open-vault/vault/seal_testing.go

package vault

import (
	"context"

	"github.com/mitchellh/go-testing-interface"
)

var (
	TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs
	TestSealDefConfigs          = testSealDefConfigs
)

type TestSealOpts struct {
	StoredKeysDisabled   bool
	RecoveryKeysDisabled bool
}

func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) {
	t.Helper()
	var opts *TestSealOpts
	if recoveryConf == nil {
		opts = &TestSealOpts{
			StoredKeysDisabled:   true,
			RecoveryKeysDisabled: true,
		}
	}
	seal := NewTestSeal(t, opts)
	core := TestCoreWithSeal(t, seal, false)
	result, err := core.Initialize(context.Background(), &InitParams{
		BarrierConfig:  barrierConf,
		RecoveryConfig: recoveryConf,
	})
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	err = core.UnsealWithStoredKeys(context.Background())
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if core.Sealed() {
		for _, key := range result.SecretShares {
			if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
				t.Fatalf("unseal err: %s", err)
			}
		}

		if core.Sealed() {
			t.Fatal("should not be sealed")
		}
	}

	return core, result.SecretShares, result.RecoveryShares, result.RootToken
}

func testSealDefConfigs() (*SealConfig, *SealConfig) {
	return &SealConfig{
		SecretShares:    5,
		SecretThreshold: 3,
	}, nil
}

func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *TestSealOpts) (*Core, [][]byte, [][]byte, string) {
	seal := NewTestSeal(t, sealOpts)
	core := TestCoreWithSeal(t, seal, false)
	result, err := core.Initialize(context.Background(), &InitParams{
		BarrierConfig:  barrierConf,
		RecoveryConfig: recoveryConf,
	})
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	err = core.UnsealWithStoredKeys(context.Background())
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if core.Sealed() {
		for _, key := range result.SecretShares {
			if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
				t.Fatalf("unseal err: %s", err)
			}
		}

		if core.Sealed() {
			t.Fatal("should not be sealed")
		}
	}

	return core, result.SecretShares, result.RecoveryShares, result.RootToken
}
Split out TestSeal 2016-04-26 00:14:16 +00:00			`package vault`

			`import (`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`"context"`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`"github.com/mitchellh/go-testing-interface"`
Split out TestSeal 2016-04-26 00:14:16 +00:00			`)`

Push test functions to a var for overriding 2017-02-08 01:44:26 +00:00			`var (`
			`TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs`
			`TestSealDefConfigs = testSealDefConfigs`
			`)`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`type TestSealOpts struct {`
			`StoredKeysDisabled bool`
			`RecoveryKeysDisabled bool`
Split out TestSeal 2016-04-26 00:14:16 +00:00			`}`

Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf SealConfig) (Core, [][]byte, [][]byte, string) {`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`t.Helper()`
			`var opts *TestSealOpts`
			`if recoveryConf == nil {`
			`opts = &TestSealOpts{`
			`StoredKeysDisabled: true,`
			`RecoveryKeysDisabled: true,`
			`}`
			`}`
			`seal := NewTestSeal(t, opts)`
Disable the `sys/raw` endpoint by default (#3329) * disable raw endpoint by default * adding docs * config option raw -> raw_storage_endpoint * docs updates * adding listing on raw endpoint * reworking tests for enabled raw endpoints * root protecting base raw endpoint 2017-09-15 04:21:35 +00:00			`core := TestCoreWithSeal(t, seal, false)`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`result, err := core.Initialize(context.Background(), &InitParams{`
Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 22:42:24 +00:00			`BarrierConfig: barrierConf,`
			`RecoveryConfig: recoveryConf,`
			`})`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`err = core.UnsealWithStoredKeys(context.Background())`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
Tackle #4929 a different way (#4932) * Tackle #4929 a different way This turns c.sealed into an atomic, which allows us to call sealInternal without a lock. By doing so we can better control lock grabbing when a condition causing the standby loop to get out of active happens. This encapsulates that logic into two distinct pieces (although they could be combined into one), and makes lock guarding more understandable. * Re-add context canceling to the non-HA version of sealInternal * Return explicitly after stopCh triggered 2018-07-24 20:57:25 +00:00			`if core.Sealed() {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`for _, key := range result.SecretShares {`
Multi value test seal (#2281) 2017-01-17 20:43:10 +00:00			`if _, err := core.Unseal(TestKeyCopy(key)); err != nil {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`t.Fatalf("unseal err: %s", err)`
			`}`
			`}`

Tackle #4929 a different way (#4932) * Tackle #4929 a different way This turns c.sealed into an atomic, which allows us to call sealInternal without a lock. By doing so we can better control lock grabbing when a condition causing the standby loop to get out of active happens. This encapsulates that logic into two distinct pieces (although they could be combined into one), and makes lock guarding more understandable. * Re-add context canceling to the non-HA version of sealInternal * Return explicitly after stopCh triggered 2018-07-24 20:57:25 +00:00			`if core.Sealed() {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`t.Fatal("should not be sealed")`
			`}`
			`}`

			`return core, result.SecretShares, result.RecoveryShares, result.RootToken`
			`}`

Push test functions to a var for overriding 2017-02-08 01:44:26 +00:00			`func testSealDefConfigs() (SealConfig, SealConfig) {`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`return &SealConfig{`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`SecretShares: 5,`
			`SecretThreshold: 3,`
			`}, nil`
			`}`

			`func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf SealConfig, sealOpts TestSealOpts) (*Core, [][]byte, [][]byte, string) {`
			`seal := NewTestSeal(t, sealOpts)`
			`core := TestCoreWithSeal(t, seal, false)`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`result, err := core.Initialize(context.Background(), &InitParams{`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`BarrierConfig: barrierConf,`
			`RecoveryConfig: recoveryConf,`
			`})`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`err = core.UnsealWithStoredKeys(context.Background())`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`}`
Tackle #4929 a different way (#4932) * Tackle #4929 a different way This turns c.sealed into an atomic, which allows us to call sealInternal without a lock. By doing so we can better control lock grabbing when a condition causing the standby loop to get out of active happens. This encapsulates that logic into two distinct pieces (although they could be combined into one), and makes lock guarding more understandable. * Re-add context canceling to the non-HA version of sealInternal * Return explicitly after stopCh triggered 2018-07-24 20:57:25 +00:00			`if core.Sealed() {`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`for _, key := range result.SecretShares {`
			`if _, err := core.Unseal(TestKeyCopy(key)); err != nil {`
			`t.Fatalf("unseal err: %s", err)`
			`}`
			`}`

			`if core.Sealed() {`
			`t.Fatal("should not be sealed")`
			`}`
Sync some seal testing stuff 2017-10-23 17:42:04 +00:00			`}`

			`return core, result.SecretShares, result.RecoveryShares, result.RootToken`
Move TestSeal funcs to sealtesting 2016-04-27 20:59:06 +00:00			`}`