luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/core_test.go

2148 lines
47 KiB
Go
Raw Normal View History

vault: Test initialization simple
2015-03-11 18:52:01 +00:00
package vault
import (
vault: Testing initialization
2015-03-11 18:57:05 +00:00
"reflect"
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
"testing"
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
"time"
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
Use split-out hashicorp/uuid
2015-10-12 18:07:12 +00:00
"github.com/hashicorp/uuid"
Create a "default" policy with sensible rules. It is forced to be included with each token, but can be changed (but not deleted). Fixes #732
2015-11-06 22:27:15 +00:00
"github.com/hashicorp/vault/audit"
vault: convert to logical.Request and friends
2015-03-15 21:53:41 +00:00
"github.com/hashicorp/vault/logical"
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
"github.com/hashicorp/vault/physical"
)
vault: sanity check key length
2015-03-12 18:20:27 +00:00
var (
// invalidKey is used to test Unseal
invalidKey = []byte("abcdefghijklmnopqrstuvwxyz")[:17]
)
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
func TestNewCore_badAdvertiseAddr(t *testing.T) {
conf := &CoreConfig{
AdvertiseAddr: "127.0.0.1:8200",
Physical: physical.NewInmem(),
DisableMlock: true,
}
_, err := NewCore(conf)
if err == nil {
t.Fatal("should error")
}
}
vault: Guard against an invalid seal config
2015-05-08 18:05:31 +00:00
func TestSealConfig_Invalid(t *testing.T) {
s := &SealConfig{
SecretShares: 2,
SecretThreshold: 1,
}
err := s.Validate()
if err == nil {
t.Fatalf("expected err")
}
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
func TestCore_Init(t *testing.T) {
inm := physical.NewInmem()
Disable mlock in tests
2015-04-29 01:12:57 +00:00
conf := &CoreConfig{
Physical: inm,
DisableMlock: true,
Don't use leases on the generic backend...with a caveat. You can now turn on and off the lease behavior in the generic backend by using one of two factories. Core uses the normal one if it's not already set, so unit tests can use the custom one and all stay working. This also adds logic into core to check, when the response is coming from a generic backend, whether that backend has leases enabled. This adds some slight overhead.
2015-09-19 22:24:53 +00:00
LogicalBackends: map[string]logical.Factory{
"generic": LeasedPassthroughBackendFactory,
},
Disable mlock in tests
2015-04-29 01:12:57 +00:00
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
c, err := NewCore(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
init, err := c.Initialized()
if err != nil {
t.Fatalf("err: %v", err)
}
if init {
t.Fatalf("should not be init")
}
vault: Testing initialization
2015-03-11 18:57:05 +00:00
// Check the seal configuration
outConf, err := c.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if outConf != nil {
t.Fatalf("bad: %v", outConf)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
sealConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
if len(res.SecretShares) != 1 {
t.Fatalf("Bad: %v", res)
}
vault: Generate a root token when initializing
2015-03-24 00:31:30 +00:00
if res.RootToken == "" {
t.Fatalf("Bad: %v", res)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
vault: Testing initialization
2015-03-11 18:57:05 +00:00
_, err = c.Initialize(sealConf)
if err != ErrAlreadyInit {
t.Fatalf("err: %v", err)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
init, err = c.Initialized()
if err != nil {
t.Fatalf("err: %v", err)
}
if !init {
t.Fatalf("should be init")
}
vault: Testing initialization
2015-03-11 18:57:05 +00:00
// Check the seal configuration
outConf, err = c.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, sealConf) {
t.Fatalf("bad: %v expect: %v", outConf, sealConf)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
// New Core, same backend
c2, err := NewCore(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
vault: Testing initialization
2015-03-11 18:57:05 +00:00
_, err = c2.Initialize(sealConf)
if err != ErrAlreadyInit {
t.Fatalf("err: %v", err)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
init, err = c2.Initialized()
if err != nil {
t.Fatalf("err: %v", err)
}
if !init {
t.Fatalf("should be init")
}
vault: Testing initialization
2015-03-11 18:57:05 +00:00
// Check the seal configuration
outConf, err = c2.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, sealConf) {
t.Fatalf("bad: %v expect: %v", outConf, sealConf)
}
}
func TestCore_Init_MultiShare(t *testing.T) {
vault: public TestCoreUnsealed, don't modify key in Unseal /cc @armon - I do a key copy within Unseal now. It tripped me up for quite awhile that that method actually modifies the param in-place and I can't think of any scenario that is good for the user. Do you see any issues here?
2015-03-15 00:47:11 +00:00
c := TestCore(t)
vault: Testing initialization
2015-03-11 18:57:05 +00:00
sealConf := &SealConfig{
SecretShares: 5,
SecretThreshold: 3,
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
if len(res.SecretShares) != 5 {
t.Fatalf("Bad: %v", res)
vault: Generate a root token when initializing
2015-03-24 00:31:30 +00:00
}
if res.RootToken == "" {
t.Fatalf("Bad: %v", res)
vault: Testing initialization
2015-03-11 18:57:05 +00:00
}
// Check the seal configuration
outConf, err := c.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, sealConf) {
t.Fatalf("bad: %v expect: %v", outConf, sealConf)
}
vault: Test initialization simple
2015-03-11 18:52:01 +00:00
}
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
func TestCore_Unseal_MultiShare(t *testing.T) {
vault: public TestCoreUnsealed, don't modify key in Unseal /cc @armon - I do a key copy within Unseal now. It tripped me up for quite awhile that that method actually modifies the param in-place and I can't think of any scenario that is good for the user. Do you see any issues here?
