From 47739566bc0b91e54ef91529080d2fa50251eee5 Mon Sep 17 00:00:00 2001
From: Louis Ruch <louisruch@gmail.com>
Date: Mon, 25 Jul 2022 11:08:06 -0700
Subject: [PATCH] bug(vault): Fix token len check (#2291)

---
 internal/credential/vault/vault.go      |  2 +-
 internal/credential/vault/vault_test.go | 54 +++++++++++++++++++++----
 2 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/internal/credential/vault/vault.go b/internal/credential/vault/vault.go
index 0e2cc1addd..b9c6baf5b0 100644
--- a/internal/credential/vault/vault.go
+++ b/internal/credential/vault/vault.go
@@ -26,7 +26,7 @@ type clientConfig struct {
 }
 
 func (c *clientConfig) isValid() bool {
-	if c == nil || c.Addr == "" || len(c.Token) < 0 {
+	if c == nil || c.Addr == "" || len(c.Token) == 0 {
 		return false
 	}
 	return true
diff --git a/internal/credential/vault/vault_test.go b/internal/credential/vault/vault_test.go
index 8e8f698825..1d2cf47443 100644
--- a/internal/credential/vault/vault_test.go
+++ b/internal/credential/vault/vault_test.go
@@ -15,13 +15,53 @@ import (
 
 func Test_newClient(t *testing.T) {
 	t.Parallel()
-	t.Run("nilConfig", func(t *testing.T) {
-		assert := assert.New(t)
-		var c *clientConfig
-		client, err := newClient(c)
-		assert.Error(err)
-		assert.Nil(client)
-	})
+	v := NewTestVaultServer(t)
+
+	tests := []struct {
+		name         string
+		wantErr      bool
+		clientConfig *clientConfig
+	}{
+		{
+			name:    "nil-config",
+			wantErr: true,
+		},
+		{
+			name: "empty-addr",
+			clientConfig: &clientConfig{
+				Token: TokenSecret(v.RootToken),
+			},
+			wantErr: true,
+		},
+		{
+			name: "empty-token",
+			clientConfig: &clientConfig{
+				Addr: v.Addr,
+			},
+			wantErr: true,
+		},
+		{
+			name: "valid-config",
+			clientConfig: &clientConfig{
+				Addr:  v.Addr,
+				Token: TokenSecret(v.RootToken),
+			},
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			assert, require := assert.New(t), require.New(t)
+			client, err := newClient(tt.clientConfig)
+			if tt.wantErr {
+				require.Error(err)
+				assert.Nil(client)
+				return
+			}
+			require.NoError(err)
+			assert.NotNil(client)
+		})
+	}
 }
 
 func TestClient_RenewToken(t *testing.T) {