mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 19:17:58 +00:00
Revert the WithContext changes to vault tests (#14947)
This commit is contained in:
Anton Averchenkov
committed by
GitHub
GitHub
parent
48b43e9213
commit
e7b5b2a48d
@@ -67,7 +67,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -78,7 +78,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -89,7 +89,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
}
|
||||
|
||||
// Create a role which does require CN (default)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
|
||||
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
@@ -101,7 +101,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
|
||||
// Issue a cert with require_cn set to true and with common name supplied.
|
||||
// It should succeed.
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -110,13 +110,13 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
|
||||
// Issue a cert with require_cn set to true and with out supplying the
|
||||
// common name. It should error out.
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
|
||||
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
|
||||
if err == nil {
|
||||
t.Fatalf("expected an error due to missing common_name")
|
||||
}
|
||||
|
||||
// Modify the role to make the common name optional
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
|
||||
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
@@ -129,7 +129,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
|
||||
// Issue a cert with require_cn set to false and without supplying the
|
||||
// common name. It should succeed.
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
|
||||
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -140,7 +140,7 @@ func TestPKI_RequireCN(t *testing.T) {
|
||||
|
||||
// Issue a cert with require_cn set to false and with a common name. It
|
||||
// should succeed.
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{})
|
||||
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -164,7 +164,7 @@ func TestPKI_DeviceCert(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -175,7 +175,7 @@ func TestPKI_DeviceCert(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
"not_after": "9999-12-31T23:59:59Z",
|
||||
})
|
||||
@@ -202,7 +202,7 @@ func TestPKI_DeviceCert(t *testing.T) {
|
||||
}
|
||||
|
||||
// Create a role which does require CN (default)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/example", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
|
||||
"allowed_domains": "foobar.com,zipzap.com,abc.com,xyz.com",
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
@@ -214,7 +214,7 @@ func TestPKI_DeviceCert(t *testing.T) {
|
||||
|
||||
// Issue a cert with require_cn set to true and with common name supplied.
|
||||
// It should succeed.
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/example", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki/issue/example", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -250,7 +250,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -261,7 +261,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
"not_after": "9999-12-31T23:59:59Z",
|
||||
"ttl": "25h",
|
||||
@@ -270,7 +270,7 @@ func TestBackend_InvalidParameter(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
"not_after": "9999-12-31T23:59:59",
|
||||
})
|
||||
@@ -2278,7 +2278,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -2289,7 +2289,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -2298,7 +2298,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
if resp == nil {
|
||||
t.Fatal("expected ca info")
|
||||
}
|
||||
resp, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
|
||||
resp, err = client.Logical().Read("pki/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatalf("error reading ca_chain: %v", err)
|
||||
}
|
||||
@@ -2306,7 +2306,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
r1Data := resp.Data
|
||||
|
||||
// Try again, make sure it's a 204 and same CA
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -2318,7 +2318,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
if resp.Data != nil || len(resp.Warnings) == 0 {
|
||||
t.Fatalf("bad response: %#v", *resp)
|
||||
}
|
||||
resp, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
|
||||
resp, err = client.Logical().Read("pki/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatalf("error reading ca_chain: %v", err)
|
||||
}
|
||||
@@ -2327,7 +2327,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
t.Fatal("got different ca certs")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().DeleteWithContext(context.Background(), "pki/root")
|
||||
resp, err = client.Logical().Delete("pki/root")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -2335,7 +2335,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
t.Fatal("expected nil response")
|
||||
}
|
||||
// Make sure it behaves the same
|
||||
resp, err = client.Logical().DeleteWithContext(context.Background(), "pki/root")
|
||||
resp, err = client.Logical().Delete("pki/root")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -2343,12 +2343,12 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
t.Fatal("expected nil response")
|
||||
}
|
||||
|
||||
_, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
|
||||
_, err = client.Logical().Read("pki/cert/ca_chain")
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -2358,7 +2358,7 @@ func TestBackend_Root_Idempotency(t *testing.T) {
|
||||
t.Fatal("expected ca info")
|
||||
}
|
||||
|
||||
_, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/ca_chain")
|
||||
_, err = client.Logical().Read("pki/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -2378,7 +2378,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
|
||||
err = client.Sys().Mount("root", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -2388,7 +2388,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
err = client.Sys().MountWithContext(context.Background(), "int", &api.MountInput{
|
||||
err = client.Sys().Mount("int", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "4h",
|
||||
@@ -2400,7 +2400,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
}
|
||||
|
||||
// Direct issuing from root
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -2408,7 +2408,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
})
|
||||
@@ -2416,7 +2416,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "int/intermediate/generate/internal", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("int/intermediate/generate/internal", map[string]interface{}{
|
||||
"common_name": "myint.com",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -2425,7 +2425,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
|
||||
csr := resp.Data["csr"]
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/sign/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/sign/test", map[string]interface{}{
|
||||
"common_name": "myint.com",
|
||||
"csr": csr,
|
||||
"ttl": "60h",
|
||||
@@ -2434,7 +2434,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/sign-verbatim/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/sign-verbatim/test", map[string]interface{}{
|
||||
"common_name": "myint.com",
|
||||
"other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com",
|
||||
"csr": csr,
|
||||
@@ -2444,7 +2444,7 @@ func TestBackend_SignIntermediate_AllowedPastCA(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/root/sign-intermediate", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/root/sign-intermediate", map[string]interface{}{
|
||||
"common_name": "myint.com",
|
||||
"other_sans": "1.3.6.1.4.1.311.20.2.3;utf8:caadmin@example.com",
|
||||
"csr": csr,
|
||||
@@ -2772,7 +2772,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
|
||||
err = client.Sys().Mount("root", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -2788,7 +2788,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
var block *pem.Block
|
||||
var cert *x509.Certificate
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -2796,7 +2796,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
|
||||
"allowed_domains": []string{"foobar.com", "zipzap.com"},
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
@@ -2810,7 +2810,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
// Get a baseline before adding OID SANs. In the next sections we'll verify
|
||||
// that the SANs are all added even as the OID SAN inclusion forces other
|
||||
// adding logic (custom rather than built-in Golang logic)
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foobar.com,foo.foobar.com,bar.foobar.com",
|
||||
@@ -2836,7 +2836,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// First test some bad stuff that shouldn't work
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2848,7 +2848,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2860,7 +2860,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2872,7 +2872,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2884,7 +2884,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2897,7 +2897,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// Valid for first possibility
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2927,7 +2927,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// Valid for second possibility
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -2963,7 +2963,7 @@ func TestBackend_OID_SANs(t *testing.T) {
|
||||
fmt.Sprintf("%s;%s:%s", oid1, type1, val1),
|
||||
fmt.Sprintf("%s;%s:%s", oid2, type2, val2),
|
||||
}
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -3015,7 +3015,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
|
||||
err = client.Sys().Mount("root", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3031,7 +3031,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
var block *pem.Block
|
||||
var cert *x509.Certificate
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -3040,7 +3040,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
}
|
||||
|
||||
// First test that Serial Numbers are not allowed
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
|
||||
"allow_any_name": true,
|
||||
"enforce_hostnames": false,
|
||||
})
|
||||
@@ -3048,7 +3048,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar",
|
||||
"ttl": "1h",
|
||||
})
|
||||
@@ -3056,7 +3056,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar",
|
||||
"ttl": "1h",
|
||||
"serial_number": "foobar",
|
||||
@@ -3066,7 +3066,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
}
|
||||
|
||||
// Update the role to allow serial numbers
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
|
||||
"allow_any_name": true,
|
||||
"enforce_hostnames": false,
|
||||
"allowed_serial_numbers": "f00*,b4r*",
|
||||
@@ -3075,7 +3075,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar",
|
||||
"ttl": "1h",
|
||||
// Not a valid serial number
|
||||
@@ -3086,7 +3086,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
}
|
||||
|
||||
// Valid for first possibility
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar",
|
||||
"serial_number": "f00bar",
|
||||
})
|
||||
