open-vault/builtin/logical/ssh/path_config_ca_test.go

package ssh

import (
	"testing"

	"github.com/hashicorp/vault/logical"
)

func TestSSH_ConfigCAStorageUpgrade(t *testing.T) {
	var err error

	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}

	b, err := Backend(config)
	if err != nil {
		t.Fatal(err)
	}

	err = b.Setup(config)
	if err != nil {
		t.Fatal(err)
	}

	// Store at an older path
	err = config.StorageView.Put(&logical.StorageEntry{
		Key:   caPrivateKeyStoragePathDeprecated,
		Value: []byte(privateKey),
	})
	if err != nil {
		t.Fatal(err)
	}

	// Reading it should return the key as well as upgrade the storage path
	privateKeyEntry, err := caKey(config.StorageView, caPrivateKey)
	if err != nil {
		t.Fatal(err)
	}
	if privateKeyEntry == nil || privateKeyEntry.Key == "" {
		t.Fatalf("failed to read the stored private key")
	}

	entry, err := config.StorageView.Get(caPrivateKeyStoragePathDeprecated)
	if err != nil {
		t.Fatal(err)
	}
	if entry != nil {
		t.Fatalf("bad: expected a nil entry after upgrade")
	}

	entry, err = config.StorageView.Get(caPrivateKeyStoragePath)
	if err != nil {
		t.Fatal(err)
	}
	if entry == nil {
		t.Fatalf("bad: expected a non-nil entry after upgrade")
	}

	// Store at an older path
	err = config.StorageView.Put(&logical.StorageEntry{
		Key:   caPublicKeyStoragePathDeprecated,
		Value: []byte(publicKey),
	})
	if err != nil {
		t.Fatal(err)
	}

	// Reading it should return the key as well as upgrade the storage path
	publicKeyEntry, err := caKey(config.StorageView, caPublicKey)
	if err != nil {
		t.Fatal(err)
	}
	if publicKeyEntry == nil || publicKeyEntry.Key == "" {
		t.Fatalf("failed to read the stored public key")
	}

	entry, err = config.StorageView.Get(caPublicKeyStoragePathDeprecated)
	if err != nil {
		t.Fatal(err)
	}
	if entry != nil {
		t.Fatalf("bad: expected a nil entry after upgrade")
	}

	entry, err = config.StorageView.Get(caPublicKeyStoragePath)
	if err != nil {
		t.Fatal(err)
	}
	if entry == nil {
		t.Fatalf("bad: expected a non-nil entry after upgrade")
	}
}

func TestSSH_ConfigCAUpdateDelete(t *testing.T) {
	var resp *logical.Response
	var err error
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}

	b, err := Factory(config)
	if err != nil {
		t.Fatalf("Cannot create backend: %s", err)
	}

	caReq := &logical.Request{
		Path:      "config/ca",
		Operation: logical.UpdateOperation,
		Storage:   config.StorageView,
	}

	// Auto-generate the keys
	resp, err = b.HandleRequest(caReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("bad: err: %v, resp:%v", err, resp)
	}

	// Fail to overwrite it
	resp, err = b.HandleRequest(caReq)
	if err == nil {
		t.Fatalf("expected an error")
	}

	caReq.Operation = logical.DeleteOperation
	// Delete the configured keys
	resp, err = b.HandleRequest(caReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("bad: err: %v, resp:%v", err, resp)
	}

	caReq.Operation = logical.UpdateOperation
	caReq.Data = map[string]interface{}{
		"public_key":  publicKey,
		"private_key": privateKey,
	}

	// Successfully create a new one
	resp, err = b.HandleRequest(caReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("bad: err: %v, resp:%v", err, resp)
	}

	// Fail to overwrite it
	resp, err = b.HandleRequest(caReq)
	if err == nil {
		t.Fatalf("expected an error")
	}

	caReq.Operation = logical.DeleteOperation
	// Delete the configured keys
	resp, err = b.HandleRequest(caReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("bad: err: %v, resp:%v", err, resp)
	}

	caReq.Operation = logical.UpdateOperation
	caReq.Data = nil

	// Successfully create a new one
	resp, err = b.HandleRequest(caReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("bad: err: %v, resp:%v", err, resp)
	}
}
ssh: Added DeleteOperation to config/ca (#2434) * ssh: Added DeleteOperation to config/ca * Address review feedback 2017-03-03 15:19:45 +00:00			`package ssh`