2015-03-15 00:47:11 +00:00
c := TestCore(t)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
vault: sanity check key length
2015-03-12 18:20:27 +00:00
_, err := c.Unseal(invalidKey)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
if err != ErrNotInit {
t.Fatalf("err: %v", err)
}
sealConf := &SealConfig{
SecretShares: 5,
SecretThreshold: 3,
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
sealed, err := c.Sealed()
if err != nil {
t.Fatalf("err: %v", err)
}
if !sealed {
t.Fatalf("should be sealed")
}
if prog := c.SecretProgress(); prog != 0 {
t.Fatalf("bad progress: %d", prog)
}
for i := 0; i < 5; i++ {
unseal, err := c.Unseal(res.SecretShares[i])
if err != nil {
t.Fatalf("err: %v", err)
}
// Ignore redundant
_, err = c.Unseal(res.SecretShares[i])
if err != nil {
t.Fatalf("err: %v", err)
}
if i >= 2 {
if !unseal {
t.Fatalf("should be unsealed")
}
if prog := c.SecretProgress(); prog != 0 {
t.Fatalf("bad progress: %d", prog)
}
} else {
if unseal {
t.Fatalf("should not be unsealed")
}
if prog := c.SecretProgress(); prog != i+1 {
t.Fatalf("bad progress: %d", prog)
}
}
}
sealed, err = c.Sealed()
if err != nil {
t.Fatalf("err: %v", err)
}
if sealed {
t.Fatalf("should not be sealed")
}
vault: require root token for seal
2015-03-31 16:59:02 +00:00
err = c.Seal(res.RootToken)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
// Ignore redundant
vault: require root token for seal
2015-03-31 16:59:02 +00:00
err = c.Seal(res.RootToken)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
sealed, err = c.Sealed()
if err != nil {
t.Fatalf("err: %v", err)
}
if !sealed {
t.Fatalf("should be sealed")
}
}
func TestCore_Unseal_Single(t *testing.T) {
vault: public TestCoreUnsealed, don't modify key in Unseal /cc @armon - I do a key copy within Unseal now. It tripped me up for quite awhile that that method actually modifies the param in-place and I can't think of any scenario that is good for the user. Do you see any issues here?
2015-03-15 00:47:11 +00:00
c := TestCore(t)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
vault: sanity check key length
2015-03-12 18:20:27 +00:00
_, err := c.Unseal(invalidKey)
vault: Testing core unseal
2015-03-11 21:25:16 +00:00
if err != ErrNotInit {
t.Fatalf("err: %v", err)
}
sealConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
sealed, err := c.Sealed()
if err != nil {
t.Fatalf("err: %v", err)
}
if !sealed {
t.Fatalf("should be sealed")
}
if prog := c.SecretProgress(); prog != 0 {
t.Fatalf("bad progress: %d", prog)
}
unseal, err := c.Unseal(res.SecretShares[0])
if err != nil {
t.Fatalf("err: %v", err)
}
if !unseal {
t.Fatalf("should be unsealed")
}
if prog := c.SecretProgress(); prog != 0 {
t.Fatalf("bad progress: %d", prog)
}
sealed, err = c.Sealed()
if err != nil {
t.Fatalf("err: %v", err)
}
if sealed {
t.Fatalf("should not be sealed")
}
}
vault: Test routing while sealed
2015-03-11 21:31:55 +00:00
func TestCore_Route_Sealed(t *testing.T) {
vault: public TestCoreUnsealed, don't modify key in Unseal /cc @armon - I do a key copy within Unseal now. It tripped me up for quite awhile that that method actually modifies the param in-place and I can't think of any scenario that is good for the user. Do you see any issues here?
2015-03-15 00:47:11 +00:00
c := TestCore(t)
vault: Test routing while sealed
2015-03-11 21:31:55 +00:00
sealConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
}
// Should not route anything
vault: convert to logical.Request and friends
2015-03-15 21:53:41 +00:00
req := &logical.Request{
Operation: logical.ReadOperation,
vault: Loading mount tables on start
2015-03-11 22:19:41 +00:00
Path: "sys/mounts",
vault: Test routing while sealed
2015-03-11 21:31:55 +00:00
}
_, err := c.HandleRequest(req)
if err != ErrSealed {
t.Fatalf("err: %v", err)
}
res, err := c.Initialize(sealConf)
if err != nil {
t.Fatalf("err: %v", err)
}
unseal, err := c.Unseal(res.SecretShares[0])
if err != nil {
t.Fatalf("err: %v", err)
}
if !unseal {
t.Fatalf("should be unsealed")
}
// Should not error after unseal
vault: Adding ACL enforcement
2015-03-24 18:37:07 +00:00
req.ClientToken = res.RootToken
vault: Test routing while sealed
2015-03-11 21:31:55 +00:00
_, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
}
vault: Support a pre-seal teardown
2015-03-13 18:16:24 +00:00
// Attempt to unseal after doing a first seal
func TestCore_SealUnseal(t *testing.T) {
vault: require root token for seal
2015-03-31 16:59:02 +00:00
c, key, root := TestCoreUnsealed(t)
if err := c.Seal(root); err != nil {
vault: Support a pre-seal teardown
2015-03-13 18:16:24 +00:00
t.Fatalf("err: %v", err)
}
if unseal, err := c.Unseal(key); err != nil || !unseal {
t.Fatalf("err: %v", err)
}
}
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
vault: support core shutdown
2015-06-18 01:23:59 +00:00
// Attempt to shutdown after unseal
func TestCore_Shutdown(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
if err := c.Shutdown(); err != nil {
t.Fatalf("err: %v", err)
}
if sealed, err := c.Sealed(); err != nil || !sealed {
t.Fatalf("err: %v", err)
}
}
vault: test bad key to seal
2015-03-31 17:00:04 +00:00
// Attempt to seal bad token
func TestCore_Seal_BadToken(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
if err := c.Seal("foo"); err == nil {
t.Fatalf("err: %v", err)
}
if sealed, err := c.Sealed(); err != nil || sealed {
t.Fatalf("err: %v", err)
}
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
// Ensure we get a LeaseID
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
func TestCore_HandleRequest_Lease(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
vault: Adding ACL enforcement
2015-03-24 18:37:07 +00:00
ClientToken: root,
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Read the key
req.Operation = logical.ReadOperation
req.Data = nil
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
if resp == nil || resp.Secret == nil || resp.Data == nil {
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
t.Fatalf("bad: %#v", resp)
}
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-21 00:47:17 +00:00
if resp.Secret.TTL != time.Hour {
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
t.Fatalf("bad: %#v", resp.Secret)
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
if resp.Secret.LeaseID == "" {
vault: clean up VaultID duplications, make secret responses clearer /cc @armon - This is a reasonably major refactor that I think cleans up a lot of the logic with secrets in responses. The reason for the refactor is that while implementing Renew/Revoke in logical/framework I found the existing API to be really awkward to work with. Primarily, we needed a way to send down internal data for Vault core to store since not all the data you need to revoke a key is always sent down to the user (for example the user than AWS key belongs to). At first, I was doing this manually in logical/framework with req.Storage, but this is going to be such a common event that I think its something core should assist with. Additionally, I think the added context for secrets will be useful in the future when we have a Vault API for returning orphaned out keys: we can also return the internal data that might help an operator. So this leads me to this refactor. I've removed most of the fields in `logical.Response` and replaced it with a single `*Secret` pointer. If this is non-nil, then the response represents a secret. The Secret struct encapsulates all the lease info and such. It also has some fields on it that are only populated at _request_ time for Revoke/Renew operations. There is precedent for this sort of behavior in the Go stdlib where http.Request/http.Response have fields that differ based on client/server. I copied this style. All core unit tests pass. The APIs fail for obvious reasons but I'll fix that up in the next commit.
