open-vault/http/sys_rekey_test.go

217 lines
5.8 KiB
Go
Raw Normal View History

2015-05-28 21:28:50 +00:00
package http
import (
"encoding/hex"
"encoding/json"
2015-05-28 21:28:50 +00:00
"net/http"
"reflect"
"testing"
"github.com/hashicorp/vault/vault"
)
func TestSysRekeyInit_Status(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp, err := http.Get(addr + "/v1/sys/rekey/init")
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
2015-12-16 21:56:15 +00:00
"started": false,
"t": json.Number("0"),
"n": json.Number("0"),
"progress": json.Number("0"),
"required": json.Number("1"),
2015-12-16 21:56:15 +00:00
"pgp_fingerprints": interface{}(nil),
"backup": false,
"nonce": "",
2015-05-28 21:28:50 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
2015-12-16 21:56:15 +00:00
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
2015-05-28 21:28:50 +00:00
}
}
func TestSysRekeyInit_Setup(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
2015-05-28 21:28:50 +00:00
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 200)
2015-05-28 21:28:50 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
2015-12-16 21:56:15 +00:00
"started": true,
"t": json.Number("3"),
"n": json.Number("5"),
"progress": json.Number("0"),
"required": json.Number("1"),
2015-12-16 21:56:15 +00:00
"pgp_fingerprints": interface{}(nil),
"backup": false,
2015-05-28 21:28:50 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if actual["nonce"].(string) == "" {
t.Fatalf("nonce was empty")
}
2015-12-16 21:56:15 +00:00
expected["nonce"] = actual["nonce"]
2015-05-28 21:28:50 +00:00
if !reflect.DeepEqual(actual, expected) {
2015-12-16 21:56:15 +00:00
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
2015-05-28 21:28:50 +00:00
}
resp = testHttpGet(t, token, addr+"/v1/sys/rekey/init")
actual = map[string]interface{}{}
expected = map[string]interface{}{
"started": true,
"t": json.Number("3"),
"n": json.Number("5"),
"progress": json.Number("0"),
"required": json.Number("1"),
"pgp_fingerprints": interface{}(nil),
"backup": false,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if actual["nonce"].(string) == "" {
t.Fatalf("nonce was empty")
}
if actual["nonce"].(string) == "" {
t.Fatalf("nonce was empty")
}
expected["nonce"] = actual["nonce"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
2015-05-28 21:28:50 +00:00
}
func TestSysRekeyInit_Cancel(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
2015-05-28 21:28:50 +00:00
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 200)
2015-05-28 21:28:50 +00:00
2015-08-22 00:36:19 +00:00
resp = testHttpDelete(t, token, addr+"/v1/sys/rekey/init")
2015-05-28 21:28:50 +00:00
testResponseStatus(t, resp, 204)
resp, err := http.Get(addr + "/v1/sys/rekey/init")
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
2015-12-16 21:56:15 +00:00
"started": false,
"t": json.Number("0"),
"n": json.Number("0"),
"progress": json.Number("0"),
"required": json.Number("1"),
2015-12-16 21:56:15 +00:00
"pgp_fingerprints": interface{}(nil),
"backup": false,
"nonce": "",
2015-05-28 21:28:50 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
2015-12-16 21:56:15 +00:00
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
2015-05-28 21:28:50 +00:00
}
}
func TestSysRekey_badKey(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/update", map[string]interface{}{
2015-05-28 21:28:50 +00:00
"key": "0123",
})
testResponseStatus(t, resp, 400)
}
func TestSysRekey_Update(t *testing.T) {
core, master, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
2015-05-28 21:28:50 +00:00
"secret_shares": 5,
"secret_threshold": 3,
})
2015-12-16 21:56:15 +00:00
var rekeyStatus map[string]interface{}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &rekeyStatus)
2015-08-22 00:36:19 +00:00
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/update", map[string]interface{}{
2015-12-16 21:56:15 +00:00
"nonce": rekeyStatus["nonce"].(string),
"key": hex.EncodeToString(master),
2015-05-28 21:28:50 +00:00
})
var actual map[string]interface{}
expected := map[string]interface{}{
2015-12-16 21:56:15 +00:00
"complete": true,
"nonce": rekeyStatus["nonce"].(string),
"backup": false,
"pgp_fingerprints": interface{}(nil),
2015-05-28 21:28:50 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
keys := actual["keys"].([]interface{})
if len(keys) != 5 {
t.Fatalf("bad: %#v", keys)
}
delete(actual, "keys")
if !reflect.DeepEqual(actual, expected) {
2015-12-16 21:56:15 +00:00
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
2015-05-28 21:28:50 +00:00
}
}
2015-12-16 21:56:15 +00:00
func TestSysRekey_ReInitUpdate(t *testing.T) {
core, master, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 200)
2015-12-16 21:56:15 +00:00
resp = testHttpDelete(t, token, addr+"/v1/sys/rekey/init")
testResponseStatus(t, resp, 204)
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 200)
2015-12-16 21:56:15 +00:00
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/update", map[string]interface{}{
"key": hex.EncodeToString(master),
})
testResponseStatus(t, resp, 400)
}