mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-15 11:13:09 -06:00
981c95f699
This CredentialsSource can serve as an extension point to pass credentials from an arbitrary external system to Terraform. For example, an external helper program could fetch limited-time credentials from HashiCorp Vault and return them, thus avoiding the need for any static configuration to be maintained locally (except a Vault token!). So far there are no real programs implementing this protocol, though this commit includes a basic implementation that we use for unit tests.
60 lines
1.4 KiB
Go
60 lines
1.4 KiB
Go
package auth
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/terraform/svchost"
|
|
)
|
|
|
|
func TestHelperProgramCredentialsSource(t *testing.T) {
|
|
wd, err := os.Getwd()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
program := filepath.Join(wd, "test-helper/test-helper")
|
|
t.Logf("testing with helper at %s", program)
|
|
|
|
src := HelperProgramCredentialsSource(program)
|
|
|
|
t.Run("happy path", func(t *testing.T) {
|
|
creds, err := src.ForHost(svchost.Hostname("example.com"))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if tokCreds, isTok := creds.(HostCredentialsToken); isTok {
|
|
if got, want := string(tokCreds), "example-token"; got != want {
|
|
t.Errorf("wrong token %q; want %q", got, want)
|
|
}
|
|
} else {
|
|
t.Errorf("wrong type of credentials %T", creds)
|
|
}
|
|
})
|
|
t.Run("no credentials", func(t *testing.T) {
|
|
creds, err := src.ForHost(svchost.Hostname("nothing.example.com"))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if creds != nil {
|
|
t.Errorf("got credentials; want nil")
|
|
}
|
|
})
|
|
t.Run("unsupported credentials type", func(t *testing.T) {
|
|
creds, err := src.ForHost(svchost.Hostname("other-cred-type.example.com"))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if creds != nil {
|
|
t.Errorf("got credentials; want nil")
|
|
}
|
|
})
|
|
t.Run("lookup error", func(t *testing.T) {
|
|
_, err := src.ForHost(svchost.Hostname("fail.example.com"))
|
|
if err == nil {
|
|
t.Error("completed successfully; want error")
|
|
}
|
|
})
|
|
}
|