-
Notifications
You must be signed in to change notification settings - Fork 105
Expand file tree
/
Copy pathaws_oidc_configuration_integration_test.go
More file actions
122 lines (96 loc) · 3.71 KB
/
aws_oidc_configuration_integration_test.go
File metadata and controls
122 lines (96 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package tfe
import (
"context"
"os"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// These tests are intended for local execution only, as OIDC configurations for HYOK requires specific conditions.
// To run them locally, follow the instructions outlined in hyok_configuration_integration_test.go
func TestAWSOIDCConfigurationCreateDelete(t *testing.T) {
skipHYOKIntegrationTests(t)
client := testClient(t)
ctx := context.Background()
// replace the environment variable with a valid organization name that has AWS OIDC HYOK configurations
hyokOrganizationName := os.Getenv("HYOK_ORGANIZATION_NAME")
if hyokOrganizationName == "" {
t.Fatal("Export a valid HYOK_ORGANIZATION_NAME before running this test!")
}
orgTest, err := client.Organizations.Read(ctx, hyokOrganizationName)
if err != nil {
t.Fatal(err)
}
t.Run("with valid options", func(t *testing.T) {
opts := AWSOIDCConfigurationCreateOptions{
RoleARN: "arn:aws:iam::123456789012:role/some-role",
}
oidcConfig, err := client.AWSOIDCConfigurations.Create(ctx, orgTest.Name, opts)
require.NoError(t, err)
require.NotNil(t, oidcConfig)
assert.Equal(t, oidcConfig.RoleARN, opts.RoleARN)
// delete the created configuration
err = client.AWSOIDCConfigurations.Delete(ctx, oidcConfig.ID)
require.NoError(t, err)
})
t.Run("missing role ARN", func(t *testing.T) {
opts := AWSOIDCConfigurationCreateOptions{}
_, err := client.AWSOIDCConfigurations.Create(ctx, orgTest.Name, opts)
assert.ErrorIs(t, err, ErrRequiredRoleARN)
})
}
func TestAWSOIDCConfigurationRead(t *testing.T) {
skipHYOKIntegrationTests(t)
client := testClient(t)
ctx := context.Background()
// replace the environment variable with a valid organization name that has AWS OIDC HYOK configurations
hyokOrganizationName := os.Getenv("HYOK_ORGANIZATION_NAME")
if hyokOrganizationName == "" {
t.Fatal("Export a valid HYOK_ORGANIZATION_NAME before running this test!")
}
orgTest, err := client.Organizations.Read(ctx, hyokOrganizationName)
if err != nil {
t.Fatal(err)
}
oidcConfig, oidcConfigCleanup := createAWSOIDCConfiguration(t, client, orgTest)
t.Cleanup(oidcConfigCleanup)
t.Run("fetch existing configuration", func(t *testing.T) {
fetched, err := client.AWSOIDCConfigurations.Read(ctx, oidcConfig.ID)
require.NoError(t, err)
require.NotEmpty(t, fetched)
})
t.Run("fetching non-existing configuration", func(t *testing.T) {
_, err := client.AWSOIDCConfigurations.Read(ctx, "awsoidc-notreal")
assert.ErrorIs(t, err, ErrResourceNotFound)
})
}
func TestAWSOIDCConfigurationsUpdate(t *testing.T) {
skipHYOKIntegrationTests(t)
client := testClient(t)
ctx := context.Background()
// replace the environment variable with a valid organization name that has AWS OIDC HYOK configurations
hyokOrganizationName := os.Getenv("HYOK_ORGANIZATION_NAME")
if hyokOrganizationName == "" {
t.Fatal("Export a valid HYOK_ORGANIZATION_NAME before running this test!")
}
orgTest, err := client.Organizations.Read(ctx, hyokOrganizationName)
if err != nil {
t.Fatal(err)
}
oidcConfig, oidcConfigCleanup := createAWSOIDCConfiguration(t, client, orgTest)
t.Cleanup(oidcConfigCleanup)
t.Run("with valid options", func(t *testing.T) {
opts := AWSOIDCConfigurationUpdateOptions{
RoleARN: "arn:aws:iam::123456789012:role/some-role-2",
}
updated, err := client.AWSOIDCConfigurations.Update(ctx, oidcConfig.ID, opts)
require.NoError(t, err)
require.NotEmpty(t, updated)
assert.Equal(t, opts.RoleARN, updated.RoleARN)
})
t.Run("missing role ARN", func(t *testing.T) {
opts := AWSOIDCConfigurationUpdateOptions{}
_, err := client.AWSOIDCConfigurations.Update(ctx, oidcConfig.ID, opts)
assert.ErrorIs(t, err, ErrRequiredRoleARN)
})
}