feat: e2e tests within rust instead

2025-06-28 04:09:11 +00:00 · 2023-11-22 05:17:04 +01:00 · 2023-11-22 05:17:04 +01:00 · 38a15a3bcd
commit 38a15a3bcd
parent 7b40a0ae17
8 changed files with 550 additions and 156 deletions
--- a/tests/e2e.rs
+++ b/tests/e2e.rs
@ -0,0 +1,188 @@
+use assert_cmd::prelude::*;
+use assert_fs::prelude::*;
+use assert_fs::TempDir;
+use std::process::Command;
+use predicates::prelude::*;
+use serial_test::serial;
+use std::env;
+
+static BINARY: &str = "keyweave";
+static KEYVAULT: &str = "bvdbkeyweavetweukvt1";
+static FIREWALL_KEYVAULT: &str = "bvdbkeyweavetweukvt2";
+static NON_EXISTENT_KEYVAULT: &str = "bvdbkeyweavetweukvt3";
+
+fn azure_cli_login(client_id: String, tenant_id: String, subscription_id: String) -> Result<(), std::io::Error> {
+    Command::new("az")
+        .arg("login")
+        .arg("--identity")
+        .arg("--username")
+        .arg(client_id)
+        .arg("--tenant")
+        .arg(tenant_id)
+        .output()?;
+
+    Command::new("az")
+        .arg("account")
+        .arg("set")
+        .arg("--subscription")
+        .arg(subscription_id)
+        .output()?;
+
+    Ok(())
+}
+
+/// Test with no access policies - expected to fail.
+#[tokio::test]
+#[serial]
+async fn test_no_access_policies() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_NO_ACCESS").expect("Failed to get AZURE_CLIENT_ID_NO_ACCESS"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().failure().stderr(predicate::str::contains("Make sure you have List permissions on the Key Vault."));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with only Get access policy - expected to fail.
+#[tokio::test]
+#[serial]
+async fn test_only_get_access_policy() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_GET").expect("Failed to get AZURE_CLIENT_ID_GET"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().failure().stderr(predicate::str::contains("Make sure you have List permissions on the Key Vault."));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with only List access policy - expected to succeed with get errors.
+#[tokio::test]
+#[serial]
+async fn test_only_list_access_policy() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_LIST").expect("Failed to get AZURE_CLIENT_ID_LIST"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().success().stderr(predicate::str::contains("Make sure you have Get permissions on the Key Vault."));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with both Get and List access policies - expected to pass.
+#[tokio::test]
+#[serial]
+async fn test_get_and_list_access_policies() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_GET_LIST").expect("Failed to get AZURE_CLIENT_ID_GET_LIST"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().success();
+
+    output_path.assert(predicate::path::is_file());
+    output_path.assert(predicate::str::contains("testSecret=testSecretValue"));
+    output_path.assert(predicate::str::contains("filterTestSecret=filterTestSecretValue"));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with both Get and List access policies and filter - expected to pass.
+#[tokio::test]
+#[serial]
+async fn test_get_and_list_access_policies_filter() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_GET_LIST").expect("Failed to get AZURE_CLIENT_ID_GET_LIST"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(KEYVAULT)
+       .arg("--output").arg(output_path.path())
+       .arg("--filter").arg("filter");
+    cmd.assert().success();
+
+    output_path.assert(predicate::path::is_file());
+    output_path.assert(predicate::str::contains("filterTestSecret=filterTestSecretValue"));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with both Get and List access policies on a Key Vault with Firewall - expected to fail.
+#[tokio::test]
+#[serial]
+async fn test_get_and_list_access_policies_firewall() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_GET_LIST").expect("Failed to get AZURE_CLIENT_ID_GET_LIST"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(FIREWALL_KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().failure().stderr(predicate::str::contains("Make sure you're on the Key Vaults Firewall allowlist."));
+
+    temp_dir.close().unwrap();
+}
+
+/// Test with both Get and List access policies on a non-existent Key Vault - expected to fail.
+#[tokio::test]
+#[serial]
+async fn test_get_and_list_access_policies_non_existent() {
+    azure_cli_login(
+        env::var("AZURE_CLIENT_ID_GET_LIST").expect("Failed to get AZURE_CLIENT_ID_GET_LIST"),
+        env::var("AZURE_TENANT_ID").expect("Failed to get AZURE_TENANT_ID"),
+        env::var("AZURE_SUBSCRIPTION_ID").expect("Failed to get AZURE_SUBSCRIPTION_ID"),
+    ).expect("Failed to log in to Azure CLI");
+
+    let temp_dir = TempDir::new().unwrap();
+    let output_path = temp_dir.child(".env");
+
+    let mut cmd = Command::cargo_bin(BINARY).unwrap();
+    cmd.arg("--vault-name").arg(NON_EXISTENT_KEYVAULT)
+       .arg("--output").arg(output_path.path());
+    cmd.assert().failure().stderr(predicate::str::contains("Please check that the Key Vault exists or that you have no connectivity issues."));
+
+    temp_dir.close().unwrap();
+}
+