mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 01:32:33 +00:00
Update the default kv factory to kv.Factory (#23584)
* Update the default kv mount to kv.Factory * Imports * Set some tests that care about leaseapssthroughbackend to use it * extra newline * More test updates * Test updates * Refactor KV mounting in tests * Re-add comment
This commit is contained in:
Violet Hynes
@@ -7,11 +7,17 @@ import (
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/vault/sdk/helper/jsonutil"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
func TestSysRenew(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
coreConfig := &vault.CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": vault.LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, token := vault.TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||||
"github.com/hashicorp/vault/helper/versions"
|
||||
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||
"github.com/hashicorp/vault/sdk/logical"
|
||||
"github.com/hashicorp/vault/vault"
|
||||
)
|
||||
|
||||
@@ -994,7 +995,12 @@ func TestSysTuneMount_Options(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSysTuneMount(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
coreConfig := &vault.CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": vault.LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, token := vault.TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
TestServerAuth(t, addr, token)
|
||||
|
||||
@@ -26,7 +26,7 @@ import (
|
||||
"sync/atomic"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
||||
kv "github.com/hashicorp/vault-plugin-secrets-kv"
|
||||
|
||||
"github.com/armon/go-metrics"
|
||||
"github.com/hashicorp/errwrap"
|
||||
@@ -36,6 +36,7 @@ import (
|
||||
"github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/go-secure-stdlib/mlock"
|
||||
"github.com/hashicorp/go-secure-stdlib/parseutil"
|
||||
"github.com/hashicorp/go-secure-stdlib/reloadutil"
|
||||
"github.com/hashicorp/go-secure-stdlib/strutil"
|
||||
"github.com/hashicorp/go-secure-stdlib/tlsutil"
|
||||
@@ -1325,7 +1326,7 @@ func (c *Core) configureLogicalBackends(backends map[string]logical.Factory, log
|
||||
// KV
|
||||
_, ok := logicalBackends[mountTypeKV]
|
||||
if !ok {
|
||||
logicalBackends[mountTypeKV] = PassthroughBackendFactory
|
||||
logicalBackends[mountTypeKV] = kv.Factory
|
||||
}
|
||||
|
||||
// Cubbyhole
|
||||
|
||||
@@ -468,7 +468,12 @@ func TestCore_Unseal_MultiShare(t *testing.T) {
|
||||
// TestCore_UseSSCTokenToggleOn will check that the root SSC
|
||||
// token can be used even when disableSSCTokens is toggled on
|
||||
func TestCore_UseSSCTokenToggleOn(t *testing.T) {
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
c.disableSSCTokens = true
|
||||
req := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
@@ -519,6 +524,9 @@ func TestCore_UseSSCTokenToggleOn(t *testing.T) {
|
||||
func TestCore_UseNonSSCTokenToggleOff(t *testing.T) {
|
||||
coreConfig := &CoreConfig{
|
||||
DisableSSCTokens: true,
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
if len(root) > TokenLength+OldTokenPrefixLength || !strings.HasPrefix(root, consts.LegacyServiceTokenPrefix) {
|
||||
@@ -981,7 +989,12 @@ func TestCore_Seal_SingleUse(t *testing.T) {
|
||||
|
||||
// Ensure we get a LeaseID
|
||||
func TestCore_HandleRequest_Lease(t *testing.T) {
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
|
||||
req := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
@@ -1027,7 +1040,12 @@ func TestCore_HandleRequest_Lease(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
|
||||
req := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
@@ -1073,7 +1091,12 @@ func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) {
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
|
||||
req := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
@@ -2358,7 +2381,7 @@ func testCore_Standby_Common(t *testing.T, inm physical.Backend, inmha physical.
