From b759a8d5a82473fcc6d241ad0380444513e67198 Mon Sep 17 00:00:00 2001 From: Michel Vocks Date: Thu, 6 Jun 2019 16:28:35 +0200 Subject: [PATCH] Added test for asterisk only --- vault/token_store_test.go | 69 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 67 insertions(+), 2 deletions(-) diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 84c1df4076f5..156526129752 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -2770,7 +2770,7 @@ func TestTokenStore_HandleRequest_CreateToken_GlobPatternEntityAlias(t *testing. core, _, root := TestCoreUnsealed(t) i := core.identityStore ctx := namespace.RootContext(nil) - entityAliaGlobPattern := "testentity*" + entityAliasGlobPattern := "testentity*" entityAliasName := "testentity12345" testRoleName := "test" @@ -2783,7 +2783,72 @@ func TestTokenStore_HandleRequest_CreateToken_GlobPatternEntityAlias(t *testing. "period": "72h", "path_suffix": "happening", "bound_cidrs": []string{"0.0.0.0/0"}, - "allowed_entity_aliases": []string{"test1", "test2", entityAliaGlobPattern}, + "allowed_entity_aliases": []string{"test1", "test2", entityAliasGlobPattern}, + }, + }) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("err: %v\nresp: %#v", err, resp) + } + + // Create token with non existing entity alias + resp, err = core.HandleRequest(ctx, &logical.Request{ + Path: "auth/token/create/" + testRoleName, + Operation: logical.UpdateOperation, + ClientToken: root, + Data: map[string]interface{}{ + "entity_alias": entityAliasName, + }, + }) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) + } + if resp == nil { + t.Fatal("expected a response") + } + + // Read the new entity + resp, err = i.HandleRequest(ctx, &logical.Request{ + Path: "entity/id/" + resp.Auth.EntityID, + Operation: logical.ReadOperation, + }) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: resp: %#v\nerr: %v", resp, err) + } + + // Get the attached alias information + aliases := resp.Data["aliases"].([]interface{}) + if len(aliases) != 1 { + t.Fatalf("expected only one alias but got %d; Aliases: %#v", len(aliases), aliases) + } + alias := &identity.Alias{} + if err := mapstructure.Decode(aliases[0], alias); err != nil { + t.Fatal(err) + } + + // Validate + if alias.Name != entityAliasName { + t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, alias.Name) + } +} + +func TestTokenStore_HandleRequest_CreateToken_GlobPatternWildcardEntityAlias(t *testing.T) { + core, _, root := TestCoreUnsealed(t) + i := core.identityStore + ctx := namespace.RootContext(nil) + entityAliasGlobPattern := "*" + entityAliasName := "testentity12345" + testRoleName := "test" + + // Create token role + resp, err := core.HandleRequest(ctx, &logical.Request{ + Path: "auth/token/roles/" + testRoleName, + ClientToken: root, + Operation: logical.CreateOperation, + Data: map[string]interface{}{ + "period": "72h", + "path_suffix": "happening", + "bound_cidrs": []string{"0.0.0.0/0"}, + "allowed_entity_aliases": []string{"test1", "test2", entityAliasGlobPattern}, }, }) if err != nil || (resp != nil && resp.IsError()) {