			`import (`
			`"testing"`

			`"github.com/hashicorp/vault/logical"`
			`)`

SSH CA enhancements (#2442) * Use constants for storage paths * Upgrade path for public key storage * Fix calculateValidPrincipals, upgrade ca_private_key, and other changes * Remove a print statement * Added tests for upgrade case * Make exporting consistent in creation bundle * unexporting and constants * Move keys into a struct instead of plain string * minor changes 2017-03-08 22:36:21 +00:00			`func TestSSH_ConfigCAStorageUpgrade(t *testing.T) {`
			`var err error`

			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`

			`b, err := Backend(config)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs 2017-07-20 17:28:40 +00:00			`err = b.Setup(config)`
SSH CA enhancements (#2442) * Use constants for storage paths * Upgrade path for public key storage * Fix calculateValidPrincipals, upgrade ca_private_key, and other changes * Remove a print statement * Added tests for upgrade case * Make exporting consistent in creation bundle * unexporting and constants * Move keys into a struct instead of plain string * minor changes 2017-03-08 22:36:21 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// Store at an older path`
			`err = config.StorageView.Put(&logical.StorageEntry{`
			`Key: caPrivateKeyStoragePathDeprecated,`
			`Value: []byte(privateKey),`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// Reading it should return the key as well as upgrade the storage path`
			`privateKeyEntry, err := caKey(config.StorageView, caPrivateKey)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if privateKeyEntry == nil \|\| privateKeyEntry.Key == "" {`
			`t.Fatalf("failed to read the stored private key")`
			`}`

			`entry, err := config.StorageView.Get(caPrivateKeyStoragePathDeprecated)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if entry != nil {`
			`t.Fatalf("bad: expected a nil entry after upgrade")`
			`}`

			`entry, err = config.StorageView.Get(caPrivateKeyStoragePath)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if entry == nil {`
			`t.Fatalf("bad: expected a non-nil entry after upgrade")`
			`}`

			`// Store at an older path`
			`err = config.StorageView.Put(&logical.StorageEntry{`
			`Key: caPublicKeyStoragePathDeprecated,`
			`Value: []byte(publicKey),`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`// Reading it should return the key as well as upgrade the storage path`
			`publicKeyEntry, err := caKey(config.StorageView, caPublicKey)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if publicKeyEntry == nil \|\| publicKeyEntry.Key == "" {`
			`t.Fatalf("failed to read the stored public key")`
			`}`

			`entry, err = config.StorageView.Get(caPublicKeyStoragePathDeprecated)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if entry != nil {`
			`t.Fatalf("bad: expected a nil entry after upgrade")`
			`}`

			`entry, err = config.StorageView.Get(caPublicKeyStoragePath)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`if entry == nil {`
			`t.Fatalf("bad: expected a non-nil entry after upgrade")`
			`}`
			`}`

ssh: Added DeleteOperation to config/ca (#2434) * ssh: Added DeleteOperation to config/ca * Address review feedback 2017-03-03 15:19:45 +00:00			`func TestSSH_ConfigCAUpdateDelete(t *testing.T) {`
			`var resp *logical.Response`
			`var err error`
			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`

			`b, err := Factory(config)`
			`if err != nil {`
			`t.Fatalf("Cannot create backend: %s", err)`
			`}`

			`caReq := &logical.Request{`
			`Path: "config/ca",`
			`Operation: logical.UpdateOperation,`
			`Storage: config.StorageView,`
			`}`

			`// Auto-generate the keys`
			`resp, err = b.HandleRequest(caReq)`
			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("bad: err: %v, resp:%v", err, resp)`
			`}`

			`// Fail to overwrite it`
			`resp, err = b.HandleRequest(caReq)`
			`if err == nil {`
			`t.Fatalf("expected an error")`
			`}`

			`caReq.Operation = logical.DeleteOperation`
			`// Delete the configured keys`
			`resp, err = b.HandleRequest(caReq)`
			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("bad: err: %v, resp:%v", err, resp)`
			`}`

			`caReq.Operation = logical.UpdateOperation`
			`caReq.Data = map[string]interface{}{`
			`"public_key": publicKey,`
			`"private_key": privateKey,`
			`}`

			`// Successfully create a new one`
			`resp, err = b.HandleRequest(caReq)`
			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("bad: err: %v, resp:%v", err, resp)`
			`}`

			`// Fail to overwrite it`
			`resp, err = b.HandleRequest(caReq)`
			`if err == nil {`
			`t.Fatalf("expected an error")`
			`}`

			`caReq.Operation = logical.DeleteOperation`
			`// Delete the configured keys`
			`resp, err = b.HandleRequest(caReq)`
			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("bad: err: %v, resp:%v", err, resp)`
			`}`

			`caReq.Operation = logical.UpdateOperation`
			`caReq.Data = nil`

			`// Successfully create a new one`
			`resp, err = b.HandleRequest(caReq)`
			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("bad: err: %v, resp:%v", err, resp)`
			`}`
			`}`