From cec0d62fb6beeaedf7e244e9d99614f6b89e295b Mon Sep 17 00:00:00 2001
From: Michael Tibben <michael.tibben@99designs.com>
Date: Mon, 20 Mar 2023 20:02:27 +1100
Subject: [PATCH] Add a few more tests for TempCredentialsProvider

---
 vault/vault_test.go | 65 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/vault/vault_test.go b/vault/vault_test.go
index e4c7466c3..75a047ad8 100644
--- a/vault/vault_test.go
+++ b/vault/vault_test.go
@@ -8,6 +8,71 @@ import (
 	"github.com/99designs/keyring"
 )
 
+func TestUsageWebIdentityExample(t *testing.T) {
+	f := newConfigFile(t, []byte(`
+[profile role2]
+role_arn = arn:aws:iam::33333333333:role/role2
+web_identity_token_process = oidccli raw
+`))
+	defer os.Remove(f)
+	configFile, err := vault.LoadConfig(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+	configLoader := &vault.ConfigLoader{File: configFile, ActiveProfile: "role2"}
+	config, err := configLoader.GetProfileConfig("role2")
+	if err != nil {
+		t.Fatalf("Should have found a profile: %v", err)
+	}
+
+	ckr := &vault.CredentialKeyring{Keyring: keyring.NewArrayKeyring([]keyring.Item{})}
+	p, err := vault.NewTempCredentialsProvider(config, ckr, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, ok := p.(*vault.AssumeRoleWithWebIdentityProvider)
+	if !ok {
+		t.Fatalf("Expected AssumeRoleWithWebIdentityProvider, got %T", p)
+	}
+}
+
+func TestIssue1176(t *testing.T) {
+	f := newConfigFile(t, []byte(`
+[profile my-shared-base-profile]
+credential_process=aws-vault exec my-shared-base-profile -j
+mfa_serial=arn:aws:iam::1234567890:mfa/danielholz
+region=eu-west-1
+
+[profile profile-with-role]
+source_profile=my-shared-base-profile
+include_profile=my-shared-base-profile
+region=eu-west-1
+role_arn=arn:aws:iam::12345678901:role/allow-view-only-access-from-other-accounts
+`))
+	defer os.Remove(f)
+	configFile, err := vault.LoadConfig(f)
+	if err != nil {
+		t.Fatal(err)
+	}
+	configLoader := &vault.ConfigLoader{File: configFile, ActiveProfile: "my-shared-base-profile"}
+	config, err := configLoader.GetProfileConfig("my-shared-base-profile")
+	if err != nil {
+		t.Fatalf("Should have found a profile: %v", err)
+	}
+
+	ckr := &vault.CredentialKeyring{Keyring: keyring.NewArrayKeyring([]keyring.Item{})}
+	p, err := vault.NewTempCredentialsProvider(config, ckr, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, ok := p.(*vault.CredentialProcessProvider)
+	if !ok {
+		t.Fatalf("Expected CredentialProcessProvider, got %T", p)
+	}
+}
+
 func TestIssue1195(t *testing.T) {
 	f := newConfigFile(t, []byte(`
 [profile test]