AuthToken Tests now use recently added TestAuthMethod and TestAccount (#226)

6 years ago · 41b2d36d98
parent 5ceb335466
commit 41b2d36d98
13 changed files with 207 additions and 176 deletions
--- a/internal/auth/password/account_test.go
+++ b/internal/auth/password/account_test.go
@ -6,6 +6,7 @@ import (

 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@ -14,7 +15,8 @@ func TestAccount_New(t *testing.T) {
 	conn, _ := db.TestSetup(t, "postgres")

 	w := db.New(conn)
-	auts := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	auts := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	aut := auts[0]

 	type args struct {
--- a/internal/auth/password/argon2_test.go
+++ b/internal/auth/password/argon2_test.go
@ -7,6 +7,7 @@ import (

 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
 	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@ -15,8 +16,8 @@ import (
 func TestArgon2Configuration_New(t *testing.T) {
 	conn, _ := db.TestSetup(t, "postgres")
 	rw := db.New(conn)
-
-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]
 	authMethodId := authMethod.GetPublicId()
 	ctx := context.Background()
@ -114,7 +115,8 @@ func TestArgon2Configuration_Readonly(t *testing.T) {
 		}
 	}

-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]
 	authMethodId := authMethod.GetPublicId()

@ -301,9 +303,10 @@ func TestArgon2Credential_New(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	auts := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	auts := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	aut := auts[0]
-	accts := testAccounts(t, conn, aut.ScopeId, aut.PublicId, 5)
+	accts := TestAccounts(t, conn, aut.PublicId, 5)
 	confs := testArgon2Confs(t, conn, accts[0].AuthMethodId, 1)

 	type args struct {
--- a/internal/auth/password/authmethod_test.go
+++ b/internal/auth/password/authmethod_test.go
@ -7,47 +7,10 @@ import (
 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
 	"github.com/hashicorp/watchtower/internal/iam"
-	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

-func testAuthMethods(t *testing.T, conn *gorm.DB, count int) []*AuthMethod {
-	t.Helper()
-	assert, require := assert.New(t), require.New(t)
-	w := db.New(conn)
-	org, _ := iam.TestScopes(t, conn)
-	var auts []*AuthMethod
-	for i := 0; i < count; i++ {
-		cat, err := NewAuthMethod(org.GetPublicId())
-		assert.NoError(err)
-		require.NotNil(cat)
-		id, err := newAuthMethodId()
-		assert.NoError(err)
-		require.NotEmpty(id)
-		cat.PublicId = id
-
-		conf := NewArgon2Configuration()
-		require.NotNil(conf)
-		conf.PrivateId, err = newArgon2ConfigurationId()
-		require.NoError(err)
-		conf.PasswordMethodId = cat.PublicId
-		cat.PasswordConfId = conf.PrivateId
-
-		ctx := context.Background()
-		_, err2 := w.DoTx(ctx, db.StdRetryCnt, db.ExpBackoff{},
-			func(_ db.Reader, iw db.Writer) error {
-				require.NoError(iw.Create(ctx, conf))
-				return iw.Create(ctx, cat)
-			},
-		)
-
-		require.NoError(err2)
-		auts = append(auts, cat)
-	}
-	return auts
-}
-
 func TestAuthMethod_New(t *testing.T) {
 	conn, _ := db.TestSetup(t, "postgres")

--- a/internal/auth/password/repository_account_test.go
+++ b/internal/auth/password/repository_account_test.go
@ -3,14 +3,13 @@ package password
 import (
 	"context"
 	"errors"
-	"fmt"
 	"testing"
 	"time"

 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
 	"github.com/hashicorp/watchtower/internal/oplog"
-	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@ -35,41 +34,13 @@ func TestCheckUserName(t *testing.T) {
 	}
 }

