Skip to content

tests: Add iam_tags to expected responses#13150

Merged
tvoran merged 4 commits intomainfrom
fix-aws-auth-acceptance-tests
Nov 30, 2021
Merged

tests: Add iam_tags to expected responses#13150
tvoran merged 4 commits intomainfrom
fix-aws-auth-acceptance-tests

Conversation

@tvoran
Copy link
Copy Markdown
Member

@tvoran tvoran commented Nov 15, 2021
edited
Loading

Update the AWS auth backend acceptance tests to account for the new
iam_tags field that comes back on responses.

Also renames the tests that require AWS credentials to TestAcceptanceBackend_* (which also required changing the unique name generation function since role names were going over the 64 character limit).

I ran the unit tests like this (excluding extraneous logging):

❯ make test TEST=./builtin/logical/aws TESTARGS="-run=TestBackend -count 1 -v" 2>&1 | rg -v 2021
==> Checking that build is using go version >= 1.17.2...
==> Using go version 1.17.2...
=== RUN   TestBackend_policyCrud
=== PAUSE TestBackend_policyCrud
=== RUN   TestBackend_throttled
=== PAUSE TestBackend_throttled
=== RUN   TestBackend_policyArnCrud
=== PAUSE TestBackend_policyArnCrud
=== RUN   TestBackend_iamGroupsCrud
=== PAUSE TestBackend_iamGroupsCrud
=== RUN   TestBackend_iamTagsCrud
--- PASS: TestBackend_iamTagsCrud (0.01s)
=== RUN   TestBackend_PathConfigRoot
--- PASS: TestBackend_PathConfigRoot (0.00s)
=== RUN   TestBackend_PathListRoles
--- PASS: TestBackend_PathListRoles (0.00s)
=== CONT  TestBackend_policyCrud
=== CONT  TestBackend_policyArnCrud
=== CONT  TestBackend_iamGroupsCrud
=== CONT  TestBackend_throttled
--- PASS: TestBackend_throttled (0.00s)
--- PASS: TestBackend_iamGroupsCrud (0.01s)
--- PASS: TestBackend_policyCrud (0.01s)
--- PASS: TestBackend_policyArnCrud (0.01s)
PASS
ok  	github.com/hashicorp/vault/builtin/logical/aws	0.841s

And the acceptance tests on an m5.large instance like this (excluding logging):

$ make testacc TEST=./builtin/logical/aws TESTARGS="-run=TestAcceptanceBackend -count 1" 2>&1 | grep -v 2021
==> Checking that build is using go version >= 1.17.2...
==> Using go version 1.17.2...
VAULT_ACC=1 go test -tags='' ./builtin/logical/aws -v -run=TestAcceptanceBackend -count 1 -timeout=60m
=== RUN   TestAcceptanceBackend_basic
=== PAUSE TestAcceptanceBackend_basic
=== RUN   TestAcceptanceBackend_IamUserWithPermissionsBoundary
=== PAUSE TestAcceptanceBackend_IamUserWithPermissionsBoundary
=== RUN   TestAcceptanceBackend_basicSTS
=== PAUSE TestAcceptanceBackend_basicSTS
=== RUN   TestAcceptanceBackend_basicPolicyArnRef
=== PAUSE TestAcceptanceBackend_basicPolicyArnRef
=== RUN   TestAcceptanceBackend_iamUserManagedInlinePoliciesGroups
=== PAUSE TestAcceptanceBackend_iamUserManagedInlinePoliciesGroups
=== RUN   TestAcceptanceBackend_iamUserGroups
=== PAUSE TestAcceptanceBackend_iamUserGroups
=== RUN   TestAcceptanceBackend_AssumedRoleWithPolicyDoc
=== PAUSE TestAcceptanceBackend_AssumedRoleWithPolicyDoc
=== RUN   TestAcceptanceBackend_AssumedRoleWithPolicyARN
=== PAUSE TestAcceptanceBackend_AssumedRoleWithPolicyARN
=== RUN   TestAcceptanceBackend_AssumedRoleWithGroups
=== PAUSE TestAcceptanceBackend_AssumedRoleWithGroups
=== RUN   TestAcceptanceBackend_FederationTokenWithPolicyARN
=== PAUSE TestAcceptanceBackend_FederationTokenWithPolicyARN
=== RUN   TestAcceptanceBackend_FederationTokenWithGroups
=== PAUSE TestAcceptanceBackend_FederationTokenWithGroups
=== RUN   TestAcceptanceBackend_RoleDefaultSTSTTL
=== PAUSE TestAcceptanceBackend_RoleDefaultSTSTTL
=== CONT  TestAcceptanceBackend_basic
=== CONT  TestAcceptanceBackend_RoleDefaultSTSTTL
--- PASS: TestAcceptanceBackend_basic (9.60s)
=== CONT  TestAcceptanceBackend_FederationTokenWithGroups
--- PASS: TestAcceptanceBackend_RoleDefaultSTSTTL (10.93s)
=== CONT  TestAcceptanceBackend_FederationTokenWithPolicyARN
--- PASS: TestAcceptanceBackend_FederationTokenWithGroups (10.92s)
=== CONT  TestAcceptanceBackend_AssumedRoleWithGroups
--- PASS: TestAcceptanceBackend_FederationTokenWithPolicyARN (10.47s)
=== CONT  TestAcceptanceBackend_AssumedRoleWithPolicyARN
--- PASS: TestAcceptanceBackend_AssumedRoleWithGroups (11.11s)
=== CONT  TestAcceptanceBackend_AssumedRoleWithPolicyDoc
--- PASS: TestAcceptanceBackend_AssumedRoleWithPolicyARN (10.49s)
=== CONT  TestAcceptanceBackend_iamUserGroups
--- PASS: TestAcceptanceBackend_AssumedRoleWithPolicyDoc (10.59s)
=== CONT  TestAcceptanceBackend_iamUserManagedInlinePoliciesGroups
--- PASS: TestAcceptanceBackend_iamUserGroups (20.03s)
=== CONT  TestAcceptanceBackend_basicPolicyArnRef
--- PASS: TestAcceptanceBackend_iamUserManagedInlinePoliciesGroups (18.01s)
=== CONT  TestAcceptanceBackend_basicSTS
--- PASS: TestAcceptanceBackend_basicPolicyArnRef (9.53s)
=== CONT  TestAcceptanceBackend_IamUserWithPermissionsBoundary
--- PASS: TestAcceptanceBackend_IamUserWithPermissionsBoundary (8.56s)
--- PASS: TestAcceptanceBackend_basicSTS (20.86s)
PASS
ok  	github.com/hashicorp/vault/builtin/logical/aws	81.105s