2015-03-19 22:11:42 +00:00
t.Fatalf("bad: %#v", resp.Secret)
vault: integration expiration manager with core
2015-03-16 22:28:50 +00:00
}
if resp.Data["foo"] != "bar" {
t.Fatalf("bad: %#v", resp.Data)
}
}
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
vault: Enforce default and max length leasing
2015-04-03 22:42:34 +00:00
func TestCore_HandleRequest_Lease_MaxLength(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1000h",
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Read the key
req.Operation = logical.ReadOperation
req.Data = nil
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil || resp.Secret == nil || resp.Data == nil {
t.Fatalf("bad: %#v", resp)
}
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 14:50:16 +00:00
if resp.Secret.TTL != c.maxLeaseTTL {
vault: Enforce default and max length leasing
2015-04-03 22:42:34 +00:00
t.Fatalf("bad: %#v", resp.Secret)
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
if resp.Secret.LeaseID == "" {
vault: Enforce default and max length leasing
2015-04-03 22:42:34 +00:00
t.Fatalf("bad: %#v", resp.Secret)
}
if resp.Data["foo"] != "bar" {
t.Fatalf("bad: %#v", resp.Data)
}
}
func TestCore_HandleRequest_Lease_DefaultLength(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "0h",
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Read the key
req.Operation = logical.ReadOperation
req.Data = nil
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil || resp.Secret == nil || resp.Data == nil {
t.Fatalf("bad: %#v", resp)
}
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 14:50:16 +00:00
if resp.Secret.TTL != c.defaultLeaseTTL {
vault: Enforce default and max length leasing
2015-04-03 22:42:34 +00:00
t.Fatalf("bad: %#v", resp.Secret)
}
Replace VaultID with LeaseID for terminology simplification
2015-04-08 20:35:32 +00:00
if resp.Secret.LeaseID == "" {
vault: Enforce default and max length leasing
2015-04-03 22:42:34 +00:00
t.Fatalf("bad: %#v", resp.Secret)
}
if resp.Data["foo"] != "bar" {
t.Fatalf("bad: %#v", resp.Data)
}
}
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
func TestCore_HandleRequest_MissingToken(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, _ := TestCoreUnsealed(t)
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
}
resp, err := c.HandleRequest(req)
if err != logical.ErrInvalidRequest {
t.Fatalf("err: %v", err)
}
if resp.Data["error"] != "missing client token" {
t.Fatalf("bad: %#v", resp)
}
}
func TestCore_HandleRequest_InvalidToken(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, _ := TestCoreUnsealed(t)
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: "foobarbaz",
}
resp, err := c.HandleRequest(req)
vault: core enforcement of limited use tokens
2015-04-17 18:57:56 +00:00
if err != logical.ErrPermissionDenied {
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
t.Fatalf("err: %v", err)
}
vault: core enforcement of limited use tokens
2015-04-17 18:57:56 +00:00
if resp.Data["error"] != "permission denied" {
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
t.Fatalf("bad: %#v", resp)
}
}
vault: allow mount point queries without trailing /
2015-04-04 03:45:00 +00:00
// Check that standard permissions work
func TestCore_HandleRequest_NoSlash(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
req := &logical.Request{
Operation: logical.HelpOperation,
Path: "secret",
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v, resp: %v", err, resp)
}
if _, ok := resp.Data["help"]; !ok {
t.Fatalf("resp: %v", resp)
}
}
vault: testing root privilege restrictions
2015-03-24 22:52:07 +00:00
// Test a root path is denied if non-root
func TestCore_HandleRequest_RootPath(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
vault: testing root privilege restrictions
2015-03-24 22:52:07 +00:00
testCoreMakeToken(t, c, root, "child", []string{"test"})
req := &logical.Request{
Operation: logical.ReadOperation,
Path: "sys/policy", // root protected!
ClientToken: "child",
}
resp, err := c.HandleRequest(req)
if err != logical.ErrPermissionDenied {
vault: require root token for seal
2015-03-31 16:59:02 +00:00
t.Fatalf("err: %v, resp: %v", err, resp)
vault: testing root privilege restrictions
2015-03-24 22:52:07 +00:00
}
}
// Test a root path is allowed if non-root but with sudo
func TestCore_HandleRequest_RootPath_WithSudo(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
vault: testing root privilege restrictions
2015-03-24 22:52:07 +00:00
// Set the 'test' policy object to permit access to sys/policy
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "sys/policy/test", // root protected!
Data: map[string]interface{}{
"rules": `path "sys/policy" { policy = "sudo" }`,
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Child token (non-root) but with 'test' policy should have access
testCoreMakeToken(t, c, root, "child", []string{"test"})
req = &logical.Request{
Operation: logical.ReadOperation,
Path: "sys/policy", // root protected!
