open-vault/http/sys_policy_test.go

157 lines
4.5 KiB
Go
Raw Normal View History

2015-04-02 00:43:58 +00:00
package http
import (
2016-08-08 20:00:31 +00:00
"encoding/json"
2015-04-02 00:43:58 +00:00
"reflect"
"testing"
"github.com/hashicorp/vault/vault"
)
func TestSysPolicies(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpGet(t, token, addr+"/v1/sys/policy")
2015-04-02 00:43:58 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"policies": []interface{}{"default", "root"},
"keys": []interface{}{"default", "root"},
},
2016-07-25 21:05:54 +00:00
"policies": []interface{}{"default", "root"},
"keys": []interface{}{"default", "root"},
2015-04-02 00:43:58 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
2015-04-02 00:43:58 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
2015-04-02 00:43:58 +00:00
}
}
2015-04-02 00:52:55 +00:00
func TestSysReadPolicy(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")
2015-04-02 00:52:55 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"name": "root",
"rules": "",
},
2015-04-02 00:52:55 +00:00
"name": "root",
"rules": "",
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
2015-04-02 00:52:55 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
2015-04-02 00:52:55 +00:00
}
}
func TestSysWritePolicy(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
2017-06-01 21:22:34 +00:00
"rules": `path "*" { capabilities = ["read"] }`,
2015-04-02 00:52:55 +00:00
})
2017-10-23 21:39:21 +00:00
testResponseStatus(t, resp, 200)
2015-04-02 00:52:55 +00:00
2015-08-22 00:36:19 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/policy")
2015-04-02 00:52:55 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"policies": []interface{}{"default", "foo", "root"},
"keys": []interface{}{"default", "foo", "root"},
},
2016-07-25 21:05:54 +00:00
"policies": []interface{}{"default", "foo", "root"},
"keys": []interface{}{"default", "foo", "root"},
2015-04-02 00:52:55 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
2015-04-02 00:52:55 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
2015-04-02 00:52:55 +00:00
}
resp = testHttpPost(t, token, addr+"/v1/sys/policy/response-wrapping", map[string]interface{}{
"rules": ``,
})
testResponseStatus(t, resp, 400)
2015-04-02 00:52:55 +00:00
}
func TestSysDeletePolicy(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
2015-08-22 00:36:19 +00:00
resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
2017-06-01 21:22:34 +00:00
"rules": `path "*" { capabilities = ["read"] }`,
2015-04-02 00:52:55 +00:00
})
2017-10-23 21:39:21 +00:00
testResponseStatus(t, resp, 200)
2015-04-02 00:52:55 +00:00
2015-08-22 00:36:19 +00:00
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
2015-04-02 00:52:55 +00:00
testResponseStatus(t, resp, 204)
// Also attempt to delete these since they should not be allowed (ignore
// responses, if they exist later that's sufficient)
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/response-wrapping")
2015-08-22 00:36:19 +00:00
resp = testHttpGet(t, token, addr+"/v1/sys/policy")
2015-04-02 00:52:55 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"policies": []interface{}{"default", "root"},
"keys": []interface{}{"default", "root"},
},
2016-07-25 21:05:54 +00:00
"policies": []interface{}{"default", "root"},
"keys": []interface{}{"default", "root"},
2015-04-02 00:52:55 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
2015-04-02 00:52:55 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
2015-04-02 00:52:55 +00:00
}
}