From 0d258f517ab3c40242293c2bced22a1e74e71472 Mon Sep 17 00:00:00 2001
From: Hong Ooi <hongooi@microsoft.com>
Date: Wed, 3 Apr 2019 15:30:23 +1100
Subject: [PATCH] testing init

---
 R/az_vault.R                     | 30 +++++-----
 tests/testthat.R                 |  4 ++
 tests/testthat/test01_resource.R | 98 ++++++++++++++++++++++++++++++++
 3 files changed, 118 insertions(+), 14 deletions(-)
 create mode 100644 tests/testthat.R
 create mode 100644 tests/testthat/test01_resource.R

diff --git a/R/az_vault.R b/R/az_vault.R
index 2dade32..be5bf51 100644
--- a/R/az_vault.R
+++ b/R/az_vault.R
@@ -8,7 +8,7 @@ public=list(
     {
         if(!inherits(principal, "vault_access_policy"))
             principal <- vault_access_policy(
-                find_principal(principal),
+                principal,
                 tenant,
                 key_permissions,
                 secret_permissions,
@@ -72,18 +72,6 @@ public=list(
 ))
 
 
-find_principal=function(principal)
-{
-    if(is_user(principal) || is_service_principal(principal))
-        principal$properties$id
-    else if(is_app(principal))
-        principal$get_service_principal()$properties$id
-    else if(!is_guid(principal))
-        stop("Must supply a valid principal ID or object", call.=FALSE)
-    else AzureAuth::normalize_guid(principal)
-}
-
-
 #' @export
 vault_access_policy <- function(principal, tenant=NULL,
                                 key_permissions="all",
@@ -91,6 +79,8 @@ vault_access_policy <- function(principal, tenant=NULL,
                                 certificate_permissions="all",
                                 storage_permissions="all")
 {
+    principal <- find_principal(principal)
+
     key_permissions <- verify_key_permissions(key_permissions)
     secret_permissions <- verify_secret_permissions(secret_permissions)
     certificate_permissions <- verify_certificate_permissions(certificate_permissions)
@@ -123,12 +113,24 @@ print.vault_access_policy <- function(x, ...)
     cat("Certificate permissions:\n")
     cat(strwrap(paste(x$permissions$certificates, collapse=", "), indent=4, exdent=4), sep="\n")
     cat("Storage account permissions:\n")
-    cat(strwrap(paste(x$permissions$storage_permissions, collapse=", "), indent=4, exdent=4), sep="\n")
+    cat(strwrap(paste(x$permissions$storage, collapse=", "), indent=4, exdent=4), sep="\n")
     cat("\n")
     invisible(x)
 }
 
