diff --git a/integrationTests/basic/jwt_auth.test.js b/integrationTests/basic/jwt_auth.test.js index 259ba05a..ed3282bb 100644 --- a/integrationTests/basic/jwt_auth.test.js +++ b/integrationTests/basic/jwt_auth.test.js @@ -108,22 +108,6 @@ describe('jwt auth', () => { } }); - await got(`${vaultUrl}/v1/auth/jwt/role/default`, { - method: 'POST', - headers: { - 'X-Vault-Token': vaultToken, - }, - json: { - role_type: 'jwt', - bound_audiences: 'https://github.com/hashicorp/vault-action', - bound_claims: { - iss: 'vault-action' - }, - user_claim: 'iss', - policies: ['reader'] - } - }); - await got(`${vaultUrl}/v1/secret/data/test`, { method: 'POST', headers: { @@ -138,8 +122,25 @@ describe('jwt auth', () => { }); describe('authenticate with private key', () => { + beforeAll(async () => { + await got(`${vaultUrl}/v1/auth/jwt/role/default`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + role_type: 'jwt', + bound_audiences: null, + bound_claims: { + iss: 'vault-action' + }, + user_claim: 'iss', + policies: ['reader'] + } + }); + }); + beforeEach(() => { - jest.resetAllMocks(); when(core.getInput) .calledWith('url', expect.anything()) @@ -170,6 +171,22 @@ describe('jwt auth', () => { describe('authenticate with Github OIDC', () => { beforeAll(async () => { + await got(`${vaultUrl}/v1/auth/jwt/role/default`, { + method: 'POST', + headers: { + 'X-Vault-Token': vaultToken, + }, + json: { + role_type: 'jwt', + bound_audiences: 'https://github.com/hashicorp/vault-action', + bound_claims: { + iss: 'vault-action' + }, + user_claim: 'iss', + policies: ['reader'] + } + }); + await got(`${vaultUrl}/v1/auth/jwt/role/default-sigstore`, { method: 'POST', headers: {