tests/testthat/test01_resource.R
In cloudyr/AzureKeyVault: Key and Secret Management in 'Azure'
context("Resource creation")
tenant <- Sys.getenv("AZ_TEST_TENANT_ID")
app <- Sys.getenv("AZ_TEST_APP_ID")
password <- Sys.getenv("AZ_TEST_PASSWORD")
subscription <- Sys.getenv("AZ_TEST_SUBSCRIPTION")
username <- Sys.getenv("AZ_TEST_USERNAME")
if(tenant == "" || app == "" || password == "" || subscription == "" || username == "")
skip("Tests skipped: ARM credentials not set")
rgname <- paste(sample(letters, 20, replace=TRUE), collapse="")
kvname <- paste(sample(letters, 10, replace=TRUE), collapse="")
rg <- AzureRMR::az_rm$
new(tenant=tenant, app=app, password=password)$
get_subscription(subscription)$
create_resource_group(rgname, location="australiaeast")
test_that("Access policy function works",
{
pol0 <- vault_access_policy(app, NULL, NULL, NULL, NULL, NULL)
expect_is(pol0, "vault_access_policy")
expect_true(AzureRMR::is_empty(pol0$key_permissions))
expect_true(AzureRMR::is_empty(pol0$secret_permissions))
expect_true(AzureRMR::is_empty(pol0$certificate_permissions))
expect_true(AzureRMR::is_empty(pol0$storage_permissions))
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
pol1 <- vault_access_policy(usr, NULL)
expect_identical(pol1$objectId, usr$properties$id)
expect_identical(pol1$permissions$keys,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"decrypt", "encrypt", "unwrapkey", "wrapkey", "verify", "sign", "purge")))
expect_identical(pol1$permissions$secrets,
I(c("get", "list", "set", "delete", "recover", "backup", "restore", "purge")))
expect_identical(pol1$permissions$certificates,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers",
"deleteissuers", "purge")))
expect_identical(pol1$permissions$storage,
I(c("backup", "delete", "deletesas", "get", "getsas", "list", "listsas",
"purge", "recover", "regeneratekey", "restore", "set", "setsas", "update")))
expect_error(vault_access_policy("user@example.com")) # must supply GUID or Graph object as principal
expect_error(vault_access_policy(usr, NULL, key_permissions="none"))
expect_error(vault_access_policy(usr, NULL, secret_permissions="none"))
expect_error(vault_access_policy(usr, NULL, certificate_permissions="none"))
expect_error(vault_access_policy(usr, NULL, storage_permissions="none"))
pol2 <- vault_access_policy(usr, NULL, "get", "get", "get", "get")
expect_is(pol2, "vault_access_policy")
expect_identical(pol2$permissions$keys, I("get"))
expect_identical(pol2$permissions$secrets, I("get"))
expect_identical(pol2$permissions$certificates, I("get"))
expect_identical(pol2$permissions$storage, I("get"))
})
test_that("Resource creation works",
{
kv <- rg$create_key_vault(kvname)
expect_is(kv, "az_key_vault")
kv2 <- rg$get_key_vault(kvname)
expect_is(kv2, "az_key_vault")
})
test_that("Access policy management works",
{
kv <- rg$get_key_vault(kvname)
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
kv$add_principal(usr)
pols <- kv$properties$accessPolicies
expect_true(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
kv$remove_principal(usr)
pols <- kv$properties$accessPolicies
expect_false(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
})
test_that("Resource deletion works",
{
expect_message(rg$delete_key_vault(kvname, confirm=FALSE))
expect_silent(rg$purge_key_vault(kvname, rg$location, confirm=FALSE))
})
rg$delete(confirm=FALSE)
cloudyr/AzureKeyVault documentation built on Sept. 19, 2021, 8:49 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
context("Resource creation")
tenant <- Sys.getenv("AZ_TEST_TENANT_ID")
app <- Sys.getenv("AZ_TEST_APP_ID")
password <- Sys.getenv("AZ_TEST_PASSWORD")
subscription <- Sys.getenv("AZ_TEST_SUBSCRIPTION")
username <- Sys.getenv("AZ_TEST_USERNAME")
if(tenant == "" || app == "" || password == "" || subscription == "" || username == "")
skip("Tests skipped: ARM credentials not set")
rgname <- paste(sample(letters, 20, replace=TRUE), collapse="")
kvname <- paste(sample(letters, 10, replace=TRUE), collapse="")
rg <- AzureRMR::az_rm$
new(tenant=tenant, app=app, password=password)$
get_subscription(subscription)$
create_resource_group(rgname, location="australiaeast")
test_that("Access policy function works",
{
pol0 <- vault_access_policy(app, NULL, NULL, NULL, NULL, NULL)
expect_is(pol0, "vault_access_policy")
expect_true(AzureRMR::is_empty(pol0$key_permissions))
expect_true(AzureRMR::is_empty(pol0$secret_permissions))
expect_true(AzureRMR::is_empty(pol0$certificate_permissions))
expect_true(AzureRMR::is_empty(pol0$storage_permissions))
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
pol1 <- vault_access_policy(usr, NULL)
expect_identical(pol1$objectId, usr$properties$id)
expect_identical(pol1$permissions$keys,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"decrypt", "encrypt", "unwrapkey", "wrapkey", "verify", "sign", "purge")))
expect_identical(pol1$permissions$secrets,
I(c("get", "list", "set", "delete", "recover", "backup", "restore", "purge")))
expect_identical(pol1$permissions$certificates,
I(c("get", "list", "update", "create", "import", "delete", "recover", "backup", "restore",
"managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers",
"deleteissuers", "purge")))
expect_identical(pol1$permissions$storage,
I(c("backup", "delete", "deletesas", "get", "getsas", "list", "listsas",
"purge", "recover", "regeneratekey", "restore", "set", "setsas", "update")))
expect_error(vault_access_policy("user@example.com")) # must supply GUID or Graph object as principal
expect_error(vault_access_policy(usr, NULL, key_permissions="none"))
expect_error(vault_access_policy(usr, NULL, secret_permissions="none"))
expect_error(vault_access_policy(usr, NULL, certificate_permissions="none"))
expect_error(vault_access_policy(usr, NULL, storage_permissions="none"))
pol2 <- vault_access_policy(usr, NULL, "get", "get", "get", "get")
expect_is(pol2, "vault_access_policy")
expect_identical(pol2$permissions$keys, I("get"))
expect_identical(pol2$permissions$secrets, I("get"))
expect_identical(pol2$permissions$certificates, I("get"))
expect_identical(pol2$permissions$storage, I("get"))
})
test_that("Resource creation works",
{
kv <- rg$create_key_vault(kvname)
expect_is(kv, "az_key_vault")
kv2 <- rg$get_key_vault(kvname)
expect_is(kv2, "az_key_vault")
})
test_that("Access policy management works",
{
kv <- rg$get_key_vault(kvname)
usr <- AzureGraph::ms_graph$
new(tenant=tenant)$
get_user(username)
kv$add_principal(usr)
pols <- kv$properties$accessPolicies
expect_true(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
kv$remove_principal(usr)
pols <- kv$properties$accessPolicies
expect_false(any(sapply(pols, function(x) x$objectId == usr$properties$id)))
})
test_that("Resource deletion works",
{
expect_message(rg$delete_key_vault(kvname, confirm=FALSE))
expect_silent(rg$purge_key_vault(kvname, rg$location, confirm=FALSE))
})
rg$delete(confirm=FALSE)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.