ClientToken: "child",
}
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil {
t.Fatalf("bad: %#v", resp)
}
}
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
vault: Testing core ACL enforcement
2015-03-24 22:55:27 +00:00
// Check that standard permissions work
func TestCore_HandleRequest_PermissionDenied(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
vault: Testing core ACL enforcement
2015-03-24 22:55:27 +00:00
testCoreMakeToken(t, c, root, "child", []string{"test"})
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: "child",
}
resp, err := c.HandleRequest(req)
if err != logical.ErrPermissionDenied {
vault: require root token for seal
2015-03-31 16:59:02 +00:00
t.Fatalf("err: %v, resp: %v", err, resp)
vault: Testing core ACL enforcement
2015-03-24 22:55:27 +00:00
}
}
// Check that standard permissions work
func TestCore_HandleRequest_PermissionAllowed(t *testing.T) {
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
vault: Testing core ACL enforcement
2015-03-24 22:55:27 +00:00
testCoreMakeToken(t, c, root, "child", []string{"test"})
// Set the 'test' policy object to permit access to secret/
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "sys/policy/test",
Data: map[string]interface{}{
vault: fixing test with glob change
2015-07-05 23:31:41 +00:00
"rules": `path "secret/*" { policy = "write" }`,
vault: Testing core ACL enforcement
2015-03-24 22:55:27 +00:00
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Write should work now
req = &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: "child",
}
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
}
vault: test missing and invalid tokens
2015-03-24 18:57:08 +00:00
vault: keep the connection info around for auth
2015-03-31 03:55:01 +00:00
func TestCore_HandleRequest_NoConnection(t *testing.T) {
noop := &NoopBackend{
Response: &logical.Response{},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.logicalBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: keep the connection info around for auth
2015-03-31 03:55:01 +00:00
return noop, nil
}
vault: Verify client token is not passed through in the plain
2015-04-03 22:39:56 +00:00
// Enable the logical backend
vault: keep the connection info around for auth
2015-03-31 03:55:01 +00:00
req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
req.Data["type"] = "noop"
req.Data["description"] = "foo"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to request with connection data
req = &logical.Request{
Path: "foo/login",
Connection: &logical.Connection{},
}
req.ClientToken = root
if _, err := c.HandleRequest(req); err != nil {
t.Fatalf("err: %v", err)
}
if noop.Requests[0].Connection != nil {
t.Fatalf("bad: %#v", noop.Requests)
}
}
vault: Verify client token is not passed through in the plain
2015-04-03 22:39:56 +00:00
func TestCore_HandleRequest_NoClientToken(t *testing.T) {
noop := &NoopBackend{
Response: &logical.Response{},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.logicalBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: Verify client token is not passed through in the plain
2015-04-03 22:39:56 +00:00
return noop, nil
}
// Enable the logical backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
req.Data["type"] = "noop"
req.Data["description"] = "foo"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to request with connection data
req = &logical.Request{
Path: "foo/login",
}
req.ClientToken = root
if _, err := c.HandleRequest(req); err != nil {
t.Fatalf("err: %v", err)
}
ct := noop.Requests[0].ClientToken
if ct == "" || ct == root {
t.Fatalf("bad: %#v", noop.Requests)
}
}
vault: keep the connection info around for auth
2015-03-31 03:55:01 +00:00
func TestCore_HandleRequest_ConnOnLogin(t *testing.T) {
noop := &NoopBackend{
Login: []string{"login"},
Response: &logical.Response{},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.credentialBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: keep the connection info around for auth
2015-03-31 03:55:01 +00:00
return noop, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to request with connection data
req = &logical.Request{
Path: "auth/foo/login",
Connection: &logical.Connection{},
}
if _, err := c.HandleRequest(req); err != nil {
t.Fatalf("err: %v", err)
}
if noop.Requests[0].Connection == nil {
t.Fatalf("bad: %#v", noop.Requests)
}
}
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
// Ensure we get a client token
func TestCore_HandleLogin_Token(t *testing.T) {
remove credential/ lots of tests faililng
2015-03-31 01:07:05 +00:00
noop := &NoopBackend{
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
Login: []string{"login"},
remove credential/ lots of tests faililng
2015-03-31 01:07:05 +00:00
Response: &logical.Response{
Auth: &logical.Auth{
Policies: []string{"foo", "bar"},
Metadata: map[string]string{
"user": "armon",
},
vault: thread the display name through
2015-04-15 21:12:34 +00:00
DisplayName: "armon",
remove credential/ lots of tests faililng
2015-03-31 01:07:05 +00:00
},
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
},
}
vault: tests passing
2015-03-29 23:18:08 +00:00
c, _, root := TestCoreUnsealed(t)
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
c.credentialBackends["noop"] = func(conf *logical.BackendConfig) (logical.Backend, error) {
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
return noop, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
vault: Adding ACL enforcement
2015-03-24 18:37:07 +00:00
req.ClientToken = root
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to login
vault: get rid of HangleLogin
2015-03-31 03:26:39 +00:00
lreq := &logical.Request{
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
Path: "auth/foo/login",
}
vault: get rid of HangleLogin
2015-03-31 03:26:39 +00:00
lresp, err := c.HandleRequest(lreq)
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we got a client token back
vault: get rid of HangleLogin
2015-03-31 03:26:39 +00:00
clientToken := lresp.Auth.ClientToken
if clientToken == "" {
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
t.Fatalf("bad: %#v", lresp)
}
// Check the policy and metadata
te, err := c.tokenStore.Lookup(clientToken)
if err != nil {
t.Fatalf("err: %v", err)
}
expect := &TokenEntry{
ID: clientToken,
Parent: "",
Create a "default" policy with sensible rules. It is forced to be included with each token, but can be changed (but not deleted). Fixes #732
2015-11-06 22:27:15 +00:00
Policies: []string{"foo", "bar", "default"},
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
Path: "auth/foo/login",
vault: get rid of HangleLogin
2015-03-31 03:26:39 +00:00
Meta: map[string]string{
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
"user": "armon",
},
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
DisplayName: "foo-armon",
TTL: time.Hour * 24,
CreationTime: te.CreationTime,
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
}
