github.com/jenkins-x/jx/v2@v2.1.155/pkg/vault/vault_test.go

github.com/jenkins-x/jx/v2@v2.1.155/pkg/vault/vault_test.go (about)

     1  // +build unit
     2  
     3  package vault_test
     4  
     5  import (
     6  	"testing"
     7  
     8  	"github.com/jenkins-x/jx/v2/pkg/vault"
     9  
    10  	"github.com/jenkins-x/jx/v2/pkg/errorutil"
    11  
    12  	"github.com/stretchr/testify/assert"
    13  )
    14  
    15  func TestNewExternalVault(t *testing.T) {
    16  	var testConfigs = []struct {
    17  		url                    string
    18  		serviceAccountName     string
    19  		namespace              string
    20  		secretEngineMountPoint string
    21  		kubernetesAuthPath     string
    22  		valid                  bool
    23  		errorCount             int
    24  		errorMessage           string
    25  	}{
    26  		{"", "", "", "", "", false, 1, "URL cannot be empty for an external Vault configuration"},
    27  		{"foo", "", "", "", "", false, 3, "['foo' not a valid URL, external vault service account name cannot be empty, external vault namespace cannot be empty]"},
    28  		{"http://my.vault.com", "", "", "", "", false, 2, "[external vault service account name cannot be empty, external vault namespace cannot be empty]"},
    29  		{"http://my.vault.com", "vault-sa", "", "", "", false, 1, "external vault namespace cannot be empty"},
    30  		{"http://my.vault.com", "vault-sa", "jx", "", "", true, 0, ""},
    31  	}
    32  
    33  	for _, testConfig := range testConfigs {
    34  		t.Run(testConfig.url, func(t *testing.T) {
    35  			v, err := vault.NewExternalVault(testConfig.url, testConfig.serviceAccountName, testConfig.namespace, testConfig.secretEngineMountPoint, testConfig.kubernetesAuthPath)
    36  			if testConfig.valid {
    37  				assert.NoError(t, err)
    38  				assert.True(t, v.IsExternal())
    39  				assert.Equal(t, "kubernetes", v.KubernetesAuthPath)
    40  				assert.Equal(t, "secret", v.SecretEngineMountPoint)
    41  			} else {
    42  				assert.Error(t, err)
    43  				if testConfig.errorCount > 1 {
    44  					aggregate := err.(errorutil.Aggregate)
    45  					assert.Len(t, aggregate.Errors(), testConfig.errorCount)
    46  				}
    47  				assert.Equal(t, testConfig.errorMessage, err.Error())
    48  			}
    49  		})
    50  	}
    51  }
    52  
    53  func TestNewInternalVault(t *testing.T) {
    54  	var testConfigs = []struct {
    55  		name               string
    56  		serviceAccountName string
    57  		namespace          string
    58  		valid              bool
    59  		errorCount         int
    60  		errorMessage       string
    61  	}{
    62  		{"", "", "", false, 1, "name cannot be empty for an internal Vault configuration"},
    63  		{"foo", "", "", false, 1, "internal vault namespace cannot be empty"},
    64  		{"foo", "vault-sa", "jx", true, 0, ""},
    65  	}
    66  
    67  	for _, testConfig := range testConfigs {
    68  		t.Run(testConfig.name, func(t *testing.T) {
    69  			v, err := vault.NewInternalVault(testConfig.name, testConfig.serviceAccountName, testConfig.namespace)
    70  			if testConfig.valid {
    71  				assert.NoError(t, err)
    72  				assert.False(t, v.IsExternal())
    73  				assert.Equal(t, "kubernetes", v.KubernetesAuthPath)
    74  				assert.Equal(t, "secret", v.SecretEngineMountPoint)
    75  			} else {
    76  				assert.Error(t, err)
    77  				if testConfig.errorCount > 1 {
    78  					aggregate := err.(errorutil.Aggregate)
    79  					assert.Len(t, aggregate.Errors(), testConfig.errorCount)
    80  				}
    81  				assert.Equal(t, testConfig.errorMessage, err.Error())
    82  			}
    83  		})
    84  	}
    85  }
    86  
    87  func TestFromMap(t *testing.T) {
    88  	var testConfigs = []struct {
    89  		data         map[string]string
    90  		external     bool
    91  		valid        bool
    92  		errorCount   int
    93  		errorMessage string
    94  	}{
    95  		{map[string]string{}, false, false, 2, "[internal vault name cannot be empty, internal vault service account name cannot be empty]"},
    96  
    97  		{map[string]string{
    98  			vault.SystemVaultName: "foo",
    99  		}, false, false, 1, "internal vault service account name cannot be empty"},
   100  
   101  		{map[string]string{
   102  			vault.SystemVaultName: "foo",
   103  			vault.ServiceAccount:  "bar",
   104  		}, false, true, 0, ""},
   105  
   106  		{map[string]string{
   107  			vault.URL:            "http://myvault.acme",
   108  			vault.ServiceAccount: "foo",
   109  			vault.Namespace:      "bar",
   110  		}, true, true, 0, ""},
   111  
   112  		{map[string]string{
   113  			vault.URL:             "http://myvault.acme",
   114  			vault.SystemVaultName: "foo",
   115  		}, true, false, 1, "systemVaultName and URL cannot be specified together"},
   116  	}
   117  
   118  	for _, testConfig := range testConfigs {
   119  		t.Run(testConfig.data[vault.SystemVaultName], func(t *testing.T) {
   120  			v, err := vault.FromMap(testConfig.data, "foo")
   121  			if testConfig.valid {
   122  				assert.NoError(t, err)
   123  				assert.Equal(t, testConfig.external, v.IsExternal())
   124  				assert.Equal(t, "kubernetes", v.KubernetesAuthPath)
   125  				assert.Equal(t, "secret", v.SecretEngineMountPoint)
   126  			} else {
   127  				assert.Error(t, err)
   128  				if testConfig.errorCount > 1 {
   129  					aggregate := err.(errorutil.Aggregate)
   130  					assert.Len(t, aggregate.Errors(), testConfig.errorCount)
   131  				}
   132  				assert.Equal(t, testConfig.errorMessage, err.Error())
   133  			}
   134  		})
   135  	}
   136  }