diff --git a/builtin/logical/postgresql/backend_test.go b/builtin/logical/postgresql/backend_test.go index ec53040acb..7e37191146 100644 --- a/builtin/logical/postgresql/backend_test.go +++ b/builtin/logical/postgresql/backend_test.go @@ -9,6 +9,7 @@ import ( "sync" "testing" "time" + "path" "github.com/hashicorp/vault/logical" logicaltest "github.com/hashicorp/vault/logical/testing" @@ -182,17 +183,15 @@ func TestBackend_roleReadOnly(t *testing.T) { } logicaltest.Test(t, logicaltest.TestCase{ - AcceptanceTest: true, - PreCheck: func() { testAccPreCheck(t) }, Backend: b, Steps: []logicaltest.TestStep{ testAccStepConfig(t, connData, false), testAccStepCreateRole(t, "web", testRole), testAccStepCreateRole(t, "web-readonly", testReadOnlyRole), testAccStepReadRole(t, "web-readonly", testReadOnlyRole), - testAccStepCreateTable(t, b, "web"), - testAccStepReadCreds(t, b, "web-readonly"), - testAccStepDropTable(t, b, "web"), + testAccStepCreateTable(t, b, config.StorageView, "web", connURL), + testAccStepReadCreds(t, b, config.StorageView, "web-readonly", connURL), + testAccStepDropTable(t, b, config.StorageView, "web", connURL), testAccStepDeleteRole(t, "web-readonly"), testAccStepDeleteRole(t, "web"), testAccStepReadRole(t, "web-readonly", ""), @@ -229,27 +228,27 @@ func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool) } } -func testAccStepCreateRole(t *testing.T, n string, sql string) logicaltest.TestStep { +func testAccStepCreateRole(t *testing.T, name string, sql string) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.UpdateOperation, - Path: "roles/" + n, + Path: path.Join("roles", name), Data: map[string]interface{}{ "sql": sql, }, } } -func testAccStepDeleteRole(t *testing.T, n string) logicaltest.TestStep { +func testAccStepDeleteRole(t *testing.T, name string) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.DeleteOperation, - Path: "roles/" + n, + Path: path.Join("roles", name), } } func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, name string, connURL string) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.ReadOperation, - Path: "creds/" + name, + Path: path.Join("creds", name), Check: func(resp *logical.Response) error { var d struct { Username string `mapstructure:"username"` @@ -258,8 +257,7 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na if err := mapstructure.Decode(resp.Data, &d); err != nil { return err } - log.Printf("[WARN] Generated credentials: %v", d) - + log.Printf("[TRACE] Generated credentials: %v", d) conn, err := pq.ParseURL(connURL) if err != nil { @@ -293,8 +291,11 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na return i } + // minNumPermissions is the minimum number of permissions that will always be present. + const minNumPermissions = 2 + userRows := returnedRows() - if userRows < 2 { + if userRows < minNumPermissions { t.Fatalf("did not get expected number of rows, got %d", userRows) } @@ -328,10 +329,11 @@ func testAccStepReadCreds(t *testing.T, b logical.Backend, s logical.Storage, na } } -func testAccStepCreateTable(t *testing.T, b logical.Backend, name string) logicaltest.TestStep { + +func testAccStepCreateTable(t *testing.T, b logical.Backend, s logical.Storage, name string, connURL string) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.ReadOperation, - Path: "creds/" + name, + Path: path.Join("creds", name), Check: func(resp *logical.Response) error { var d struct { Username string `mapstructure:"username"` @@ -340,8 +342,9 @@ func testAccStepCreateTable(t *testing.T, b logical.Backend, name string) logica if err := mapstructure.Decode(resp.Data, &d); err != nil { return err } - log.Printf("[WARN] Generated credentials: %v", d) - conn, err := pq.ParseURL(os.Getenv("PG_URL")) + log.Printf("[TRACE] Generated credentials: %v", d) + conn, err := pq.ParseURL(connURL) + if err != nil { t.Fatal(err) } @@ -360,6 +363,7 @@ func testAccStepCreateTable(t *testing.T, b logical.Backend, name string) logica resp, err = b.HandleRequest(&logical.Request{ Operation: logical.RevokeOperation, + Storage: s, Secret: &logical.Secret{ InternalData: map[string]interface{}{ "secret_type": "creds", @@ -381,10 +385,10 @@ func testAccStepCreateTable(t *testing.T, b logical.Backend, name string) logica } } -func testAccStepDropTable(t *testing.T, b logical.Backend, name string) logicaltest.TestStep { +func testAccStepDropTable(t *testing.T, b logical.Backend, s logical.Storage, name string, connURL string) logicaltest.TestStep { return logicaltest.TestStep{ Operation: logical.ReadOperation, - Path: "creds/" + name, + Path: path.Join("creds", name), Check: func(resp *logical.Response) error { var d struct { Username string `mapstructure:"username"` @@ -393,8 +397,9 @@ func testAccStepDropTable(t *testing.T, b logical.Backend, name string) logicalt if err := mapstructure.Decode(resp.Data, &d); err != nil { return err } - log.Printf("[WARN] Generated credentials: %v", d) - conn, err := pq.ParseURL(os.Getenv("PG_URL")) + log.Printf("[TRACE] Generated credentials: %v", d) + conn, err := pq.ParseURL(connURL) + if err != nil { t.Fatal(err) } @@ -413,6 +418,7 @@ func testAccStepDropTable(t *testing.T, b logical.Backend, name string) logicalt resp, err = b.HandleRequest(&logical.Request{ Operation: logical.RevokeOperation, + Storage: s, Secret: &logical.Secret{ InternalData: map[string]interface{}{ "secret_type": "creds",