Merge pull request #96 from dshva/aws-backend-fixes

fixed unit tests for AWS auth backend

Author: steve-perkins

src/main/java/com/bettercloud/vault/api/Auth.java

@@ -719,7 +719,7 @@ public AuthResponse loginByAwsIam(final String role, final String iamRequestUrl,
                 final JsonObject request = Json.object().add("iam_request_url", iamRequestUrl)
                         .add("iam_request_body", iamRequestBody)
                         .add("iam_request_headers", iamRequestHeaders)
-                        .add("iam_request_method", "POST");
+                        .add("iam_http_request_method", "POST");
                 if(role != null) {
                     request.add("role", role);
                 }

src/test/java/com/bettercloud/vault/vault/api/AuthBackendAwsTests.java

@@ -2,53 +2,72 @@
 
 import com.bettercloud.vault.Vault;
 import com.bettercloud.vault.VaultConfig;
+import com.bettercloud.vault.VaultException;
 import com.bettercloud.vault.json.Json;
 import com.bettercloud.vault.json.JsonObject;
 import com.bettercloud.vault.vault.VaultTestUtils;
 import com.bettercloud.vault.vault.mock.AuthRequestValidatingMockVault;
 import org.apache.commons.io.IOUtils;
 import org.eclipse.jetty.server.Server;
-import org.junit.Ignore;
 import org.junit.Test;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashSet;
 import java.util.function.Predicate;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
 public class AuthBackendAwsTests {
 
-    @Ignore
     @Test
-    public void testLoginByAwsEc2() throws Exception {
-        final Predicate<HttpServletRequest> isValidEc2pkcs7Request = (request) -> {
-            JsonObject requestBody = readRequestBody(request);
-            return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
-                  requestBody.getString("pkcs7", "") == "pkcs7";
-        };
-
+    public void testLoginByAwsEc2Id() throws Exception {
         final Predicate<HttpServletRequest> isValidEc2IdRequest = (request) -> {
-            JsonObject requestBody = readRequestBody(request);
-            return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
-                    requestBody.getString("identity", "") == "identity" &&
-                    requestBody.getString("signature", "") == "signature";
+            try {
+                JsonObject requestBody = readRequestBody(request);
+                return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
+                        requestBody.getString("identity", "").equals("identity") &&
+                        requestBody.getString("signature", "").equals("signature");
+            } catch (Exception e) {
+                return false;
+            }
         };
+        final AuthRequestValidatingMockVault mockVault =  new AuthRequestValidatingMockVault(isValidEc2IdRequest);
 
-        final Predicate<HttpServletRequest> isValidEc2IamRequest = (request) -> {
-            JsonObject requestBody = readRequestBody(request);
-            return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
-                    requestBody.getString("iam_http_request_method", "") == "POST" &&
-                    requestBody.getString("iam_http_request_url", "") == "url" &&
-                    requestBody.getString("iam_http_request_body", "") == "body" &&
-                    requestBody.getString("iam_http_request_headers", "") == "headers";
-        };
+        final Server server = VaultTestUtils.initHttpMockVault(mockVault);
+        server.start();
 
-        final AuthRequestValidatingMockVault mockVault =  new AuthRequestValidatingMockVault(new HashSet<Predicate<HttpServletRequest>>() {{
-            add(isValidEc2pkcs7Request);
-            add(isValidEc2IdRequest);
-        }});
+        final VaultConfig vaultConfig = new VaultConfig()
+                .address("http://127.0.0.1:8999")
+                .build();
+        final Vault vault = new Vault(vaultConfig);
+
+        String token = null;
+        try {
+            token = vault.auth()
+                    .loginByAwsEc2("role","identity","signature", null, null)
+                    .getAuthClientToken();
+        } catch(VaultException e) { }
+
+        server.stop();
+
+        assertNotNull(token);
+        assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
+
+    }
+
+    @Test
+    public void testLoginByAwsEc2Pkcs7() throws Exception {
+        final Predicate<HttpServletRequest> isValidEc2pkcs7Request = (request) -> {
+            try {
+                JsonObject requestBody = readRequestBody(request);
+                return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
+                      requestBody.getString("pkcs7", "").equals("pkcs7");
+            } catch (Exception e) {
+                e.printStackTrace(System.out);
+                return false;
+            }
+        };
+        final AuthRequestValidatingMockVault mockVault =  new AuthRequestValidatingMockVault(isValidEc2pkcs7Request);
 
         final Server server = VaultTestUtils.initHttpMockVault(mockVault);
         server.start();
@@ -58,36 +77,33 @@ public void testLoginByAwsEc2() throws Exception {
                 .build();
         final Vault vault = new Vault(vaultConfig);
 
