aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48340da733'
${ noResults }
boundary/internal/tests/api/authmethods/authmethod_test.go

172 lines
5.5 KiB
Raw Blame History

package authmethods_test
import (
"net/http"
"testing"
"github.com/hashicorp/boundary/api"
"github.com/hashicorp/boundary/api/authmethods"
"github.com/hashicorp/boundary/internal/auth/password"
"github.com/hashicorp/boundary/internal/servers/controller"
capoidc "github.com/hashicorp/cap/oidc"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const global = "global"
func TestCrud(t *testing.T) {
assert, require := assert.New(t), require.New(t)
tc := controller.NewTestController(t, nil)
defer tc.Shutdown()
client := tc.Client()
token := tc.Token()
client.SetToken(token.Token)
amClient := authmethods.NewClient(client)
checkAuthMethod := func(step string, u *authmethods.AuthMethod, wantedName string, wantedVersion uint32) {
require.NotNil(u, "returned no resource", step)
gotName := ""
if u.Name != "" {
gotName = u.Name
}
assert.Equal(wantedName, gotName, step)
assert.EqualValues(wantedVersion, u.Version)
}
u, err := amClient.Create(tc.Context(), "password", global,
authmethods.WithName("bar"))
require.NoError(err)
checkAuthMethod("create", u.Item, "bar", 1)
u, err = amClient.Read(tc.Context(), u.Item.Id)
require.NoError(err)
checkAuthMethod("read", u.Item, "bar", 1)
u, err = amClient.Update(tc.Context(), u.Item.Id, u.Item.Version, authmethods.WithName("buz"))
require.NoError(err)
checkAuthMethod("update", u.Item, "buz", 2)
u, err = amClient.Update(tc.Context(), u.Item.Id, u.Item.Version, authmethods.DefaultName())
require.NoError(err)
checkAuthMethod("update", u.Item, "", 3)
_, err = amClient.Delete(tc.Context(), u.Item.Id)
require.NoError(err)
// OIDC auth methods
u, err = amClient.Create(tc.Context(), "oidc", global,
authmethods.WithName("foo"),
authmethods.WithOidcAuthMethodApiUrlPrefix("https://api.com"),
authmethods.WithOidcAuthMethodIssuer("https://example.com"),
authmethods.WithOidcAuthMethodClientSecret("secret"),
authmethods.WithOidcAuthMethodClientId("client-id"))
require.NoError(err)
checkAuthMethod("create", u.Item, "foo", 1)
u, err = amClient.Read(tc.Context(), u.Item.Id)
require.NoError(err)
checkAuthMethod("read", u.Item, "foo", 1)
u, err = amClient.Update(tc.Context(), u.Item.Id, u.Item.Version, authmethods.WithName("bar"))
require.NoError(err)
checkAuthMethod("update", u.Item, "bar", 2)
u, err = amClient.Update(tc.Context(), u.Item.Id, u.Item.Version, authmethods.DefaultName())
require.NoError(err)
checkAuthMethod("update", u.Item, "", 3)
_, err = amClient.Delete(tc.Context(), u.Item.Id)
require.NoError(err)
}
func TestCustomMethods(t *testing.T) {
tc := controller.NewTestController(t, nil)
defer tc.Shutdown()
client := tc.Client()
token := tc.Token()
client.SetToken(token.Token)
amClient := authmethods.NewClient(client)
tp := capoidc.StartTestProvider(t)
tpClientId := "alice-rp"
tpClientSecret := "her-dog's-name"
tp.SetClientCreds(tpClientId, tpClientSecret)
u, err := amClient.Create(tc.Context(), "oidc", global,
authmethods.WithName("foo"),
authmethods.WithOidcAuthMethodIssuer(tp.Addr()),
authmethods.WithOidcAuthMethodApiUrlPrefix("https://example.com"),
authmethods.WithOidcAuthMethodClientSecret("secret"),
authmethods.WithOidcAuthMethodClientId("client-id"),
authmethods.WithOidcAuthMethodSigningAlgorithms([]string{string("EdDSA")}),
authmethods.WithOidcAuthMethodIdpCaCerts([]string{tp.CACert()}))
require.NoError(t, err)
const newState = "active-private"
nilU, err := amClient.ChangeState(tc.Context(), u.Item.Id, u.Item.Version, newState)
require.Error(t, err)
assert.Nil(t, nilU)
u, err = amClient.ChangeState(tc.Context(), u.Item.Id, u.Item.Version, newState, authmethods.WithOidcAuthMethodDisableDiscoveredConfigValidation(true))
require.NoError(t, err)
assert.NotNil(t, u)
assert.Equal(t, newState, u.Item.Attributes["state"])
_, err = amClient.ChangeState(tc.Context(), u.Item.Id, u.Item.Version, "", authmethods.WithOidcAuthMethodDisableDiscoveredConfigValidation(true))
assert.Error(t, err)
}
func TestErrors(t *testing.T) {
assert, require := assert.New(t), require.New(t)
tc := controller.NewTestController(t, nil)
defer tc.Shutdown()
client := tc.Client()
token := tc.Token()
client.SetToken(token.Token)
amClient := authmethods.NewClient(client)
u, err := amClient.Create(tc.Context(), "password", global,
authmethods.WithName("foo"))
require.NoError(err)
assert.NotNil(u)
// Updating the wrong version should fail.
_, err = amClient.Update(tc.Context(), u.Item.Id, 73, authmethods.WithName("anything"))
require.Error(err)
apiErr := api.AsServerError(err)
require.NotNil(apiErr)
assert.EqualValues(http.StatusNotFound, apiErr.Response().StatusCode())
// Create another resource with the same name.
_, err = amClient.Create(tc.Context(), "password", global,
authmethods.WithName("foo"))
require.Error(err)
apiErr = api.AsServerError(err)
require.NotNil(apiErr)
// TODO: Confirm that we can't create an oidc auth method with the same name.
_, err = amClient.Read(tc.Context(), password.AuthMethodPrefix+"_doesntexis")
require.Error(err)
apiErr = api.AsServerError(err)
require.NotNil(apiErr)
assert.EqualValues(http.StatusNotFound, apiErr.Response().StatusCode())
_, err = amClient.Read(tc.Context(), "invalid id")
require.Error(err)
apiErr = api.AsServerError(err)
require.NotNil(apiErr)
assert.EqualValues(http.StatusBadRequest, apiErr.Response().StatusCode())
_, err = amClient.Update(tc.Context(), u.Item.Id, u.Item.Version)
require.Error(err)
apiErr = api.AsServerError(err)
require.NotNil(apiErr)
assert.EqualValues(http.StatusBadRequest, apiErr.Response().StatusCode())
}
Reference in new issue View Git Blame Copy Permalink