-func testAccounts(t *testing.T, conn *gorm.DB, scopeId, authMethodId string, count int) []*Account {
-	t.Helper()
-	assert, require := assert.New(t), require.New(t)
-	w := db.New(conn)
-	var auts []*Account
-	for i := 0; i < count; i++ {
-		cat, err := NewAccount(authMethodId, fmt.Sprintf("name%d", i))
-		assert.NoError(err)
-		require.NotNil(cat)
-		id, err := newAuthMethodId()
-		assert.NoError(err)
-		require.NotEmpty(id)
-		cat.PublicId = id
-
-		ctx := context.Background()
-		_, err2 := w.DoTx(ctx, db.StdRetryCnt, db.ExpBackoff{},
-			func(_ db.Reader, iw db.Writer) error {
-				return iw.Create(ctx, cat)
-			},
-		)
-
-		require.NoError(err2)
-		// TODO(toddknight): Figure out why the iw.Create call doesn't populate the scope id from the DB.
-		cat.ScopeId = scopeId
-		auts = append(auts, cat)
-	}
-	return auts
-}
-
 func TestRepository_CreateAccount(t *testing.T) {
 	conn, _ := db.TestSetup(t, "postgres")
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	authMethods := testAuthMethods(t, conn, 1)
+	org, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, org.GetPublicId(), 1)
 	authMethod := authMethods[0]

 	var tests = []struct {
@ -276,7 +247,8 @@ func TestRepository_CreateAccount(t *testing.T) {
 		assert.NoError(err)
 		require.NotNil(repo)

-		authMethods := testAuthMethods(t, conn, 1)
+		org, _ := iam.TestScopes(t, conn)
+		authMethods := TestAuthMethods(t, conn, org.GetPublicId(), 1)
 		authMethod := authMethods[0]

 		in := &Account{
@ -307,7 +279,8 @@ func TestRepository_CreateAccount(t *testing.T) {
 		assert.NoError(err)
 		require.NotNil(repo)

-		authMethods := testAuthMethods(t, conn, 2)
+		org, _ := iam.TestScopes(t, conn)
+		authMethods := TestAuthMethods(t, conn, org.GetPublicId(), 2)
 		authMethoda, authMethodb := authMethods[0], authMethods[1]
 		in := &Account{
 			Account: &store.Account{
@ -344,8 +317,9 @@ func TestRepository_LookupAccount(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	authMethod := testAuthMethods(t, conn, 1)[0]
-	account := testAccounts(t, conn, authMethod.GetScopeId(), authMethod.GetPublicId(), 1)[0]
+	org, _ := iam.TestScopes(t, conn)
+	authMethod := TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]
+	account := TestAccounts(t, conn, authMethod.GetPublicId(), 1)[0]

 	newAcctId, err := newAccountId()
 	require.NoError(t, err)
@ -394,8 +368,9 @@ func TestRepository_DeleteAccount(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	authMethod := testAuthMethods(t, conn, 1)[0]
-	account := testAccounts(t, conn, authMethod.GetScopeId(), authMethod.GetPublicId(), 1)[0]
+	org, _ := iam.TestScopes(t, conn)
+	authMethod := TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]
+	account := TestAccounts(t, conn, authMethod.GetPublicId(), 1)[0]

 	newAcctId, err := newAccountId()
 	require.NoError(t, err)
@ -445,9 +420,10 @@ func TestRepository_ListAccounts(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	authMethods := testAuthMethods(t, conn, 3)
-	accounts1 := testAccounts(t, conn, authMethods[0].GetScopeId(), authMethods[0].GetPublicId(), 3)
-	accounts2 := testAccounts(t, conn, authMethods[1].GetScopeId(), authMethods[1].GetPublicId(), 4)
+	org, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, org.GetPublicId(), 3)
+	accounts1 := TestAccounts(t, conn, authMethods[0].GetPublicId(), 3)
+	accounts2 := TestAccounts(t, conn, authMethods[1].GetPublicId(), 4)
 	_ = accounts2

 	var tests = []struct {
@ -497,10 +473,11 @@ func TestRepository_ListAccounts_Limits(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	am := testAuthMethods(t, conn, 1)[0]
+	org, _ := iam.TestScopes(t, conn)
+	am := TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]

 	accountCount := 10
-	_ = testAccounts(t, conn, am.GetScopeId(), am.GetPublicId(), accountCount)
+	_ = TestAccounts(t, conn, am.GetPublicId(), accountCount)

 	var tests = []struct {
 		name     string
--- a/internal/auth/password/repository_configuration_test.go
+++ b/internal/auth/password/repository_configuration_test.go
@ -8,6 +8,7 @@ import (

 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
 	"github.com/hashicorp/watchtower/internal/oplog"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@ -21,7 +22,8 @@ func TestRepository_GetSetConfiguration(t *testing.T) {
 	assert.NoError(t, err)
 	require.NotNil(t, repo)

