@@ -309,5 +309,44 @@ module Vault
309309 subject . auth . gcp ( "rspec_role" , jwt )
310310 end
311311 end
312+
313+ describe "#azure" , vault : ">= 0.8.1" do
314+ before ( :context ) do
315+ skip "azure auth requires real resources and keys"
316+
317+ vault_test_client . sys . enable_auth ( "azure" , "azure" , nil )
318+ vault_test_client . post ( "/v1/auth/azure/config" , JSON . fast_generate ( "tenant_id" => "rspec_tenant_id" , "resource" => "rspec_resource" , "client_id" => "rspec_client_id" , "client_secret" => "rspec_client_secret" ) )
319+ vault_test_client . post ( "/v1/auth/azure/role/rspec_wrong_role" , JSON . fast_generate ( "name" => "rspec_role" , "bound_resource_groups" => "wrong_bound_resource_groups" , "bound_subscription_ids" => "wrong_bound_subscription_ids" ) )
320+ vault_test_client . post ( "/v1/auth/azure/role/rspec_role" , JSON . fast_generate ( "name" => "rspec_role" , "bound_resource_groups" => "bound_resource_groups" , "bound_subscription_ids" => "bound_subscription_ids" ) )
321+ end
322+
323+ after ( :context ) do
324+ vault_test_client . sys . disable_auth ( "azure" )
325+ end
326+
327+ let! ( :old_token ) { subject . token }
328+
329+ let ( :jwt ) do
330+ "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1yNS1BVWliZkJpaTdOZDFqQmViYXhib1hXMCIsImtpZCI6Ik1yNS1BVWliZkJpaTdOZDFqQmViYXhib1hXMCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvOTJkMTEzMTEtZmVhYy00ODk4LWEwMTItMWU0NTY1ZDUyNTg2LyIsImlhdCI6MTY0NTYxMDczMywibmJmIjoxNjQ1NjEwNzMzLCJleHAiOjE2NDU2OTc0MzMsImFpbyI6IkUyWmdZRGl6bWp0UXZNbnYwSGRad1hVZkJPWWVBUUE9IiwiYXBwaWQiOiJlZjEzYjJlMS05OGRkLTQxOTEtYjVlMy0wMDZkOTdiYjBhNjgiLCJhcHBpZGFjciI6IjIiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC85MmQxMTMxMS1mZWFjLTQ4OTgtYTAxMi0xZTQ1NjVkNTI1ODYvIiwiaWR0eXAiOiJhcHAiLCJvaWQiOiJiMGY2YTJmNi1iNTZjLTQyNTAtODY5Ni1jNzJmYjQ1NDgxYmUiLCJyaCI6IjAuQVN3QUVSUFJrcXotbUVpZ0VoNUZaZFVsaGtaSWYza0F1dGRQdWtQYXdmajJNQk1zQUFBLiIsInN1YiI6ImIwZjZhMmY2LWI1NmMtNDI1MC04Njk2LWM3MmZiNDU0OD"
331+ end
332+
333+ after do
334+ subject . token = old_token
335+ end
336+
337+ it "does not authenticate if resource_groups does not match" do
338+ pending "azure auth requires real resources and keys"
339+
340+ expect do
341+ subject . auth . azure ( "rspec_wrong_role" , jwt )
342+ end . to raise_error ( Vault ::HTTPClientError , /resource_groups doesn't match/ )
343+ end
344+
345+ it "authenticates and saves the token on the client" do
346+ pending "azure auth requires real resources and keys"
347+
348+ subject . auth . azure ( "rspec_role" , jwt )
349+ end
350+ end
312351 end
313352end
0 commit comments