Skip to content

Commit

Permalink
Merge branch 'main' into kv_group_auth
Browse files Browse the repository at this point in the history
  • Loading branch information
suprjinx committed Nov 15, 2024
2 parents a0f91a1 + 795c8e2 commit 7a2afcb
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 12 deletions.
2 changes: 1 addition & 1 deletion config/astral.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ shared:

initial_user_name: test
initial_user_password: test
initial_user_email: john.doe@example.com
initial_user_email: test2024@example.com

test:
cert_ttl: <%= 24.hours.in_seconds %>
Expand Down
33 changes: 24 additions & 9 deletions test/lib/clients/vault_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -129,30 +129,45 @@ class VaultTest < ActiveSupport::TestCase

test "entity_alias methods" do
# confirm no entity yet
auth_path = "token"
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
@client.read_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such entity/, err.message

# confirm no alias yet
@client.put_entity(@entity_name, @policies)
err = assert_raises RuntimeError do
@client.read_entity_alias(@entity_name, @alias_name)
@client.read_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such alias/, err.message

# create alias
auth_method = "token"
@client.put_entity_alias(@entity_name, @alias_name, auth_method)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name)
assert_equal auth_method, entity_alias.data[:mount_type]
# create token alias
@client.put_entity_alias(@entity_name, @alias_name, auth_path)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name, auth_path)
assert_equal auth_path, entity_alias.data[:mount_type]

# create different alias type with same name
oidc_path = "oidc"
@client.put_entity_alias(@entity_name, @alias_name, oidc_path)
entity_alias = @client.read_entity_alias(@entity_name, @alias_name, oidc_path)
assert_equal oidc_path, entity_alias.data[:mount_type]


# confirm two aliases
entity = @client.read_entity(@entity_name)
assert_equal 2, entity.data[:aliases].size

# confirm deleted alias
assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name)
assert_equal true, @client.delete_entity_alias(@entity_name, @alias_name, auth_path)
err = assert_raises RuntimeError do
@client.delete_entity_alias(@entity_name, @alias_name)
@client.delete_entity_alias(@entity_name, @alias_name, auth_path)
end
assert_match /no such alias/, err.message

# confirm 1 aliases
entity = @client.read_entity(@entity_name)
assert_equal 1, entity.data[:aliases].size
end

test ".assign_entity_policy creates valid entity" do
Expand Down
9 changes: 7 additions & 2 deletions test/test_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,16 @@ class TestCase

# Helper methods
def jwt_authorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
@@authorized_token ||= JWT.encode(@@authorized_data, Config[:jwt_signing_key])
end

def jwt_unauthorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcHBsaWNhdGlvbl9uYW1lIiwiY29tbW9uX25hbWUiOiJleGFtcGxlLmNvbSIsImlwX3NhbnMiOiIxMC4wLjEuMTAwIn0.gEUyaZcARiBQNq2RUwZU0MdFXqthyo_oSQ8DAgKvxCs"
@@unauthorized_token ||= JWT.encode(@@unauthorized_data, "bad_secret")
end

private
@@authorized_data = { "sub"=>"[email protected]", "name"=>"John Doe", "iat"=>1516239022,
"groups"=>[ "group1", "group2" ], "aud"=>"astral" }
@@unauthorized_data = { "sub"=>"application_name", "common_name"=>"example.com", "ip_sans"=>"10.0.1.100" }
end
end

0 comments on commit 7a2afcb

Please sign in to comment.