Skip to content

Commit

Permalink
Add a few more tests for TempCredentialsProvider
Browse files Browse the repository at this point in the history
  • Loading branch information
@mtibben
mtibben committed Mar 20, 2023
1 parent 6ebe3fb commit cec0d62
Showing 1 changed file with 65 additions and 0 deletions.
65 changes: 65 additions & 0 deletions vault/vault_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,71 @@ import (
"github.com/99designs/keyring"
)

func TestUsageWebIdentityExample(t *testing.T) {
f := newConfigFile(t, []byte(`
[profile role2]
role_arn = arn:aws:iam::33333333333:role/role2
web_identity_token_process = oidccli raw
`))
defer os.Remove(f)
configFile, err := vault.LoadConfig(f)
if err != nil {
t.Fatal(err)
}
configLoader := &vault.ConfigLoader{File: configFile, ActiveProfile: "role2"}
config, err := configLoader.GetProfileConfig("role2")
if err != nil {
t.Fatalf("Should have found a profile: %v", err)
}

ckr := &vault.CredentialKeyring{Keyring: keyring.NewArrayKeyring([]keyring.Item{})}
p, err := vault.NewTempCredentialsProvider(config, ckr, true, true)
if err != nil {
t.Fatal(err)
}

_, ok := p.(*vault.AssumeRoleWithWebIdentityProvider)
if !ok {
t.Fatalf("Expected AssumeRoleWithWebIdentityProvider, got %T", p)
}
}

func TestIssue1176(t *testing.T) {
f := newConfigFile(t, []byte(`
[profile my-shared-base-profile]
credential_process=aws-vault exec my-shared-base-profile -j
mfa_serial=arn:aws:iam::1234567890:mfa/danielholz
region=eu-west-1
[profile profile-with-role]
source_profile=my-shared-base-profile
include_profile=my-shared-base-profile
region=eu-west-1
role_arn=arn:aws:iam::12345678901:role/allow-view-only-access-from-other-accounts
`))
defer os.Remove(f)
configFile, err := vault.LoadConfig(f)
if err != nil {
t.Fatal(err)
}
configLoader := &vault.ConfigLoader{File: configFile, ActiveProfile: "my-shared-base-profile"}
config, err := configLoader.GetProfileConfig("my-shared-base-profile")
if err != nil {
t.Fatalf("Should have found a profile: %v", err)
}

ckr := &vault.CredentialKeyring{Keyring: keyring.NewArrayKeyring([]keyring.Item{})}
p, err := vault.NewTempCredentialsProvider(config, ckr, true, true)
if err != nil {
t.Fatal(err)
}

_, ok := p.(*vault.CredentialProcessProvider)
if !ok {
t.Fatalf("Expected CredentialProcessProvider, got %T", p)
}
}

func TestIssue1195(t *testing.T) {
f := newConfigFile(t, []byte(`
[profile test]
Expand Down

0 comments on commit cec0d62

Please sign in to comment.