diff --git a/TestClient.go b/TestClient.go index df095a0..80cf295 100644 --- a/TestClient.go +++ b/TestClient.go @@ -7,9 +7,11 @@ import ( managed_accounts "go-client-library-passwordsafe/api/managed_account" "go-client-library-passwordsafe/api/secrets" "go-client-library-passwordsafe/api/utils" + "time" //"os" + backoff "github.com/cenkalti/backoff/v4" "go.uber.org/zap" ) @@ -34,11 +36,16 @@ func main() { retryMaxElapsedTimeMinutes := 2 maxFileSecretSizeBytes := 5000000 + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.InitialInterval = 1 * time.Second + backoffDefinition.MaxElapsedTime = time.Duration(retryMaxElapsedTimeMinutes) * time.Second + backoffDefinition.RandomizationFactor = 0.5 + //certificate = os.Getenv("CERTIFICATE") //certificateKey = os.Getenv("CERTIFICATE_KEY") // validate inputs - errorsInInputs := utils.ValidateInputs(clientId, clientSecret, apiUrl, clientTimeOutInSeconds, &separator, verifyCa, zapLogger, certificate, certificateKey, &retryMaxElapsedTimeMinutes, &maxFileSecretSizeBytes) + errorsInInputs := utils.ValidateInputs(clientId, clientSecret, &apiUrl, clientTimeOutInSeconds, &separator, verifyCa, zapLogger, certificate, certificateKey, &retryMaxElapsedTimeMinutes, &maxFileSecretSizeBytes) if errorsInInputs != nil { return @@ -48,7 +55,7 @@ func main() { httpClientObj, _ := utils.GetHttpClient(clientTimeOutInSeconds, verifyCa, certificate, certificateKey, zapLogger) // instantiating authenticate obj, injecting httpClient object - authenticate, _ := authentication.Authenticate(*httpClientObj, apiUrl, clientId, clientSecret, zapLogger, retryMaxElapsedTimeMinutes) + authenticate, _ := authentication.Authenticate(*httpClientObj, backoffDefinition, apiUrl, clientId, clientSecret, zapLogger, retryMaxElapsedTimeMinutes) // authenticating _, err := authenticate.GetPasswordSafeAuthentication() diff --git a/api/authentication/authentication_test.go b/api/authentication/authentication_test.go index c2f2922..6696035 100644 --- a/api/authentication/authentication_test.go +++ b/api/authentication/authentication_test.go @@ -12,7 +12,9 @@ import ( "net/url" "reflect" "testing" + "time" + backoff "github.com/cenkalti/backoff/v4" "go.uber.org/zap" ) @@ -42,7 +44,10 @@ func TestSignOut(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := UserTestConfig{ name: "TestSignOut", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -69,7 +74,10 @@ func TestSignAppin(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := UserTestConfig{ name: "TestSignAppin", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -103,7 +111,10 @@ func TestGetToken(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := GetTokenConfig{ name: "TestGetToken", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -142,7 +153,10 @@ func TestGetPasswordSafeAuthentication(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := GetPasswordSafeAuthenticationConfig{ name: "TestGetPasswordSafeAuthentication", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { diff --git a/api/authentication/authetication.go b/api/authentication/authetication.go index 1e38d05..58addb9 100644 --- a/api/authentication/authetication.go +++ b/api/authentication/authetication.go @@ -11,7 +11,6 @@ import ( "io" "net/url" - "time" backoff "github.com/cenkalti/backoff/v4" ) @@ -28,12 +27,8 @@ type AuthenticationObj struct { // Authenticate is responsible for Auth configuration. // Prerequisites - use input validation methods before using this class. -func Authenticate(httpClient utils.HttpClientObj, endpointUrl string, clientId string, clientSecret string, logger logging.Logger, retryMaxElapsedTimeSeconds int) (*AuthenticationObj, error) { +func Authenticate(httpClient utils.HttpClientObj, backoffDefinition *backoff.ExponentialBackOff, endpointUrl string, clientId string, clientSecret string, logger logging.Logger, retryMaxElapsedTimeSeconds int) (*AuthenticationObj, error) { - backoffDefinition := backoff.NewExponentialBackOff() - backoffDefinition.InitialInterval = 1 * time.Second - backoffDefinition.MaxElapsedTime = time.Duration(retryMaxElapsedTimeSeconds) * time.Second - backoffDefinition.RandomizationFactor = 0.5 apiUrl, _ := url.Parse(endpointUrl) authenticationObj := &AuthenticationObj{ ApiUrl: *apiUrl, diff --git a/api/managed_account/managed_account_test.go b/api/managed_account/managed_account_test.go index ef8edeb..e8277c2 100644 --- a/api/managed_account/managed_account_test.go +++ b/api/managed_account/managed_account_test.go @@ -13,7 +13,9 @@ import ( "net/url" "strings" "testing" + "time" + backoff "github.com/cenkalti/backoff/v4" "go.uber.org/zap" ) @@ -38,7 +40,10 @@ func TestManagedAccountGet(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfig{ name: "TestManagedAccountGet", @@ -77,7 +82,10 @@ func TestManagedAccountCreateRequest(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfigStringResponse{ name: "TestManagedAccountCreateRequest", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -111,7 +119,10 @@ func TestCredentialByRequestId(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfigStringResponse{ name: "TestCredentialByRequestId", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -145,7 +156,10 @@ func TestManagedAccountRequestCheckIn(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfigStringResponse{ name: "TestManagedAccountRequestCheckIn", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -179,7 +193,10 @@ func TestManageAccountFlow(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfigStringResponse{ name: "TestManageAccountFlow", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -253,7 +270,10 @@ func TestManageAccountFlowNotFound(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := ManagedAccountTestConfigStringResponse{ name: "TestManageAccountFlowFailedManagedAccounts", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -312,9 +332,721 @@ func TestManageAccountFlowNotFound(t *testing.T) { managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") - secrets, err := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + secrets, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(secrets) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestSecretGetSecret(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestSecretGetSecret", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "fake_credential", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + response, err := managedAccountObj.GetSecret("oauthgrp_nocert/Test1", "/") + + if response != testConfig.response { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + + if err != nil { + t.Errorf("Test case Failed: %v", err) + } +} + +func TestSecretGetSecrets(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestSecretGetSecrets", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "fake_credential", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + secretPaths := []string{"fake/Client", "fake/test_file_1"} + response, err := managedAccountObj.GetSecrets(secretPaths, "/") + + if response["fake/Client"] != testConfig.response { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + + if err != nil { + t.Errorf("Test case Failed: %v", err) + } +} + +func TestManagedAccountFlowTechnicalErrorCreatingRequest(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowTechnicalErrorCreatingRequest", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + w.WriteHeader(http.StatusInternalServerError) + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowBusinesslErrorCreatingRequest(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowBusinesslErrorCreatingRequest", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + w.WriteHeader(http.StatusNotFound) + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowTechnicalErrorCredentialByRequestId(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowTechnicalErrorCredentialByRequestId", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + w.WriteHeader(http.StatusInternalServerError) + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowBusinessErrorCredentialByRequestId(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowBusinessErrorCredentialByRequestId", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + w.WriteHeader(http.StatusNotFound) + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowBusinessErrorAccountRequestCheckIn(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowBusinessErrorAccountRequestCheckIn", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin/": + w.WriteHeader(http.StatusCreated) + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowTechnicalErrorAccountRequestCheckIn(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowTechnicalErrorAccountRequestCheckIn", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`{"SystemId":1,"AccountId":10}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests": + _, err := w.Write([]byte(`124`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Credentials/124": + _, err := w.Write([]byte(`"fake_credential"`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Requests/124/checkin": + w.WriteHeader(http.StatusGatewayTimeout) + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + response, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + +} + +func TestManagedAccountFlowGetAccountTechnicalError(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManagedAccountFlowGetAccountTechnicalError", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + w.WriteHeader(http.StatusGatewayTimeout) + _, err := w.Write([]byte(`"Managed Account not found"`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + secrets, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") + + if len(secrets) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestManageAccountFlowGetAccountBadResponse(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := ManagedAccountTestConfigStringResponse{ + name: "TestManageAccountFlowGetAccountBadResponse", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/ManagedAccounts": + _, err := w.Write([]byte(`fjfj}}`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL) + authenticate.ApiUrl = *apiUrl + managedAccountObj, _ := NewManagedAccountObj(*authenticate, zapLogger) + + managedAccounList := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + + secrets, _ := managedAccountObj.ManageAccountFlow(managedAccounList, "/") if len(secrets) != 0 { - t.Errorf("Test case Failed %v, %v", err.Error(), testConfig.response) + t.Errorf("Test case Failed") } } diff --git a/api/secrets/secrets_test.go b/api/secrets/secrets_test.go index 160e47a..9c66ff8 100644 --- a/api/secrets/secrets_test.go +++ b/api/secrets/secrets_test.go @@ -13,7 +13,9 @@ import ( "net/url" "strings" "testing" + "time" + backoff "github.com/cenkalti/backoff/v4" "go.uber.org/zap" ) @@ -37,7 +39,10 @@ func TestSecretGetSecretByPath(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := SecretTestConfig{ name: "TestSecretGetSecretByPath", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -57,7 +62,7 @@ func TestSecretGetSecretByPath(t *testing.T) { authenticate.ApiUrl = *apiUrl secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) - response, err := secretObj.SecretGetSecretByPath("path1/path2", "fake_title", "/", "secrets-safe/secrets") + response, err := secretObj.SecretGetSecretByPath("path1/path2/", "fake_title", "/", "secrets-safe/secrets") if response != *testConfig.response { t.Errorf("Test case Failed %v, %v", response, *testConfig.response) @@ -75,7 +80,10 @@ func TestSecretGetFileSecret(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := SecretTestConfig{ name: "TestSecretGetFileSecret", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -108,7 +116,10 @@ func TestSecretFlow(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := SecretTestConfigStringResponse{ name: "TestSecretFlow", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -149,10 +160,10 @@ func TestSecretFlow(t *testing.T) { authenticate.ApiUrl = *apiUrl secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) - secretsPaths := strings.Split("oauthgrp_nocert/Test1,oauthgrp_nocert/client_id", ",") + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") response, err := secretObj.GetSecretFlow(secretsPaths, "/") - if response["oauthgrp_nocert/Test1"] != testConfig.response { + if response["oauthgrp_nocert/Test1/Test2/title1"] != testConfig.response { t.Errorf("Test case Failed %v, %v", response, testConfig.response) } @@ -169,7 +180,10 @@ func TestSecretFlow_SecretNotFound(t *testing.T) { httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) - var authenticate, _ = authentication.Authenticate(*httpClientObj, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) testConfig := SecretTestConfigStringResponse{ name: "TestSecretFlow", server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -212,3 +226,429 @@ func TestSecretFlow_SecretNotFound(t *testing.T) { } } + +func TestSecretGetSecret(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretGetSecret", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response + _, err := w.Write([]byte(`[{"Password": "credential_in_sub_3_password","Id": "9152f5b6-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error("Test case Failed") + } + })), + response: "credential_in_sub_3_password", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + response, err := secretObj.GetSecret("path1/path2", "/") + + if response != testConfig.response { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + + if err != nil { + t.Errorf("Test case Failed: %v", err) + } + +} + +func TestSecretGetSecrets(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretGetSecrets", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response + _, err := w.Write([]byte(`[{"Password": "credential_in_sub_3_password","Id": "9152f5b6-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error("Test case Failed") + } + })), + response: "credential_in_sub_3_password", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretPaths := []string{"fake/Client", "fake/test_file_1"} + response, err := secretObj.GetSecrets(secretPaths, "/") + + if response["fake/Client"] != testConfig.response { + t.Errorf("Test case Failed %v, %v", response, testConfig.response) + } + + if err != nil { + t.Errorf("Test case Failed: %v", err) + } +} + +func TestSecretFlowTechnicalErrorFile(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowTechnicalErrorFile", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + _, err := w.Write([]byte(`[{"SecretType": "FILE", "Password": "credential_in_sub_3_password","Id": "9152f5b6-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets/9152f5b6-07d6-4955-175a-08db047219ce/file/download": + w.WriteHeader(http.StatusInternalServerError) + _, err := w.Write([]byte(`[]`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestSecretFlowBusinessErrorFile(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowBusinessErrorFile", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + _, err := w.Write([]byte(`[{"SecretType": "FILE", "Password": "credential_in_sub_3_password","Id": "9152f5b6-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets/9152f5b6-07d6-4955-175a-08db047219ce/file/download": + w.WriteHeader(http.StatusConflict) + _, err := w.Write([]byte(`[]`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestSecretFlowLongSecret(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowLongSecret", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + _, err := w.Write([]byte(`[{"SecretType": "FILE", "Password": "credential_in_sub_3_password","Id": "9152f5b6-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets/9152f5b6-07d6-4955-175a-08db047219ce/file/download": + _, err := w.Write([]byte(`fake_password_more_than_30_characteres`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 30) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } + +} + +func TestSecretFlowTechnicalErrorCredential(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowTechnicalErrorCredential", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + w.WriteHeader(http.StatusInternalServerError) + _, err := w.Write([]byte(`[]`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestSecretFlowBusinessErrorCredential(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowBusinessErrorCredential", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + w.WriteHeader(http.StatusConflict) + _, err := w.Write([]byte(`[]`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } +} + +func TestSecretFlowBadBody(t *testing.T) { + logger, _ := zap.NewDevelopment() + + // create a zap logger wrapper + zapLogger := logging.NewZapLogger(logger) + + httpClientObj, _ := utils.GetHttpClient(5, false, "", "", zapLogger) + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.MaxElapsedTime = time.Second + + var authenticate, _ = authentication.Authenticate(*httpClientObj, backoffDefinition, "https://fake.api.com:443/BeyondTrust/api/public/v3/", "fakeone_a654+9sdf7+8we4f", "fakeone_aasd156465sfdef", zapLogger, 300) + testConfig := SecretTestConfigStringResponse{ + name: "TestSecretFlowBadBody", + server: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // Mocking Response according to the endpoint path + switch r.URL.Path { + + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error("Test case Failed") + } + + case "/secrets-safe/secrets": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"Felipe"}`)) + if err != nil { + t.Error("Test case Failed") + } + + default: + http.NotFound(w, r) + } + })), + response: "", + } + apiUrl, _ := url.Parse(testConfig.server.URL + "/") + authenticate.ApiUrl = *apiUrl + secretObj, _ := NewSecretObj(*authenticate, zapLogger, 4000) + + secretsPaths := strings.Split("oauthgrp_nocert/Test1/Test2/title1,oauthgrp_nocert/client_id", ",") + response, _ := secretObj.GetSecretFlow(secretsPaths, "/") + + if len(response) != 0 { + t.Errorf("Test case Failed") + } +} diff --git a/api/utils/validator.go b/api/utils/validator.go index 48d8700..f831e3c 100644 --- a/api/utils/validator.go +++ b/api/utils/validator.go @@ -27,7 +27,7 @@ type UserInputValidaton struct { var validate *validator.Validate // ValidateInputs is responsible for validating end-user inputs. -func ValidateInputs(clientId string, clientSecret string, apiUrl string, clientTimeOutinSeconds int, separator *string, verifyCa bool, logger logging.Logger, certificate string, certificate_key string, retryMaxElapsedTimeMinutes *int, maxFileSecretSizeBytes *int) error { +func ValidateInputs(clientId string, clientSecret string, apiUrl *string, clientTimeOutinSeconds int, separator *string, verifyCa bool, logger logging.Logger, certificate string, certificate_key string, retryMaxElapsedTimeMinutes *int, maxFileSecretSizeBytes *int) error { if clientTimeOutinSeconds == 0 { clientTimeOutinSeconds = 30 @@ -45,7 +45,9 @@ func ValidateInputs(clientId string, clientSecret string, apiUrl string, clientT *separator = "/" } - err := ValidateURL(apiUrl) + *apiUrl = strings.TrimSpace(*apiUrl) + + err := ValidateURL(*apiUrl) if err != nil { logger.Error(err.Error()) return err @@ -56,7 +58,7 @@ func ValidateInputs(clientId string, clientSecret string, apiUrl string, clientT userInput := &UserInputValidaton{ ClientId: clientId, ClientSecret: clientSecret, - ApiUrl: apiUrl, + ApiUrl: *apiUrl, ClientTimeOutinSeconds: clientTimeOutinSeconds, Separator: *separator, VerifyCa: verifyCa, @@ -117,8 +119,8 @@ func ValidatePaths(secretPaths []string, isManagedAccount bool, separator string newSecretPaths := []string{} - var maxAccountNameLength = 246 - var maxSystemNameLength = 129 + var maxAccountNameLength = 245 + var maxSystemNameLength = 128 var maxPathLength = 1792 var maxTitleLength = 256