luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/http/sys_mount_test.go

843 lines
25 KiB
Go
Raw Normal View History

http: /sys/mounts
2015-03-16 04:18:25 +00:00
package http
import (
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"encoding/json"
http: /sys/mounts
2015-03-16 04:18:25 +00:00
"reflect"
"testing"
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
"github.com/fatih/structs"
http: /sys/mounts
2015-03-16 04:18:25 +00:00
"github.com/hashicorp/vault/vault"
)
func TestSysMounts(t *testing.T) {
http: support auth
2015-03-29 23:14:54 +00:00
core, _, token := vault.TestCoreUnsealed(t)
http: /sys/mounts
2015-03-16 04:18:25 +00:00
ln, addr := TestServer(t, core)
defer ln.Close()
http: support auth
2015-03-29 23:14:54 +00:00
TestServerAuth(t, addr, token)
http: /sys/mounts
2015-03-16 04:18:25 +00:00
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp := testHttpGet(t, token, addr+"/v1/sys/mounts")
http: /sys/mounts
2015-03-16 04:18:25 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
http: /sys/mounts
2015-03-16 04:18:25 +00:00
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /sys/mounts
2015-03-16 04:18:25 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /sys/mounts
2015-03-16 04:18:25 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
http: /sys/mounts
2015-03-16 04:18:25 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
http: /sys/mounts
2015-03-16 04:18:25 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
func TestSysMount(t *testing.T) {
http: support auth
2015-03-29 23:14:54 +00:00
core, _, token := vault.TestCoreUnsealed(t)
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
ln, addr := TestServer(t, core)
defer ln.Close()
http: support auth
2015-03-29 23:14:54 +00:00
TestServerAuth(t, addr, token)
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
"type": "generic",
"description": "foo",
})
testResponseStatus(t, resp, 204)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/mounts")
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
http: remount
2015-04-07 17:54:58 +00:00
}
}
Accept PUT as well as post to sys/mounts
2015-06-16 17:02:15 +00:00
func TestSysMount_put(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp := testHttpPut(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
Accept PUT as well as post to sys/mounts
2015-06-16 17:02:15 +00:00
"type": "generic",
"description": "foo",
})
testResponseStatus(t, resp, 204)
// The TestSysMount test tests the thing is actually created. See that test
// for more info.
}
http: remount
2015-04-07 17:54:58 +00:00
func TestSysRemount(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
http: remount
2015-04-07 17:54:58 +00:00
"type": "generic",
"description": "foo",
})
testResponseStatus(t, resp, 204)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp = testHttpPost(t, token, addr+"/v1/sys/remount", map[string]interface{}{
http: remount
2015-04-07 17:54:58 +00:00
"from": "foo",
"to": "bar",
})
testResponseStatus(t, resp, 204)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/mounts")
http: remount
2015-04-07 17:54:58 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"bar/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
http: remount
2015-04-07 17:54:58 +00:00
"bar/": map[string]interface{}{
"description": "foo",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: remount
2015-04-07 17:54:58 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: remount
2015-04-07 17:54:58 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: remount
2015-04-07 17:54:58 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
http: remount
2015-04-07 17:54:58 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
http: remount
2015-04-07 17:54:58 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
http: /v1/sys/mount endpoint
2015-03-16 17:36:29 +00:00
}
}
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
func TestSysUnmount(t *testing.T) {
http: support auth
2015-03-29 23:14:54 +00:00
core, _, token := vault.TestCoreUnsealed(t)
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
ln, addr := TestServer(t, core)
defer ln.Close()
http: support auth
2015-03-29 23:14:54 +00:00
TestServerAuth(t, addr, token)
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
"type": "generic",
"description": "foo",
})
testResponseStatus(t, resp, 204)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp = testHttpDelete(t, token, addr+"/v1/sys/mounts/foo")
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
testResponseStatus(t, resp, 204)
Remove cookie authentication.
2015-08-22 00:36:19 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/mounts")
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Plumb per-mount config options through API
2015-08-31 18:27:49 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
http: /v1/sys/mount DELETE
2015-03-16 17:41:08 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
func TestSysTuneMount(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
"type": "generic",
"description": "foo",
})
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/mounts")
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
// Shorter than system default
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": "72h",
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
})
testResponseStatus(t, resp, 204)
Address items from feedback. Make MountConfig use values rather than pointers and change how config is read to compensate.
