scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
21e062d9d8f1ec3ab5612891cc67a97b07864ca9
vault/command/server/config_test.go
Noel Cower 21e062d9d8 Merge all configuration fields (#6028) 
This changes (*Config).Merge to merge all fields of a Config.
Previously, when merging Configs, some configuration fields were
ignored and completely lost, including APIAddr, ClusterAddr, and
a couple boolean fields. This only occurs when using multiple config
files and does not affect single config files (even when loading from
a directory -- Merge is only called after a second file is loaded).

- Fix APIAddr not being merged.
- Fix ClusterAddr not being merged.
- Fix DisablePrintableCheck not being merged.
- Fix DisableClustering not being merged. The DisableClusteringRaw
  value is also preserved so that it can be used in overrides for
  storage fields.
- Use merged top-level config as storage field overrides.
- Update config dir test fixtures to set some fields missed by
  (*Config).Merge previously.
2019-01-23 11:27:21 -05:00

404 lines
9.6 KiB
Go
Raw Blame History

package server
import (
"reflect"
"strings"
"testing"
"time"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/helper/logging"
)
func TestLoadConfigFile(t *testing.T) {
logger := logging.NewVaultLogger(log.Debug)
config, err := LoadConfigFile("./test-fixtures/config.hcl", logger)
if err != nil {
t.Fatalf("err: %s", err)
}
expected := &Config{
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
},
},
},
Storage: &Storage{
Type: "consul",
RedirectAddr: "foo",
Config: map[string]string{
"foo": "bar",
},
},
HAStorage: &Storage{
Type: "consul",
RedirectAddr: "snafu",
Config: map[string]string{
"bar": "baz",
},
DisableClustering: true,
},
Telemetry: &Telemetry{
StatsdAddr: "bar",
StatsiteAddr: "foo",
DisableHostname: false,
DogStatsDAddr: "127.0.0.1:7254",
DogStatsDTags: []string{"tag_1:val_1", "tag_2:val_2"},
},
DisableCache: true,
DisableCacheRaw: true,
DisableMlock: true,
DisableMlockRaw: true,
DisablePrintableCheckRaw: true,
DisablePrintableCheck: true,
EnableUI: true,
EnableUIRaw: true,
EnableRawEndpoint: true,
EnableRawEndpointRaw: true,
DisableSealWrap: true,
DisableSealWrapRaw: true,
MaxLeaseTTL: 10 * time.Hour,
MaxLeaseTTLRaw: "10h",
DefaultLeaseTTL: 10 * time.Hour,
DefaultLeaseTTLRaw: "10h",
ClusterName: "testcluster",
PidFile: "./pidfile",
}
if !reflect.DeepEqual(config, expected) {
t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected)
}
}
func TestLoadConfigFile_topLevel(t *testing.T) {
logger := logging.NewVaultLogger(log.Debug)
config, err := LoadConfigFile("./test-fixtures/config2.hcl", logger)
if err != nil {
t.Fatalf("err: %s", err)
}
expected := &Config{
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
},
},
},
Storage: &Storage{
Type: "consul",
RedirectAddr: "top_level_api_addr",
ClusterAddr: "top_level_cluster_addr",
Config: map[string]string{
"foo": "bar",
},
},
HAStorage: &Storage{
Type: "consul",
RedirectAddr: "top_level_api_addr",
ClusterAddr: "top_level_cluster_addr",
Config: map[string]string{
"bar": "baz",
},
DisableClustering: true,
},
Telemetry: &Telemetry{
StatsdAddr: "bar",
StatsiteAddr: "foo",
DisableHostname: false,
DogStatsDAddr: "127.0.0.1:7254",
DogStatsDTags: []string{"tag_1:val_1", "tag_2:val_2"},
},
DisableCache: true,
DisableCacheRaw: true,
DisableMlock: true,
DisableMlockRaw: true,
EnableUI: true,
EnableUIRaw: true,
EnableRawEndpoint: true,
EnableRawEndpointRaw: true,
DisableSealWrap: true,
DisableSealWrapRaw: true,
MaxLeaseTTL: 10 * time.Hour,
MaxLeaseTTLRaw: "10h",
DefaultLeaseTTL: 10 * time.Hour,
DefaultLeaseTTLRaw: "10h",
ClusterName: "testcluster",
PidFile: "./pidfile",
APIAddr: "top_level_api_addr",
ClusterAddr: "top_level_cluster_addr",
}
if !reflect.DeepEqual(config, expected) {
t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected)
}
}
func TestLoadConfigFile_json(t *testing.T) {
logger := logging.NewVaultLogger(log.Debug)
config, err := LoadConfigFile("./test-fixtures/config.hcl.json", logger)
if err != nil {
t.Fatalf("err: %s", err)
}
expected := &Config{
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
},
},
},
Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
},
DisableClustering: true,
},
ClusterCipherSuites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
Telemetry: &Telemetry{
StatsiteAddr: "baz",
StatsdAddr: "",
DisableHostname: false,
