609 lines
21 KiB
Go
609 lines
21 KiB
Go
|
// Copyright (c) HashiCorp, Inc.
|
||
|
|
// SPDX-License-Identifier: MPL-2.0
|
||
|
|
|
||
|
|
package http
|
||
|
|
|
||
|
|
import (
|
||
|
|
"encoding/json"
|
||
|
|
"fmt"
|
||
|
|
"reflect"
|
||
|
|
"testing"
|
||
|
|
"time"
|
||
|
|
|
||
|
|
"github.com/go-test/deep"
|
||
|
|
"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
|
||
|
|
"github.com/hashicorp/vault/helper/versions"
|
||
|
|
"github.com/hashicorp/vault/sdk/helper/consts"
|
||
|
|
"github.com/hashicorp/vault/vault"
|
||
|
|
)
|
||
|
|
|
||
|
|
func TestSysAuth(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
resp := testHttpGet(t, token, addr+"/v1/sys/auth")
|
||
|
|
|
||
|
|
var actual map[string]interface{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
}
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
for k, v := range actual["data"].(map[string]interface{}) {
|
||
|
|
if v.(map[string]interface{})["accessor"] == "" {
|
||
|
|
t.Fatalf("no accessor from %s", k)
|
||
|
|
}
|
||
|
|
if v.(map[string]interface{})["uuid"] == "" {
|
||
|
|
t.Fatalf("no uuid from %s", k)
|
||
|
|
}
|
||
|
|
|
||
|
|
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
}
|
||
|
|
|
||
|
|
if !reflect.DeepEqual(actual, expected) {
|
||
|
|
t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestSysEnableAuth(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/auth/foo", map[string]interface{}{
|
||
|
|
"type": "approle",
|
||
|
|
"description": "foo",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth")
|
||
|
|
|
||
|
|
var actual map[string]interface{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"foo/": map[string]interface{}{
|
||
|
|
"description": "foo",
|
||
|
|
"type": "approle",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"deprecation_status": "supported",
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": map[string]interface{}{},
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "approle"),
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
"foo/": map[string]interface{}{
|
||
|
|
"description": "foo",
|
||
|
|
"type": "approle",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"deprecation_status": "supported",
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": map[string]interface{}{},
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "approle"),
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
}
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
for k, v := range actual["data"].(map[string]interface{}) {
|
||
|
|
if v.(map[string]interface{})["accessor"] == "" {
|
||
|
|
t.Fatalf("no accessor from %s", k)
|
||
|
|
}
|
||
|
|
if v.(map[string]interface{})["uuid"] == "" {
|
||
|
|
t.Fatalf("no uuid from %s", k)
|
||
|
|
}
|
||
|
|
|
||
|
|
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
}
|
||
|
|
|
||
|
|
if diff := deep.Equal(actual, expected); diff != nil {
|
||
|
|
t.Fatal(diff)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestSysDisableAuth(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/auth/foo", map[string]interface{}{
|
||
|
|
"type": "noop",
|
||
|
|
"description": "foo",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
resp = testHttpDelete(t, token, addr+"/v1/sys/auth/foo")
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth")
|
||
|
|
|
||
|
|
var actual map[string]interface{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
}
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
for k, v := range actual["data"].(map[string]interface{}) {
|
||
|
|
if v.(map[string]interface{})["accessor"] == "" {
|
||
|
|
t.Fatalf("no accessor from %s", k)
|
||
|
|
}
|
||
|
|
if v.(map[string]interface{})["uuid"] == "" {
|
||
|
|
t.Fatalf("no uuid from %s", k)
|
||
|
|
}
|
||
|
|
|
||
|
|
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
}
|
||
|
|
|
||
|
|
if diff := deep.Equal(actual, expected); diff != nil {
|
||
|
|
t.Fatal(diff)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestSysTuneAuth_nonHMACKeys(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
// Mount-tune the audit_non_hmac_request_keys
|
||
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/auth/token/tune", map[string]interface{}{
|
||
|
|
"audit_non_hmac_request_keys": "foo",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
// Mount-tune the audit_non_hmac_response_keys
|
||
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/auth/token/tune", map[string]interface{}{
|
||
|
|
"audit_non_hmac_response_keys": "bar",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
// Check results
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth/token/tune")
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
actual := map[string]interface{}{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"audit_non_hmac_request_keys": []interface{}{"foo"},
|
||
|
|
"audit_non_hmac_response_keys": []interface{}{"bar"},
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"audit_non_hmac_request_keys": []interface{}{"foo"},
|
||
|
|
"audit_non_hmac_response_keys": []interface{}{"bar"},
|
||
|
|
"token_type": "default-service",
|
||
|
|
}
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
if !reflect.DeepEqual(actual, expected) {
|
||
|
|
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||
|
|
}
|
||
|
|
|
||
|
|
// Unset those mount tune values
|
||
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/auth/token/tune", map[string]interface{}{
|
||
|
|
"audit_non_hmac_request_keys": "",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/auth/token/tune", map[string]interface{}{
|
||
|
|
"audit_non_hmac_response_keys": "",
|
||
|
|
})
|
||
|
|
|
||
|
|
// Check results
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth/token/tune")