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
if !reflect.DeepEqual(te, expect) {
t.Fatalf("Bad: %#v expect: %#v", te, expect)
}
vault: integrate login with expiration manager
2015-04-03 00:52:11 +00:00
// Check that we have a lease with default duration
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
if lresp.Auth.TTL != noop.System().DefaultLeaseTTL() {
t.Fatalf("bad: %#v, defaultLeaseTTL: %#v", lresp.Auth, c.defaultLeaseTTL)
vault: first pass at HandleLogin
2015-03-23 20:56:43 +00:00
}
}
vault: Integrate audit logging with core
2015-04-01 21:33:48 +00:00
func TestCore_HandleRequest_AuditTrail(t *testing.T) {
// Create a noop audit backend
noop := &NoopAudit{}
c, _, root := TestCoreUnsealed(t)
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 21:36:42 +00:00
c.auditBackends["noop"] = func(config *audit.BackendConfig) (audit.Backend, error) {
noop = &NoopAudit{
Config: config,
}
vault: Integrate audit logging with core
2015-04-01 21:33:48 +00:00
return noop, nil
}
// Enable the audit backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/audit/noop")
req.Data["type"] = "noop"
req.ClientToken = root
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Make a request
req = &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: root,
}
req.ClientToken = root
if _, err := c.HandleRequest(req); err != nil {
t.Fatalf("err: %v", err)
}
// Check the audit trail on request and response
if len(noop.ReqAuth) != 1 {
t.Fatalf("bad: %#v", noop)
}
auth := noop.ReqAuth[0]
if auth.ClientToken != root {
t.Fatalf("bad client token: %#v", auth)
}
if len(auth.Policies) != 1 || auth.Policies[0] != "root" {
t.Fatalf("bad: %#v", auth)
}
if len(noop.Req) != 1 || !reflect.DeepEqual(noop.Req[0], req) {
t.Fatalf("Bad: %#v", noop.Req[0])
}
if len(noop.RespAuth) != 2 {
t.Fatalf("bad: %#v", noop)
}
if !reflect.DeepEqual(noop.RespAuth[1], auth) {
t.Fatalf("bad: %#v", auth)
}
if len(noop.RespReq) != 2 || !reflect.DeepEqual(noop.RespReq[1], req) {
t.Fatalf("Bad: %#v", noop.RespReq[1])
}
if len(noop.Resp) != 2 || !reflect.DeepEqual(noop.Resp[1], resp) {
t.Fatalf("Bad: %#v", noop.Resp[1])
}
}
vault: Adding audit trail for login
2015-04-01 21:48:37 +00:00
// Ensure we get a client token
func TestCore_HandleLogin_AuditTrail(t *testing.T) {
// Create a badass credential backend that always logs in as armon
noop := &NoopAudit{}
noopBack := &NoopBackend{
Login: []string{"login"},
Response: &logical.Response{
vault: verify login endpoint never returns a secret
2015-05-09 18:51:58 +00:00
Auth: &logical.Auth{
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 19:14:04 +00:00
LeaseOptions: logical.LeaseOptions{
Internally refactor Lease/LeaseGracePeriod into TTL/GracePeriod
2015-08-21 00:47:17 +00:00
TTL: time.Hour,
logical: Refactor LeaseOptions to share between Secret and Auth
2015-04-09 19:14:04 +00:00
},
vault: Adding audit trail for login
2015-04-01 21:48:37 +00:00
Policies: []string{"foo", "bar"},
Metadata: map[string]string{
"user": "armon",
},
},
},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.credentialBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: Adding audit trail for login
2015-04-01 21:48:37 +00:00
return noopBack, nil
}
Expand HMAC support in Salt; require an identifier be passed in to specify type but allow generation with and without. Add a StaticSalt ID for testing functions. Fix bugs; unit tests pass.
2015-09-18 21:36:42 +00:00
c.auditBackends["noop"] = func(config *audit.BackendConfig) (audit.Backend, error) {
noop = &NoopAudit{
Config: config,
}
vault: Adding audit trail for login
2015-04-01 21:48:37 +00:00
return noop, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Enable the audit backend
req = logical.TestRequest(t, logical.WriteOperation, "sys/audit/noop")
req.Data["type"] = "noop"
req.ClientToken = root
_, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to login
lreq := &logical.Request{
Path: "auth/foo/login",
}
lresp, err := c.HandleRequest(lreq)
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we got a client token back
clientToken := lresp.Auth.ClientToken
if clientToken == "" {
t.Fatalf("bad: %#v", lresp)
}
// Check the audit trail on request and response
if len(noop.ReqAuth) != 1 {
t.Fatalf("bad: %#v", noop)
}
if len(noop.Req) != 1 || !reflect.DeepEqual(noop.Req[0], lreq) {
t.Fatalf("Bad: %#v %#v", noop.Req[0], lreq)
}
if len(noop.RespAuth) != 2 {
t.Fatalf("bad: %#v", noop)
}
auth := noop.RespAuth[1]
if auth.ClientToken != clientToken {
t.Fatalf("bad client token: %#v", auth)
}
if len(auth.Policies) != 2 || auth.Policies[0] != "foo" || auth.Policies[1] != "bar" {
t.Fatalf("bad: %#v", auth)
}
if len(noop.RespReq) != 2 || !reflect.DeepEqual(noop.RespReq[1], lreq) {
t.Fatalf("Bad: %#v", noop.RespReq[1])
}
if len(noop.Resp) != 2 || !reflect.DeepEqual(noop.Resp[1], lresp) {
enable github
2015-04-01 22:48:56 +00:00
t.Fatalf("Bad: %#v %#v", noop.Resp[1], lresp)
vault: Adding audit trail for login
2015-04-01 21:48:37 +00:00
}
}
vault: Special case auth/token/create
2015-04-03 01:05:23 +00:00
// Check that we register a lease for new tokens
func TestCore_HandleRequest_CreateToken_Lease(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
// Create a new credential
req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
req.ClientToken = root
req.Data["policies"] = []string{"foo"}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we got a new client token back
clientToken := resp.Auth.ClientToken
if clientToken == "" {
t.Fatalf("bad: %#v", resp)
}
// Check the policy and metadata
te, err := c.tokenStore.Lookup(clientToken)
if err != nil {
t.Fatalf("err: %v", err)
}
expect := &TokenEntry{
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
ID: clientToken,
Parent: root,
Create a "default" policy with sensible rules. It is forced to be included with each token, but can be changed (but not deleted). Fixes #732
2015-11-06 22:27:15 +00:00
Policies: []string{"foo", "default"},
Store token creation time and TTL. This can be used to properly populate fields in 'lookup-self'. Importantly, this also makes credential backends use the SystemView per-backend TTL values and fixes unit tests to expect this. Fully fixes #527
2015-09-18 20:33:52 +00:00
Path: "auth/token/create",
DisplayName: "token",
CreationTime: te.CreationTime,
TTL: time.Hour * 24 * 30,
vault: Special case auth/token/create
2015-04-03 01:05:23 +00:00
}
if !reflect.DeepEqual(te, expect) {
t.Fatalf("Bad: %#v expect: %#v", te, expect)
}
// Check that we have a lease with default duration
Rename config lease_duration parameters to lease_ttl in line with current standardization efforts
2015-08-27 14:50:16 +00:00
if resp.Auth.TTL != c.defaultLeaseTTL {
vault: Special case auth/token/create
2015-04-03 01:05:23 +00:00
t.Fatalf("bad: %#v", resp.Auth)
}
}
vault: testing standby mode
2015-04-14 23:06:58 +00:00
Add no-default-policy flag and API parameter to allow exclusion of the default policy from a token create command.
