mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-30 18:17:55 +00:00
219 lines
4.6 KiB
Go
219 lines
4.6 KiB
Go
package api
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/go-test/deep"
|
|
)
|
|
|
|
func TestRenewer_NewRenewer(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, err := NewClient(DefaultConfig())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
cases := []struct {
|
|
name string
|
|
i *RenewerInput
|
|
e *Renewer
|
|
err bool
|
|
}{
|
|
{
|
|
name: "nil",
|
|
i: nil,
|
|
e: nil,
|
|
err: true,
|
|
},
|
|
{
|
|
name: "missing_secret",
|
|
i: &RenewerInput{
|
|
Secret: nil,
|
|
},
|
|
e: nil,
|
|
err: true,
|
|
},
|
|
{
|
|
name: "default_grace",
|
|
i: &RenewerInput{
|
|
Secret: &Secret{},
|
|
},
|
|
e: &Renewer{
|
|
secret: &Secret{},
|
|
},
|
|
err: false,
|
|
},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
v, err := client.NewRenewer(tc.i)
|
|
if (err != nil) != tc.err {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if v == nil {
|
|
return
|
|
}
|
|
|
|
// Zero-out channels because reflect
|
|
v.client = nil
|
|
v.random = nil
|
|
v.doneCh = nil
|
|
v.renewCh = nil
|
|
v.stopCh = nil
|
|
|
|
if diff := deep.Equal(tc.e, v); diff != nil {
|
|
t.Error(diff)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestLifetimeWatcher(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
client, err := NewClient(DefaultConfig())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Note that doRenewWithOptions starts its loop with an initial renewal.
|
|
// This has a big impact on the particulars of the following cases.
|
|
|
|
renewedSecret := &Secret{}
|
|
var caseOneErrorCount int
|
|
var caseManyErrorsCount int
|
|
cases := []struct {
|
|
maxTestTime time.Duration
|
|
name string
|
|
leaseDurationSeconds int
|
|
incrementSeconds int
|
|
renew renewFunc
|
|
expectError error
|
|
expectRenewal bool
|
|
}{
|
|
{
|
|
maxTestTime: time.Second,
|
|
name: "no_error",
|
|
leaseDurationSeconds: 60,
|
|
incrementSeconds: 60,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
return renewedSecret, nil
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: true,
|
|
},
|
|
{
|
|
maxTestTime: time.Second,
|
|
name: "short_increment_duration",
|
|
leaseDurationSeconds: 60,
|
|
incrementSeconds: 10,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
return renewedSecret, nil
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: true,
|
|
},
|
|
{
|
|
maxTestTime: 5 * time.Second,
|
|
name: "one_error",
|
|
leaseDurationSeconds: 15,
|
|
incrementSeconds: 15,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
if caseOneErrorCount == 0 {
|
|
caseOneErrorCount++
|
|
return nil, fmt.Errorf("renew failure")
|
|
}
|
|
return renewedSecret, nil
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: true,
|
|
},
|
|
{
|
|
maxTestTime: 15 * time.Second,
|
|
name: "many_errors",
|
|
leaseDurationSeconds: 15,
|
|
incrementSeconds: 15,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
if caseManyErrorsCount == 3 {
|
|
return renewedSecret, nil
|
|
}
|
|
caseManyErrorsCount++
|
|
return nil, fmt.Errorf("renew failure")
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: true,
|
|
},
|
|
{
|
|
maxTestTime: 15 * time.Second,
|
|
name: "only_errors",
|
|
leaseDurationSeconds: 15,
|
|
incrementSeconds: 15,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
return nil, fmt.Errorf("renew failure")
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: false,
|
|
},
|
|
{
|
|
maxTestTime: 15 * time.Second,
|
|
name: "negative_lease_duration",
|
|
leaseDurationSeconds: -15,
|
|
incrementSeconds: 15,
|
|
renew: func(_ string, _ int) (*Secret, error) {
|
|
return renewedSecret, nil
|
|
},
|
|
expectError: nil,
|
|
expectRenewal: true,
|
|
},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
v, err := client.NewLifetimeWatcher(&LifetimeWatcherInput{
|
|
Secret: &Secret{
|
|
LeaseDuration: tc.leaseDurationSeconds,
|
|
},
|
|
Increment: tc.incrementSeconds,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
doneCh := make(chan error, 1)
|
|
go func() {
|
|
doneCh <- v.doRenewWithOptions(false, false,
|
|
tc.leaseDurationSeconds, "myleaseID", tc.renew, time.Second)
|
|
}()
|
|
defer v.Stop()
|
|
|
|
select {
|
|
case <-time.After(tc.maxTestTime):
|
|
t.Fatalf("renewal didn't happen")
|
|
case r := <-v.RenewCh():
|
|
if !tc.expectRenewal {
|
|
t.Fatal("expected no renewals")
|
|
}
|
|
if r.Secret != renewedSecret {
|
|
t.Fatalf("expected secret %v, got %v", renewedSecret, r.Secret)
|
|
}
|
|
case err := <-doneCh:
|
|
if tc.expectError != nil && !errors.Is(err, tc.expectError) {
|
|
t.Fatalf("expected error %q, got: %v", tc.expectError, err)
|
|
}
|
|
if tc.expectError == nil && err != nil {
|
|
t.Fatalf("expected no error, got: %v", err)
|
|
}
|
|
if tc.expectRenewal {
|
|
t.Fatalf("expected at least one renewal, got donech result: %v", err)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|