Azure
/
AzureKeyVault
зеркало из https://github.com/Azure/AzureKeyVault.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

testing init

This commit is contained in:
Hong Ooi 2019-04-03 15:30:23 +11:00
Родитель 7710447ea2
Коммит 0d258f517a
3 изменённых файлов: 118 добавлений и 14 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

30
R/az_vault.R
Просмотреть файл

@ -8,7 +8,7 @@ public=list(
{ {
if(!inherits(principal, "vault_access_policy")) if(!inherits(principal, "vault_access_policy"))
principal <- vault_access_policy( principal <- vault_access_policy(
find_principal(principal), principal,
tenant, tenant,
key_permissions, key_permissions,
secret_permissions, secret_permissions,
@ -72,18 +72,6 @@ public=list(
)) ))
find_principal=function(principal)
{
if(is_user(principal) || is_service_principal(principal))
principal$properties$id
else if(is_app(principal))
principal$get_service_principal()$properties$id
else if(!is_guid(principal))
stop("Must supply a valid principal ID or object", call.=FALSE)
else AzureAuth::normalize_guid(principal)
}
#' @export #' @export
vault_access_policy <- function(principal, tenant=NULL, vault_access_policy <- function(principal, tenant=NULL,
key_permissions="all", key_permissions="all",
@ -91,6 +79,8 @@ vault_access_policy <- function(principal, tenant=NULL,
certificate_permissions="all", certificate_permissions="all",
storage_permissions="all") storage_permissions="all")
{ {
principal <- find_principal(principal)
key_permissions <- verify_key_permissions(key_permissions) key_permissions <- verify_key_permissions(key_permissions)
secret_permissions <- verify_secret_permissions(secret_permissions) secret_permissions <- verify_secret_permissions(secret_permissions)
certificate_permissions <- verify_certificate_permissions(certificate_permissions) certificate_permissions <- verify_certificate_permissions(certificate_permissions)
@ -123,12 +113,24 @@ print.vault_access_policy <- function(x, ...)
cat("Certificate permissions:\n") cat("Certificate permissions:\n")
cat(strwrap(paste(x$permissions$certificates, collapse=", "), indent=4, exdent=4), sep="\n") cat(strwrap(paste(x$permissions$certificates, collapse=", "), indent=4, exdent=4), sep="\n")
cat("Storage account permissions:\n") cat("Storage account permissions:\n")
cat(strwrap(paste(x$permissions$storage_permissions, collapse=", "), indent=4, exdent=4), sep="\n") cat(strwrap(paste(x$permissions$storage, collapse=", "), indent=4, exdent=4), sep="\n")
cat("\n") cat("\n")
invisible(x) invisible(x)
} }
find_principal=function(principal)
{
if(is_user(principal) || is_service_principal(principal))
principal$properties$id
else if(is_app(principal))
principal$get_service_principal()$properties$id
else if(!is_guid(principal))
stop("Must supply a valid principal ID or object", call.=FALSE)
else AzureAuth::normalize_guid(principal)
}
verify_key_permissions <- function(perms) verify_key_permissions <- function(perms)
{ {
key_perms <- c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore", key_perms <- c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",

4
tests/testthat.R Normal file
Просмотреть файл

@ -0,0 +1,4 @@
library(testthat)
library(AzureKeyVault)
test_check("AzureKeyVault")

98
tests/testthat/test01_resource.R Normal file
Просмотреть файл

@ -0,0 +1,98 @@
context("Resource creation")
tenant <- Sys.getenv("AZ_TEST_TENANT_ID")
app <- Sys.getenv("AZ_TEST_APP_ID")
password <- Sys.getenv("AZ_TEST_PASSWORD")
subscription <- Sys.getenv("AZ_TEST_SUBSCRIPTION")
username <- Sys.getenv("AZ_TEST_USERNAME")
if(tenant == "" || app == "" || password == "" || subscription == "" || username == "")
skip("Tests skipped: ARM credentials not set")
if(!requireNamespace("AzureGraph", quietly=TRUE))
skip("Resource creation tests skipped, AzureGraph not installed")
rgname <- paste(sample(letters, 20, replace=TRUE), collapse="")
kvname <- paste(sample(letters, 10, replace=TRUE), collapse="")
rg <- AzureRMR::az_rm$
new(tenant=tenant, app=app, password=password)$
get_subscription(subscription)$
create_resource_group(rgname, location="australiaeast")
test_that("Access policy function works",
{
pol0 <- vault_access_policy(app, NULL, NULL, NULL, NULL, NULL)
expect_is(pol0, "vault_access_policy")
expect_true(AzureRMR::is_empty(pol0$key_permissions))
expect_true(AzureRMR::is_empty(pol0$secret_permissions))
expect_true(AzureRMR::is_empty(pol0$certificate_permissions))
expect_true(AzureRMR::is_empty(pol0$storage_permissions))
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
pol1 <- vault_access_policy(usr, NULL)
expect_identical(pol1$objectId, usr$properties$id)
expect_identical(pol1$permissions$keys,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"decrypt", "encrypt", "unwrapkey", "wrapkey", "verify", "sign", "purge")))
expect_identical(pol1$permissions$secrets,
I(c("get", "list", "set", "delete", "recover", "backup", "restore", "purge")))
expect_identical(pol1$permissions$certificates,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers",
"deleteissuers", "purge")))
expect_identical(pol1$permissions$storage,
I(c("backup", "delete", "deletesas", "get", "getsas", "list", "listsas",
"purge", "recover", "regeneratekey", "restore", "set", "setsas", "update")))
expect_error(vault_access_policy(username)) # must supply GUID or Graph object as principal
expect_error(vault_access_policy(usr, NULL, key_permissions="none"))
expect_error(vault_access_policy(usr, NULL, secret_permissions="none"))
expect_error(vault_access_policy(usr, NULL, certificate_permissions="none"))
expect_error(vault_access_policy(usr, NULL, storage_permissions="none"))
pol2 <- vault_access_policy(usr, NULL, "get", "get", "get", "get")
expect_is(pol2, "vault_access_policy")
expect_identical(pol2$permissions$keys, I("get"))
expect_identical(pol2$permissions$secrets, I("get"))
expect_identical(pol2$permissions$certificates, I("get"))
expect_identical(pol2$permissions$storage, I("get"))
})
test_that("Resource creation works",
{
kv <- rg$create_key_vault(kvname)
expect_is(kv, "az_key_vault")
kv2 <- rg$get_key_vault(kvname)
expect_is(kv2, "az_key_vault")
})
test_that("Access policy management works",
{
kv <- rg$get_key_vault(kvname)
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
kv$add_principal(usr)
pols <- kv$properties$accessPolicies
expect_true(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
kv$remove_principal(usr)
pols <- kv$properties$accessPolicies
expect_false(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
})
test_that("Resource deletion works",
{
expect_message(rg$delete_key_vault(kvname, confirm=FALSE))
})
rg$delete(confirm=FALSE)