2015-11-09 22:30:50 +00:00
// Check that we handle excluding the default policy
func TestCore_HandleRequest_CreateToken_NoDefaultPolicy(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
// Create a new credential
req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
req.ClientToken = root
req.Data["policies"] = []string{"foo"}
req.Data["no_default_policy"] = true
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we got a new client token back
clientToken := resp.Auth.ClientToken
if clientToken == "" {
t.Fatalf("bad: %#v", resp)
}
// Check the policy and metadata
te, err := c.tokenStore.Lookup(clientToken)
if err != nil {
t.Fatalf("err: %v", err)
}
expect := &TokenEntry{
ID: clientToken,
Parent: root,
Policies: []string{"foo"},
Path: "auth/token/create",
DisplayName: "token",
CreationTime: te.CreationTime,
TTL: time.Hour * 24 * 30,
}
if !reflect.DeepEqual(te, expect) {
t.Fatalf("Bad: %#v expect: %#v", te, expect)
}
}
vault: core enforcement of limited use tokens
2015-04-17 18:57:56 +00:00
func TestCore_LimitedUseToken(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
// Create a new credential
req := logical.TestRequest(t, logical.WriteOperation, "auth/token/create")
req.ClientToken = root
req.Data["num_uses"] = "1"
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Put a secret
req = &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/foo",
Data: map[string]interface{}{
"foo": "bar",
},
ClientToken: resp.Auth.ClientToken,
}
_, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Second operation should fail
_, err = c.HandleRequest(req)
if err != logical.ErrPermissionDenied {
t.Fatalf("err: %v", err)
}
}
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader Fixes #679.
2015-10-08 17:47:21 +00:00
func TestCore_CleanLeaderPrefix(t *testing.T) {
// Create the first core and initialize it
inm := physical.NewInmemHA()
advertiseOriginal := "http://127.0.0.1:8200"
core, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
key, root := TestCoreInit(t, core)
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Verify unsealed
sealed, err := core.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
// Wait for core to become active
testWaitActive(t, core)
// Ensure that the original clean function has stopped running
time.Sleep(2 * time.Second)
// Put several random entries
for i := 0; i < 5; i++ {
core.barrier.Put(&Entry{
Key: coreLeaderPrefix + uuid.GenerateUUID(),
Value: []byte(uuid.GenerateUUID()),
})
}
entries, err := core.barrier.List(coreLeaderPrefix)
if err != nil {
t.Fatalf("err: %v", err)
}
if len(entries) != 6 {
t.Fatalf("wrong number of core leader prefix entries, got %d", len(entries))
}
// Check the leader is local
isLeader, advertise, err := core.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if !isLeader {
t.Fatalf("should be leader")
}
if advertise != advertiseOriginal {
t.Fatalf("Bad advertise: %v", advertise)
}
// Create a second core, attached to same in-memory store
advertiseOriginal2 := "http://127.0.0.1:8500"
core2, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal2,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
if _, err := core2.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Verify unsealed
sealed, err = core2.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
// Core2 should be in standby
standby, err := core2.Standby()
if err != nil {
t.Fatalf("err: %v", err)
}
if !standby {
t.Fatalf("should be standby")
}
// Check the leader is not local
isLeader, advertise, err = core2.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if isLeader {
t.Fatalf("should not be leader")
}
if advertise != advertiseOriginal {
t.Fatalf("Bad advertise: %v", advertise)
}
// Seal the first core, should step down
err = core.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
// Core should be in standby
standby, err = core.Standby()
if err != nil {
t.Fatalf("err: %v", err)
}
if !standby {
t.Fatalf("should be standby")
}
// Wait for core2 to become active
testWaitActive(t, core2)
// Check the leader is local
isLeader, advertise, err = core2.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if !isLeader {
t.Fatalf("should be leader")
}
if advertise != advertiseOriginal2 {
t.Fatalf("Bad advertise: %v", advertise)
}
// Give time for the entries to clear out; it is conservative at 1/second
Address review feedback for #684
2015-10-08 18:34:10 +00:00
time.Sleep(10 * leaderPrefixCleanDelay)
Add a cleanLeaderPrefix function to clean up stale leader entries in core/leader Fixes #679.