 
+find_principal=function(principal)
+{
+    if(is_user(principal) || is_service_principal(principal))
+        principal$properties$id
+    else if(is_app(principal))
+        principal$get_service_principal()$properties$id
+    else if(!is_guid(principal))
+        stop("Must supply a valid principal ID or object", call.=FALSE)
+    else AzureAuth::normalize_guid(principal)
+}
+
+
 verify_key_permissions <- function(perms)
 {
     key_perms <- c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
diff --git a/tests/testthat.R b/tests/testthat.R
new file mode 100644
index 0000000..d6672b3
--- /dev/null
+++ b/tests/testthat.R
@@ -0,0 +1,4 @@
+library(testthat)
+library(AzureKeyVault)
+
+test_check("AzureKeyVault")
diff --git a/tests/testthat/test01_resource.R b/tests/testthat/test01_resource.R
new file mode 100644
index 0000000..6b35b5a
--- /dev/null
+++ b/tests/testthat/test01_resource.R
@@ -0,0 +1,98 @@
+context("Resource creation")
+
+tenant <- Sys.getenv("AZ_TEST_TENANT_ID")
+app <- Sys.getenv("AZ_TEST_APP_ID")
+password <- Sys.getenv("AZ_TEST_PASSWORD")
+subscription <- Sys.getenv("AZ_TEST_SUBSCRIPTION")
+username <- Sys.getenv("AZ_TEST_USERNAME")
+
+if(tenant == "" || app == "" || password == "" || subscription == "" || username == "")
+    skip("Tests skipped: ARM credentials not set")
+
+if(!requireNamespace("AzureGraph", quietly=TRUE))
+    skip("Resource creation tests skipped, AzureGraph not installed")
+
+rgname <- paste(sample(letters, 20, replace=TRUE), collapse="")
+kvname <- paste(sample(letters, 10, replace=TRUE), collapse="")
+
+rg <- AzureRMR::az_rm$
+    new(tenant=tenant, app=app, password=password)$
+    get_subscription(subscription)$
+    create_resource_group(rgname, location="australiaeast")
+
+
+test_that("Access policy function works",
+{
+    pol0 <- vault_access_policy(app, NULL, NULL, NULL, NULL, NULL)
+    expect_is(pol0, "vault_access_policy")
+    expect_true(AzureRMR::is_empty(pol0$key_permissions))
+    expect_true(AzureRMR::is_empty(pol0$secret_permissions))
+    expect_true(AzureRMR::is_empty(pol0$certificate_permissions))
+    expect_true(AzureRMR::is_empty(pol0$storage_permissions))
+
+    usr <- AzureGraph::ms_graph$
+        new(tenant=tenant)$
+        get_user(username)
+
+    pol1 <- vault_access_policy(usr, NULL)
+    expect_identical(pol1$objectId, usr$properties$id)
+    expect_identical(pol1$permissions$keys,
+        I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
+            "decrypt", "encrypt", "unwrapkey", "wrapkey", "verify", "sign", "purge")))
+    expect_identical(pol1$permissions$secrets,
+        I(c("get", "list", "set", "delete", "recover", "backup", "restore", "purge")))
+    expect_identical(pol1$permissions$certificates,
+        I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
+            "managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers",
+            "deleteissuers", "purge")))
+    expect_identical(pol1$permissions$storage,
+        I(c("backup", "delete", "deletesas", "get", "getsas", "list", "listsas",
+            "purge", "recover", "regeneratekey", "restore", "set", "setsas", "update")))
+
+    expect_error(vault_access_policy(username)) # must supply GUID or Graph object as principal
+    expect_error(vault_access_policy(usr, NULL, key_permissions="none"))
+    expect_error(vault_access_policy(usr, NULL, secret_permissions="none"))
+    expect_error(vault_access_policy(usr, NULL, certificate_permissions="none"))
+    expect_error(vault_access_policy(usr, NULL, storage_permissions="none"))
+
+    pol2 <- vault_access_policy(usr, NULL, "get", "get", "get", "get")
+    expect_is(pol2, "vault_access_policy")
+    expect_identical(pol2$permissions$keys, I("get"))
+    expect_identical(pol2$permissions$secrets, I("get"))
+    expect_identical(pol2$permissions$certificates, I("get"))
+    expect_identical(pol2$permissions$storage, I("get"))
+})
+
+test_that("Resource creation works",
+{
+    kv <- rg$create_key_vault(kvname)
+    expect_is(kv, "az_key_vault")
+
+    kv2 <- rg$get_key_vault(kvname)
+    expect_is(kv2, "az_key_vault")
+})
+
+test_that("Access policy management works",
+{
+    kv <- rg$get_key_vault(kvname)
+
+    usr <- AzureGraph::ms_graph$
+        new(tenant=tenant)$
+        get_user(username)
+
+    kv$add_principal(usr)
+    pols <- kv$properties$accessPolicies
+    expect_true(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
+
+    kv$remove_principal(usr)
+    pols <- kv$properties$accessPolicies
+    expect_false(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
+})
+
+test_that("Resource deletion works",
+{
+    expect_message(rg$delete_key_vault(kvname, confirm=FALSE))
+})
+
+
+rg$delete(confirm=FALSE)