@tvoran
Add iam_tags to expected responses
185b560 
Update the AWS auth backend acceptance tests to account for the new
`iam_tags` field that comes back on responses.
@tvoran
Merge remote-tracking branch 'origin/main' into fix-aws-auth-acceptan…
8527ffb 
…ce-tests
@tvoran tvoran requested a review from a team November 15, 2021 20:46
calvn
calvn approved these changes Nov 15, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I wonder if we should take this opportunity to rename the test to TestAcceptanceBackend_* to make them more explicit?

@tvoran
marked only tests requiring creds as acceptance
5ffa531 
Renamed TestBackend_* to TestAcceptanceBackend_* if the test requires
AWS credentials. Otherwise left the name as TestBackend_* and set
`AcceptanceTest: false`.
@vercel vercel bot temporarily deployed to Preview – vault November 19, 2021 02:31 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 19, 2021 02:31 Inactive
@tvoran
ensure generated names aren't too long
3aa22e3 
IAM roles and users have a 64 character limit, and adding Acceptance
to the test names was putting some over the length limit, so modified
generateUniqueName() to take a max length parameter and added
functions for each type of name generation (user, role, group).
@vercel vercel bot temporarily deployed to Preview – vault November 19, 2021 03:06 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 19, 2021 03:06 Inactive
@tvoran
Copy link
Copy Markdown
Member Author

tvoran commented Nov 19, 2021

@calvn Good idea! I've renamed the tests that require AWS credentials to TestAcceptanceBackend_* in 5ffa531.

@tvoran tvoran requested review from a team and calvn November 19, 2021 03:07
@tvoran tvoran merged commit 94fa023 into main Nov 30, 2021
@tvoran tvoran deleted the fix-aws-auth-acceptance-tests branch November 30, 2021 00:00
pull bot pushed a commit to NOUIY/vault that referenced this pull request Mar 19, 2026
@hc-github-team-secure-vault-core @benashz
Backport Update vault-plugin-auth-kubernetes to v0.24.0 into ce/main (h…
808ea3a 
…ashicorp#13164)

* Update vault-plugin-auth-kubernetes to v0.24.0 (hashicorp#13150)

* tidy up

---------

Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Ben Ash <bash@hashicorp.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benashz benashz benashz approved these changes

+1 more reviewer

@calvn calvn calvn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

auth/aws pr/no-changelog test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tvoran @calvn @benashz