Add regression test for hvac issue hvac#130

jeffwecan · May 17, 2018 · 06f3ab1 · 06f3ab1
1 parent 6d6ec35
commit 06f3ab1
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/hvac/tests/test_integration.py b/hvac/tests/test_integration.py
@@ -880,3 +880,31 @@ def test_ec2_role_crud(self):
         self.client.delete_policy('ec2rolepolicy')
 
         self.client.disable_auth_backend('aws-ec2')
+
+    def test_auth_ec2_alternate_mount_point_with_no_client_token_exception(self):
+        test_mount_point = 'aws-custom-path'
+        # Turn on the aws-ec2 backend with a custom mount_point path specified.
+        if '{0}/'.format(test_mount_point) in self.client.list_auth_backends():
+            self.client.disable_auth_backend(test_mount_point)
+        self.client.enable_auth_backend('aws-ec2', mount_point=test_mount_point)
+
+        # Drop the client's token to replicate a typical end user's use of any auth method.
+        # I.e., its reasonable to expect the method is being called to _retrieve_ a token in the first place.
+        self.client.token = None
+
+        # Load a mock PKCS7 encoded self-signed certificate to stand in for a real document from the AWS identity service.
+        with open('test/identity_document.p7b') as fp:
+            pkcs7 = fp.read()
+
+        # When attempting to auth (POST) to an auth backend mounted at a different path than the default, we expect a
+        # generic 'missing client token' response from Vault.
+        with self.assertRaises(exceptions.InvalidRequest) as assertRaisesContext:
+            self.client.auth_ec2(pkcs7=pkcs7)
+
+        expected_exception_message = 'missing client token'
+        actual_exception_message = str(assertRaisesContext.exception)
+        self.assertEqual(expected_exception_message, actual_exception_message)
+
+        # Reset test state.
+        self.client.token = self.root_token()
+        self.client.disable_auth_backend(mount_point=test_mount_point)
diff --git a/test/identity_document.p7b b/test/identity_document.p7b
@@ -0,0 +1,18 @@
+-----BEGIN PKCS7-----
+MIIC+QYJKoZIhvcNAQcCoIIC6jCCAuYCAQExADALBgkqhkiG9w0BBwGgggLMMIIC
+yDCCAbACCQDC/SEUGsFqwjANBgkqhkiG9w0BAQsFADAmMQ0wCwYDVQQKDARodmFj
+MRUwEwYDVQQDDAx0ZXN0aW5nLmh2YWMwHhcNMTgwNTE3MTYxNTUzWhcNMTkwNTE3
+MTYxNTUzWjAmMQ0wCwYDVQQKDARodmFjMRUwEwYDVQQDDAx0ZXN0aW5nLmh2YWMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWQ15CEehjqNVGFPKAq3fv
+15NLm8z8P/vRasNoSEbKVTdK9falL/M/QMWDZ8p5GpgKwzdfDi8f43TeCUo+KOlr
+YTJzb0gPC2wiywcxcJ/JEJqAjZwFHiKr8JZydeUGW7DI3dtBH+cz6uREyjdcoFVT
+JeRt0wmC3JO4hQbDcLC8OrjMICVKQGQfpvTohNTW3NZceYDf2vTQBNDZYLknKPX6
+X/sYDgJWBjuEdKuxeWTBz5/3isoRKFq4VZ3ip7eRg4NHxVBLYVOx+ZK7HUhBzbQb
+/Eaah2ee7reUdKLpzS29IaQTXt75vF8ml0Hmq3KjH4Szi1JSCfGheknXYd8Opz0v
+AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIJq7Yx/XYdSeDaBDQptsSWmG/rj64wp
+CfzQjU55mfBhx0xP30oWJe21TVapfWyVMBqJb2iz9QRaqh5OuB0pMMaVwd8b1/sE
+iWqilz1e6ti9jYoEDKfIjGGYXKV9USLm0Xg/gBKHVrr6ZQv+WpAwEA2aPDTFa7Pq
+gMOhxi/6kWyLG8AlYknSpF+NKqzL74UtfJ/56b1Ie/EaziMLmm1Piysipnw3rXBG
+HTJ0X5EO5eLjzWZ1JxlZSQu45Wh3Li464pSBj7JhIJUdgXUGbudlZQT++opd0b0w
+PgLuySqmZrL6BG49/MfjPjZpeq+fTU6+RMudJm4eeMGiCNAlrN6LtyShADEA
+-----END PKCS7-----