@@ -3107,7 +3107,7 @@ func TestBackend_AllowedSerialNumbers(t *testing.T) {
|
||||
}
|
||||
|
||||
// Valid for second possibility
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar",
|
||||
"serial_number": "b4rf00",
|
||||
})
|
||||
@@ -3142,7 +3142,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
|
||||
client := cluster.Cores[0].Client
|
||||
var err error
|
||||
err = client.Sys().MountWithContext(context.Background(), "root", &api.MountInput{
|
||||
err = client.Sys().Mount("root", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3153,7 +3153,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -3161,7 +3161,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/roles/test", map[string]interface{}{
|
||||
"allowed_domains": []string{"foobar.com", "zipzap.com"},
|
||||
"allow_bare_domains": true,
|
||||
"allow_subdomains": true,
|
||||
@@ -3173,7 +3173,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// First test some bad stuff that shouldn't work
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -3185,7 +3185,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// Test valid single entry
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -3197,7 +3197,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// Test globed entry
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -3209,7 +3209,7 @@ func TestBackend_URI_SANs(t *testing.T) {
|
||||
}
|
||||
|
||||
// Test multiple entries
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "root/issue/test", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("root/issue/test", map[string]interface{}{
|
||||
"common_name": "foobar.com",
|
||||
"ip_sans": "1.2.3.4",
|
||||
"alt_names": "foo.foobar.com,bar.foobar.com",
|
||||
@@ -3258,7 +3258,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
client := cluster.Cores[0].Client
|
||||
|
||||
// Write test policy for userpass auth method.
|
||||
err := client.Sys().PutPolicyWithContext(context.Background(), "test", `
|
||||
err := client.Sys().PutPolicy("test", `
|
||||
path "pki/*" {
|
||||
capabilities = ["update"]
|
||||
}`)
|
||||
@@ -3272,7 +3272,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Configure test role for userpass.
|
||||
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/userpassname", map[string]interface{}{
|
||||
if _, err := client.Logical().Write("auth/userpass/users/userpassname", map[string]interface{}{
|
||||
"password": "test",
|
||||
"policies": "test",
|
||||
}); err != nil {
|
||||
@@ -3280,7 +3280,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Login userpass for test role and keep client token.
|
||||
secret, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/login/userpassname", map[string]interface{}{
|
||||
secret, err := client.Logical().Write("auth/userpass/login/userpassname", map[string]interface{}{
|
||||
"password": "test",
|
||||
})
|
||||
if err != nil || secret == nil {
|
||||
@@ -3289,14 +3289,14 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
userpassToken := secret.Auth.ClientToken
|
||||
|
||||
// Get auth accessor for identity template.
|
||||
auths, err := client.Sys().ListAuthWithContext(context.Background())
|
||||
auths, err := client.Sys().ListAuth()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
userpassAccessor := auths["userpass/"].Accessor
|
||||
|
||||
// Mount PKI.
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3308,7 +3308,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Generate internal CA.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -3317,7 +3317,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Write role PKI.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_uri_sans": []string{
|
||||
"spiffe://domain/{{identity.entity.aliases." + userpassAccessor + ".name}}",
|
||||
"spiffe://domain/{{identity.entity.aliases." + userpassAccessor + ".name}}/*", "spiffe://domain/foo",
|
||||
@@ -3331,27 +3331,27 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
|
||||
// Issue certificate with identity templating
|
||||
client.SetToken(userpassToken)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname, spiffe://domain/foo"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname, spiffe://domain/foo"})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Issue certificate with identity templating and glob
|
||||
client.SetToken(userpassToken)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname/bar"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/userpassname/bar"})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Issue certificate with non-matching identity template parameter
|
||||
client.SetToken(userpassToken)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/unknownuser"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/unknownuser"})
|
||||
if err == nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Set allowed_uri_sans_template to false.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_uri_sans_template": false,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -3359,7 +3359,7 @@ func TestBackend_AllowedURISANsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Issue certificate with userpassToken.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/users/userpassname"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"uri_sans": "spiffe://domain/users/userpassname"})
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
@@ -3382,7 +3382,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
client := cluster.Cores[0].Client
|
||||
|
||||
// Write test policy for userpass auth method.
