2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2015-04-01 21:51:13 +00:00
|
|
|
package framework
|
|
|
|
|
|
|
|
import (
|
2018-01-08 20:26:13 +00:00
|
|
|
"context"
|
2015-04-01 21:51:13 +00:00
|
|
|
"testing"
|
|
|
|
|
2019-04-12 21:54:35 +00:00
|
|
|
saltpkg "github.com/hashicorp/vault/sdk/helper/salt"
|
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
2015-04-01 21:51:13 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestPathMap(t *testing.T) {
|
|
|
|
p := &PathMap{Name: "foo"}
|
|
|
|
storage := new(logical.InmemStorage)
|
|
|
|
var b logical.Backend = &Backend{Paths: p.Paths()}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
ctx := context.Background()
|
|
|
|
|
2015-04-01 21:51:13 +00:00
|
|
|
// Write via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
_, err := b.HandleRequest(ctx, &logical.Request{
|
2016-01-07 15:30:47 +00:00
|
|
|
Operation: logical.UpdateOperation,
|
2015-04-01 21:51:13 +00:00
|
|
|
Path: "map/foo/a",
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
"value": "bar",
|
|
|
|
},
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err := b.HandleRequest(ctx, &logical.Request{
|
2015-04-01 21:51:13 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if resp.Data["value"] != "bar" {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read via API
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err := p.Get(ctx, storage, "a")
|
2015-04-01 21:51:13 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
2015-04-17 16:35:49 +00:00
|
|
|
if v["value"] != "bar" {
|
2015-04-01 21:51:13 +00:00
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
2015-04-24 01:04:26 +00:00
|
|
|
|
2015-05-11 17:27:04 +00:00
|
|
|
// Read via API with other casing
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err = p.Get(ctx, storage, "A")
|
2015-05-11 17:27:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if v["value"] != "bar" {
|
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
|
|
|
|
2015-04-24 01:04:26 +00:00
|
|
|
// Verify List
|
2018-01-19 06:44:44 +00:00
|
|
|
keys, err := p.List(ctx, storage, "")
|
2015-04-24 01:04:26 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if len(keys) != 1 || keys[0] != "a" {
|
|
|
|
t.Fatalf("bad: %#v", keys)
|
|
|
|
}
|
2015-05-14 12:28:33 +00:00
|
|
|
|
2017-01-11 21:09:01 +00:00
|
|
|
// LIST via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2017-01-11 21:09:01 +00:00
|
|
|
Operation: logical.ListOperation,
|
|
|
|
Path: "map/foo/",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if len(resp.Data) != 1 || len(resp.Data["keys"].([]string)) != 1 ||
|
|
|
|
resp.Data["keys"].([]string)[0] != "a" {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
2015-05-14 12:28:33 +00:00
|
|
|
// Delete via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2015-05-14 12:28:33 +00:00
|
|
|
Operation: logical.DeleteOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if resp != nil {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Re-read via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2015-05-14 12:28:33 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if _, ok := resp.Data["value"]; ok {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Re-read via API
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err = p.Get(ctx, storage, "a")
|
2015-05-14 12:28:33 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if v != nil {
|
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
2015-04-01 21:51:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestPathMap_getInvalid(t *testing.T) {
|
|
|
|
p := &PathMap{Name: "foo"}
|
|
|
|
storage := new(logical.InmemStorage)
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err := p.Get(context.Background(), storage, "nope")
|
2015-04-01 21:51:13 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
2015-04-17 16:35:49 +00:00
|
|
|