CirconusAPIToken: "",
CirconusAPIApp: "",
CirconusAPIURL: "",
CirconusSubmissionInterval: "",
CirconusCheckSubmissionURL: "",
CirconusCheckID: "",
CirconusCheckForceMetricActivation: "",
CirconusCheckInstanceID: "",
CirconusCheckSearchTag: "",
CirconusCheckDisplayName: "",
CirconusCheckTags: "",
CirconusBrokerID: "",
CirconusBrokerSelectTag: "",
},
MaxLeaseTTL: 10 * time.Hour,
MaxLeaseTTLRaw: "10h",
DefaultLeaseTTL: 10 * time.Hour,
DefaultLeaseTTLRaw: "10h",
ClusterName: "testcluster",
DisableCacheRaw: interface{}(nil),
DisableMlockRaw: interface{}(nil),
EnableUI: true,
EnableUIRaw: true,
PidFile: "./pidfile",
EnableRawEndpoint: true,
EnableRawEndpointRaw: true,
DisableSealWrap: true,
DisableSealWrapRaw: true,
}
if !reflect.DeepEqual(config, expected) {
t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected)
}
}
func TestLoadConfigFile_json2(t *testing.T) {
logger := logging.NewVaultLogger(log.Debug)
config, err := LoadConfigFile("./test-fixtures/config2.hcl.json", logger)
if err != nil {
t.Fatalf("err: %s", err)
}
expected := &Config{
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
},
},
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:444",
},
},
},
Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
},
DisableClustering: true,
},
HAStorage: &Storage{
Type: "consul",
Config: map[string]string{
"bar": "baz",
},
},
CacheSize: 45678,
EnableUI: true,
EnableRawEndpoint: true,
DisableSealWrap: true,
Telemetry: &Telemetry{
StatsiteAddr: "foo",
StatsdAddr: "bar",
DisableHostname: true,
CirconusAPIToken: "0",
CirconusAPIApp: "vault",
CirconusAPIURL: "http://api.circonus.com/v2",
CirconusSubmissionInterval: "10s",
CirconusCheckSubmissionURL: "https://someplace.com/metrics",
CirconusCheckID: "0",
CirconusCheckForceMetricActivation: "true",
CirconusCheckInstanceID: "node1:vault",
CirconusCheckSearchTag: "service:vault",
CirconusCheckDisplayName: "node1:vault",
CirconusCheckTags: "cat1:tag1,cat2:tag2",
CirconusBrokerID: "0",
CirconusBrokerSelectTag: "dc:sfo",
},
}
if !reflect.DeepEqual(config, expected) {
}
}
func TestLoadConfigDir(t *testing.T) {
logger := logging.NewVaultLogger(log.Debug)
config, err := LoadConfigDir("./test-fixtures/config-dir", logger)
if err != nil {
t.Fatalf("err: %s", err)
}
expected := &Config{
DisableCache: true,
DisableMlock: true,
DisableClustering: false,
DisableClusteringRaw: false,
APIAddr: "https://vault.local",
ClusterAddr: "https://127.0.0.1:444",
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
},
},
},
Storage: &Storage{
Type: "consul",
Config: map[string]string{
"foo": "bar",
},
RedirectAddr: "https://vault.local",
ClusterAddr: "https://127.0.0.1:444",
DisableClustering: false,
},
EnableUI: true,
EnableRawEndpoint: true,
Telemetry: &Telemetry{
StatsiteAddr: "qux",
StatsdAddr: "baz",
DisableHostname: true,
},
MaxLeaseTTL: 10 * time.Hour,
DefaultLeaseTTL: 10 * time.Hour,
ClusterName: "testcluster",
}
if !reflect.DeepEqual(config, expected) {
t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, expected)
}
}
func TestParseListeners(t *testing.T) {
obj, _ := hcl.Parse(strings.TrimSpace(`
listener "tcp" {
address = "127.0.0.1:443"
cluster_address = "127.0.0.1:8201"
tls_disable = false
tls_cert_file = "./certs/server.crt"
tls_key_file = "./certs/server.key"
tls_client_ca_file = "./certs/rootca.crt"
tls_min_version = "tls12"
tls_require_and_verify_client_cert = true
tls_disable_client_certs = true
}`))
var config Config
list, _ := obj.Node.(*ast.ObjectList)
objList := list.Filter("listener")
parseListeners(&config, objList)
listeners := config.Listeners
if len(listeners) == 0 {
t.Fatalf("expected at least one listener in the config")
}
listener := listeners[0]
if listener.Type != "tcp" {
t.Fatalf("expected tcp listener in the config")
}
expected := &Config{
Listeners: []*Listener{
&Listener{
Type: "tcp",
Config: map[string]interface{}{
"address": "127.0.0.1:443",
"cluster_address": "127.0.0.1:8201",
"tls_disable": false,
"tls_cert_file": "./certs/server.crt",
"tls_key_file": "./certs/server.key",
"tls_client_ca_file": "./certs/rootca.crt",
"tls_min_version": "tls12",
"tls_require_and_verify_client_cert": true,
"tls_disable_client_certs": true,
},
},
},
}
if !reflect.DeepEqual(config, *expected) {
t.Fatalf("expected \n\n%#v\n\n to be \n\n%#v\n\n", config, *expected)
}
}
Reference in New Issue View Git Blame Copy Permalink