-
Notifications
You must be signed in to change notification settings - Fork 287
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for keyringless auth tokens (#3765)
* Add support for keyringless auth tokens
- Loading branch information
1 parent
5d77193
commit 1bf6dd5
Showing
23 changed files
with
1,638 additions
and
540 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: BUSL-1.1 | ||
|
||
package daemon | ||
|
||
import ( | ||
"context" | ||
"testing" | ||
|
||
"github.com/hashicorp/boundary/api/authtokens" | ||
"github.com/hashicorp/boundary/internal/daemon/cache" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
func Test_GetOpts(t *testing.T) { | ||
t.Parallel() | ||
ctx := context.Background() | ||
|
||
t.Run("default", func(t *testing.T) { | ||
opts, err := getOpts() | ||
require.NoError(t, err) | ||
testOpts := options{} | ||
assert.Equal(t, opts, testOpts) | ||
}) | ||
t.Run("WithDebug", func(t *testing.T) { | ||
opts, err := getOpts(WithDebug(ctx, true)) | ||
require.NoError(t, err) | ||
testOpts := getDefaultOptions() | ||
testOpts.withDebug = true | ||
assert.Equal(t, opts, testOpts) | ||
}) | ||
t.Run("WithBoundaryTokenReaderFunc", func(t *testing.T) { | ||
var f cache.BoundaryTokenReaderFn = func(ctx context.Context, addr, token string) (*authtokens.AuthToken, error) { | ||
return nil, nil | ||
} | ||
opts, err := getOpts(WithBoundaryTokenReaderFunc(ctx, f)) | ||
require.NoError(t, err) | ||
|
||
assert.NotNil(t, opts.withBoundaryTokenReaderFunc) | ||
opts.withBoundaryTokenReaderFunc = nil | ||
|
||
testOpts := getDefaultOptions() | ||
assert.Equal(t, opts, testOpts) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
// Copyright (c) HashiCorp, Inc. | ||
// SPDX-License-Identifier: BUSL-1.1 | ||
|
||
package daemon | ||
|
||
import ( | ||
"context" | ||
"testing" | ||
|
||
"github.com/hashicorp/boundary/api" | ||
"github.com/hashicorp/boundary/internal/cmd/base" | ||
"github.com/hashicorp/boundary/internal/daemon/controller" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
) | ||
|
||
// Note: the name of this test must remain short because the temp dir created | ||
// includes the name of the test and there is a 108 character limit in allowed | ||
// unix socket path names. | ||
func TestDefaultBoundaryTokenReader(t *testing.T) { | ||
ctx := context.Background() | ||
|
||
t.Run("nil client provider", func(t *testing.T) { | ||
resFn, err := defaultBoundaryTokenReader(ctx, nil) | ||
assert.Error(t, err) | ||
assert.ErrorContains(t, err, "client provider is nil") | ||
assert.Nil(t, resFn) | ||
}) | ||
|
||
tc := controller.NewTestController(t, nil) | ||
cp := fakeClientProvider{tc} | ||
|
||
cases := []struct { | ||
name string | ||
address string | ||
token string | ||
errContains string | ||
}{ | ||
{ | ||
name: "success", | ||
address: tc.ApiAddrs()[0], | ||
token: tc.Token().Token, | ||
errContains: "", | ||
}, | ||
{ | ||
name: "empty address", | ||
address: "", | ||
token: "at_123_testtoken", | ||
errContains: "address is missing", | ||
}, | ||
{ | ||
name: "empty token", | ||
address: tc.ApiAddrs()[0], | ||
token: "", | ||
errContains: "auth token is missing", | ||
}, | ||
{ | ||
name: "malformed token to many sections", | ||
address: tc.ApiAddrs()[0], | ||
token: "at_123_ignoredtoken_tomanysections", | ||
errContains: "auth token is malformed", | ||
}, | ||
{ | ||
name: "malformed token to few sections", | ||
address: tc.ApiAddrs()[0], | ||
token: "at_123", | ||
errContains: "auth token is malformed", | ||
}, | ||
} | ||
|
||
for _, tc := range cases { | ||
t.Run(tc.name, func(t *testing.T) { | ||
retFn, err := defaultBoundaryTokenReader(ctx, cp) | ||
require.NoError(t, err) | ||
require.NotNil(t, retFn) | ||
|
||
at, err := retFn(ctx, tc.address, tc.token) | ||
switch tc.errContains { | ||
case "": | ||
assert.NoError(t, err) | ||
assert.NotNil(t, at) | ||
default: | ||
assert.Error(t, err) | ||
assert.ErrorContains(t, err, tc.errContains) | ||
assert.Nil(t, at) | ||
} | ||
}) | ||
} | ||
} | ||
|
||
type fakeClientProvider struct { | ||
*controller.TestController | ||
} | ||
|
||
func (fcp fakeClientProvider) Client(opt ...base.Option) (*api.Client, error) { | ||
return fcp.TestController.Client(), nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.