if v != nil {
|
2015-04-01 21:51:13 +00:00
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
|
|
|
}
|
2015-05-02 20:17:42 +00:00
|
|
|
|
|
|
|
func TestPathMap_routes(t *testing.T) {
|
|
|
|
p := &PathMap{Name: "foo"}
|
|
|
|
TestBackendRoutes(t, &Backend{Paths: p.Paths()}, []string{
|
|
|
|
"map/foo", // Normal
|
|
|
|
"map/foo/bar", // Normal
|
|
|
|
"map/foo/bar-baz", // Hyphen key
|
|
|
|
})
|
|
|
|
}
|
2015-06-30 21:28:45 +00:00
|
|
|
|
|
|
|
func TestPathMap_Salted(t *testing.T) {
|
|
|
|
storage := new(logical.InmemStorage)
|
2018-01-18 00:48:32 +00:00
|
|
|
|
2018-03-08 19:21:11 +00:00
|
|
|
salt, err := saltpkg.NewSalt(context.Background(), storage, &saltpkg.Config{
|
2018-01-18 00:48:32 +00:00
|
|
|
HashFunc: saltpkg.SHA1Hash,
|
2015-09-18 16:18:37 +00:00
|
|
|
})
|
2015-06-30 21:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2018-01-18 00:48:32 +00:00
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
testSalting(t, context.Background(), storage, salt, &PathMap{Name: "foo", Salt: salt})
|
2018-01-18 00:48:32 +00:00
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
func testSalting(t *testing.T, ctx context.Context, storage logical.Storage, salt *saltpkg.Salt, p *PathMap) {
|
2015-06-30 21:28:45 +00:00
|
|
|
var b logical.Backend = &Backend{Paths: p.Paths()}
|
2018-01-18 00:48:32 +00:00
|
|
|
var err error
|
2015-06-30 21:28:45 +00:00
|
|
|
|
|
|
|
// Write via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
_, err = b.HandleRequest(ctx, &logical.Request{
|
2016-01-07 15:30:47 +00:00
|
|
|
Operation: logical.UpdateOperation,
|
2015-06-30 21:28:45 +00:00
|
|
|
Path: "map/foo/a",
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
"value": "bar",
|
|
|
|
},
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Non-salted version should not be there
|
2018-01-19 06:44:44 +00:00
|
|
|
out, err := storage.Get(ctx, "struct/map/foo/a")
|
2015-06-30 21:28:45 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if out != nil {
|
|
|
|
t.Fatalf("non-salted key found")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ensure the path is salted
|
2018-01-18 00:48:32 +00:00
|
|
|
expect := "s" + salt.SaltIDHashFunc("a", saltpkg.SHA256Hash)
|
2018-01-19 06:44:44 +00:00
|
|
|
out, err = storage.Get(ctx, "struct/map/foo/"+expect)
|
2017-05-09 21:51:09 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if out == nil {
|
|
|
|
t.Fatalf("missing salted key")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err := b.HandleRequest(ctx, &logical.Request{
|
2017-05-09 21:51:09 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if resp.Data["value"] != "bar" {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read via API
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err := p.Get(ctx, storage, "a")
|
2017-05-09 21:51:09 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if v["value"] != "bar" {
|
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read via API with other casing
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err = p.Get(ctx, storage, "A")
|
2017-05-09 21:51:09 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if v["value"] != "bar" {
|
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Verify List
|
2018-01-19 06:44:44 +00:00
|
|
|
keys, err := p.List(ctx, storage, "")
|
2017-05-09 21:51:09 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if len(keys) != 1 || keys[0] != expect {
|
|
|
|
t.Fatalf("bad: %#v", keys)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2017-05-09 21:51:09 +00:00
|
|
|
Operation: logical.DeleteOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if resp != nil {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Re-read via HTTP
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2017-05-09 21:51:09 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/a",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if _, ok := resp.Data["value"]; ok {