|
||||
// Wait for core to become active
|
||||
TestWaitActive(t, core)
|
||||
|
||||
testCoreAddSecretMount(t, core, root)
|
||||
testCoreAddSecretMount(t, core, root, "1")
|
||||
|
||||
// Put a secret
|
||||
req := &logical.Request{
|
||||
@@ -2630,7 +2653,12 @@ func TestCore_HandleLogin_ReturnSecret(t *testing.T) {
|
||||
|
||||
// Renew should return the same lease back
|
||||
func TestCore_RenewSameLease(t *testing.T) {
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
|
||||
// Create a leasable secret
|
||||
req := &logical.Request{
|
||||
@@ -2761,7 +2789,12 @@ func TestCore_EnableDisableCred_WithLease(t *testing.T) {
|
||||
BackendType: logical.TypeCredential,
|
||||
}
|
||||
|
||||
c, _, root := TestCoreUnsealed(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
c.credentialBackends["noop"] = func(context.Context, *logical.BackendConfig) (logical.Backend, error) {
|
||||
return noopBack, nil
|
||||
}
|
||||
|
||||
@@ -1146,7 +1146,13 @@ func TestSystemBackend_remount_trailingSpacesInToPath(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_leases(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -1186,7 +1192,7 @@ func TestSystemBackend_leases(t *testing.T) {
|
||||
// validate the response structure for Update
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
schema.GetResponseSchema(t, b.Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
@@ -1205,7 +1211,13 @@ func TestSystemBackend_leases(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_leases_list(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -1244,7 +1256,7 @@ func TestSystemBackend_leases_list(t *testing.T) {
|
||||
// validate the response body for list
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req.Path), req.Operation),
|
||||
schema.GetResponseSchema(t, b.Route(req.Path), req.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
@@ -1370,7 +1382,13 @@ func TestSystemBackend_leases_list(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_renew(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -1409,7 +1427,7 @@ func TestSystemBackend_renew(t *testing.T) {
|
||||
// Validate lease renewal response structure
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req2.Path), req2.Operation),
|
||||
schema.GetResponseSchema(t, b.Route(req2.Path), req2.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
@@ -1549,7 +1567,13 @@ func TestSystemBackend_renew_invalidID_origUrl(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_revoke(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -1712,7 +1736,13 @@ func TestSystemBackend_revoke_invalidID_origUrl(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_revokePrefix(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -1752,7 +1782,7 @@ func TestSystemBackend_revokePrefix(t *testing.T) {
|
||||
// validate the response structure for lease revoke-prefix
|
||||
schema.ValidateResponse(
|
||||
t,
|
||||
schema.GetResponseSchema(t, b.(*SystemBackend).Route(req2.Path), req2.Operation),
|
||||
schema.GetResponseSchema(t, b.Route(req2.Path), req2.Operation),
|
||||
resp,
|
||||
true,
|
||||
)
|
||||
@@ -1769,7 +1799,13 @@ func TestSystemBackend_revokePrefix(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_revokePrefix_origUrl(t *testing.T) {
|
||||
core, b, root := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := core.systemBackend
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
@@ -4096,7 +4132,13 @@ func TestSystemBackend_InternalUIMount(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestSystemBackend_OpenAPI(t *testing.T) {
|
||||
_, b, rootToken := testCoreSystemBackend(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
c, _, rootToken := TestCoreUnsealedWithConfig(t, coreConfig)
|
||||
b := c.systemBackend
|
||||
|
||||
// Ensure no paths are reported if there is no token
|
||||
{
|
||||
|
||||
@@ -434,7 +434,12 @@ func TestRequestHandling_LoginMetric(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestRequestHandling_SecretLeaseMetric(t *testing.T) {
|
||||
core, _, root, sink := TestCoreUnsealedWithMetrics(t)
|
||||
coreConfig := &CoreConfig{
|
||||
