aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '400f8d081d'
${ noResults }
boundary/testing/internal/e2e/tests/static/connect_authz_token_test.go

119 lines
4.2 KiB
Raw Blame History

package static_test
import (
"context"
"encoding/json"
"fmt"
"os"
"strings"
"testing"
"github.com/hashicorp/boundary/api/credentials"
"github.com/hashicorp/boundary/api/targets"
"github.com/hashicorp/boundary/testing/internal/e2e"
"github.com/hashicorp/boundary/testing/internal/e2e/boundary"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TestCliConnectTargetWithAuthzToken uses the boundary cli to connect to a target using the
// `authz_token` option
func TestCliConnectTargetWithAuthzToken(t *testing.T) {
e2e.MaybeSkipTest(t)
c, err := loadConfig()
require.NoError(t, err)
ctx := context.Background()
boundary.AuthenticateAdminCli(t, ctx)
newOrgId := boundary.CreateNewOrgCli(t, ctx)
newProjectId := boundary.CreateNewProjectCli(t, ctx, newOrgId)
newHostCatalogId := boundary.CreateNewHostCatalogCli(t, ctx, newProjectId)
newHostSetId := boundary.CreateNewHostSetCli(t, ctx, newHostCatalogId)
newHostId := boundary.CreateNewHostCli(t, ctx, newHostCatalogId, c.TargetIp)
boundary.AddHostToHostSetCli(t, ctx, newHostSetId, newHostId)
newTargetId := boundary.CreateNewTargetCli(t, ctx, newProjectId, c.TargetPort)
boundary.AddHostSourceToTargetCli(t, ctx, newTargetId, newHostSetId)
newCredentialStoreId := boundary.CreateNewCredentialStoreStaticCli(t, ctx, newProjectId)
// Create credentials
output := e2e.RunCommand(ctx, "boundary",
e2e.WithArgs(
"credentials", "create", "ssh-private-key",
"-credential-store-id", newCredentialStoreId,
"-username", c.TargetSshUser,
"-private-key", "file://"+c.TargetSshKeyPath,
"-format", "json",
),
)
require.NoError(t, output.Err, string(output.Stderr))
var newCredentialsResult credentials.CredentialCreateResult
err = json.Unmarshal(output.Stdout, &newCredentialsResult)
require.NoError(t, err)
newCredentialsId := newCredentialsResult.Item.Id
t.Logf("Created Credentials: %s", newCredentialsId)
// Add credentials to target
output = e2e.RunCommand(ctx, "boundary",
e2e.WithArgs(
"targets", "add-credential-sources",
"-id", newTargetId,
"-brokered-credential-source", newCredentialsId,
),
)
require.NoError(t, output.Err, string(output.Stderr))
// Get credentials for target
output = e2e.RunCommand(ctx, "boundary",
e2e.WithArgs("targets", "authorize-session", "-id", newTargetId, "-format", "json"),
)
require.NoError(t, output.Err, string(output.Stderr))
var newSessionAuthorizationResult targets.SessionAuthorizationResult
err = json.Unmarshal(output.Stdout, &newSessionAuthorizationResult)
require.NoError(t, err)
newSessionAuthorization := newSessionAuthorizationResult.Item
retrievedUser := fmt.Sprintf("%s", newSessionAuthorization.Credentials[0].Credential["username"])
retrievedKey := fmt.Sprintf("%s\n", newSessionAuthorization.Credentials[0].Credential["private_key"])
assert.Equal(t, c.TargetSshUser, retrievedUser)
k, err := os.ReadFile(c.TargetSshKeyPath)
require.NoError(t, err)
require.Equal(t, string(k), retrievedKey)
t.Log("Successfully retrieved credentials for target")
// Get auth token for session
newAuthToken := newSessionAuthorizationResult.Item.AuthorizationToken
// Create key file
retrievedKeyPath := fmt.Sprintf("%s/%s", t.TempDir(), "target_private_key.pem")
f, err := os.Create(retrievedKeyPath)
require.NoError(t, err)
_, err = f.WriteString(retrievedKey)
require.NoError(t, err)
err = os.Chmod(retrievedKeyPath, 0o400)
require.NoError(t, err)
// Connect to target and print host's IP address using retrieved credentials
output = e2e.RunCommand(ctx, "boundary",
e2e.WithArgs(
"connect",
"-authz-token", newAuthToken,
"-exec", "/usr/bin/ssh", "--",
"-l", retrievedUser,
"-i", retrievedKeyPath,
"-o", "UserKnownHostsFile=/dev/null",
"-o", "StrictHostKeyChecking=no",
"-o", "IdentitiesOnly=yes", // forces the use of the provided key
"-p", "{{boundary.port}}", // this is provided by boundary
"{{boundary.ip}}",
"hostname", "-i",
),
)
require.NoError(t, output.Err, string(output.Stderr))
parts := strings.Fields(string(output.Stdout))
hostIp := parts[len(parts)-1]
require.Equal(t, c.TargetIp, hostIp, "SSH session did not return expected output")
t.Log("Successfully connected to target")
}
Reference in new issue View Git Blame Copy Permalink