|
| 1 | +#!/usr/bin/env bash |
| 2 | + |
| 3 | +# Import test library bundled with the devcontainer CLI |
| 4 | +source dev-container-features-test-lib || exit 1 |
| 5 | + |
| 6 | +# Test that az shim is installed |
| 7 | +check "az shim exists" test -f /usr/local/share/codespace-shims/az |
| 8 | +check "az shim is executable" test -x /usr/local/share/codespace-shims/az |
| 9 | + |
| 10 | +# Test that az shim sources resolve-shim.sh |
| 11 | +check "az shim sources resolve-shim.sh" grep -q 'source.*resolve-shim.sh' /usr/local/share/codespace-shims/az |
| 12 | + |
| 13 | +# Test GitHub Actions environment detection |
| 14 | +check "az shim has GitHub Actions detection" grep -q 'ACTIONS_ID_TOKEN_REQUEST_URL' /usr/local/share/codespace-shims/az |
| 15 | + |
| 16 | +# Test that az shim intercepts get-access-token command |
| 17 | +check "az shim intercepts get-access-token" grep -q 'get-access-token' /usr/local/share/codespace-shims/az |
| 18 | + |
| 19 | +# Test argument parsing handles both formats (--resource value and --resource=value) |
| 20 | +check "az shim handles equals format args" grep -q '\-\-resource=\*' /usr/local/share/codespace-shims/az |
| 21 | +check "az shim handles space-separated args" grep -q '\-\-resource)' /usr/local/share/codespace-shims/az |
| 22 | + |
| 23 | +# Test that az shim falls back to real az CLI for other commands |
| 24 | +TEST_HOME=$(mktemp -d) |
| 25 | +check "az shim falls back for non-token commands" bash -c ' |
| 26 | + export HOME='"$TEST_HOME"' |
| 27 | + # az --version should pass through to real az CLI (if installed) |
| 28 | + # or fail gracefully if az is not installed |
| 29 | + output=$(/usr/local/share/codespace-shims/az --version 2>&1) || true |
| 30 | + # Check that it either shows az version or "not found" error - both are valid |
| 31 | + echo "$output" | grep -qE "(azure-cli|Azure CLI|not found)" && echo "SUCCESS" || echo "FAILED" |
| 32 | +' | grep -q "SUCCESS" |
| 33 | + |
| 34 | +# Test that az shim handles missing azure-auth-helper gracefully |
| 35 | +check "az shim handles missing azure-auth-helper" bash -c ' |
| 36 | + export HOME='"$TEST_HOME"' |
| 37 | + # Remove azure-auth-helper if it exists |
| 38 | + rm -f "${HOME}/azure-auth-helper" |
| 39 | + # Call az account get-access-token - should fall through to real az |
| 40 | + # (which will fail, but shim should not crash) |
| 41 | + /usr/local/share/codespace-shims/az account get-access-token --resource https://management.azure.com 2>&1 || true |
| 42 | + # If we get here, the shim handled it gracefully |
| 43 | + echo "completed" |
| 44 | +' | grep -q "completed" |
| 45 | + |
| 46 | +# Test that az shim returns proper JSON format when azure-auth-helper exists |
| 47 | +check "az shim returns valid JSON format" bash -c ' |
| 48 | + export HOME='"$TEST_HOME"' |
| 49 | + # Create a mock azure-auth-helper that returns a test token |
| 50 | + cat > "${HOME}/azure-auth-helper" << '\''HELPER'\'' |
| 51 | +#!/bin/bash |
| 52 | +echo "test-token-12345" |
| 53 | +HELPER |
| 54 | + chmod +x "${HOME}/azure-auth-helper" |
| 55 | + |
| 56 | + # Call the shim and verify JSON output |
| 57 | + output=$(/usr/local/share/codespace-shims/az account get-access-token --resource https://management.azure.com 2>&1) |
| 58 | + |
| 59 | + # Check that output contains expected JSON fields |
| 60 | + echo "$output" | grep -q "accessToken" && \ |
| 61 | + echo "$output" | grep -q "tokenType" && \ |
| 62 | + echo "$output" | grep -q "Bearer" && \ |
| 63 | + echo "SUCCESS" || echo "FAILED" |
| 64 | +' | grep -q "SUCCESS" |
| 65 | + |
| 66 | +# Test GitHub Actions bypass (simulate by setting the env var) |
| 67 | +check "az shim bypasses interception in GitHub Actions" bash -c ' |
| 68 | + export HOME='"$TEST_HOME"' |
| 69 | + export ACTIONS_ID_TOKEN_REQUEST_URL="https://example.com/token" |
| 70 | + # In Actions mode, shim should skip interception and call real az directly |
| 71 | + # (will fail if az not installed, but should not attempt token interception) |
| 72 | + output=$(/usr/local/share/codespace-shims/az account get-access-token --resource https://management.azure.com 2>&1) || true |
| 73 | + # Should NOT contain our mock token (which means bypass worked) |
| 74 | + echo "$output" | grep -qv "test-token-12345" && echo "SUCCESS" || echo "FAILED" |
| 75 | +' | grep -q "SUCCESS" |
| 76 | + |
| 77 | +# Cleanup |
| 78 | +rm -rf "$TEST_HOME" |
| 79 | + |
| 80 | +# Report results |
| 81 | +reportResults |
0 commit comments