use assert_cmd::prelude::*; use assert_fs::prelude::*; use assert_fs::TempDir; use predicates::prelude::*; use serial_test::serial; use std::process::Command; static BINARY: &str = "keyweave"; static KEYVAULT: &str = "bvdbkeyweavetweukvt1"; static FIREWALL_KEYVAULT: &str = "bvdbkeyweavetweukvt2"; static NON_EXISTENT_KEYVAULT: &str = "bvdbkeyweavetweukvt3"; #[tokio::test] #[serial] async fn test_no_access_policies() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().failure().stderr(predicate::str::contains( "Make sure you have List permissions on the Key Vault.", )); temp_dir.close().unwrap(); } #[tokio::test] #[serial] async fn test_only_get_access_policy() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().failure().stderr(predicate::str::contains( "Make sure you have List permissions on the Key Vault.", )); temp_dir.close().unwrap(); } /// Test with only List access policy - expected to succeed with get errors. #[tokio::test] #[serial] async fn test_only_list_access_policy() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().success().stderr(predicate::str::contains( "Make sure you have Get permissions on the Key Vault.", )); temp_dir.close().unwrap(); } /// Test with both Get and List access policies - expected to pass. #[tokio::test] #[serial] async fn test_get_and_list_access_policies() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().success(); output_path.assert(predicate::path::is_file()); output_path.assert(predicate::str::contains("testSecret=testSecretValue")); output_path.assert(predicate::str::contains( "filterTestSecret=filterTestSecretValue", )); temp_dir.close().unwrap(); } /// Test with both Get and List access policies and filter - expected to pass. #[tokio::test] #[serial] async fn test_get_and_list_access_policies_filter() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(KEYVAULT) .arg("--output") .arg(output_path.path()) .arg("--filter") .arg("filter"); cmd.assert().success(); output_path.assert(predicate::path::is_file()); output_path.assert(predicate::str::contains( "filterTestSecret=filterTestSecretValue", )); temp_dir.close().unwrap(); } /// Test with both Get and List access policies on a Key Vault with Firewall - expected to fail. #[tokio::test] #[serial] async fn test_get_and_list_access_policies_firewall() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(FIREWALL_KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().failure().stderr(predicate::str::contains( "Make sure you're on the Key Vaults Firewall allowlist.", )); temp_dir.close().unwrap(); } /// Test with both Get and List access policies on a non-existent Key Vault - expected to fail. #[tokio::test] #[serial] async fn test_get_and_list_access_policies_non_existent() { let temp_dir = TempDir::new().unwrap(); let output_path = temp_dir.child(".env"); let mut cmd = Command::cargo_bin(BINARY).unwrap(); cmd.arg("--vault-name") .arg(NON_EXISTENT_KEYVAULT) .arg("--output") .arg(output_path.path()); cmd.assert().failure().stderr(predicate::str::contains( "Please check that the Key Vault exists or that you have no connectivity issues.", )); temp_dir.close().unwrap(); }