mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
added in the missing test cases to validate response structures (#19277)
* added in the missing test cases to validate response structures * added changelog file * remove unneeded changelog file * removed comment to update when indentity/entity is implemented --------- Co-authored-by: lursu <leland.ursu@hashicorp.com>
This commit is contained in:
Leland Ursu
@@ -4,43 +4,51 @@ import (
|
||||
"encoding/hex"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
||||
"github.com/go-test/deep"
|
||||
"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
// Test to check if the API errors out when wrong number of PGP keys are
|
||||
// supplied for rekey
|
||||
func TestSysRekey_Init_pgpKeysEntriesForRekey(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
||||
HandlerFunc: Handler,
|
||||
RequestResponseCallback: schema.ResponseValidatingCallback(t),
|
||||
})
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
cl := cluster.Cores[0].Client
|
||||
|
||||
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
|
||||
_, err := cl.Logical().Write("sys/rekey/init", map[string]interface{}{
|
||||
"secret_shares": 5,
|
||||
"secret_threshold": 3,
|
||||
"pgp_keys": []string{"pgpkey1"},
|
||||
})
|
||||
testResponseStatus(t, resp, 400)
|
||||
if err == nil {
|
||||
t.Fatal("should have failed to write pgp key entry due to mismatched keys", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestSysRekey_Init_Status(t *testing.T) {
|
||||
t.Run("status-barrier-default", func(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
||||
HandlerFunc: Handler,
|
||||
RequestResponseCallback: schema.ResponseValidatingCallback(t),
|
||||
})
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
cl := cluster.Cores[0].Client
|
||||
|
||||
resp, err := http.Get(addr + "/v1/sys/rekey/init")
|
||||
resp, err := cl.Logical().Read("sys/rekey/init")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
var actual map[string]interface{}
|
||||
actual := resp.Data
|
||||
expected := map[string]interface{}{
|
||||
"started": false,
|
||||
"t": json.Number("0"),
|
||||
@@ -52,8 +60,7 @@ func TestSysRekey_Init_Status(t *testing.T) {
|
||||
"nonce": "",
|
||||
"verification_required": false,
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
|
||||
}
|
||||
@@ -62,19 +69,24 @@ func TestSysRekey_Init_Status(t *testing.T) {
|
||||
|
||||
func TestSysRekey_Init_Setup(t *testing.T) {
|
||||
t.Run("init-barrier-barrier-key", func(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
||||
HandlerFunc: Handler,
|
||||
RequestResponseCallback: schema.ResponseValidatingCallback(t),
|
||||
})
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
cl := cluster.Cores[0].Client
|
||||
|
||||
// Start rekey
|
||||
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
|
||||
resp, err := cl.Logical().Write("sys/rekey/init", map[string]interface{}{
|
||||
"secret_shares": 5,
|
||||
"secret_threshold": 3,
|
||||
})
|
||||
testResponseStatus(t, resp, 200)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
var actual map[string]interface{}
|
||||
actual := resp.Data
|
||||
expected := map[string]interface{}{
|
||||
"started": true,
|
||||
"t": json.Number("3"),
|
||||
@@ -85,8 +97,7 @@ func TestSysRekey_Init_Setup(t *testing.T) {
|
||||
"backup": false,
|
||||
"verification_required": false,
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
|
||||
if actual["nonce"].(string) == "" {
|
||||
t.Fatalf("nonce was empty")
|
||||
}
|
||||
@@ -96,9 +107,12 @@ func TestSysRekey_Init_Setup(t *testing.T) {
|
||||
}
|
||||
|
||||
// Get rekey status
|
||||
resp = testHttpGet(t, token, addr+"/v1/sys/rekey/init")
|
||||
resp, err = cl.Logical().Read("sys/rekey/init")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
actual = map[string]interface{}{}
|
||||
actual = resp.Data
|
||||
expected = map[string]interface{}{
|
||||
"started": true,
|
||||
"t": json.Number("3"),
|
||||
@@ -109,8 +123,6 @@ func TestSysRekey_Init_Setup(t *testing.T) {
|
||||
"backup": false,
|
||||
"verification_required": false,
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if actual["nonce"].(string) == "" {
|
||||
t.Fatalf("nonce was empty")
|
||||
}
|
||||
@@ -126,26 +138,33 @@ func TestSysRekey_Init_Setup(t *testing.T) {
|
||||
|
||||
func TestSysRekey_Init_Cancel(t *testing.T) {
|
||||
t.Run("cancel-barrier-barrier-key", func(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
||||
HandlerFunc: Handler,
|
||||
RequestResponseCallback: schema.ResponseValidatingCallback(t),
|
||||
})
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
cl := cluster.Cores[0].Client
|
||||
|
||||
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
|
||||
_, err := cl.Logical().Write("sys/rekey/init", map[string]interface{}{
|
||||
"secret_shares": 5,
|
||||
"secret_threshold": 3,
