open-vault/http/sys_policy_test.go

package http

import (
	"reflect"
	"testing"

	"github.com/hashicorp/vault/vault"
)

func TestSysPolicies(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
		"policies": []interface{}{"cubbyhole-response-wrapping", "default", "root"},
		"keys":     []interface{}{"cubbyhole-response-wrapping", "default", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	if !reflect.DeepEqual(actual, expected) {
		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
}

func TestSysReadPolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")

	var actual map[string]interface{}
	expected := map[string]interface{}{
		"name":  "root",
		"rules": "",
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	if !reflect.DeepEqual(actual, expected) {
		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
}

func TestSysWritePolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
		"rules": ``,
	})
	testResponseStatus(t, resp, 204)

	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
		"policies": []interface{}{"cubbyhole-response-wrapping", "default", "foo", "root"},
		"keys":     []interface{}{"cubbyhole-response-wrapping", "default", "foo", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	if !reflect.DeepEqual(actual, expected) {
		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}

	resp = testHttpPost(t, token, addr+"/v1/sys/policy/cubbyhole-response-wrapping", map[string]interface{}{
		"rules": ``,
	})
	testResponseStatus(t, resp, 400)
}

func TestSysDeletePolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
		"rules": ``,
	})
	testResponseStatus(t, resp, 204)

	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
	testResponseStatus(t, resp, 204)

	// Also attempt to delete these since they should not be allowed (ignore
	// responses, if they exist later that's sufficient)
	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")
	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/cubbyhole-response-wrapping")

	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
		"policies": []interface{}{"cubbyhole-response-wrapping", "default", "root"},
		"keys":     []interface{}{"cubbyhole-response-wrapping", "default", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	if !reflect.DeepEqual(actual, expected) {
		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
}
http: list policies 2015-04-02 00:43:58 +00:00			`package http`

			`import (`
			`"reflect"`
			`"testing"`

			`"github.com/hashicorp/vault/vault"`
			`)`

			`func TestSysPolicies(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`
			`TestServerAuth(t, addr, token)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp := testHttpGet(t, token, addr+"/v1/sys/policy")`
http: list policies 2015-04-02 00:43:58 +00:00
			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 04:08:07 +00:00			`"policies": []interface{}{"cubbyhole-response-wrapping", "default", "root"},`
			`"keys": []interface{}{"cubbyhole-response-wrapping", "default", "root"},`
http: list policies 2015-04-02 00:43:58 +00:00			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers. 2016-03-02 19:16:54 +00:00			`t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)`
http: list policies 2015-04-02 00:43:58 +00:00			`}`
			`}`
http: all policy endpoints 2015-04-02 00:52:55 +00:00
			`func TestSysReadPolicy(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`
			`TestServerAuth(t, addr, token)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")`
http: all policy endpoints 2015-04-02 00:52:55 +00:00
			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
			`"name": "root",`
			`"rules": "",`
			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers. 2016-03-02 19:16:54 +00:00			`t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`
			`}`

			`func TestSysWritePolicy(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`
			`TestServerAuth(t, addr, token)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			"rules": ``,
			`})`
			`testResponseStatus(t, resp, 204)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp = testHttpGet(t, token, addr+"/v1/sys/policy")`
http: all policy endpoints 2015-04-02 00:52:55 +00:00
			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 04:08:07 +00:00			`"policies": []interface{}{"cubbyhole-response-wrapping", "default", "foo", "root"},`
			`"keys": []interface{}{"cubbyhole-response-wrapping", "default", "foo", "root"},`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers. 2016-03-02 19:16:54 +00:00			`t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`
Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 04:08:07 +00:00
			`resp = testHttpPost(t, token, addr+"/v1/sys/policy/cubbyhole-response-wrapping", map[string]interface{}{`
			"rules": ``,
			`})`
			`testResponseStatus(t, resp, 400)`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`

			`func TestSysDeletePolicy(t *testing.T) {`
			`core, _, token := vault.TestCoreUnsealed(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`
			`TestServerAuth(t, addr, token)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			"rules": ``,
			`})`
			`testResponseStatus(t, resp, 204)`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`testResponseStatus(t, resp, 204)`

Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 04:08:07 +00:00			`// Also attempt to delete these since they should not be allowed (ignore`
			`// responses, if they exist later that's sufficient)`
			`resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")`
			`resp = testHttpDelete(t, token, addr+"/v1/sys/policy/cubbyhole-response-wrapping")`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp = testHttpGet(t, token, addr+"/v1/sys/policy")`
http: all policy endpoints 2015-04-02 00:52:55 +00:00
			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
Add wrapping through core and change to use TTL instead of Duration. 2016-05-02 04:08:07 +00:00			`"policies": []interface{}{"cubbyhole-response-wrapping", "default", "root"},`
			`"keys": []interface{}{"cubbyhole-response-wrapping", "default", "root"},`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
Remove sys_policy from special handling as it's implemented in logical_system too. Clean up the mux handlers. 2016-03-02 19:16:54 +00:00			`t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)`
http: all policy endpoints 2015-04-02 00:52:55 +00:00			`}`
			`}`