184 lines
4.3 KiB
Go
184 lines
4.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package vault
|
|
|
|
import (
|
|
"context"
|
|
"reflect"
|
|
"testing"
|
|
|
|
log "github.com/hashicorp/go-hclog"
|
|
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
|
|
"github.com/hashicorp/vault/sdk/helper/logging"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
"github.com/hashicorp/vault/sdk/physical/inmem"
|
|
)
|
|
|
|
func TestCore_Init(t *testing.T) {
|
|
c, conf := testCore_NewTestCore(t, nil)
|
|
testCore_Init_Common(t, c, conf, &SealConfig{SecretShares: 5, SecretThreshold: 3}, nil)
|
|
}
|
|
|
|
func testCore_NewTestCore(t *testing.T, seal Seal) (*Core, *CoreConfig) {
|
|
return testCore_NewTestCoreLicensing(t, seal, nil)
|
|
}
|
|
|
|
func testCore_NewTestCoreLicensing(t *testing.T, seal Seal, licensingConfig *LicensingConfig) (*Core, *CoreConfig) {
|
|
logger := logging.NewVaultLogger(log.Trace)
|
|
|
|
inm, err := inmem.NewInmem(nil, logger)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
conf := &CoreConfig{
|
|
Physical: inm,
|
|
DisableMlock: true,
|
|
LogicalBackends: map[string]logical.Factory{
|
|
"kv": LeasedPassthroughBackendFactory,
|
|
},
|
|
Seal: seal,
|
|
LicensingConfig: licensingConfig,
|
|
}
|
|
c, err := NewCore(conf)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
t.Cleanup(func() {
|
|
defer func() {
|
|
if r := recover(); r != nil {
|
|
t.Log("panic closing core during cleanup", "panic", r)
|
|
}
|
|
}()
|
|
c.Shutdown()
|
|
})
|
|
return c, conf
|
|
}
|
|
|
|
func testCore_Init_Common(t *testing.T, c *Core, conf *CoreConfig, barrierConf, recoveryConf *SealConfig) {
|
|
init, err := c.Initialized(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if init {
|
|
t.Fatalf("should not be init")
|
|
}
|
|
|
|
// Check the seal configuration
|
|
outConf, err := c.seal.BarrierConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if outConf != nil {
|
|
t.Fatalf("bad: %v", outConf)
|
|
}
|
|
if recoveryConf != nil {
|
|
outConf, err := c.seal.RecoveryConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if outConf != nil {
|
|
t.Fatalf("bad: %v", outConf)
|
|
}
|
|
}
|
|
|
|
res, err := c.Initialize(context.Background(), &InitParams{
|
|
BarrierConfig: barrierConf,
|
|
RecoveryConfig: recoveryConf,
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if c.seal.BarrierType() == wrapping.WrapperTypeShamir && len(res.SecretShares) != barrierConf.SecretShares {
|
|
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *barrierConf)
|
|
}
|
|
if recoveryConf != nil {
|
|
if len(res.RecoveryShares) != recoveryConf.SecretShares {
|
|
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *recoveryConf)
|
|
}
|
|
}
|
|
|
|
if res.RootToken == "" {
|
|
t.Fatalf("Bad: %#v", res)
|
|
}
|
|
|
|
_, err = c.Initialize(context.Background(), &InitParams{
|
|
BarrierConfig: barrierConf,
|
|
RecoveryConfig: recoveryConf,
|
|
})
|
|
if err != ErrAlreadyInit {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
init, err = c.Initialized(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if !init {
|
|
t.Fatalf("should be init")
|
|
}
|
|
|
|
// Check the seal configuration
|
|
outConf, err = c.seal.BarrierConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if !reflect.DeepEqual(outConf, barrierConf) {
|
|
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
|
|
}
|
|
if recoveryConf != nil {
|
|
outConf, err = c.seal.RecoveryConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if !reflect.DeepEqual(outConf, recoveryConf) {
|
|
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
|
|
}
|
|
}
|
|
|
|
// New Core, same backend
|
|
c2, err := NewCore(conf)
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
_, err = c2.Initialize(context.Background(), &InitParams{
|
|
BarrierConfig: barrierConf,
|
|
RecoveryConfig: recoveryConf,
|
|
})
|
|
if err != ErrAlreadyInit {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
init, err = c2.Initialized(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
|
|
if !init {
|
|
t.Fatalf("should be init")
|
|
}
|
|
|
|
// Check the seal configuration
|
|
outConf, err = c2.seal.BarrierConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if !reflect.DeepEqual(outConf, barrierConf) {
|
|
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
|
|
}
|
|
if recoveryConf != nil {
|
|
outConf, err = c2.seal.RecoveryConfig(context.Background())
|
|
if err != nil {
|
|
t.Fatalf("err: %v", err)
|
|
}
|
|
if !reflect.DeepEqual(outConf, recoveryConf) {
|
|
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
|
|
}
|
|
}
|
|
}
|