open-nomad/command/agent/keyring_endpoint_test.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

77 lines
2.1 KiB
Go
Raw Normal View History

2022-05-20 16:16:21 +00:00
package agent
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/stretchr/testify/require"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/nomad/structs"
)
func TestHTTP_Keyring_CRUD(t *testing.T) {
ci.Parallel(t)
httpTest(t, nil, func(s *TestAgent) {
respW := httptest.NewRecorder()
// List (get bootstrap key)
2022-05-20 16:16:21 +00:00
req, err := http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
2022-05-20 16:16:21 +00:00
require.NoError(t, err)
obj, err := s.Server.KeyringRequest(respW, req)
require.NoError(t, err)
listResp := obj.([]*structs.RootKeyMeta)
require.Len(t, listResp, 1)
oldKeyID := listResp[0].KeyID
// Rotate
req, err = http.NewRequest(http.MethodPut, "/v1/operator/keyring/rotate", nil)
require.NoError(t, err)
obj, err = s.Server.KeyringRequest(respW, req)
require.NoError(t, err)
2022-05-20 16:16:21 +00:00
require.NotZero(t, respW.HeaderMap.Get("X-Nomad-Index"))
rotateResp := obj.(structs.KeyringRotateRootKeyResponse)
require.NotNil(t, rotateResp.Key)
require.True(t, rotateResp.Key.Active())
newID1 := rotateResp.Key.KeyID
2022-05-20 16:16:21 +00:00
// List
req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
require.NoError(t, err)
obj, err = s.Server.KeyringRequest(respW, req)
require.NoError(t, err)
listResp = obj.([]*structs.RootKeyMeta)
require.Len(t, listResp, 2)
for _, key := range listResp {
if key.KeyID == newID1 {
require.True(t, key.Active(), "new key should be active")
} else {
require.False(t, key.Active(), "initial key should be inactive")
}
}
2022-05-20 16:16:21 +00:00
// Delete the old key and verify its gone
req, err = http.NewRequest(http.MethodDelete, "/v1/operator/keyring/key/"+oldKeyID, nil)
2022-05-20 16:16:21 +00:00
require.NoError(t, err)
obj, err = s.Server.KeyringRequest(respW, req)
require.NoError(t, err)
req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
require.NoError(t, err)
obj, err = s.Server.KeyringRequest(respW, req)
require.NoError(t, err)
listResp = obj.([]*structs.RootKeyMeta)
require.Len(t, listResp, 1)
require.Equal(t, newID1, listResp[0].KeyID)
require.True(t, listResp[0].Active())
require.Len(t, listResp, 1)
2022-05-20 16:16:21 +00:00
})
}