-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]
 	authMethodId := authMethod.GetPublicId()
 	ctx := context.Background()
@ -125,7 +127,8 @@ func TestRepository_GetConfiguration(t *testing.T) {
 	assert.NoError(t, err)
 	require.NotNil(t, repo)

-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]
 	authMethodId := authMethod.GetPublicId()
 	ctx := context.Background()
@ -181,8 +184,10 @@ func TestRepository_GetConfiguration(t *testing.T) {
 }

 type tconf int
+
 func (t tconf) AuthMethodId() string { return "abcdefghijk" }
 func (t tconf) validate() error      { return nil }
+
 var _ Configuration = tconf(0)

 func TestRepository_SetConfiguration(t *testing.T) {
@ -193,7 +198,8 @@ func TestRepository_SetConfiguration(t *testing.T) {
 	assert.NoError(t, err)
 	require.NotNil(t, repo)

-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]
 	authMethodId := authMethod.GetPublicId()

--- a/internal/auth/password/repository_password_test.go
+++ b/internal/auth/password/repository_password_test.go
@ -7,6 +7,7 @@ import (

 	"github.com/hashicorp/watchtower/internal/auth/password/store"
 	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@ -16,7 +17,8 @@ func TestRepository_Authenticate(t *testing.T) {
 	rw := db.New(conn)
 	wrapper := db.TestWrapper(t)

-	authMethods := testAuthMethods(t, conn, 1)
+	o, _ := iam.TestScopes(t, conn)
+	authMethods := TestAuthMethods(t, conn, o.GetPublicId(), 1)
 	authMethod := authMethods[0]

 	inAcct := &Account{
--- a/internal/auth/password/store/password.pb.go
+++ b/internal/auth/password/store/password.pb.go
@ -172,13 +172,10 @@ type Account struct {
 	// description is optional.
 	// @inject_tag: `gorm:"default:null"`
 	Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty" gorm:"default:null"`
-	// The scope_id of the owning scope. Must be set.
-	// @inject_tag: `gorm:"not_null"`
-	ScopeId string `protobuf:"bytes,6,opt,name=scope_id,json=scopeId,proto3" json:"scope_id,omitempty" gorm:"not_null"`
 	// @inject_tag: `gorm:"not_null"`
-	AuthMethodId string `protobuf:"bytes,7,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty" gorm:"not_null"`
+	AuthMethodId string `protobuf:"bytes,6,opt,name=auth_method_id,json=authMethodId,proto3" json:"auth_method_id,omitempty" gorm:"not_null"`
 	// @inject_tag: `gorm:"not_null"`
-	UserName string `protobuf:"bytes,8,opt,name=user_name,json=userName,proto3" json:"user_name,omitempty" gorm:"not_null"`
+	UserName string `protobuf:"bytes,7,opt,name=user_name,json=userName,proto3" json:"user_name,omitempty" gorm:"not_null"`
 }

 func (x *Account) Reset() {
@ -248,13 +245,6 @@ func (x *Account) GetDescription() string {
 	return ""
 }

-func (x *Account) GetScopeId() string {
-	if x != nil {
-		return x.ScopeId
-	}
-	return ""
-}
-
 func (x *Account) GetAuthMethodId() string {
 	if x != nil {
 		return x.AuthMethodId
@ -307,7 +297,7 @@ var file_controller_storage_auth_password_store_v1_password_proto_rawDesc = []by
 	0x6d, 0x65, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x2e, 0x0a, 0x13, 0x6d, 0x69, 0x6e, 0x5f,
 	0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18,
 	0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f,
-	0x72, 0x64, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0xd4, 0x02, 0x0a, 0x07, 0x41, 0x63, 0x63,
+	0x72, 0x64, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x22, 0xb9, 0x02, 0x0a, 0x07, 0x41, 0x63, 0x63,
 	0x6f, 0x75, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x69,
 	0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x49,
 	0x64, 0x12, 0x4b, 0x0a, 0x0b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65,
@ -323,17 +313,16 @@ var file_controller_storage_auth_password_store_v1_password_proto_rawDesc = []by
 	0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12,
 	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
-	0x6e, 0x12, 0x19, 0x0a, 0x08, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20,
-	0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x49, 0x64, 0x12, 0x24, 0x0a, 0x0e,
-	0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x07,
-	0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64,
-	0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18,
-	0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x42,
-	0x44, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61,
-	0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x77, 0x61, 0x74, 0x63, 0x68, 0x74, 0x6f, 0x77,
-	0x65, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x61, 0x75, 0x74, 0x68,
-	0x2f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x2f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3b,
-	0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6e, 0x12, 0x24, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64,
+	0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x4d,
+	0x65, 0x74, 0x68, 0x6f, 0x64, 0x49, 0x64, 0x12, 0x1b, 0x0a, 0x09, 0x75, 0x73, 0x65, 0x72, 0x5f,
+	0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72,
+	0x4e, 0x61, 0x6d, 0x65, 0x42, 0x44, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x77, 0x61, 0x74,
+	0x63, 0x68, 0x74, 0x6f, 0x77, 0x65, 0x72, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c,
+	0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x2f, 0x73,
+	0x74, 0x6f, 0x72, 0x65, 0x3b, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }

