AuthRequestValidatingMockVault(isValidEc2IdRequest); - final Predicate isValidEc2IamRequest = (request) -> { - JsonObject requestBody = readRequestBody(request); - return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && - requestBody.getString("iam_http_request_method", "") == "POST" && - requestBody.getString("iam_http_request_url", "") == "url" && - requestBody.getString("iam_http_request_body", "") == "body" && - requestBody.getString("iam_http_request_headers", "") == "headers"; - }; + final Server server = VaultTestUtils.initHttpMockVault(mockVault); + server.start(); - final AuthRequestValidatingMockVault mockVault = new AuthRequestValidatingMockVault(new HashSet>() {{ - add(isValidEc2pkcs7Request); - add(isValidEc2IdRequest); - }}); + final VaultConfig vaultConfig = new VaultConfig() + .address("http://127.0.0.1:8999") + .build(); + final Vault vault = new Vault(vaultConfig); + + String token = null; + try { + token = vault.auth() + .loginByAwsEc2("role","identity","signature", null, null) + .getAuthClientToken(); + } catch(VaultException e) { } + + server.stop(); + + assertNotNull(token); + assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim()); + + } + + @Test + public void testLoginByAwsEc2Pkcs7() throws Exception { + final Predicate isValidEc2pkcs7Request = (request) -> { + try { + JsonObject requestBody = readRequestBody(request); + return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && + requestBody.getString("pkcs7", "").equals("pkcs7"); + } catch (Exception e) { + e.printStackTrace(System.out); + return false; + } + }; + final AuthRequestValidatingMockVault mockVault = new AuthRequestValidatingMockVault(isValidEc2pkcs7Request); final Server server = VaultTestUtils.initHttpMockVault(mockVault); server.start(); @@ -58,36 +77,33 @@ public void testLoginByAwsEc2() throws Exception { .build(); final Vault vault = new Vault(vaultConfig); - final String token1 = vault.auth() - .loginByAwsEc2("role","pkcs7",null,null) - .getAuthClientToken(); + System.out.println("Running Aws EC2 test"); - assertNotNull(token1); - assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token1.trim()); + String token = null; + try { + token = vault.auth() + .loginByAwsEc2("role","pkcs7",null,null) + .getAuthClientToken(); + } catch(VaultException e) { } - final String token2 = vault.auth() - .loginByAwsEc2("role","identity","signature", null, null) - .getAuthClientToken(); + server.stop(); - assertNotNull(token2); - assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token2.trim()); + assertNotNull(token); + assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim()); } - @Ignore @Test public void testLoginByAwsIam() throws Exception { final Predicate isValidEc2IamRequest = (request) -> { JsonObject requestBody = readRequestBody(request); return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") && - requestBody.getString("iam_http_request_method", "") == "POST" && - requestBody.getString("iam_http_request_url", "") == "url" && - requestBody.getString("iam_http_request_body", "") == "body" && - requestBody.getString("iam_http_request_headers", "") == "headers"; + requestBody.getString("iam_http_request_method", "").equals("POST") && + requestBody.getString("iam_request_url", "").equals("url") && + requestBody.getString("iam_request_body", "").equals("body") && + requestBody.getString("iam_request_headers", "").equals("headers"); }; - final AuthRequestValidatingMockVault mockVault = new AuthRequestValidatingMockVault(new HashSet>() {{ - add(isValidEc2IamRequest); - }}); + final AuthRequestValidatingMockVault mockVault = new AuthRequestValidatingMockVault(isValidEc2IamRequest); final Server server = VaultTestUtils.initHttpMockVault(mockVault); server.start(); @@ -101,6 +117,8 @@ public void testLoginByAwsIam() throws Exception { .loginByAwsIam("role","url","body","headers",null) .getAuthClientToken(); + server.stop(); + assertNotNull(token); assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim()); } diff --git a/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java b/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java index ebd04e04..65464531 100644 --- a/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java +++ b/src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java @@ -6,15 +6,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Set; import java.util.function.Predicate; public class AuthRequestValidatingMockVault extends MockVault { - private Set> validators; + private Predicate validator; private final String validResponse = "{\n" + + " \"renewable\": true,\n" + " \"auth\": {\n" + - " \"renewable\": true,\n" + " \"lease_duration\": 1800000,\n" + " \"metadata\": {\n" + " \"role_tag_max_ttl\": \"0\",\n" + @@ -33,8 +32,8 @@ public class AuthRequestValidatingMockVault extends MockVault { "}"; - public AuthRequestValidatingMockVault(Set> validators) { - this.validators = validators; + public AuthRequestValidatingMockVault(Predicate validator) { + this.validator = validator; } @Override @@ -44,7 +43,7 @@ public void handle(String target, HttpServletResponse response) throws IOException, ServletException { response.setContentType("application/json"); baseRequest.setHandled(true); - if(validators.stream().anyMatch(p -> p.test(request))) { + if(validator.test(request)) { response.setStatus(200); response.getWriter().println(validResponse); } else {