forked from hashicorp/vault-plugin-secrets-alicloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
acceptance_test.go
82 lines (70 loc) · 2.4 KB
/
acceptance_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package alicloud
import (
"context"
"os"
"testing"
"time"
"github.com/hashicorp/vault/sdk/logical"
)
const (
envVarRunAccTests = "VAULT_ACC"
envVarAccessKey = "ALICLOUD_ACCESS_KEY"
envVarSecretKey = "ALICLOUD_SECRET_KEY"
// Please note: the role arn used here for acceptance tests must have been set up as
// allowing trusted actors, as mentioned here: https://www.alibabacloud.com/help/doc-detail/28649.htm.
// Also, the access key and secret in use must qualify as a trusted actor. If you're
// unsure of how to set up a trusted actor, please create a new role in Alibaba's RAM UI,
// as its role creation wizard asks you whether you want to create trusted actors and how
// they should be configured. Trusted actors can only be added at the time of role creation.
envVarRoleARN = "ALICLOUD_ROLE_ARN"
)
var runAcceptanceTests = os.Getenv(envVarRunAccTests) == "1"
func TestAcceptanceDynamicPolicyBasedCreds(t *testing.T) {
if !runAcceptanceTests {
t.SkipNow()
}
acceptanceTestEnv, err := newAcceptanceTestEnv()
if err != nil {
t.Fatal(err)
}
t.Run("add config", acceptanceTestEnv.AddConfig)
t.Run("add policy-based role", acceptanceTestEnv.AddPolicyBasedRole)
t.Run("read policy-based creds", acceptanceTestEnv.ReadPolicyBasedCreds)
t.Run("renew policy-based creds", acceptanceTestEnv.RenewPolicyBasedCreds)
t.Run("revoke policy-based creds", acceptanceTestEnv.RevokePolicyBasedCreds)
}
func TestAcceptanceDynamicRoleBasedCreds(t *testing.T) {
if !runAcceptanceTests {
t.SkipNow()
}
acceptanceTestEnv, err := newAcceptanceTestEnv()
if err != nil {
t.Fatal(err)
}
t.Run("add config", acceptanceTestEnv.AddConfig)
t.Run("add arn-based role", acceptanceTestEnv.AddARNBasedRole)
t.Run("read arn-based creds", acceptanceTestEnv.ReadARNBasedCreds)
t.Run("renew arn-based creds", acceptanceTestEnv.RenewARNBasedCreds)
t.Run("revoke arn-based creds", acceptanceTestEnv.RevokeARNBasedCreds)
}
func newAcceptanceTestEnv() (*testEnv, error) {
ctx := context.Background()
conf := &logical.BackendConfig{
System: &logical.StaticSystemView{
DefaultLeaseTTLVal: time.Hour,
MaxLeaseTTLVal: time.Hour,
},
}
b, err := Factory(ctx, conf)
if err != nil {
return nil, err
}
return &testEnv{
AccessKey: os.Getenv(envVarAccessKey),
SecretKey: os.Getenv(envVarSecretKey),
RoleARN: os.Getenv(envVarRoleARN),
Backend: b,
Context: ctx,
Storage: &logical.InmemStorage{},
}, nil
}