|
||||
err := client.Sys().PutPolicyWithContext(context.Background(), "test", `
|
||||
err := client.Sys().PutPolicy("test", `
|
||||
path "pki/*" {
|
||||
capabilities = ["update"]
|
||||
}`)
|
||||
@@ -3396,7 +3396,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Configure test role for userpass.
|
||||
if _, err := client.Logical().WriteWithContext(context.Background(), "auth/userpass/users/userpassname", map[string]interface{}{
|
||||
if _, err := client.Logical().Write("auth/userpass/users/userpassname", map[string]interface{}{
|
||||
"password": "test",
|
||||
"policies": "test",
|
||||
}); err != nil {
|
||||
@@ -3410,14 +3410,14 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Get auth accessor for identity template.
|
||||
auths, err := client.Sys().ListAuthWithContext(context.Background())
|
||||
auths, err := client.Sys().ListAuth()
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
userpassAccessor := auths["userpass/"].Accessor
|
||||
|
||||
// Mount PKI.
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3429,7 +3429,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Generate internal CA.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/root/generate/internal", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/root/generate/internal", map[string]interface{}{
|
||||
"ttl": "40h",
|
||||
"common_name": "myvault.com",
|
||||
})
|
||||
@@ -3438,7 +3438,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Write role PKI.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_domains": []string{
|
||||
"foobar.com", "zipzap.com", "{{identity.entity.aliases." + userpassAccessor + ".name}}",
|
||||
"foo.{{identity.entity.aliases." + userpassAccessor + ".name}}.example.com",
|
||||
@@ -3458,31 +3458,31 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
if err != nil || secret == nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Issue certificate for foobar.com to verify allowed_domain_templae doesnt break plain domains.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "foobar.com"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "foobar.com"})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// Issue certificate for unknown userpassname.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "unknownuserpassname"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "unknownuserpassname"})
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
// Issue certificate for foo.userpassname.domain.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "foo.userpassname.example.com"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "foo.userpassname.example.com"})
|
||||
if err != nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
|
||||
// Set allowed_domains_template to false.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/roles/test", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/roles/test", map[string]interface{}{
|
||||
"allowed_domains_template": false,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -3490,7 +3490,7 @@ func TestBackend_AllowedDomainsTemplate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Issue certificate with userpassToken.
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
|
||||
_, err = client.Logical().Write("pki/issue/test", map[string]interface{}{"common_name": "userpassname"})
|
||||
if err == nil {
|
||||
t.Fatal("expected error")
|
||||
}
|
||||
@@ -3752,7 +3752,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
var err error
|
||||
|
||||
// Mount /pki as a root CA
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3765,7 +3765,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
|
||||
// Set the cluster's certificate as the root CA in /pki
|
||||
pemBundleRootCA := string(cluster.CACertPEM) + string(cluster.CAKeyPEM)
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/config/ca", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/config/ca", map[string]interface{}{
|
||||
"pem_bundle": pemBundleRootCA,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -3773,7 +3773,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Mount /pki2 to operate as an intermediate CA
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki2", &api.MountInput{
|
||||
err = client.Sys().Mount("pki2", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -3785,14 +3785,14 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Create a CSR for the intermediate CA
|
||||
secret, err := client.Logical().WriteWithContext(context.Background(), "pki2/intermediate/generate/internal", nil)
|
||||
secret, err := client.Logical().Write("pki2/intermediate/generate/internal", nil)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
intermediateCSR := secret.Data["csr"].(string)
|
||||
|
||||
// Sign the intermediate CSR using /pki
|
||||
secret, err = client.Logical().WriteWithContext(context.Background(), "pki/root/sign-intermediate", map[string]interface{}{
|
||||
