2022-05-20 16:16:21 +00:00
|
|
|
package agent
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"github.com/hashicorp/nomad/ci"
|
|
|
|
"github.com/hashicorp/nomad/nomad/structs"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestHTTP_Keyring_CRUD(t *testing.T) {
|
|
|
|
ci.Parallel(t)
|
|
|
|
|
|
|
|
httpTest(t, nil, func(s *TestAgent) {
|
|
|
|
|
|
|
|
respW := httptest.NewRecorder()
|
|
|
|
|
2022-09-09 12:50:35 +00:00
|
|
|
// List (get bootstrap key)
|
2022-05-20 16:16:21 +00:00
|
|
|
|
2022-09-09 12:50:35 +00:00
|
|
|
req, err := http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
|
2022-05-20 16:16:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
obj, err := s.Server.KeyringRequest(respW, req)
|
|
|
|
require.NoError(t, err)
|
2022-09-09 12:50:35 +00:00
|
|
|
listResp := obj.([]*structs.RootKeyMeta)
|
|
|
|
require.Len(t, listResp, 1)
|
|
|
|
oldKeyID := listResp[0].KeyID
|
|
|
|
|
|
|
|
// Rotate
|
|
|
|
|
|
|
|
req, err = http.NewRequest(http.MethodPut, "/v1/operator/keyring/rotate", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
obj, err = s.Server.KeyringRequest(respW, req)
|
|
|
|
require.NoError(t, err)
|
2022-05-20 16:16:21 +00:00
|
|
|
require.NotZero(t, respW.HeaderMap.Get("X-Nomad-Index"))
|
|
|
|
rotateResp := obj.(structs.KeyringRotateRootKeyResponse)
|
|
|
|
require.NotNil(t, rotateResp.Key)
|
2022-07-07 17:48:38 +00:00
|
|
|
require.True(t, rotateResp.Key.Active())
|
2022-05-31 12:43:51 +00:00
|
|
|
newID1 := rotateResp.Key.KeyID
|
2022-05-20 16:16:21 +00:00
|
|
|
|
|
|
|
// List
|
|
|
|
|
|
|
|
req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
obj, err = s.Server.KeyringRequest(respW, req)
|
|
|
|
require.NoError(t, err)
|
2022-09-09 12:50:35 +00:00
|
|
|
listResp = obj.([]*structs.RootKeyMeta)
|
2022-05-31 12:43:51 +00:00
|
|
|
require.Len(t, listResp, 2)
|
|
|
|
for _, key := range listResp {
|
|
|
|
if key.KeyID == newID1 {
|
2022-07-07 17:48:38 +00:00
|
|
|
require.True(t, key.Active(), "new key should be active")
|
2022-05-31 12:43:51 +00:00
|
|
|
} else {
|
2022-07-07 17:48:38 +00:00
|
|
|
require.False(t, key.Active(), "initial key should be inactive")
|
2022-05-31 12:43:51 +00:00
|
|
|
}
|
|
|
|
}
|
2022-05-20 16:16:21 +00:00
|
|
|
|
|
|
|
// Delete the old key and verify its gone
|
|
|
|
|
2022-09-09 12:50:35 +00:00
|
|
|
req, err = http.NewRequest(http.MethodDelete, "/v1/operator/keyring/key/"+oldKeyID, nil)
|
2022-05-20 16:16:21 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
obj, err = s.Server.KeyringRequest(respW, req)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
obj, err = s.Server.KeyringRequest(respW, req)
|
|
|
|
require.NoError(t, err)
|
|
|
|
listResp = obj.([]*structs.RootKeyMeta)
|
2022-09-09 12:50:35 +00:00
|
|
|
require.Len(t, listResp, 1)
|
|
|
|
require.Equal(t, newID1, listResp[0].KeyID)
|
|
|
|
require.True(t, listResp[0].Active())
|
|
|
|
require.Len(t, listResp, 1)
|
2022-05-20 16:16:21 +00:00
|
|
|
})
|
|
|
|
}
|