|
||||
})
|
||||
testResponseStatus(t, resp, 200)
|
||||
|
||||
resp = testHttpDelete(t, token, addr+"/v1/sys/rekey/init")
|
||||
testResponseStatus(t, resp, 204)
|
||||
|
||||
resp, err := http.Get(addr + "/v1/sys/rekey/init")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
var actual map[string]interface{}
|
||||
_, err = cl.Logical().Delete("sys/rekey/init")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
resp, err := cl.Logical().Read("sys/rekey/init")
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
actual := resp.Data
|
||||
expected := map[string]interface{}{
|
||||
"started": false,
|
||||
"t": json.Number("0"),
|
||||
@@ -157,8 +176,6 @@ func TestSysRekey_Init_Cancel(t *testing.T) {
|
||||
"nonce": "",
|
||||
"verification_required": false,
|
||||
}
|
||||
testResponseStatus(t, resp, 200)
|
||||
testResponseBody(t, resp, &actual)
|
||||
if !reflect.DeepEqual(actual, expected) {
|
||||
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"github.com/hashicorp/vault/api"
|
||||
vaulthttp "github.com/hashicorp/vault/http"
|
||||
"github.com/hashicorp/vault/internalshared/configutil"
|
||||
"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/net/http2"
|
||||
@@ -20,7 +21,8 @@ import (
|
||||
|
||||
func TestSysPprof(t *testing.T) {
|
||||
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
||||
HandlerFunc: vaulthttp.Handler,
|
||||
HandlerFunc: vaulthttp.Handler,
|
||||
RequestResponseCallback: schema.ResponseValidatingCallback(t),
|
||||
})
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
|
||||
@@ -6,6 +6,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/vault/api"
|
||||
"github.com/hashicorp/vault/sdk/helper/testhelpers/schema"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
@@ -130,6 +131,7 @@ func waitForRemovalOrTimeout(c *api.Client, path string, tick, to time.Duration)
|
||||
func TestQuotas_RateLimit_DupName(t *testing.T) {
|
||||
conf, opts := teststorage.ClusterSetup(coreConfig, nil, nil)
|
||||
opts.NoDefaultQuotas = true
|
||||
opts.RequestResponseCallback = schema.ResponseValidatingCallback(t)
|
||||
cluster := vault.NewTestCluster(t, conf, opts)
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
@@ -165,6 +167,7 @@ func TestQuotas_RateLimit_DupName(t *testing.T) {
|
||||
func TestQuotas_RateLimit_DupPath(t *testing.T) {
|
||||
conf, opts := teststorage.ClusterSetup(coreConfig, nil, nil)
|
||||
opts.NoDefaultQuotas = true
|
||||
opts.RequestResponseCallback = schema.ResponseValidatingCallback(t)
|
||||
cluster := vault.NewTestCluster(t, conf, opts)
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
@@ -204,7 +207,7 @@ func TestQuotas_RateLimit_DupPath(t *testing.T) {
|
||||
func TestQuotas_RateLimitQuota_ExemptPaths(t *testing.T) {
|
||||
conf, opts := teststorage.ClusterSetup(coreConfig, nil, nil)
|
||||
opts.NoDefaultQuotas = true
|
||||
|
||||
opts.RequestResponseCallback = schema.ResponseValidatingCallback(t)
|
||||
cluster := vault.NewTestCluster(t, conf, opts)
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
@@ -256,7 +259,7 @@ func TestQuotas_RateLimitQuota_ExemptPaths(t *testing.T) {
|
||||
func TestQuotas_RateLimitQuota_DefaultExemptPaths(t *testing.T) {
|
||||
conf, opts := teststorage.ClusterSetup(coreConfig, nil, nil)
|
||||
opts.NoDefaultQuotas = true
|
||||
|
||||
opts.RequestResponseCallback = schema.ResponseValidatingCallback(t)
|
||||
cluster := vault.NewTestCluster(t, conf, opts)
|
||||
cluster.Start()
|
||||
defer cluster.Cleanup()
|
||||
|
||||
@@ -2542,6 +2542,14 @@ func TestSystemBackend_rawRead_Compressed(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
|
||||
if !strings.HasPrefix(resp.Data["value"].(string), `{"type":"mounts"`) {
|
||||
t.Fatalf("bad: %v", resp)
|
||||
}
|
||||
@@ -2644,6 +2652,13 @@ func TestSystemBackend_rawRead_Compressed(t *testing.T) {
|
||||
t.Fatalf("bad: %v", resp)
|
||||
}
|
||||
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
|
||||
req = logical.TestRequest(t, logical.ReadOperation, "raw/test_raw")
|
||||
resp, err = b.HandleRequest(namespace.RootContext(nil), req)
|
||||
if err == nil {
|
||||
@@ -2832,6 +2847,13 @@ func TestSystemBackend_rawReadWrite_Compressed(t *testing.T) {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
|
||||
// Read back and check gzip was applied by looking for prefix byte
|
||||
req = logical.TestRequest(t, logical.ReadOperation, "raw/core/mounts")
|
||||
req.Data = map[string]interface{}{
|
||||
@@ -3073,6 +3095,13 @@ func TestSystemBackend_rawDelete(t *testing.T) {
|
||||
t.Fatalf("bad: %v", resp)
|
||||
}
|
||||
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
|
||||
// Policy should be gone
|
||||
c.policyStore.tokenPoliciesLRU.Purge()
|
||||
out, err := c.policyStore.GetPolicy(namespace.RootContext(nil), "test", PolicyTypeToken)
|
||||
|
||||
Reference in New Issue
Block a user