scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ad778541eea11496199f3820ca84a1e4736c492
vault/command/server/config_util_test.go
Mike Palmiotto 7ad778541e Disable Request Limiter by default (#25442) 
This PR flips the logic for the Request Limiter, setting it to default
disabled.

We allow users to turn on the global Request Limiter, but leave the
Listener configuration as a "disable per Listener".
2024-02-16 17:50:18 -05:00

142 lines
2.7 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
//go:build !enterprise
package server
import (
"fmt"
"testing"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/stretchr/testify/require"
)
func TestCheckSealConfig(t *testing.T) {
testCases := []struct {
name string
config Config
expectError bool
}{
{
name: "no-seals",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{}}},
},
{
name: "one-seal",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{
{
Disabled: false,
},
}}},
},
{
name: "one-disabled-seal",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{
{
Disabled: true,
},
}}},
},
{
name: "two-seals-one-disabled",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{
{
Disabled: false,
},
{
Disabled: true,
},
}}},
},
{
name: "two-seals-enabled",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{
{
Disabled: false,
},
{
Disabled: false,
},
}}},
expectError: true,
},
{
name: "two-disabled-seals",
config: Config{SharedConfig: &configutil.SharedConfig{Seals: []*configutil.KMS{
{
Disabled: true,
},
{
Disabled: true,
},
}}},
expectError: true,
},
}
for _, tt := range testCases {
t.Run(tt.name, func(t *testing.T) {
err := tt.config.checkSealConfig()
if tt.expectError {
require.Error(t, err)
} else {
require.NoError(t, err)
}
})
}
}
// TestRequestLimiterConfig verifies that the census config is correctly instantiated from HCL
func TestRequestLimiterConfig(t *testing.T) {
testCases := []struct {
name string
inConfig string
outErr bool
outRequestLimiter *configutil.RequestLimiter
}{
{
name: "empty",
outRequestLimiter: nil,
},
{
name: "disabled",
inConfig: `
request_limiter {
disable = true
}`,
outRequestLimiter: &configutil.RequestLimiter{Disable: true},
},
{
name: "invalid disable",
inConfig: `
request_limiter {
disable = "people make mistakes"
}`,
outErr: true,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
config := fmt.Sprintf(`
ui = false
storage "file" {
path = "/tmp/test"
}
listener "tcp" {
address = "0.0.0.0:8200"
}
%s`, tc.inConfig)
gotConfig, err := ParseConfig(config, "")
if tc.outErr {
require.Error(t, err)
} else {
require.NoError(t, err)
require.Equal(t, tc.outRequestLimiter, gotConfig.RequestLimiter)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink