Add more tests

2025-10-31 02:28:09 +00:00 · 2016-05-07 21:08:13 -04:00
parent 8672b61bef
commit fd67b15bb0
5 changed files with 61 additions and 2 deletions
--- a/api/client_test.go
+++ b/api/client_test.go
@@ -107,16 +107,19 @@ func TestClientEnvSettings(t *testing.T) {
 	oldClientCert := os.Getenv(EnvVaultClientCert)
 	oldClientKey := os.Getenv(EnvVaultClientKey)
 	oldSkipVerify := os.Getenv(EnvVaultInsecure)
+	oldWrapTTL := os.Getenv(EnvVaultWrapTTL)
 	os.Setenv("VAULT_CACERT", cwd+"/test-fixtures/keys/cert.pem")
 	os.Setenv("VAULT_CAPATH", cwd+"/test-fixtures/keys")
 	os.Setenv("VAULT_CLIENT_CERT", cwd+"/test-fixtures/keys/cert.pem")
 	os.Setenv("VAULT_CLIENT_KEY", cwd+"/test-fixtures/keys/key.pem")
 	os.Setenv("VAULT_SKIP_VERIFY", "true")
+	os.Setenv("VAULT_WRAP_TTL", "60")
 	defer os.Setenv("VAULT_CACERT", oldCACert)
 	defer os.Setenv("VAULT_CAPATH", oldCAPath)
 	defer os.Setenv("VAULT_CLIENT_CERT", oldClientCert)
 	defer os.Setenv("VAULT_CLIENT_KEY", oldClientKey)
 	defer os.Setenv("VAULT_SKIP_VERIFY", oldSkipVerify)
+	defer os.Setenv("VAULT_WRAP_TTL", oldWrapTTL)

 	config := DefaultConfig()
 	if err := config.ReadEnvironment(); err != nil {
@@ -133,4 +136,8 @@ func TestClientEnvSettings(t *testing.T) {
 	if tlsConfig.InsecureSkipVerify != true {
 		t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)
 	}
+
+	if config.WrapTTL != "60" {
+		t.Fatalf("bad: %v", config.WrapTTL)
+	}
 }
--- a/api/secret_test.go
+++ b/api/secret_test.go
@@ -17,7 +17,11 @@ func TestParseSecret(t *testing.T) {
 	},
 	"warnings": [
 		"a warning!"
-	]
+	],
+	"wrap_info": {
+		"token": "token",
+		"ttl": 60
+	}
 }`)

 	secret, err := ParseSecret(strings.NewReader(raw))
@@ -35,6 +39,10 @@ func TestParseSecret(t *testing.T) {
 		Warnings: []string{
 			"a warning!",
 		},
+		WrapInfo: &SecretWrapInfo{
+			Token: "token",
+			TTL:   60,
+		},
 	}
 	if !reflect.DeepEqual(secret, expected) {
 		t.Fatalf("bad: %#v %#v", secret, expected)
--- a/audit/format_json_test.go
+++ b/audit/format_json_test.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"strings"
 	"testing"
+	"time"

 	"errors"

@@ -26,6 +27,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 				Connection: &logical.Connection{
 					RemoteAddr: "127.0.0.1",
 				},
+				WrapTTL: 60 * time.Second,
 			},
 			errors.New("this is an error"),
 			testFormatJSONReqBasicStr,
@@ -64,5 +66,5 @@ func TestFormatJSON_formatRequest(t *testing.T) {
 	}
 }

-const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"remote_address":"127.0.0.1"},"error":"this is an error"}
+const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1"},"error":"this is an error"}
 `
--- a/audit/hashstructure_test.go
+++ b/audit/hashstructure_test.go
@@ -44,6 +44,7 @@ func TestCopy_request(t *testing.T) {
 		Data: map[string]interface{}{
 			"foo": "bar",
 		},
+		WrapTTL: 60 * time.Second,
 	}
 	arg := expected

@@ -66,6 +67,10 @@ func TestCopy_response(t *testing.T) {
 		Data: map[string]interface{}{
 			"foo": "bar",
 		},
+		WrapInfo: &logical.WrapInfo{
+			TTL:   60,
+			Token: "foo",
+		},
 	}
 	arg := expected

@@ -131,11 +136,19 @@ func TestHash(t *testing.T) {
 				Data: map[string]interface{}{
 					"foo": "bar",
 				},
+				WrapInfo: &logical.WrapInfo{
+					TTL:   60,
+					Token: "bar",
+				},
 			},
 			&logical.Response{
 				Data: map[string]interface{}{
 					"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
 				},
+				WrapInfo: &logical.WrapInfo{
+					TTL:   60,
+					Token: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
+				},
 			},
 		},
 		{
--- a/http/handler_test.go
+++ b/http/handler_test.go
@@ -1,10 +1,12 @@
 package http

 import (
+	"bytes"
 	"errors"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
+	"strings"
 	"testing"

 	"github.com/hashicorp/go-cleanhttp"
@@ -64,6 +66,33 @@ func TestSysMounts_headerAuth(t *testing.T) {
 	}
 }

+// We use this test to verify header auth wrapping
+func TestSysMounts_headerAuth_Wrapped(t *testing.T) {
+	core, _, token := vault.TestCoreUnsealed(t)
+	ln, addr := TestServer(t, core)
+	defer ln.Close()
+
+	req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	req.Header.Set(AuthHeaderName, token)
+	req.Header.Set(WrapTTLHeaderName, "60s")
+
+	client := cleanhttp.DefaultClient()
+	resp, err := client.Do(req)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+
+	testResponseStatus(t, resp, 200)
+	buf := bytes.NewBuffer(nil)
+	buf.ReadFrom(resp.Body)
+	if strings.TrimSpace(buf.String()) != "null" {
+		t.Fatalf("bad: %v", buf.String())
+	}
+}
+
 func TestHandler_sealed(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)