secret, err = client.Logical().Write("pki/root/sign-intermediate", map[string]interface{}{
|
||||
"permitted_dns_domains": ".myvault.com",
|
||||
"csr": intermediateCSR,
|
||||
"ttl": "10s",
|
||||
@@ -3804,7 +3804,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
intermediateCASerialColon := strings.ReplaceAll(strings.ToLower(intermediateCertSerial), ":", "-")
|
||||
|
||||
// Get the intermediate cert after signing
|
||||
secret, err = client.Logical().ReadWithContext(context.Background(), "pki/cert/"+intermediateCASerialColon)
|
||||
secret, err = client.Logical().Read("pki/cert/" + intermediateCASerialColon)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -3813,7 +3813,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
}
|
||||
|
||||
// Issue a revoke on on /pki
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/revoke", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/revoke", map[string]interface{}{
|
||||
"serial_number": intermediateCertSerial,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -3825,7 +3825,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
time.Sleep(3 * time.Second)
|
||||
|
||||
// Issue a tidy on /pki
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/tidy", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/tidy", map[string]interface{}{
|
||||
"tidy_cert_store": true,
|
||||
"tidy_revoked_certs": true,
|
||||
"safety_buffer": "1s",
|
||||
@@ -3873,7 +3873,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
time.Sleep(10 * time.Second)
|
||||
|
||||
// Issue a tidy on /pki
|
||||
_, err = client.Logical().WriteWithContext(context.Background(), "pki/tidy", map[string]interface{}{
|
||||
_, err = client.Logical().Write("pki/tidy", map[string]interface{}{
|
||||
"tidy_cert_store": true,
|
||||
"tidy_revoked_certs": true,
|
||||
"safety_buffer": "1s",
|
||||
@@ -3887,7 +3887,7 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||
|
||||
// Issue a tidy-status on /pki
|
||||
{
|
||||
tidyStatus, err := client.Logical().ReadWithContext(context.Background(), "pki/tidy-status")
|
||||
tidyStatus, err := client.Logical().Read("pki/tidy-status")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -4028,7 +4028,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
var err error
|
||||
|
||||
// Generate a root CA at /pki-root
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki-root", &api.MountInput{
|
||||
err = client.Sys().Mount("pki-root", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -4039,7 +4039,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki-root/root/generate/exported", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki-root/root/generate/exported", map[string]interface{}{
|
||||
"common_name": "root myvault.com",
|
||||
"key_type": keyType,
|
||||
})
|
||||
@@ -4053,7 +4053,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
rootCert := rootData["certificate"].(string)
|
||||
|
||||
// Validate that root's /cert/ca-chain now contains the certificate.
|
||||
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-root/cert/ca_chain")
|
||||
resp, err = client.Logical().Read("pki-root/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -4067,7 +4067,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
}
|
||||
|
||||
// Now generate an intermediate at /pki-intermediate, signed by the root.
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki-intermediate", &api.MountInput{
|
||||
err = client.Sys().Mount("pki-intermediate", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -4078,7 +4078,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-intermediate/intermediate/generate/exported", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki-intermediate/intermediate/generate/exported", map[string]interface{}{
|
||||
"common_name": "intermediate myvault.com",
|
||||
"key_type": keyType,
|
||||
})
|
||||
@@ -4091,7 +4091,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
intermediateData := resp.Data
|
||||
intermediateKey := intermediateData["private_key"].(string)
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-root/root/sign-intermediate", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki-root/root/sign-intermediate", map[string]interface{}{
|
||||
"csr": intermediateData["csr"],
|
||||
"format": "pem_bundle",
|
||||
})
|
||||
@@ -4108,7 +4108,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
intermediaryCaCert := parseCert(t, intermediateCert)
|
||||
requireSignedBy(t, intermediaryCaCert, rootCaCert.PublicKey)
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-intermediate/intermediate/set-signed", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki-intermediate/intermediate/set-signed", map[string]interface{}{
|
||||
"certificate": intermediateCert + "\n" + rootCert + "\n",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -4117,7 +4117,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
|
||||
// Validate that intermediate's ca_chain field now includes the full
|
||||
// chain.