 var (
--- a/internal/auth/password/testing.go
+++ b/internal/auth/password/testing.go
@ -0,0 +1,80 @@
+package password
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/jinzhu/gorm"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// TestAuthMethods creates count number of password auth methods to the provided DB
+// with the provided scope id.  If any errors are encountered during the creation of
+// the auth methods, the test will fail.
+func TestAuthMethods(t *testing.T, conn *gorm.DB, scopeId string, count int) []*AuthMethod {
+	t.Helper()
+	assert, require := assert.New(t), require.New(t)
+	w := db.New(conn)
+	var auts []*AuthMethod
+	for i := 0; i < count; i++ {
+		cat, err := NewAuthMethod(scopeId)
+		assert.NoError(err)
+		require.NotNil(cat)
+		id, err := newAuthMethodId()
+		assert.NoError(err)
+		require.NotEmpty(id)
+		cat.PublicId = id
+
+		conf := NewArgon2Configuration()
+		require.NotNil(conf)
+		conf.PrivateId, err = newArgon2ConfigurationId()
+		require.NoError(err)
+		conf.PasswordMethodId = cat.PublicId
+		cat.PasswordConfId = conf.PrivateId
+
+		ctx := context.Background()
+		_, err2 := w.DoTx(ctx, db.StdRetryCnt, db.ExpBackoff{},
+			func(_ db.Reader, iw db.Writer) error {
+				require.NoError(iw.Create(ctx, conf))
+				return iw.Create(ctx, cat)
+			},
+		)
+
+		require.NoError(err2)
+		auts = append(auts, cat)
+	}
+	return auts
+}
+
+// TestAccounts creates count number of password account to the provided DB
+// with the provided auth method id.  The auth method must have been created previously.
+// If any errors are encountered during the creation of the account, the test will fail.
+func TestAccounts(t *testing.T, conn *gorm.DB, authMethodId string, count int) []*Account {
+	t.Helper()
+	assert, require := assert.New(t), require.New(t)
+	w := db.New(conn)
+	var auts []*Account
+	for i := 0; i < count; i++ {
+		cat, err := NewAccount(authMethodId, fmt.Sprintf("name%d", i))
+		assert.NoError(err)
+		require.NotNil(cat)
+		id, err := newAccountId()
+		assert.NoError(err)
+		require.NotEmpty(id)
+		cat.PublicId = id
+
+		ctx := context.Background()
+		_, err2 := w.DoTx(ctx, db.StdRetryCnt, db.ExpBackoff{},
+			func(_ db.Reader, iw db.Writer) error {
+				return iw.Create(ctx, cat)
+			},
+		)
+
+		require.NoError(err2)
+		auts = append(auts, cat)
+	}
+	return auts
+}
--- a/internal/auth/password/testing_test.go
+++ b/internal/auth/password/testing_test.go
@ -0,0 +1,44 @@
+package password
+
+import (
+	"testing"
+
+	"github.com/hashicorp/watchtower/internal/db"
+	"github.com/hashicorp/watchtower/internal/iam"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_TestAuthMethods(t *testing.T) {
+	assert, require := assert.New(t), require.New(t)
+	conn, _ := db.TestSetup(t, "postgres")
+	org, _ := iam.TestScopes(t, conn)
+	require.NotNil(org)
+	assert.NotEmpty(org.GetPublicId())
+
+	count := 4
+	ams := TestAuthMethods(t, conn, org.GetPublicId(), count)
+	assert.Len(ams, count)
+	for _, am := range ams {
+		assert.NotEmpty(am.GetPublicId())
+	}
+}
+
+func Test_TestAccounts(t *testing.T) {
+	t.Helper()
+	assert, require := assert.New(t), require.New(t)
+	conn, _ := db.TestSetup(t, "postgres")
+	org, _ := iam.TestScopes(t, conn)
+
+	require.NotNil(org)
+	assert.NotEmpty(org.GetPublicId())
+
+	am := TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]
+
+	count := 4
+	accounts := TestAccounts(t, conn, am.GetPublicId(), count)
+	assert.Len(accounts, count)
+	for _, a := range accounts {
+		assert.NotEmpty(a.GetPublicId())
+	}
+}
--- a/internal/authtoken/authtoken_test.go
+++ b/internal/authtoken/authtoken_test.go
@ -10,6 +10,7 @@ import (
 	"time"

