open-vault/vault/seal_testing.go

package vault

import (
	"context"

	"github.com/mitchellh/go-testing-interface"
)

var (
	TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs
	TestSealDefConfigs          = testSealDefConfigs
)

type TestSealOpts struct {
	StoredKeysDisabled   bool
	RecoveryKeysDisabled bool
}

func NewTestSeal(t testing.T, opts *TestSealOpts) Seal {
	return NewDefaultSeal()
}

func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) {
	seal := NewTestSeal(t, nil)
	core := TestCoreWithSeal(t, seal, false)
	result, err := core.Initialize(context.Background(), &InitParams{
		BarrierConfig:  barrierConf,
		RecoveryConfig: recoveryConf,
	})
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	err = core.UnsealWithStoredKeys(context.Background())
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if sealed, _ := core.Sealed(); sealed {
		for _, key := range result.SecretShares {
			if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
				t.Fatalf("unseal err: %s", err)
			}
		}

		sealed, err = core.Sealed()
		if err != nil {
			t.Fatalf("err checking seal status: %s", err)
		}
		if sealed {
			t.Fatal("should not be sealed")
		}
	}

	return core, result.SecretShares, result.RecoveryShares, result.RootToken
}

func testSealDefConfigs() (*SealConfig, *SealConfig) {
	return &SealConfig{
		SecretShares:    5,
		SecretThreshold: 3,
	}, nil
}

func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *TestSealOpts) (*Core, [][]byte, [][]byte, string) {
	seal := NewTestSeal(t, sealOpts)
	core := TestCoreWithSeal(t, seal, false)
	result, err := core.Initialize(context.Background(), &InitParams{
		BarrierConfig:  barrierConf,
		RecoveryConfig: recoveryConf,
	})
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	for _, key := range result.SecretShares {
		if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
			t.Fatalf("unseal err: %s", err)
		}
	}

	sealed, err := core.Sealed()
	if err != nil {
		t.Fatalf("err checking seal status: %s", err)
	}
	if sealed {
		t.Fatal("should not be sealed")
	}

	return core, result.SecretShares, result.RecoveryShares, result.RootToken
}
Split out TestSeal 2016-04-26 00:14:16 +00:00			`package vault`

			`import (`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`"context"`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`"github.com/mitchellh/go-testing-interface"`
Split out TestSeal 2016-04-26 00:14:16 +00:00			`)`

Push test functions to a var for overriding 2017-02-08 01:44:26 +00:00			`var (`
			`TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs`
			`TestSealDefConfigs = testSealDefConfigs`
			`)`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`type TestSealOpts struct {`
			`StoredKeysDisabled bool`
			`RecoveryKeysDisabled bool`
Split out TestSeal 2016-04-26 00:14:16 +00:00			`}`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`func NewTestSeal(t testing.T, opts *TestSealOpts) Seal {`
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 22:18:48 +00:00			`return NewDefaultSeal()`
Minor ports 2016-12-05 17:28:12 +00:00			`}`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf SealConfig) (Core, [][]byte, [][]byte, string) {`
			`seal := NewTestSeal(t, nil)`
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint 2017-09-15 04:21:35 +00:00			`core := TestCoreWithSeal(t, seal, false)`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`result, err := core.Initialize(context.Background(), &InitParams{`
Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 22:42:24 +00:00			`BarrierConfig: barrierConf,`
			`RecoveryConfig: recoveryConf,`
			`})`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`err = core.UnsealWithStoredKeys(context.Background())`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if sealed, _ := core.Sealed(); sealed {`
			`for _, key := range result.SecretShares {`
Multi value test seal (#2281) 2017-01-17 20:43:10 +00:00			`if _, err := core.Unseal(TestKeyCopy(key)); err != nil {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`t.Fatalf("unseal err: %s", err)`
			`}`
			`}`

			`sealed, err = core.Sealed()`
			`if err != nil {`
			`t.Fatalf("err checking seal status: %s", err)`
			`}`
			`if sealed {`
			`t.Fatal("should not be sealed")`
			`}`
			`}`

			`return core, result.SecretShares, result.RecoveryShares, result.RootToken`
			`}`

Push test functions to a var for overriding 2017-02-08 01:44:26 +00:00			`func testSealDefConfigs() (SealConfig, SealConfig) {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`return &SealConfig{`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`SecretShares: 5,`
			`SecretThreshold: 3,`
			`}, nil`
			`}`

			`func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf SealConfig, sealOpts TestSealOpts) (*Core, [][]byte, [][]byte, string) {`
			`seal := NewTestSeal(t, sealOpts)`
			`core := TestCoreWithSeal(t, seal, false)`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`result, err := core.Initialize(context.Background(), &InitParams{`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`BarrierConfig: barrierConf,`
			`RecoveryConfig: recoveryConf,`
			`})`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`for _, key := range result.SecretShares {`
			`if _, err := core.Unseal(TestKeyCopy(key)); err != nil {`
			`t.Fatalf("unseal err: %s", err)`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`}`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`}`

			`sealed, err := core.Sealed()`
			`if err != nil {`
			`t.Fatalf("err checking seal status: %s", err)`
			`}`
			`if sealed {`
			`t.Fatal("should not be sealed")`
			`}`

			`return core, result.SecretShares, result.RecoveryShares, result.RootToken`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`}`