Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for true/false string literals for agent injector #22996

Merged
merged 5 commits into from
Sep 27, 2023
Merged

Add support for true/false string literals for agent injector #22996

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
745c7c1
Add support for true/false string literals for agent injector
VioletHynes Sep 12, 2023
1f73496
Add extra test
VioletHynes Sep 12, 2023
2cffcb1
Changelog
VioletHynes Sep 12, 2023
6153b56
parseutil
VioletHynes Sep 12, 2023
3b4cfe7
Godocs
VioletHynes Sep 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/22996.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
auto-auth/azure: Support setting the `authenticate_from_environment` variable to "true" and "false" string literals, too.
```
12 changes: 11 additions & 1 deletion command/agentproxyshared/auth/azure/azure.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,17 @@ func NewAzureAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
if ok {
a.authenticateFromEnvironment, ok = authenticateFromEnvironmentRaw.(bool)
if !ok {
return nil, errors.New("could not convert 'authenticate_from_environment' config value to bool")
authFromEnvString, ok := authenticateFromEnvironmentRaw.(string)
if !ok {
return nil, errors.New("could not convert 'authenticate_from_environment' config value to bool")
}
if authFromEnvString == "true" {
a.authenticateFromEnvironment = true
} else if authFromEnvString == "false" {
a.authenticateFromEnvironment = false
} else {
return nil, errors.New("could not convert 'authenticate_from_environment' config value to bool")
}
}
}

Expand Down
83 changes: 83 additions & 0 deletions command/agentproxyshared/auth/azure/azure_test.go
View file
Open in desktop
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Would you be able to throw in some go doc comments for the test methods please?

Side note, what do you think about a table driven test for the authenticate_from_environment testing?

func TestAzureAuthMethod_AuthenticateFromEnvironment(t *testing.T) {
	t.Parallel()

	tests := map[string]struct {
		AuthenticateFromEnvValue any
		IsErrorExpected          bool
	}{
		"bool-true": {
			AuthenticateFromEnvValue: true,
			IsErrorExpected:          false,
		},
		"bool-false": {
			AuthenticateFromEnvValue: false,
			IsErrorExpected:          false,
		},
		"string-true": {
			AuthenticateFromEnvValue: "true",
			IsErrorExpected:          false,
		},
		"string-false": {
			AuthenticateFromEnvValue: "false",
			IsErrorExpected:          false,
		},
		"string-empty": {
			AuthenticateFromEnvValue: "",
			IsErrorExpected:          false,
		},
		"nil": {
			AuthenticateFromEnvValue: nil,
			IsErrorExpected:          false,
		},
		"string-bad": {
			AuthenticateFromEnvValue: "bad_value",
			IsErrorExpected:          true,
		},
	}

	for name, tc := range tests {
		name := name
		tc := tc
		t.Run(name, func(t *testing.T) {
			t.Parallel()

			config := &auth.AuthConfig{
				Logger:    hclog.NewNullLogger(),
				MountPath: "auth-test",
				Config: map[string]interface{}{
					"resource":                      "test",
					"client_id":                     "test",
					"role":                          "test",
					"scope":                         "test",
					"authenticate_from_environment": tc.AuthenticateFromEnvValue,
				},
			}

			_, err := NewAzureAuthMethod(config)
			if tc.IsErrorExpected {
				require.Error(t, err)
			} else {
				require.NoError(t, err)
			}
		})
	}
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call! Added the godocs.

I personally find that table driven tests feel a little overkill for tests like this -- we're not saving a lot of complexity/repetition really, and as-is, tests are nice and simple and self-contained, with a lot less to think about when reading the test. I think it's a preference thing, but that's why I did it this way.

I did add the t.Parallels though! Almost forgot those :)

Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package azure

import (
"testing"

"github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/command/agentproxyshared/auth"
)

func TestAzureAuthMethod(t *testing.T) {
config := &auth.AuthConfig{
Logger: hclog.NewNullLogger(),
MountPath: "auth-test",
Config: map[string]interface{}{
"resource": "test",
"client_id": "test",
"role": "test",
"scope": "test",
"authenticate_from_environment": true,
},
}

_, err := NewAzureAuthMethod(config)
if err != nil {
t.Fatal(err)
}
}

func TestAzureAuthMethod_StringAuthFromEnvironment(t *testing.T) {
config := &auth.AuthConfig{
Logger: hclog.NewNullLogger(),
MountPath: "auth-test",
Config: map[string]interface{}{
"resource": "test",
"client_id": "test",
"role": "test",
"scope": "test",
"authenticate_from_environment": "true",
},
}

_, err := NewAzureAuthMethod(config)
if err != nil {
t.Fatal(err)
}
}

func TestAzureAuthMethod_BadConfig(t *testing.T) {
config := &auth.AuthConfig{
Logger: hclog.NewNullLogger(),
MountPath: "auth-test",
Config: map[string]interface{}{
"bad_value": "abc",
},
}

_, err := NewAzureAuthMethod(config)
if err == nil {
t.Fatal("Expected error, got none.")
}
}

func TestAzureAuthMethod_BadAuthFromEnvironment(t *testing.T) {
config := &auth.AuthConfig{
Logger: hclog.NewNullLogger(),
MountPath: "auth-test",
Config: map[string]interface{}{
"resource": "test",
"client_id": "test",
"role": "test",
"scope": "test",
"authenticate_from_environment": "bad_value",
},
}

_, err := NewAzureAuthMethod(config)
if err == nil {
t.Fatal("Expected error, got none.")
}
}