 	"github.com/golang/protobuf/ptypes"
+	"github.com/hashicorp/watchtower/internal/auth/password"
 	"github.com/hashicorp/watchtower/internal/authtoken/store"
 	"github.com/hashicorp/watchtower/internal/db"
 	"github.com/hashicorp/watchtower/internal/db/timestamp"
@ -24,9 +25,8 @@ func TestAuthToken_DbUpdate(t *testing.T) {
 	wrapper := db.TestWrapper(t)

 	org, _ := iam.TestScopes(t, conn)
-	u := iam.TestUser(t, conn, org.GetPublicId())
-	amId := setupAuthMethod(t, conn, org.GetPublicId())
-	acct := setupAuthAccount(t, conn, org.GetPublicId(), amId, u.GetPublicId())
+	am := password.TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]
+	acct := password.TestAccounts(t, conn, am.GetPublicId(), 1)[0]

 	newAuthTokId, err := newAuthTokenId()
 	require.NoError(t, err)
@ -118,9 +118,8 @@ func TestAuthToken_DbCreate(t *testing.T) {
 	wrapper := db.TestWrapper(t)

 	org, _ := iam.TestScopes(t, conn)
-	u := iam.TestUser(t, conn, org.GetPublicId())
-	amId := setupAuthMethod(t, conn, org.GetPublicId())
-	acct := setupAuthAccount(t, conn, org.GetPublicId(), amId, u.GetPublicId())
+	am := password.TestAuthMethods(t, conn, org.GetPublicId(), 1)[0]
+	acct := password.TestAccounts(t, conn, am.GetPublicId(), 1)[0]
 	createdAuthToken := TestAuthToken(t, conn, wrapper, org.GetPublicId())

 	testAuthTokenId := func() string {
--- a/internal/authtoken/repository_test.go
+++ b/internal/authtoken/repository_test.go
@ -10,6 +10,7 @@ import (
 	"github.com/golang/protobuf/ptypes"
 	"github.com/google/go-cmp/cmp"
 	wrapping "github.com/hashicorp/go-kms-wrapping"
+	"github.com/hashicorp/watchtower/internal/auth/password"
 	iamStore "github.com/hashicorp/watchtower/internal/iam/store"
 	"github.com/hashicorp/watchtower/internal/oplog"
 	"github.com/stretchr/testify/assert"
@ -132,9 +133,13 @@ func TestRepository_CreateAuthToken(t *testing.T) {
 	wrapper := db.TestWrapper(t)

 	org1, _ := iam.TestScopes(t, conn)
-	u1 := iam.TestUser(t, conn, org1.GetPublicId())
-	amId1 := setupAuthMethod(t, conn, org1.GetPublicId())
-	aAcct := setupAuthAccount(t, conn, org1.GetPublicId(), amId1, u1.GetPublicId())
+	am := password.TestAuthMethods(t, conn, org1.GetPublicId(), 1)[0]
+	aAcct := password.TestAccounts(t, conn, am.GetPublicId(), 1)[0]
+
+	iamRepo, err := iam.NewRepository(rw, rw, wrapper)
+	require.NoError(t, err)
+	u1, err := iamRepo.LookupUserWithLogin(context.Background(), aAcct.GetPublicId(), iam.WithAutoVivify(true))
+	require.NoError(t, err)

