mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-31 18:48:08 +00:00
Add more tests
This commit is contained in:
Jeff Mitchell
@@ -107,16 +107,19 @@ func TestClientEnvSettings(t *testing.T) {
|
|||||||
oldClientCert := os.Getenv(EnvVaultClientCert)
|
oldClientCert := os.Getenv(EnvVaultClientCert)
|
||||||
oldClientKey := os.Getenv(EnvVaultClientKey)
|
oldClientKey := os.Getenv(EnvVaultClientKey)
|
||||||
oldSkipVerify := os.Getenv(EnvVaultInsecure)
|
oldSkipVerify := os.Getenv(EnvVaultInsecure)
|
||||||
|
oldWrapTTL := os.Getenv(EnvVaultWrapTTL)
|
||||||
os.Setenv("VAULT_CACERT", cwd+"/test-fixtures/keys/cert.pem")
|
os.Setenv("VAULT_CACERT", cwd+"/test-fixtures/keys/cert.pem")
|
||||||
os.Setenv("VAULT_CAPATH", cwd+"/test-fixtures/keys")
|
os.Setenv("VAULT_CAPATH", cwd+"/test-fixtures/keys")
|
||||||
os.Setenv("VAULT_CLIENT_CERT", cwd+"/test-fixtures/keys/cert.pem")
|
os.Setenv("VAULT_CLIENT_CERT", cwd+"/test-fixtures/keys/cert.pem")
|
||||||
os.Setenv("VAULT_CLIENT_KEY", cwd+"/test-fixtures/keys/key.pem")
|
os.Setenv("VAULT_CLIENT_KEY", cwd+"/test-fixtures/keys/key.pem")
|
||||||
os.Setenv("VAULT_SKIP_VERIFY", "true")
|
os.Setenv("VAULT_SKIP_VERIFY", "true")
|
||||||
|
os.Setenv("VAULT_WRAP_TTL", "60")
|
||||||
defer os.Setenv("VAULT_CACERT", oldCACert)
|
defer os.Setenv("VAULT_CACERT", oldCACert)
|
||||||
defer os.Setenv("VAULT_CAPATH", oldCAPath)
|
defer os.Setenv("VAULT_CAPATH", oldCAPath)
|
||||||
defer os.Setenv("VAULT_CLIENT_CERT", oldClientCert)
|
defer os.Setenv("VAULT_CLIENT_CERT", oldClientCert)
|
||||||
defer os.Setenv("VAULT_CLIENT_KEY", oldClientKey)
|
defer os.Setenv("VAULT_CLIENT_KEY", oldClientKey)
|
||||||
defer os.Setenv("VAULT_SKIP_VERIFY", oldSkipVerify)
|
defer os.Setenv("VAULT_SKIP_VERIFY", oldSkipVerify)
|
||||||
|
defer os.Setenv("VAULT_WRAP_TTL", oldWrapTTL)
|
||||||
|
|
||||||
config := DefaultConfig()
|
config := DefaultConfig()
|
||||||
if err := config.ReadEnvironment(); err != nil {
|
if err := config.ReadEnvironment(); err != nil {
|
||||||
@@ -133,4 +136,8 @@ func TestClientEnvSettings(t *testing.T) {
|
|||||||
if tlsConfig.InsecureSkipVerify != true {
|
if tlsConfig.InsecureSkipVerify != true {
|
||||||
t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)
|
t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if config.WrapTTL != "60" {
|
||||||
|
t.Fatalf("bad: %v", config.WrapTTL)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,7 +17,11 @@ func TestParseSecret(t *testing.T) {
|
|||||||
},
|
},
|
||||||
"warnings": [
|
"warnings": [
|
||||||
"a warning!"
|
"a warning!"
