Vault SSH: CRUD test for dynamic role

2025-11-03 12:07:54 +00:00 · 2015-07-31 15:17:40 -04:00
parent 8361324723
commit e9826c635c
3 changed files with 51 additions and 30 deletions
--- a/builtin/logical/ssh/backend_test.go
+++ b/builtin/logical/ssh/backend_test.go
@@ -20,7 +20,7 @@ const (
 	testCidr             = "127.0.0.1/32"
 	testDynamicRoleName  = "testDynamicRoleName"
 	testOTPRoleName      = "testOTPRoleName"
-	testKey              = "testKey"
+	testKeyName          = "testKeyName"
 	testSharedPrivateKey = `
 -----BEGIN RSA PRIVATE KEY-----
 MIIEogIBAAKCAQEAvYvoRcWRxqOim5VZnuM6wHCbLUeiND0yaM1tvOl+Fsrz55DG
@@ -90,32 +90,51 @@ func TestSSHDynamicKeyBackend(t *testing.T) {
 func TestSSHBackend_OTPRoleCrud(t *testing.T) {
 	data := map[string]interface{}{
 		"key_type":     testOTPKeyType,
 		"cidr":         testCidr,
 		"default_user": testUserName,
 		"cidr":         testCidr,
 	}
 	logicaltest.Test(t, logicaltest.TestCase{
 		Factory: Factory,
 		Steps: []logicaltest.TestStep{
-			testOTPRoleWrite(t, data),
+			testRoleWrite(t, testOTPRoleName, data),
-			testOTPRoleRead(t, data),
+			testRoleRead(t, testOTPRoleName, data),
-			testOTPRoleDelete(t),
+			testRoleDelete(t, testOTPRoleName),
-			testOTPRoleRead(t, nil),
+			testRoleRead(t, testOTPRoleName, nil),
 		},
 	})
 }
-func testOTPRoleWrite(t *testing.T, data map[string]interface{}) logicaltest.TestStep {
+func TestSSHBackend_DynamicRoleCrud(t *testing.T) {
 	data := map[string]interface{}{
 		"key_type":   testDynamicKeyType,
 		"key":        testKeyName,
 		"admin_user": testAdminUser,
 		"cidr":       testCidr,
 	}
 	logicaltest.Test(t, logicaltest.TestCase{
 		Factory: Factory,
 		Steps: []logicaltest.TestStep{
 			testNamedKeys(t),
 			testRoleWrite(t, testDynamicRoleName, data),
 			testRoleRead(t, testDynamicRoleName, data),
 			testRoleDelete(t, testDynamicRoleName),
 			testRoleRead(t, testDynamicRoleName, nil),
 		},
 	})
 }
 func testRoleWrite(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.WriteOperation,
-		Path:      "roles/" + testOTPRoleName,
+		Path:      "roles/" + name,
 		Data:      data,
 	}
 }
-func testOTPRoleRead(t *testing.T, data map[string]interface{}) logicaltest.TestStep {
+func testRoleRead(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.ReadOperation,
-		Path:      "roles/" + testOTPRoleName,
+		Path:      "roles/" + name,
 		Check: func(resp *logical.Response) error {
 			if resp == nil {
 				if data == nil {
@@ -123,34 +142,35 @@ func testOTPRoleRead(t *testing.T, data map[string]interface{}) logicaltest.Test
 				}
 				return fmt.Errorf("bad: %#v", resp)
 			}
-			var d struct {
+			var d sshRole
 				KeyType     string `mapstructure:"key_type"`
 				DefaultUser string `mapstructure:"default_user"`
 				Port        string `mapstructure:"port"`
 				Cidr        string `mapstructure:"cidr"`
 			}
 			if err := mapstructure.Decode(resp.Data, &d); err != nil {
-				return err
+				return fmt.Errorf("error decoding response:%s", err)
 			}
-			if d.KeyType != data["key_type"] || d.DefaultUser != data["default_user"] || d.Cidr != data["cidr"] {
+			if name == testOTPRoleName {
-				return fmt.Errorf("bad: %#v", resp)
+				if d.KeyType != data["key_type"] || d.DefaultUser != data["default_user"] || d.CIDR != data["cidr"] {
 					return fmt.Errorf("data mismatch. bad: %#v", resp)
 				}
 			} else {
 				if d.AdminUser != data["admin_user"] || d.CIDR != data["cidr"] || d.KeyName != data["key"] || d.KeyType != data["key_type"] {
 					return fmt.Errorf("data mismatch. bad: %#v", resp)
 				}
 			}
 			return nil
 		},
 	}
 }
-func testOTPRoleDelete(t *testing.T) logicaltest.TestStep {
+func testRoleDelete(t *testing.T, name string) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.DeleteOperation,
-		Path:      "roles/" + testOTPRoleName,
+		Path:      "roles/" + name,
 	}
 }
 func testNamedKeys(t *testing.T) logicaltest.TestStep {
 	return logicaltest.TestStep{
 		Operation: logical.WriteOperation,
-		Path:      fmt.Sprintf("keys/%s", testKey),
+		Path:      fmt.Sprintf("keys/%s", testKeyName),
 		Data: map[string]interface{}{
 			"key": testSharedPrivateKey,
 		},
@@ -163,7 +183,7 @@ func testNewDynamicKeyRole(t *testing.T) logicaltest.TestStep {
 		Path:      fmt.Sprintf("roles/%s", testDynamicRoleName),
 		Data: map[string]interface{}{
 			"key_type":   "dynamic",
-			"key":        testKey,
+			"key":        testKeyName,
 			"admin_user": testAdminUser,
 			"cidr":       testCidr,
 			"port":       testPort,
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -212,13 +212,13 @@ func (b *backend) pathRoleDelete(req *logical.Request, d *framework.FieldData) (
 }
 type sshRole struct {
-	KeyType     string `json:"key_type"`
+	KeyType     string `mapstructure:"key_type" json:"key_type"`
-	KeyName     string `json:"key"`
+	KeyName     string `mapstructure:"key" json:"key"`
-	KeyBits     string `json:"key_bits"`
+	KeyBits     string `mapstructure:"key_bits" json:"key_bits"`
-	AdminUser   string `json:"admin_user"`
+	AdminUser   string `mapstructure:"admin_user" json:"admin_user"`
-	DefaultUser string `json:"default_user"`
+	DefaultUser string `mapstructure:"default_user" json:"default_user"`
-	CIDR        string `json:"cidr"`
+	CIDR        string `mapstructure:"cidr" json:"cidr"`
-	Port        string `json:"port"`
+	Port        string `mapstructure:"port" json:"port"`
 }
 const pathRoleHelpSyn = `
--- a/logical/testing/testing.go
+++ b/logical/testing/testing.go
@@ -126,6 +126,7 @@ func Test(t TestT, c TestCase) {
 				return c.Factory(conf)
 			},
 		},
 		DisableMlock: true,
 	})
 	if err != nil {
 		t.Fatal("error initializing core: ", err)