opentofu/svchost/auth/helper_program_test.go
Martin Atkins 981c95f699 svchost/auth: CredentialsSource that runs an external program
This CredentialsSource can serve as an extension point to pass credentials
from an arbitrary external system to Terraform. For example, an external
helper program could fetch limited-time credentials from HashiCorp Vault
and return them, thus avoiding the need for any static configuration to
be maintained locally (except a Vault token!).

So far there are no real programs implementing this protocol, though this
commit includes a basic implementation that we use for unit tests.
2017-10-19 11:18:43 -07:00

60 lines
1.4 KiB
Go

package auth
import (
"os"
"path/filepath"
"testing"
"github.com/hashicorp/terraform/svchost"
)
func TestHelperProgramCredentialsSource(t *testing.T) {
wd, err := os.Getwd()
if err != nil {
t.Fatal(err)
}
program := filepath.Join(wd, "test-helper/test-helper")
t.Logf("testing with helper at %s", program)
src := HelperProgramCredentialsSource(program)
t.Run("happy path", func(t *testing.T) {
creds, err := src.ForHost(svchost.Hostname("example.com"))
if err != nil {
t.Fatal(err)
}
if tokCreds, isTok := creds.(HostCredentialsToken); isTok {
if got, want := string(tokCreds), "example-token"; got != want {
t.Errorf("wrong token %q; want %q", got, want)
}
} else {
t.Errorf("wrong type of credentials %T", creds)
}
})
t.Run("no credentials", func(t *testing.T) {
creds, err := src.ForHost(svchost.Hostname("nothing.example.com"))
if err != nil {
t.Fatal(err)
}
if creds != nil {
t.Errorf("got credentials; want nil")
}
})
t.Run("unsupported credentials type", func(t *testing.T) {
creds, err := src.ForHost(svchost.Hostname("other-cred-type.example.com"))
if err != nil {
t.Fatal(err)
}
if creds != nil {
t.Errorf("got credentials; want nil")
}
})
t.Run("lookup error", func(t *testing.T) {
_, err := src.ForHost(svchost.Hostname("fail.example.com"))
if err == nil {
t.Error("completed successfully; want error")
}
})
}