 	org2, _ := iam.TestScopes(t, conn)
 	u2 := iam.TestUser(t, conn, org2.GetPublicId())
--- a/internal/authtoken/testing.go
+++ b/internal/authtoken/testing.go
@ -5,70 +5,32 @@ import (
 	"testing"

 	wrapping "github.com/hashicorp/go-kms-wrapping"
+	"github.com/hashicorp/watchtower/internal/auth/password"
 	"github.com/hashicorp/watchtower/internal/db"
 	"github.com/hashicorp/watchtower/internal/iam"
-	iamStore "github.com/hashicorp/watchtower/internal/iam/store"
 	"github.com/jinzhu/gorm"
 	"github.com/stretchr/testify/require"
 )

 func TestAuthToken(t *testing.T, conn *gorm.DB, wrapper wrapping.Wrapper, scopeId string) *AuthToken {
 	t.Helper()
-	u := iam.TestUser(t, conn, scopeId)
-	amId := setupAuthMethod(t, conn, scopeId)
-
+	authMethod := password.TestAuthMethods(t, conn, scopeId, 1)[0]
 	// auth account is only used to join auth method to user.
 	// We don't do anything else with the auth account in the test setup.
-	acct := setupAuthAccount(t, conn, scopeId, amId, u.GetPublicId())
+	acct := password.TestAccounts(t, conn, authMethod.GetPublicId(), 1)[0]

+	ctx := context.Background()
 	rw := db.New(conn)
+	iamRepo, err := iam.NewRepository(rw, rw, wrapper)
+	require.NoError(t, err)
+
+	u, err := iamRepo.LookupUserWithLogin(ctx, acct.GetPublicId(), iam.WithAutoVivify(true))
+	require.NoError(t, err)
+
 	repo, err := NewRepository(rw, rw, wrapper)
 	require.NoError(t, err)

-	ctx := context.Background()
 	at, err := repo.CreateAuthToken(ctx, u.GetPublicId(), acct.GetPublicId())
 	require.NoError(t, err)
 	return at
 }
-
-// Returns auth method id
-// TODO: Remove this when the auth method repos are created with the relevant test methods.
-func setupAuthMethod(t *testing.T, conn *gorm.DB, scope string) string {
-	t.Helper()
-	require := require.New(t)
-	insert := `insert into auth_method
-	(public_id, scope_id)
-	values
-	($1, $2);`
-	amId, err := db.NewPublicId("am")
-	require.NoError(err)
-	_, err = conn.DB().Exec(insert, amId, scope)
-	require.NoError(err)
-	return amId
-}
-
-// TODO: Remove this when the auth method repos are created with the relevant test methods.
-func setupAuthAccount(t *testing.T, conn *gorm.DB, scopeId, authMethodId, userId string) *iam.AuthAccount {
-	t.Helper()
-	require := require.New(t)
-	require.NotEmpty(scopeId)
-	require.NotEmpty(authMethodId)
-	require.NotEmpty(userId)
-
-	authAcctId, err := db.NewPublicId("aa")
-	require.NoError(err)
-
-	acct := &iam.AuthAccount{
-		AuthAccount: &iamStore.AuthAccount{
-			PublicId:     authAcctId,
-			ScopeId:      scopeId,
-			AuthMethodId: authMethodId,
-			IamUserId:    userId,
-		},
-	}
-	rw := db.New(conn)
-	err = rw.Create(context.Background(), acct)
-	require.NoError(err)
-	require.NotEmpty(acct.PublicId)
-	return acct
-}
--- a/internal/proto/local/controller/storage/auth/password/store/v1/password.proto
+++ b/internal/proto/local/controller/storage/auth/password/store/v1/password.proto
@ -60,13 +60,12 @@ message Account {
  // @inject_tag: `gorm:"default:null"`
  string description = 5;

-  // The scope_id of the owning scope. Must be set.
  // @inject_tag: `gorm:"not_null"`
-  string scope_id = 6;
+  string auth_method_id = 6;

  // @inject_tag: `gorm:"not_null"`
-  string auth_method_id = 7;
+  string user_name = 7;

-  // @inject_tag: `gorm:"not_null"`
-  string user_name = 8;
+  // the scope_id column is not included here as it is used only to ensure
+  // data integrity in the database between iam users and auth methods.
 }