diff --git a/integrationTests/basic/jwt_auth.test.js b/integrationTests/basic/jwt_auth.test.js index 423758d..6d283ed 100644 --- a/integrationTests/basic/jwt_auth.test.js +++ b/integrationTests/basic/jwt_auth.test.js @@ -51,6 +51,9 @@ function mockGithubOIDCResponse(aud= "https://github.com/hashicorp/vault-action" return rsasign.KJUR.jws.JWS.sign(alg, JSON.stringify(header), JSON.stringify(payload), decryptedKey); } +// The sign call inside this function takes a while to run, so cache the default JWT in a constant. +const defaultGithubJwt = mockGithubOIDCResponse(); + describe('jwt auth', () => { beforeAll(async () => { // Verify Connection @@ -99,7 +102,8 @@ describe('jwt auth', () => { 'X-Vault-Token': 'testtoken', }, json: { - jwt_validation_pubkeys: publicRsaKey + jwt_validation_pubkeys: publicRsaKey, + default_role: "default" } }); @@ -198,20 +202,20 @@ describe('jwt auth', () => { .calledWith('jwtPrivateKey') .mockReturnValueOnce(''); - when(core.getInput) - .calledWith('role') - .mockReturnValueOnce('default'); - when(core.getInput) .calledWith('secrets') .mockReturnValueOnce('secret/data/test secret'); - - when(core.getIDToken) - .calledWith() - .mockReturnValueOnce(mockGithubOIDCResponse()); }); it('successfully authenticates', async () => { + when(core.getInput) + .calledWith('role') + .mockReturnValueOnce('default'); + + when(core.getIDToken) + .calledWith() + .mockReturnValueOnce(defaultGithubJwt); + await exportSecrets(); expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET'); }); @@ -238,6 +242,10 @@ describe('jwt auth', () => { .calledWith('role') .mockReturnValueOnce(null); + when(core.getIDToken) + .calledWith() + .mockReturnValueOnce(defaultGithubJwt); + await exportSecrets(); expect(core.exportVariable).toBeCalledWith('SECRET', 'SUPERSECRET'); })