aws-cli-auth/cmd/awscliauth_test.go at bc161cd49a2dbd7069b5afdc008de6c03d4abe3a · DevLabFoundry/aws-cli-auth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
package cmd_test

import (
	"bytes"
	"context"
	"errors"
	"io"
	"os"
	"strings"
	"testing"

	"github.com/DevLabFoundry/aws-cli-auth/cmd"
	"github.com/DevLabFoundry/aws-cli-auth/internal/credentialexchange"
	"github.com/DevLabFoundry/aws-cli-auth/internal/web"
	"github.com/rs/zerolog"
)

func cmdHelperExecutor(t *testing.T, args []string) (stdOut *bytes.Buffer, errOut *bytes.Buffer, err error) {
	t.Helper()
	errOut = new(bytes.Buffer)
	stdOut = new(bytes.Buffer)
	c := cmd.New(zerolog.New(io.Discard))
	c.WithSubCommands(cmd.SubCommands()...)
	c.Cmd.SetArgs(args)
	c.Cmd.SetErr(errOut)
	c.Cmd.SetOut(stdOut)
	err = c.Execute(context.Background())
	return stdOut, errOut, err
}

func Test_helpers_for_command(t *testing.T) {

	ttests := map[string]struct{}{
		"clear-cache": {},
		"saml":        {},
		"specific":    {},
	}
	for name := range ttests {
		t.Run(name, func(t *testing.T) {
			cmdArgs := []string{name, "--help"}
			stdOut, errOut, err := cmdHelperExecutor(t, cmdArgs)
			if err != nil {
				t.Fatal(err)
			}
			errCheck, _ := io.ReadAll(errOut)
			if len(errCheck) > 0 {
				t.Fatal("got err, wanted nil")
			}
			outCheck, _ := io.ReadAll(stdOut)
			if len(outCheck) <= 0 {
				t.Fatalf("got empty, wanted a help message")
			}
		})
	}
}

func Test_Saml_timeout(t *testing.T) {
	t.Run("standard non sso should fail with incorrect saml URLs", func(t *testing.T) {
		cmdArgs := []string{"saml", "-p",
			"https://httpbin.org/anything/app123",
			"--principal",
			"arn:aws:iam::1234111111111:saml-provider/provider1",
			"--role",
			"arn:aws:iam::1234111111111:role/Role-ReadOnly",
			"--role-chain",
			"arn:aws:iam::1234111111111:role/Kubernetes-Cluster-Administrators",
			"--saml-timeout", "1",
			"-d",
			"14400",
			"--reload-before",
			"120"}
		_, _, err := cmdHelperExecutor(t, cmdArgs)
		if err == nil && !errors.Is(err, web.ErrTimedOut) {
			t.Error("got nil, wanted an error")
		}
		// err, _ := io.ReadAll(b)
		// fmt.Println(string(err))
		// if len(err) <= 0 {
		// 	t.Fatal("got nil, wanted an error")
		// }
		// out, _ := io.ReadAll(o)
		// fmt.Println(string(out))
		// if len(out) <= 0 {
		// 	t.Fatalf("got empty, wanted a help message")
		// }
	})
}

func Test_SpecificCommand(t *testing.T) {

	t.Run("Specific command should fail with wrong method", func(t *testing.T) {
		_, _, err := cmdHelperExecutor(t, []string{"specific", "--method=unknown", "--role",
			"arn:aws:iam::1234111111111:role/Role-ReadOnly"})
		if err == nil {
			t.Error("got nil, wanted an error")
		}
		if !errors.Is(err, cmd.ErrUnsupportedMethod) {
			t.Errorf("got %v, wanted %v", err, cmd.ErrUnsupportedMethod)
		}
	})

	t.Run("Specific command fails on missing env AWS_WEB_IDENTITY_TOKEN_FILE", func(t *testing.T) {
		os.Setenv("AWS_ROLE_ARN", "arn:aws:iam::1234111111111:role/Role-ReadOnly")
		defer os.Unsetenv("AWS_ROLE_ARN")
		_, _, err := cmdHelperExecutor(t, []string{"specific", "--method=WEB_ID", "--role",
			"arn:aws:iam::1234111111111:role/Role-ReadOnly"})
		if err == nil {
			t.Error("got nil, wanted an error")
		}
		if !errors.Is(err, credentialexchange.ErrMissingEnvVar) {
			t.Errorf("got %v, wanted %v", err, cmd.ErrUnsupportedMethod)
		}
	})
}

func Test_ClearCommand(t *testing.T) {

	t.Run("should pass without --force", func(t *testing.T) {
		_, _, err := cmdHelperExecutor(t, []string{"clear-cache"})
		if err != nil {
			t.Error("got nil, wanted an error")
		}
	})
	t.Run("should warn user to manually delete data dir", func(t *testing.T) {
		stdout, _, err := cmdHelperExecutor(t, []string{"clear-cache", "--force"})
		if err != nil {
			t.Error("got nil, wanted an error")
		}
		if len(stdout.String()) < 1 {
			t.Fatal("got nil, wanted output")
		}
		if !strings.Contains(stdout.String(), "manually") {
			t.Errorf("incorrect messasge displayed, got %s, wanted to include manually", stdout.String())
		}
	})
}