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
actual = map[string]interface{}{}
|
||
|
|
expected = map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
}
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
if !reflect.DeepEqual(actual, expected) {
|
||
|
|
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestSysTuneAuth_showUIMount(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
// Get original tune values, ensure that listing_visibility is not set
|
||
|
|
resp := testHttpGet(t, token, addr+"/v1/sys/auth/token/tune")
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
actual := map[string]interface{}{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
}
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
if !reflect.DeepEqual(actual, expected) {
|
||
|
|
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||
|
|
}
|
||
|
|
|
||
|
|
// Mount-tune the listing_visibility
|
||
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/auth/token/tune", map[string]interface{}{
|
||
|
|
"listing_visibility": "unauth",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
// Check results
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth/token/tune")
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
actual = map[string]interface{}{}
|
||
|
|
expected = map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"listing_visibility": "unauth",
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"default_lease_ttl": json.Number("2764800"),
|
||
|
|
"max_lease_ttl": json.Number("2764800"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"listing_visibility": "unauth",
|
||
|
|
"token_type": "default-service",
|
||
|
|
}
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
if !reflect.DeepEqual(actual, expected) {
|
||
|
|
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestSysRemountAuth(t *testing.T) {
|
||
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
||
|
|
ln, addr := TestServer(t, core)
|
||
|
|
defer ln.Close()
|
||
|
|
TestServerAuth(t, addr, token)
|
||
|
|
|
||
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/auth/foo", map[string]interface{}{
|
||
|
|
"type": "noop",
|
||
|
|
"description": "foo",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 204)
|
||
|
|
|
||
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/remount", map[string]interface{}{
|
||
|
|
"from": "auth/foo",
|
||
|
|
"to": "auth/bar",
|
||
|
|
})
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
// Poll until the remount succeeds
|
||
|
|
var remountResp map[string]interface{}
|
||
|
|
testResponseBody(t, resp, &remountResp)
|
||
|
|
corehelpers.RetryUntil(t, 5*time.Second, func() error {
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/remount/status/"+remountResp["migration_id"].(string))
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
|
||
|
|
var remountStatusResp map[string]interface{}
|
||
|
|
testResponseBody(t, resp, &remountStatusResp)
|
||
|
|
|
||
|
|
status := remountStatusResp["data"].(map[string]interface{})["migration_info"].(map[string]interface{})["status"]
|
||
|
|
if status != "success" {
|
||
|
|
return fmt.Errorf("Expected migration status to be successful, got %q", status)
|
||
|
|
}
|
||
|
|
return nil
|
||
|
|
})
|
||
|
|
|
||
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/auth")
|
||
|
|
|
||
|
|
var actual map[string]interface{}
|
||
|
|
expected := map[string]interface{}{
|
||
|
|
"lease_id": "",
|
||
|
|
"renewable": false,
|
||
|
|
"lease_duration": json.Number("0"),
|
||
|
|
"wrap_info": nil,
|
||
|
|
"warnings": nil,
|
||
|
|
"auth": nil,
|
||
|
|
"data": map[string]interface{}{
|
||
|
|
"bar/": map[string]interface{}{
|
||
|
|
"description": "foo",
|
||
|
|
"type": "noop",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": map[string]interface{}{},
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "kv"),
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"force_no_cache": false,
|
||
|
|
"token_type": "default-service",
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
},
|
||
|
|
"bar/": map[string]interface{}{
|
||
|
|
"description": "foo",
|
||
|
|
"type": "noop",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": map[string]interface{}{},
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "kv"),
|
||
|
|
},
|
||
|
|
"token/": map[string]interface{}{
|
||
|
|
"description": "token based credentials",
|
||
|
|
"type": "token",
|
||
|
|
"external_entropy_access": false,
|
||
|
|
"config": map[string]interface{}{
|
||
|
|
"default_lease_ttl": json.Number("0"),
|
||
|
|
"max_lease_ttl": json.Number("0"),
|
||
|
|
"token_type": "default-service",
|
||
|
|
"force_no_cache": false,
|
||
|
|
},
|
||
|
|
"local": false,
|
||
|
|
"seal_wrap": false,
|
||
|
|
"options": interface{}(nil),
|
||
|
|
"plugin_version": "",
|
||
|
|
"running_sha256": "",
|
||
|
|
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeCredential, "token"),
|
||
|
|
},
|
||
|
|
}
|
||
|
|
testResponseStatus(t, resp, 200)
|
||
|
|
testResponseBody(t, resp, &actual)
|
||
|
|
|
||
|
|
expected["request_id"] = actual["request_id"]
|
||
|
|
for k, v := range actual["data"].(map[string]interface{}) {
|
||
|
|
if v.(map[string]interface{})["accessor"] == "" {
|
||
|
|
t.Fatalf("no accessor from %s", k)
|
||
|
|
}
|
||
|
|
if v.(map[string]interface{})["uuid"] == "" {
|
||
|
|
t.Fatalf("no uuid from %s", k)
|
||
|
|
}
|
||
|
|
|
||
|
|
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
|
||
|
|
expected["data"].(map[string]interface{})[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
|
||
|
|
}
|
||
|
|
|
||
|
|
if diff := deep.Equal(actual, expected); diff != nil {
|
||
|
|
t.Fatal(diff)
|
||
|
|
}
|
||
|
|
}
|