From d83a461ae263d1de78e3bbb2ba5153b02b435102 Mon Sep 17 00:00:00 2001
From: AkhtarAmir <AkhtarAmir>
Date: Wed, 6 Nov 2024 17:06:19 +0500
Subject: [PATCH] Revised keyVaultSecretExpiryNonRbac

---
 .../keyVaultSecretExpiryNonRbac.spec.js       | 28 +++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/plugins/azure/keyvaults/keyVaultSecretExpiryNonRbac.spec.js b/plugins/azure/keyvaults/keyVaultSecretExpiryNonRbac.spec.js
index cc9fe532f4..45ed444a82 100644
--- a/plugins/azure/keyvaults/keyVaultSecretExpiryNonRbac.spec.js
+++ b/plugins/azure/keyvaults/keyVaultSecretExpiryNonRbac.spec.js
@@ -1,5 +1,5 @@
 var expect = require('chai').expect;
-var auth = require('./keyVaultSecretExpiry');
+var auth = require('./keyVaultSecretExpiryNonRbac');
 
 var secretExpiryPass = new Date();
 secretExpiryPass.setMonth(secretExpiryPass.getMonth() + 2);
@@ -20,9 +20,12 @@ const listKeyVaults = [
         "sku": {
             "family": "A",
             "name": "Standard"
+        },
+        "properties": {
+            "enableRbacAuthorization": false  // Non-RBAC vault
         }
     },
-    { 
+    {
         "id": "/subscriptions/abcdef123-ebf6-437f-a3b0-28fc0d22117e/resourceGroups/Default-ActivityLogAlerts/providers/Microsoft.KeyVault/vaults/testvault",
         "name": "testvault",
         "type": "Microsoft.KeyVault/vaults",
@@ -31,6 +34,9 @@ const listKeyVaults = [
         "sku": {
             "family": "A",
             "name": "Standard"
+        },
+        "properties": {
+            "enableRbacAuthorization": true  // RBAC vault
         }
     }
 ];
@@ -138,7 +144,7 @@ const createCache = (err, list, get) => {
     }
 };
 
-describe('keyVaultSecretExpiry', function() {
+describe('keyVaultSecretExpiryNonRbac', function() {
     describe('run', function() {
         it('should give passing result if no secrets found', function(done) {
             const callback = (err, results) => {
@@ -152,7 +158,19 @@ describe('keyVaultSecretExpiry', function() {
             auth.run(createCache(null, [], {}), {}, callback);
         });
 
-        it('should give passing result if secret expiration is not enabled', function(done) {
+        it('should give passing result if vault is RBAC-enabled', function(done) {
+            const callback = (err, results) => {
+                expect(results.length).to.equal(1);
+                expect(results[0].status).to.equal(0);
+                expect(results[0].message).to.include('Key Vault is RBAC-enabled');
+                expect(results[0].region).to.equal('eastus');
+                done()
+            };
+
+            auth.run(createCache(null, [listKeyVaults[1]], {}), {}, callback);
+        });
+
+        it('should give passing result if secret expiration is not enabled in non-RBAC vault', function(done) {
             const callback = (err, results) => {
                 expect(results.length).to.equal(1);
                 expect(results[0].status).to.equal(0);
@@ -164,7 +182,7 @@ describe('keyVaultSecretExpiry', function() {
             auth.run(createCache(null, [listKeyVaults[0]], getSecrets[0]), {}, callback);
         });
 
-        it('should give passing result if secret expiry is not yet reached', function(done) {
+        it('should give passing result if secret expiry is not yet reached in non-RBAC vault', function(done) {
             const callback = (err, results) => {
                 expect(results.length).to.equal(1);
                 expect(results[0].status).to.equal(0);