Zenko/tests/ctst/steps/iam-policies/common.ts at 10e02f8e071723ea5547f6bacc197bdda40d6236 · scality/Zenko · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import { When, Then } from '@cucumber/cucumber';
import { strict as assert } from 'assert';
import Zenko from '../../world/Zenko';
import { CacheHelper, ClientOptions, Command, Identity, VaultAuth } from 'cli-testing';
import { runActionAgainstBucket } from 'steps/utils/utils';

When('the user tries to perform {string} on the bucket', async function (this: Zenko, action: string) {
    await runActionAgainstBucket(this, action);
});

When('the user tries to perform vault auth {string}', async function (this: Zenko, action: string) {
    const lastIdentity = this.getSavedIdentity();
    const userCredentials = Identity.getCredentialsForIdentity(
        lastIdentity.identityType,
        lastIdentity.identityName,
        lastIdentity.accountName,
    );

    if (!userCredentials) {
        throw new Error('User credentials not set. '
            + 'Make sure the `IAMSession` and `AssumedSession` world parameter are defined.');
    }

    if (!this.parameters.VaultAuthHost) {
        throw new Error('Vault auth endpoint is not set. Make sure the `VaultAuthHost` world parameter is defined.');
    }

    const vaultAuthClientOptions: ClientOptions = {
        AccessKey: userCredentials.accessKeyId,
        SecretKey: userCredentials.secretAccessKey,
        SessionToken: userCredentials.sessionToken,
        ip: this.parameters.VaultAuthHost,
        ssl: CacheHelper.parameters ? CacheHelper.parameters.ssl as boolean : undefined,
    };

    switch (action) {
    case 'GetAccountInfo':
        this.setResult(await VaultAuth.getAccounts([
            lastIdentity.accountName || this.parameters.AccountName,
        ], null, null, {
            // @ts-expect-error accountNames is not generated by CTST yet
            accountNames: true,
        }, vaultAuthClientOptions) as Command);
        break;
    default:
        throw new Error(`Action ${action} is not supported`);
    }
});

Then('the user should be able to perform successfully the {string} action', function (this: Zenko, action: string) {
    switch (action) {
    case 'MetadataSearch': {
        assert.strictEqual(this.getResult().statusCode, 200);
        break;
    }
    case 'GetAccountInfo': {
        assert.strictEqual(this.getResult() instanceof Error, false);
        break;
    }
    default: {
        assert.strictEqual(this.getResult().err, null);
    }

    }
});

Then('the user should not be able to perform the {string} action', function (this: Zenko, action : string) {
    switch (action) {
    case 'GetAccountInfo': {
        assert.strictEqual(this.getResult().code === 'AccessDenied', true);
        break;
    }
    default: {
        assert.strictEqual(this.getResult().err, null);
    }
    }
});

Then('the user should receive {string} error', function (this: Zenko, error : string) {
    assert.strictEqual(this.getResult().err!.includes(error), true);
});