-        final String token1 = vault.auth()
-                .loginByAwsEc2("role","pkcs7",null,null)
-                .getAuthClientToken();
+        System.out.println("Running Aws EC2 test");
 
-        assertNotNull(token1);
-        assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token1.trim());
+        String token = null;
+        try {
+            token = vault.auth()
+                    .loginByAwsEc2("role","pkcs7",null,null)
+                    .getAuthClientToken();
+        } catch(VaultException e) { }
 
-        final String token2 = vault.auth()
-                .loginByAwsEc2("role","identity","signature", null, null)
-                .getAuthClientToken();
+        server.stop();
 
-        assertNotNull(token2);
-        assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token2.trim());
+        assertNotNull(token);
+        assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
     }
 
-    @Ignore
     @Test
     public void testLoginByAwsIam() throws Exception {
         final Predicate<HttpServletRequest> isValidEc2IamRequest = (request) -> {
             JsonObject requestBody = readRequestBody(request);
             return requestBody != null && request.getRequestURI().endsWith("/auth/aws/login") &&
-                    requestBody.getString("iam_http_request_method", "") == "POST" &&
-                    requestBody.getString("iam_http_request_url", "") == "url" &&
-                    requestBody.getString("iam_http_request_body", "") == "body" &&
-                    requestBody.getString("iam_http_request_headers", "") == "headers";
+                    requestBody.getString("iam_http_request_method", "").equals("POST") &&
+                    requestBody.getString("iam_request_url", "").equals("url") &&
+                    requestBody.getString("iam_request_body", "").equals("body") &&
+                    requestBody.getString("iam_request_headers", "").equals("headers");
         };
 
-        final AuthRequestValidatingMockVault mockVault =  new AuthRequestValidatingMockVault(new HashSet<Predicate<HttpServletRequest>>() {{
-            add(isValidEc2IamRequest);
-        }});
+        final AuthRequestValidatingMockVault mockVault =  new AuthRequestValidatingMockVault(isValidEc2IamRequest);
 
         final Server server = VaultTestUtils.initHttpMockVault(mockVault);
         server.start();
@@ -101,6 +117,8 @@ public void testLoginByAwsIam() throws Exception {
                 .loginByAwsIam("role","url","body","headers",null)
                 .getAuthClientToken();
 
+        server.stop();
+
         assertNotNull(token);
         assertEquals("c9368254-3f21-aded-8a6f-7c818e81b17a", token.trim());
     }

src/test/java/com/bettercloud/vault/vault/mock/AuthRequestValidatingMockVault.java

@@ -6,15 +6,14 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.Set;
 import java.util.function.Predicate;
 
 public class AuthRequestValidatingMockVault extends MockVault {
-    private Set<Predicate<HttpServletRequest>> validators;
+    private Predicate<HttpServletRequest> validator;
 
     private final String validResponse = "{\n" +
+            "  \"renewable\": true,\n" +
             "  \"auth\": {\n" +
-            "    \"renewable\": true,\n" +
             "    \"lease_duration\": 1800000,\n" +
             "    \"metadata\": {\n" +
             "      \"role_tag_max_ttl\": \"0\",\n" +
@@ -33,8 +32,8 @@ public class AuthRequestValidatingMockVault extends MockVault {
             "}";
 
 
-    public AuthRequestValidatingMockVault(Set<Predicate<HttpServletRequest>> validators) {
-        this.validators = validators;
+    public AuthRequestValidatingMockVault(Predicate<HttpServletRequest> validator) {
+        this.validator = validator;
     }
 
     @Override
@@ -44,7 +43,7 @@ public void handle(String target,
                        HttpServletResponse response) throws IOException, ServletException {
         response.setContentType("application/json");
         baseRequest.setHandled(true);
-        if(validators.stream().anyMatch(p -> p.test(request))) {
+        if(validator.test(request)) {
             response.setStatus(200);
             response.getWriter().println(validResponse);
         } else {