|
|
|
|
t.Fatalf("bad: %#v", resp)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Re-read via API
|
2018-01-19 06:44:44 +00:00
|
|
|
v, err = p.Get(ctx, storage, "a")
|
2017-05-09 21:51:09 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("bad: %#v", err)
|
|
|
|
}
|
|
|
|
if v != nil {
|
|
|
|
t.Fatalf("bad: %#v", v)
|
|
|
|
}
|
2017-06-07 19:22:08 +00:00
|
|
|
|
|
|
|
// Put in a non-salted version and make sure that after reading it's been
|
|
|
|
// upgraded
|
2018-01-19 06:44:44 +00:00
|
|
|
err = storage.Put(ctx, &logical.StorageEntry{
|
2017-06-07 19:22:08 +00:00
|
|
|
Key: "struct/map/foo/b",
|
|
|
|
Value: []byte(`{"foo": "bar"}`),
|
|
|
|
})
|
|
|
|
if err != nil {
|
2018-02-05 01:37:57 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
2017-06-07 19:22:08 +00:00
|
|
|
}
|
|
|
|
// A read should transparently upgrade
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2017-06-07 19:22:08 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/b",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2018-01-19 06:44:44 +00:00
|
|
|
list, _ := storage.List(ctx, "struct/map/foo/")
|
2017-06-07 19:22:08 +00:00
|
|
|
if len(list) != 1 {
|
|
|
|
t.Fatalf("unexpected number of entries left after upgrade; expected 1, got %d", len(list))
|
|
|
|
}
|
|
|
|
found := false
|
|
|
|
for _, v := range list {
|
2018-01-18 00:48:32 +00:00
|
|
|
if v == "s"+salt.SaltIDHashFunc("b", saltpkg.SHA256Hash) {
|
2017-06-07 19:22:08 +00:00
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
|
|
|
t.Fatal("did not find upgraded value")
|
|
|
|
}
|
2015-06-30 21:28:45 +00:00
|
|
|
|
2018-01-18 00:48:32 +00:00
|
|
|
// Put in a SHA1 salted version and make sure that after reading its been
|
2017-06-07 19:22:08 +00:00
|
|
|
// upgraded
|
2018-01-19 06:44:44 +00:00
|
|
|
err = storage.Put(ctx, &logical.StorageEntry{
|
2018-01-18 00:48:32 +00:00
|
|
|
Key: "struct/map/foo/" + salt.SaltID("b"),
|
2017-06-07 19:22:08 +00:00
|
|
|
Value: []byte(`{"foo": "bar"}`),
|
|
|
|
})
|
|
|
|
if err != nil {
|
2018-01-18 00:48:32 +00:00
|
|
|
t.Fatal(err)
|
2017-06-07 19:22:08 +00:00
|
|
|
}
|
2018-01-18 00:48:32 +00:00
|
|
|
|
2017-06-07 19:22:08 +00:00
|
|
|
// A read should transparently upgrade
|
2018-01-19 06:44:44 +00:00
|
|
|
resp, err = b.HandleRequest(ctx, &logical.Request{
|
2017-06-07 19:22:08 +00:00
|
|
|
Operation: logical.ReadOperation,
|
|
|
|
Path: "map/foo/b",
|
|
|
|
Storage: storage,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2018-01-19 06:44:44 +00:00
|
|
|
list, _ = storage.List(ctx, "struct/map/foo/")
|
2017-06-07 19:22:08 +00:00
|
|
|
if len(list) != 1 {
|
|
|
|
t.Fatalf("unexpected number of entries left after upgrade; expected 1, got %d", len(list))
|
|
|
|
}
|
2018-01-18 00:48:32 +00:00
|
|
|
found = false
|
2017-06-07 19:22:08 +00:00
|
|
|
for _, v := range list {
|
2018-01-18 00:48:32 +00:00
|
|
|
if v == "s"+salt.SaltIDHashFunc("b", saltpkg.SHA256Hash) {
|
2017-06-07 19:22:08 +00:00
|
|
|
found = true
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !found {
|
|
|
|
t.Fatal("did not find upgraded value")
|
|
|
|
}
|
2015-06-30 21:28:45 +00:00
|
|
|
}
|
2018-01-18 00:48:32 +00:00
|
|
|
|
|
|
|
func TestPathMap_SaltFunc(t *testing.T) {
|
|
|
|
storage := new(logical.InmemStorage)
|
|
|
|
|
2018-03-08 19:21:11 +00:00
|
|
|
salt, err := saltpkg.NewSalt(context.Background(), storage, &saltpkg.Config{
|
2018-01-18 00:48:32 +00:00
|
|
|
HashFunc: saltpkg.SHA1Hash,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
2018-03-08 19:21:11 +00:00
|
|
|
saltFunc := func(context.Context) (*saltpkg.Salt, error) {
|
2018-01-18 00:48:32 +00:00
|
|
|
return salt, nil
|
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
testSalting(t, context.Background(), storage, salt, &PathMap{Name: "foo", SaltFunc: saltFunc})
|
2018-01-18 00:48:32 +00:00
|
|
|
}
|