|
| 1 | +"use strict"; |
| 2 | + |
| 3 | +require("co-mocha"); |
| 4 | + |
| 5 | +const _ = require("lodash"); |
| 6 | +const sinon = require("sinon"); |
| 7 | +const chai = require("chai"); |
| 8 | +const expect = chai.expect; |
| 9 | +chai.use(require("sinon-chai")); |
| 10 | + |
| 11 | +const VaultApiClient = require("../src/VaultApiClient"); |
| 12 | +const VaultAppRoleAuth = require("../src/auth/VaultAppRoleAuth"); |
| 13 | +const errors = require("../src/errors"); |
| 14 | + |
| 15 | +const logger = _.fromPairs( |
| 16 | + _.map(["error", "warn", "info", "debug", "trace"], (prop) => [prop, _.noop]), |
| 17 | +); |
| 18 | + |
| 19 | +describe("AppRole auth backend", function () { |
| 20 | + function base64decode(str) { |
| 21 | + return Buffer.from(str, "base64").toString(); |
| 22 | + } |
| 23 | + |
| 24 | + function getAuthorizationHeaderRegExp(awsAccessKey) { |
| 25 | + return new RegExp( |
| 26 | + `^AWS4-HMAC-SHA256\\sCredential=${awsAccessKey}.+Signature=\\w+$`, |
| 27 | + ); |
| 28 | + } |
| 29 | + |
| 30 | + /** |
| 31 | + * @returns {VaultApiClient} |
| 32 | + */ |
| 33 | + function getApiStub() { |
| 34 | + return sinon.createStubInstance(VaultApiClient); |
| 35 | + } |
| 36 | + |
| 37 | + describe("Vault Request", function () { |
| 38 | + const mount = "approle"; |
| 39 | + |
| 40 | + it("Should make a correct vault login request with namespace", async () => { |
| 41 | + const api = getApiStub(); |
| 42 | + |
| 43 | + const auth = new VaultAppRoleAuth( |
| 44 | + api, |
| 45 | + logger, |
| 46 | + { |
| 47 | + role_id: "role123", |
| 48 | + secret_id: "secret456", |
| 49 | + namespace: "ns1", |
| 50 | + }, |
| 51 | + mount, |
| 52 | + ); |
| 53 | + |
| 54 | + api.makeRequest |
| 55 | + .withArgs("POST") |
| 56 | + .resolves({ auth: { client_token: "fake_token" } }); |
| 57 | + sinon.stub(auth, "_getTokenEntity"); |
| 58 | + |
| 59 | + await auth._authenticate(); |
| 60 | + |
| 61 | + expect( |
| 62 | + api.makeRequest.calledWith( |
| 63 | + "POST", |
| 64 | + "/auth/approle/login", |
| 65 | + { role_id: "role123", secret_id: "secret456" }, |
| 66 | + { "X-Vault-Namespace": "ns1" }, |
| 67 | + ), |
| 68 | + ).to.be.true; |
| 69 | + }); |
| 70 | + |
| 71 | + it("Should not set namespace header if not provided", async () => { |
| 72 | + const api = getApiStub(); |
| 73 | + |
| 74 | + const auth = new VaultAppRoleAuth( |
| 75 | + api, |
| 76 | + logger, |
| 77 | + { |
| 78 | + role_id: "role123", |
| 79 | + secret_id: "secret456", |
| 80 | + }, |
| 81 | + mount, |
| 82 | + ); |
| 83 | + |
| 84 | + api.makeRequest |
| 85 | + .withArgs("POST") |
| 86 | + .resolves({ auth: { client_token: "fake_token" } }); |
| 87 | + sinon.stub(auth, "_getTokenEntity"); |
| 88 | + |
| 89 | + await auth._authenticate(); |
| 90 | + |
| 91 | + expect( |
| 92 | + api.makeRequest.calledWith( |
| 93 | + "POST", |
| 94 | + "/auth/approle/login", |
| 95 | + { role_id: "role123", secret_id: "secret456" }, |
| 96 | + {}, |
| 97 | + ), |
| 98 | + ).to.be.true; |
| 99 | + }); |
| 100 | + }); |
| 101 | +}); |
0 commit comments