From c92b32477931ac7546959b7cc0b51918c9bbf20b Mon Sep 17 00:00:00 2001 From: Juliano Martinez Date: Mon, 23 Sep 2024 10:22:16 +0200 Subject: [PATCH] cleanup copied tests from courier --- pkg/vault/vault.go | 18 ------ pkg/vault/vault_test.go | 119 ---------------------------------------- 2 files changed, 137 deletions(-) diff --git a/pkg/vault/vault.go b/pkg/vault/vault.go index 85a76ec..34d7eea 100644 --- a/pkg/vault/vault.go +++ b/pkg/vault/vault.go @@ -42,11 +42,6 @@ type JWTAuth struct { JWT string } -type K8sAuth struct { - Role string - JWT string -} - func (t TokenAuth) Authenticate(client *vault.Client) error { client.SetToken(t.Token) return nil @@ -110,19 +105,6 @@ func (j JWTAuth) ConfigureTLS(*vault.Config) error { return nil } -func (k K8sAuth) Authenticate(client *vault.Client) error { - data := map[string]interface{}{ - "role": k.Role, - "jwt": k.JWT, - } - secret, err := client.Logical().Write("auth/kubernetes/login", data) - if err != nil { - return fmt.Errorf("failed to authenticate with Kubernetes: %w", err) - } - client.SetToken(secret.Auth.ClientToken) - return nil -} - func NewVaultClient(address string, authMethod AuthMethod) (*VaultClient, error) { config := vault.DefaultConfig() config.Address = address diff --git a/pkg/vault/vault_test.go b/pkg/vault/vault_test.go index b1b7ad8..72fca17 100644 --- a/pkg/vault/vault_test.go +++ b/pkg/vault/vault_test.go @@ -99,26 +99,6 @@ func TestNewVaultClient(t *testing.T) { }, wantErr: false, }, - { - name: "K8sAuth_Success", - authMethod: K8sAuth{ - Role: "test-role", - JWT: "test-jwt", - }, - setupMock: func(s *httptest.Server) { - s.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/auth/kubernetes/login", r.URL.Path) - assert.Equal(t, http.MethodPut, r.Method) - var payload map[string]interface{} - json.NewDecoder(r.Body).Decode(&payload) - assert.Equal(t, "test-role", payload["role"]) - assert.Equal(t, "test-jwt", payload["jwt"]) - w.WriteHeader(http.StatusOK) - w.Write([]byte(`{"auth": {"client_token": "test-client-token"}}`)) - }) - }, - wantErr: false, - }, { name: "TokenAuth_Failure", authMethod: TokenAuth{Token: "invalid-token"}, @@ -176,20 +156,6 @@ func TestNewVaultClient(t *testing.T) { }, wantErr: true, }, - { - name: "K8sAuth_Failure", - authMethod: K8sAuth{ - Role: "invalid-role", - JWT: "invalid-jwt", - }, - setupMock: func(s *httptest.Server) { - s.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusUnauthorized) - w.Write([]byte(`{"errors": ["invalid Kubernetes credentials"]}`)) - }) - }, - wantErr: true, - }, } for _, tt := range tests { @@ -240,85 +206,6 @@ func TestVaultClient_Operations(t *testing.T) { expectedErr bool checkResult func(t *testing.T, result interface{}) }{ - { - name: "ReadSecret_Success", - operation: "Read", - path: "secret/data/test", - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/test", r.URL.Path) - assert.Equal(t, http.MethodGet, r.Method) - w.WriteHeader(http.StatusOK) - w.Write([]byte(`{"data": {"data": {"foo": "bar"}}}`)) - }, - expectedErr: false, - checkResult: func(t *testing.T, result interface{}) { - data, ok := result.(map[string]interface{}) - assert.True(t, ok) - assert.Equal(t, "bar", data["data"].(map[string]interface{})["foo"]) - }, - }, - { - name: "ReadSecret_NotFound", - operation: "Read", - path: "secret/data/nonexistent", - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/nonexistent", r.URL.Path) - assert.Equal(t, http.MethodGet, r.Method) - w.WriteHeader(http.StatusNotFound) - }, - expectedErr: true, - }, - { - name: "WriteSecret_Success", - operation: "Write", - path: "secret/data/test", - input: map[string]interface{}{"foo": "bar"}, - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/test", r.URL.Path) - assert.Equal(t, http.MethodPut, r.Method) - var payload map[string]interface{} - json.NewDecoder(r.Body).Decode(&payload) - assert.Equal(t, map[string]interface{}{"foo": "bar"}, payload) - w.WriteHeader(http.StatusNoContent) - }, - expectedErr: false, - }, - { - name: "WriteSecret_Failure", - operation: "Write", - path: "secret/data/test", - input: map[string]interface{}{"foo": "bar"}, - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/test", r.URL.Path) - assert.Equal(t, http.MethodPut, r.Method) - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte(`{"errors": ["permission denied"]}`)) - }, - expectedErr: true, - }, - { - name: "DeleteSecret_Success", - operation: "Delete", - path: "secret/data/test", - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/test", r.URL.Path) - assert.Equal(t, http.MethodDelete, r.Method) - w.WriteHeader(http.StatusNoContent) - }, - expectedErr: false, - }, - { - name: "DeleteSecret_Failure", - operation: "Delete", - path: "secret/data/test", - setupMock: func(w http.ResponseWriter, r *http.Request) { - assert.Equal(t, "/v1/secret/data/test", r.URL.Path) - assert.Equal(t, http.MethodDelete, r.Method) - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte(`{"errors": ["permission denied"]}`)) - }, - expectedErr: true, - }, { name: "EnableAuditDevice_Success", operation: "EnableAudit", @@ -385,12 +272,6 @@ func TestVaultClient_Operations(t *testing.T) { var result interface{} switch tt.operation { - case "Read": - result, err = vaultClient.ReadSecret(tt.path) - case "Write": - err = vaultClient.WriteSecret(tt.path, tt.input) - case "Delete": - err = vaultClient.DeleteSecret(tt.path) case "EnableAudit": err = vaultClient.EnableAuditDevice(tt.path, tt.input["type"].(string), tt.input["description"].(string), tt.input["options"].(map[string]string)) }