2015-09-09 19:24:45 +00:00
// Longer than system max
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": "72000h",
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
})
Simplify a lot of the mount tuning code (#3285)
2017-09-05 14:57:25 +00:00
testResponseStatus(t, resp, 204)
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
// Longer than system default
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"max_lease_ttl": "72000h",
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
})
testResponseStatus(t, resp, 204)
// Longer than backend max
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": "72001h",
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
})
testResponseStatus(t, resp, 400)
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
// Shorter than backend default
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"max_lease_ttl": "1h",
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
})
testResponseStatus(t, resp, 400)
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
// Shorter than backend max, longer than system max
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": "71999h",
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
})
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/mounts")
expected = map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
},
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
"foo/": map[string]interface{}{
"description": "foo",
"type": "generic",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
"local": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
},
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
"cubbyhole/": map[string]interface{}{
"description": "per-token private secret storage",
"type": "cubbyhole",
"config": map[string]interface{}{
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
Make cubbyhole local instead of replicated. (#2397) This doesn't really change behavior, just what it looks like in the UX. However, it does make tests more complicated. Most were fixed by adding a sorting function, which is generally useful anyways.
2017-02-18 18:51:05 +00:00
"local": true,
Implement the cubbyhole backend In order to implement this efficiently, I have introduced the concept of "singleton" backends -- currently, 'sys' and 'cubbyhole'. There isn't much reason to allow sys to be mounted at multiple places, and there isn't much reason you'd need multiple per-token storage areas. By restricting it to just one, I can store that particular mount instead of iterating through them in order to call the appropriate revoke function. Additionally, because revocation on the backend needs to be triggered by the token store, the token store's salt is kept in the router and client tokens going to the cubbyhole backend are double-salted by the router. This allows the token store to drive when revocation happens using its salted tokens.
2015-09-10 01:58:09 +00:00
},
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
}
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-03 12:54:59 +00:00
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
}
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
}
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
// Check simple configuration endpoint
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/mounts/foo/tune")
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-03 12:54:59 +00:00
actual = map[string]interface{}{}
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
expected = map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("259196400"),
"max_lease_ttl": json.Number("259200000"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
}
Fix mount config test by proxying mounts/ in addition to mounts
2015-09-03 12:54:59 +00:00
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
}
// Set a low max
resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"default_lease_ttl": "40s",
"max_lease_ttl": "80s",
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
})
testResponseStatus(t, resp, 204)
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/mounts/secret/tune")
actual = map[string]interface{}{}
expected = map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"default_lease_ttl": json.Number("40"),
"max_lease_ttl": json.Number("80"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual)
}
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
// First try with lease above backend max
resp = testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{
"data": "bar",
"ttl": "28347h",
})
testResponseStatus(t, resp, 204)
// read secret
resp = testHttpGet(t, token, addr+"/v1/secret/foo")
var result struct {
LeaseID string `json:"lease_id" structs:"lease_id"`
LeaseDuration int `json:"lease_duration" structs:"lease_duration"`
}
testResponseBody(t, resp, &result)
expected = map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"lease_duration": int(80),
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
"lease_id": result.LeaseID,
}
if !reflect.DeepEqual(structs.Map(result), expected) {
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, structs.Map(result))
}
// Now with lease TTL unspecified
resp = testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{
"data": "bar",
})
testResponseStatus(t, resp, 204)
// read secret
resp = testHttpGet(t, token, addr+"/v1/secret/foo")
testResponseBody(t, resp, &result)
expected = map[string]interface{}{
Switch per-mount values to strings going in and seconds coming out, like other commands. Indicate deprecation of 'lease' in the token backend.
2015-09-25 13:46:20 +00:00
"lease_duration": int(40),
Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!)
2015-09-03 14:20:44 +00:00
"lease_id": result.LeaseID,
}
if !reflect.DeepEqual(structs.Map(result), expected) {
t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, structs.Map(result))
}
A couple bug fixes + most unit tests
2015-09-02 21:46:15 +00:00
}