Skip to content

Commit

Permalink
fix integration test jwt audience
Browse files Browse the repository at this point in the history
  • Loading branch information
fairclothjm committed Jul 31, 2024
1 parent 3224a22 commit c019897
Showing 1 changed file with 37 additions and 17 deletions.
54 changes: 37 additions & 17 deletions integrationTests/basic/jwt_auth.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,8 @@ describe('jwt auth', () => {
}
});

// write the jwt config, the jwt role will be written on a per-test
// basis since the audience may vary
await got(`${vaultUrl}/v1/auth/jwt/config`, {
method: 'POST',
headers: {
Expand All @@ -108,22 +110,6 @@ describe('jwt auth', () => {
}
});

await got(`${vaultUrl}/v1/auth/jwt/role/default`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
role_type: 'jwt',
bound_audiences: null,
bound_claims: {
iss: 'vault-action'
},
user_claim: 'iss',
policies: ['reader']
}
});

await got(`${vaultUrl}/v1/secret/data/test`, {
method: 'POST',
headers: {
Expand All @@ -138,6 +124,24 @@ describe('jwt auth', () => {
});

describe('authenticate with private key', () => {
beforeAll(async () => {
await got(`${vaultUrl}/v1/auth/jwt/role/default`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
role_type: 'jwt',
bound_audiences: null,
bound_claims: {
iss: 'vault-action'
},
user_claim: 'iss',
policies: ['reader']
}
});
});

beforeEach(() => {
jest.resetAllMocks();

Expand Down Expand Up @@ -170,14 +174,30 @@ describe('jwt auth', () => {

describe('authenticate with Github OIDC', () => {
beforeAll(async () => {
await got(`${vaultUrl}/v1/auth/jwt/role/default`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
role_type: 'jwt',
bound_audiences: 'https://github.com/hashicorp/vault-action',
bound_claims: {
iss: 'vault-action'
},
user_claim: 'iss',
policies: ['reader']
}
});

await got(`${vaultUrl}/v1/auth/jwt/role/default-sigstore`, {
method: 'POST',
headers: {
'X-Vault-Token': vaultToken,
},
json: {
role_type: 'jwt',
bound_audiences: null,
bound_audiences: 'sigstore',
bound_claims: {
iss: 'vault-action',
aud: 'sigstore',
Expand Down

0 comments on commit c019897

Please sign in to comment.