LogicalBackends: map[string]logical.Factory{
|
||||
"kv": LeasedPassthroughBackendFactory,
|
||||
},
|
||||
}
|
||||
core, _, root, sink := TestCoreUnsealedWithMetricsAndConfig(t, coreConfig)
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
|
||||
|
||||
@@ -36,6 +36,7 @@ import (
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-secure-stdlib/reloadutil"
|
||||
raftlib "github.com/hashicorp/raft"
|
||||
kv "github.com/hashicorp/vault-plugin-secrets-kv"
|
||||
"github.com/hashicorp/vault/api"
|
||||
"github.com/hashicorp/vault/audit"
|
||||
auditFile "github.com/hashicorp/vault/builtin/audit/file"
|
||||
@@ -296,7 +297,7 @@ func testCoreConfig(t testing.T, physicalBackend physical.Backend, logger log.Lo
|
||||
logicalBackends[backendName] = backendFactory
|
||||
}
|
||||
|
||||
logicalBackends["kv"] = LeasedPassthroughBackendFactory
|
||||
logicalBackends["kv"] = kv.Factory
|
||||
for backendName, backendFactory := range testLogicalBackends {
|
||||
logicalBackends[backendName] = backendFactory
|
||||
}
|
||||
@@ -395,6 +396,14 @@ func TestCoreUnsealedWithMetrics(t testing.T) (*Core, [][]byte, string, *metrics
|
||||
return core, keys, root, sink
|
||||
}
|
||||
|
||||
func TestCoreUnsealedWithMetricsAndConfig(t testing.T, conf *CoreConfig) (*Core, [][]byte, string, *metrics.InmemSink) {
|
||||
t.Helper()
|
||||
conf.BuiltinRegistry = corehelpers.NewMockBuiltinRegistry()
|
||||
sink := SetupMetrics(conf)
|
||||
core, keys, root := TestCoreUnsealedWithConfig(t, conf)
|
||||
return core, keys, root, sink
|
||||
}
|
||||
|
||||
// TestCoreUnsealedRaw returns a pure in-memory core that is already
|
||||
// initialized, unsealed, and with raw endpoints enabled.
|
||||
func TestCoreUnsealedRaw(t testing.T) (*Core, [][]byte, string) {
|
||||
@@ -415,7 +424,7 @@ func testCoreUnsealed(t testing.T, core *Core) (*Core, [][]byte, string) {
|
||||
t.Helper()
|
||||
token, keys := TestInitUnsealCore(t, core)
|
||||
|
||||
testCoreAddSecretMount(t, core, token)
|
||||
testCoreAddSecretMount(t, core, token, "1")
|
||||
return core, keys, token
|
||||
}
|
||||
|
||||
@@ -433,7 +442,7 @@ func TestInitUnsealCore(t testing.T, core *Core) (string, [][]byte) {
|
||||
return token, keys
|
||||
}
|
||||
|
||||
func testCoreAddSecretMount(t testing.T, core *Core, token string) {
|
||||
func testCoreAddSecretMount(t testing.T, core *Core, token, kvVersion string) {
|
||||
kvReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
ClientToken: token,
|
||||
@@ -443,7 +452,7 @@ func testCoreAddSecretMount(t testing.T, core *Core, token string) {
|
||||
"path": "secret/",
|
||||
"description": "key/value secret storage",
|
||||
"options": map[string]string{
|
||||
"version": "1",
|
||||
"version": kvVersion,
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -2136,28 +2145,7 @@ func (tc *TestCluster) initCores(t testing.T, opts *TestClusterOptions, addAudit
|
||||
kvVersion = opts.KVVersion
|
||||
}
|
||||
|
||||
// Existing tests rely on this; we can make a toggle to disable it
|
||||
// later if we want
|
||||
kvReq := &logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
ClientToken: tc.RootToken,
|
||||
Path: "sys/mounts/secret",
|
||||
Data: map[string]interface{}{
|
||||
"type": "kv",
|
||||
"path": "secret/",
|
||||
"description": "key/value secret storage",
|
||||
"options": map[string]string{
|
||||
"version": kvVersion,
|
||||
},
|
||||
},
|
||||
}
|
||||
resp, err := leader.Core.HandleRequest(namespace.RootContext(ctx), kvReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if resp.IsError() {
|
||||
t.Fatal(err)
|
||||
}
|
||||
testCoreAddSecretMount(t, leader.Core, tc.RootToken, kvVersion)
|
||||
|
||||
cfg, err := leader.Core.seal.BarrierConfig(ctx)
|
||||
if err != nil {
|
||||
@@ -2217,7 +2205,7 @@ func (tc *TestCluster) initCores(t testing.T, opts *TestClusterOptions, addAudit
|
||||
"type": "noop",
|
||||
},
|
||||
}
|
||||
resp, err = leader.Core.HandleRequest(namespace.RootContext(ctx), auditReq)
|
||||
resp, err := leader.Core.HandleRequest(namespace.RootContext(ctx), auditReq)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user