|
||||||
]
|
],
|
||||||
|
"wrap_info": {
|
||||||
|
"token": "token",
|
||||||
|
"ttl": 60
|
||||||
|
}
|
||||||
}`)
|
}`)
|
||||||
|
|
||||||
secret, err := ParseSecret(strings.NewReader(raw))
|
secret, err := ParseSecret(strings.NewReader(raw))
|
||||||
@@ -35,6 +39,10 @@ func TestParseSecret(t *testing.T) {
|
|||||||
Warnings: []string{
|
Warnings: []string{
|
||||||
"a warning!",
|
"a warning!",
|
||||||
},
|
},
|
||||||
|
WrapInfo: &SecretWrapInfo{
|
||||||
|
Token: "token",
|
||||||
|
TTL: 60,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
if !reflect.DeepEqual(secret, expected) {
|
if !reflect.DeepEqual(secret, expected) {
|
||||||
t.Fatalf("bad: %#v %#v", secret, expected)
|
t.Fatalf("bad: %#v %#v", secret, expected)
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import (
|
|||||||
"encoding/json"
|
"encoding/json"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"errors"
|
"errors"
|
||||||
|
|
||||||
@@ -26,6 +27,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||||||
Connection: &logical.Connection{
|
Connection: &logical.Connection{
|
||||||
RemoteAddr: "127.0.0.1",
|
RemoteAddr: "127.0.0.1",
|
||||||
},
|
},
|
||||||
|
WrapTTL: 60 * time.Second,
|
||||||
},
|
},
|
||||||
errors.New("this is an error"),
|
errors.New("this is an error"),
|
||||||
testFormatJSONReqBasicStr,
|
testFormatJSONReqBasicStr,
|
||||||
@@ -64,5 +66,5 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"remote_address":"127.0.0.1"},"error":"this is an error"}
|
const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1"},"error":"this is an error"}
|
||||||
`
|
`
|
||||||
|
|||||||
@@ -44,6 +44,7 @@ func TestCopy_request(t *testing.T) {
|
|||||||
Data: map[string]interface{}{
|
Data: map[string]interface{}{
|
||||||
"foo": "bar",
|
"foo": "bar",
|
||||||
},
|
},
|
||||||
|
WrapTTL: 60 * time.Second,
|
||||||
}
|
}
|
||||||
arg := expected
|
arg := expected
|
||||||
|
|
||||||
@@ -66,6 +67,10 @@ func TestCopy_response(t *testing.T) {
|
|||||||
Data: map[string]interface{}{
|
Data: map[string]interface{}{
|
||||||
"foo": "bar",
|
"foo": "bar",
|
||||||
},
|
},
|
||||||
|
WrapInfo: &logical.WrapInfo{
|
||||||
|
TTL: 60,
|
||||||
|
Token: "foo",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
arg := expected
|
arg := expected
|
||||||
|
|
||||||
@@ -131,11 +136,19 @@ func TestHash(t *testing.T) {
|
|||||||
Data: map[string]interface{}{
|
Data: map[string]interface{}{
|
||||||
"foo": "bar",
|
"foo": "bar",
|
||||||
},
|
},
|
||||||
|
WrapInfo: &logical.WrapInfo{
|
||||||
|
TTL: 60,
|
||||||
|
Token: "bar",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
&logical.Response{
|
&logical.Response{
|
||||||
Data: map[string]interface{}{
|
Data: map[string]interface{}{
|
||||||
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
|
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
|
||||||
},
|
},
|
||||||
|
WrapInfo: &logical.WrapInfo{
|
||||||
|
TTL: 60,
|
||||||
|
Token: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,10 +1,12 @@
|
|||||||
package http
|
package http
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
"github.com/hashicorp/go-cleanhttp"
|
"github.com/hashicorp/go-cleanhttp"
|
||||||
@@ -64,6 +66,33 @@ func TestSysMounts_headerAuth(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We use this test to verify header auth wrapping
|
||||||
|
func TestSysMounts_headerAuth_Wrapped(t *testing.T) {
|
||||||
|
core, _, token := vault.TestCoreUnsealed(t)
|
||||||
|
ln, addr := TestServer(t, core)
|
||||||
|
defer ln.Close()
|
||||||
|
|
||||||
|
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %s", err)
|
||||||
|
}
|
||||||
|
req.Header.Set(AuthHeaderName, token)
|
||||||
|
req.Header.Set(WrapTTLHeaderName, "60s")
|
||||||
|
|
||||||
|
client := cleanhttp.DefaultClient()
|
||||||
|
resp, err := client.Do(req)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("err: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
testResponseStatus(t, resp, 200)
|
||||||
|
buf := bytes.NewBuffer(nil)
|
||||||
|
buf.ReadFrom(resp.Body)
|
||||||
|
if strings.TrimSpace(buf.String()) != "null" {
|
||||||
|
t.Fatalf("bad: %v", buf.String())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func TestHandler_sealed(t *testing.T) {
|
func TestHandler_sealed(t *testing.T) {
|
||||||
core, _, token := vault.TestCoreUnsealed(t)
|
core, _, token := vault.TestCoreUnsealed(t)
|
||||||
ln, addr := TestServer(t, core)
|
ln, addr := TestServer(t, core)
|
||||||
|
|||||||
Reference in New Issue
Block a user