2015-10-08 17:47:21 +00:00
entries, err = core2.barrier.List(coreLeaderPrefix)
if err != nil {
t.Fatalf("err: %v", err)
}
if len(entries) != 1 {
t.Fatalf("wrong number of core leader prefix entries, got %d", len(entries))
}
}
vault: testing standby mode
2015-04-14 23:06:58 +00:00
func TestCore_Standby(t *testing.T) {
// Create the first core and initialize it
inm := physical.NewInmemHA()
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
advertiseOriginal := "http://127.0.0.1:8200"
Disable mlock in tests
2015-04-29 01:12:57 +00:00
core, err := NewCore(&CoreConfig{
Physical: inm,
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
AdvertiseAddr: advertiseOriginal,
Disable mlock in tests
2015-04-29 01:12:57 +00:00
DisableMlock: true,
})
vault: testing standby mode
2015-04-14 23:06:58 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
key, root := TestCoreInit(t, core)
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Verify unsealed
sealed, err := core.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
// Wait for core to become active
core: adding tests for HA rekey and rotate
2015-05-29 19:16:34 +00:00
testWaitActive(t, core)
vault: testing standby mode
2015-04-14 23:06:58 +00:00
// Put a secret
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/foo",
Data: map[string]interface{}{
"foo": "bar",
},
ClientToken: root,
}
_, err = core.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
vault: expose the current leader
2015-04-14 23:53:40 +00:00
// Check the leader is local
isLeader, advertise, err := core.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if !isLeader {
t.Fatalf("should be leader")
}
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
if advertise != advertiseOriginal {
vault: expose the current leader
2015-04-14 23:53:40 +00:00
t.Fatalf("Bad advertise: %v", advertise)
}
vault: testing standby mode
2015-04-14 23:06:58 +00:00
// Create a second core, attached to same in-memory store
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
advertiseOriginal2 := "http://127.0.0.1:8500"
Disable mlock in tests
2015-04-29 01:12:57 +00:00
core2, err := NewCore(&CoreConfig{
Physical: inm,
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
AdvertiseAddr: advertiseOriginal2,
Disable mlock in tests
2015-04-29 01:12:57 +00:00
DisableMlock: true,
})
vault: testing standby mode
2015-04-14 23:06:58 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if _, err := core2.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Verify unsealed
sealed, err = core2.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
// Core2 should be in standby
core: adding tests for HA rekey and rotate
2015-05-29 19:16:34 +00:00
standby, err := core2.Standby()
vault: testing standby mode
2015-04-14 23:06:58 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if !standby {
t.Fatalf("should be standby")
}
vault: testing standby mode
2015-04-14 23:08:14 +00:00
// Request should fail in standby mode
_, err = core2.HandleRequest(req)
if err != ErrStandby {
t.Fatalf("err: %v", err)
}
vault: expose the current leader
2015-04-14 23:53:40 +00:00
// Check the leader is not local
isLeader, advertise, err = core2.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if isLeader {
t.Fatalf("should not be leader")
}
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
if advertise != advertiseOriginal {
vault: expose the current leader
2015-04-14 23:53:40 +00:00
t.Fatalf("Bad advertise: %v", advertise)
}
vault: testing standby mode
2015-04-14 23:06:58 +00:00
// Seal the first core, should step down
err = core.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
// Core should be in standby
standby, err = core.Standby()
if err != nil {
t.Fatalf("err: %v", err)
}
if !standby {
t.Fatalf("should be standby")
}
// Wait for core2 to become active
core: adding tests for HA rekey and rotate
2015-05-29 19:16:34 +00:00
testWaitActive(t, core2)
vault: testing standby mode
2015-04-14 23:06:58 +00:00
// Read the secret
req = &logical.Request{
Operation: logical.ReadOperation,
Path: "secret/foo",
ClientToken: root,
}
resp, err := core2.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Verify the response
if resp.Data["foo"] != "bar" {
t.Fatalf("bad: %#v", resp)
}
vault: expose the current leader
2015-04-14 23:53:40 +00:00
// Check the leader is local
isLeader, advertise, err = core2.Leader()
if err != nil {
t.Fatalf("err: %v", err)
}
if !isLeader {
t.Fatalf("should be leader")
}
vault: validate advertise addr is valid URL [GH-106]
2015-05-02 20:28:33 +00:00
if advertise != advertiseOriginal2 {
vault: expose the current leader
2015-04-14 23:53:40 +00:00
t.Fatalf("Bad advertise: %v", advertise)
}
vault: testing standby mode
2015-04-14 23:06:58 +00:00
}
vault: ensure InternalData is never returned from the core
2015-05-09 18:47:46 +00:00
// Ensure that InternalData is never returned
func TestCore_HandleRequest_Login_InternalData(t *testing.T) {
noop := &NoopBackend{
Login: []string{"login"},
Response: &logical.Response{
Auth: &logical.Auth{
Policies: []string{"foo", "bar"},
InternalData: map[string]interface{}{
"foo": "bar",
},
},
},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.credentialBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: ensure InternalData is never returned from the core
2015-05-09 18:47:46 +00:00
return noop, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to login
lreq := &logical.Request{
Path: "auth/foo/login",
}
lresp, err := c.HandleRequest(lreq)
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we do not get the internal data
if lresp.Auth.InternalData != nil {
t.Fatalf("bad: %#v", lresp)
}
}
// Ensure that InternalData is never returned
func TestCore_HandleRequest_InternalData(t *testing.T) {
noop := &NoopBackend{
Response: &logical.Response{
Secret: &logical.Secret{
InternalData: map[string]interface{}{
"foo": "bar",
},
},
Data: map[string]interface{}{
"foo": "bar",
},
},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.logicalBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: ensure InternalData is never returned from the core
2015-05-09 18:47:46 +00:00
return noop, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to read
lreq := &logical.Request{
Operation: logical.ReadOperation,
Path: "foo/test",
ClientToken: root,
}
lresp, err := c.HandleRequest(lreq)
if err != nil {
t.Fatalf("err: %v", err)
}
// Ensure we do not get the internal data
if lresp.Secret.InternalData != nil {
t.Fatalf("bad: %#v", lresp)
}
}
vault: adding test for e33a904
2015-05-11 18:16:21 +00:00
// Ensure login does not return a secret
func TestCore_HandleLogin_ReturnSecret(t *testing.T) {
// Create a badass credential backend that always logs in as armon
noopBack := &NoopBackend{
Login: []string{"login"},
Response: &logical.Response{
Secret: &logical.Secret{},
Auth: &logical.Auth{
Policies: []string{"foo", "bar"},
},
},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.credentialBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: adding test for e33a904