|
||||
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-intermediate/cert/ca_chain")
|
||||
resp, err = client.Logical().Read("pki-intermediate/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -4135,7 +4135,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
|
||||
// Finally, import this signing cert chain into a new mount to ensure
|
||||
// "external" CAs behave as expected.
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki-external", &api.MountInput{
|
||||
err = client.Sys().Mount("pki-external", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "16h",
|
||||
@@ -4146,7 +4146,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki-external/config/ca", map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki-external/config/ca", map[string]interface{}{
|
||||
"pem_bundle": intermediateKey + "\n" + intermediateCert + "\n" + rootCert + "\n",
|
||||
})
|
||||
if err != nil {
|
||||
@@ -4154,7 +4154,7 @@ func runFullCAChainTest(t *testing.T, keyType string) {
|
||||
}
|
||||
|
||||
// Validate the external chain information was loaded correctly.
|
||||
resp, err = client.Logical().ReadWithContext(context.Background(), "pki-external/cert/ca_chain")
|
||||
resp, err = client.Logical().Read("pki-external/cert/ca_chain")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
@@ -4234,7 +4234,7 @@ func RoleIssuanceRegressionHelper(t *testing.T, client *api.Client, index int, t
|
||||
for _, AllowLocalhost := range test.AllowLocalhost.ToValues() {
|
||||
for _, AllowWildcardCertificates := range test.AllowWildcardCertificates.ToValues() {
|
||||
role := fmt.Sprintf("issuance-regression-%d-bare-%v-glob-%v-subdomains-%v-localhost-%v-wildcard-%v", index, AllowBareDomains, AllowGlobDomains, AllowSubdomains, AllowLocalhost, AllowWildcardCertificates)
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/roles/"+role, map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki/roles/"+role, map[string]interface{}{
|
||||
"allowed_domains": test.AllowedDomains,
|
||||
"allow_bare_domains": AllowBareDomains,
|
||||
"allow_glob_domains": AllowGlobDomains,
|
||||
@@ -4251,7 +4251,7 @@ func RoleIssuanceRegressionHelper(t *testing.T, client *api.Client, index int, t
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
resp, err = client.Logical().WriteWithContext(context.Background(), "pki/issue/"+role, map[string]interface{}{
|
||||
resp, err = client.Logical().Write("pki/issue/"+role, map[string]interface{}{
|
||||
"common_name": test.CommonName,
|
||||
})
|
||||
|
||||
@@ -4442,7 +4442,7 @@ func TestBackend_Roles_IssuanceRegression(t *testing.T) {
|
||||
var err error
|
||||
|
||||
// Generate a root CA at /pki to use for our tests
|
||||
err = client.Sys().MountWithContext(context.Background(), "pki", &api.MountInput{
|
||||
err = client.Sys().Mount("pki", &api.MountInput{
|
||||
Type: "pki",
|
||||
Config: api.MountConfigInput{
|
||||
DefaultLeaseTTL: "12h",
|
||||
@@ -4454,7 +4454,7 @@ func TestBackend_Roles_IssuanceRegression(t *testing.T) {
|
||||
}
|
||||
|
||||
// We need a RSA key so all signature sizes are valid with it.
|
||||
resp, err := client.Logical().WriteWithContext(context.Background(), "pki/root/generate/exported", map[string]interface{}{
|
||||
resp, err := client.Logical().Write("pki/root/generate/exported", map[string]interface{}{
|
||||
"common_name": "myvault.com",
|
||||
"ttl": "128h",
|
||||
"key_type": "rsa",
|
||||
|
||||
Reference in New Issue
Block a user