2015-05-11 18:16:21 +00:00
return noopBack, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to login
lreq := &logical.Request{
Path: "auth/foo/login",
}
_, err = c.HandleRequest(lreq)
if err != ErrInternalError {
t.Fatalf("err: %v", err)
}
}
vault: Adding test based on bug report
2015-05-16 00:19:41 +00:00
vault: lease renewal should not create new lease entry
2015-05-16 00:47:39 +00:00
// Renew should return the same lease back
func TestCore_RenewSameLease(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
// Create a leasable secret
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Read the key
req.Operation = logical.ReadOperation
req.Data = nil
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil || resp.Secret == nil || resp.Secret.LeaseID == "" {
t.Fatalf("bad: %#v", resp.Secret)
}
original := resp.Secret.LeaseID
// Renew the lease
req = logical.TestRequest(t, logical.WriteOperation, "sys/renew/"+resp.Secret.LeaseID)
req.ClientToken = root
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Verify the lease did not change
if resp.Secret.LeaseID != original {
t.Fatalf("lease id changed: %s %s", original, resp.Secret.LeaseID)
}
}
vault: ensure token renew does not double register
2015-06-17 22:22:50 +00:00
// Renew of a token should not create a new lease
func TestCore_RenewToken_SingleRegister(t *testing.T) {
c, _, root := TestCoreUnsealed(t)
// Create a new token
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "auth/token/create",
Data: map[string]interface{}{
"lease": "1h",
},
ClientToken: root,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
newClient := resp.Auth.ClientToken
// Renew the token
req = logical.TestRequest(t, logical.WriteOperation, "auth/token/renew/"+newClient)
req.ClientToken = newClient
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Revoke using the renew prefix
req = logical.TestRequest(t, logical.WriteOperation, "sys/revoke-prefix/auth/token/renew/")
req.ClientToken = root
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Verify our token is still valid (e.g. we did not get invalided by the revoke)
req = logical.TestRequest(t, logical.ReadOperation, "auth/token/lookup/"+newClient)
req.ClientToken = newClient
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Verify the token exists
if resp.Data["id"] != newClient {
t.Fatalf("bad: %#v", resp.Data)
}
}
vault: Adding test based on bug report
2015-05-16 00:19:41 +00:00
// Based on bug GH-203, attempt to disable a credential backend with leased secrets
func TestCore_EnableDisableCred_WithLease(t *testing.T) {
// Create a badass credential backend that always logs in as armon
noopBack := &NoopBackend{
Login: []string{"login"},
Response: &logical.Response{
Auth: &logical.Auth{
Policies: []string{"root"},
},
},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.credentialBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: Adding test based on bug report
2015-05-16 00:19:41 +00:00
return noopBack, nil
}
// Enable the credential backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/auth/foo")
req.Data["type"] = "noop"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to login
lreq := &logical.Request{
Path: "auth/foo/login",
}
lresp, err := c.HandleRequest(lreq)
if err != nil {
t.Fatalf("err: %v", err)
}
// Create a leasable secret
req = &logical.Request{
Operation: logical.WriteOperation,
Path: "secret/test",
Data: map[string]interface{}{
"foo": "bar",
"lease": "1h",
},
ClientToken: lresp.Auth.ClientToken,
}
resp, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp != nil {
t.Fatalf("bad: %#v", resp)
}
// Read the key
req.Operation = logical.ReadOperation
req.Data = nil
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
if resp == nil || resp.Secret == nil || resp.Secret.LeaseID == "" {
t.Fatalf("bad: %#v", resp.Secret)
}
vault: reproducing GH-203
2015-05-16 00:48:03 +00:00
// Renew the lease
req = logical.TestRequest(t, logical.WriteOperation, "sys/renew/"+resp.Secret.LeaseID)
req.ClientToken = lresp.Auth.ClientToken
_, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
vault: Adding test based on bug report
2015-05-16 00:19:41 +00:00
// Disable the credential backend
req = logical.TestRequest(t, logical.DeleteOperation, "sys/auth/foo")
vault: reproducing GH-203
2015-05-16 00:48:03 +00:00
req.ClientToken = lresp.Auth.ClientToken
vault: Adding test based on bug report
2015-05-16 00:19:41 +00:00
resp, err = c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v %#v", err, resp)
}
}
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 18:46:42 +00:00
func TestCore_HandleRequest_MountPoint(t *testing.T) {
noop := &NoopBackend{
Response: &logical.Response{},
}
c, _, root := TestCoreUnsealed(t)
vault: provide view to backend initializer for setup
2015-07-01 00:30:43 +00:00
c.logicalBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
vault: Expose MountPoint to secret backend. Fixes #248
2015-05-27 18:46:42 +00:00
return noop, nil
}
// Enable the logical backend
req := logical.TestRequest(t, logical.WriteOperation, "sys/mounts/foo")
req.Data["type"] = "noop"
req.Data["description"] = "foo"
req.ClientToken = root
_, err := c.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Attempt to request
req = &logical.Request{
Operation: logical.ReadOperation,
Path: "foo/test",
Connection: &logical.Connection{},
}
req.ClientToken = root
if _, err := c.HandleRequest(req); err != nil {
t.Fatalf("err: %v", err)
}
// Verify Path and MountPoint
if noop.Requests[0].Path != "test" {
t.Fatalf("bad: %#v", noop.Requests)
}
if noop.Requests[0].MountPoint != "foo/" {
t.Fatalf("bad: %#v", noop.Requests)
}
}
vault: testing rekey
2015-05-28 19:02:30 +00:00
func TestCore_Rekey_Lifecycle(t *testing.T) {
vault: minor rekey cleanups
2015-05-28 19:07:52 +00:00
c, master, _ := TestCoreUnsealed(t)
// Verify update not allowed
if _, err := c.RekeyUpdate(master); err == nil {
t.Fatalf("no rekey in progress")
}
vault: testing rekey
2015-05-28 19:02:30 +00:00
// Should be no progress
num, err := c.RekeyProgress()
if err != nil {
t.Fatalf("err: %v", err)
}
if num != 0 {
t.Fatalf("bad: %d", num)
}
// Should be no config
conf, err := c.RekeyConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if conf != nil {
t.Fatalf("bad: %v", conf)
}
// Cancel should be idempotent
err = c.RekeyCancel()
if err != nil {
t.Fatalf("err: %v", err)
}
// Start a rekey
newConf := &SealConfig{
SecretThreshold: 3,
SecretShares: 5,
}
err = c.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
// Should get config
conf, err = c.RekeyConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(conf, newConf) {
t.Fatalf("bad: %v", conf)
}
// Cancel should be clear
err = c.RekeyCancel()
if err != nil {
t.Fatalf("err: %v", err)
}
// Should be no config
conf, err = c.RekeyConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if conf != nil {
t.Fatalf("bad: %v", conf)
}
}
func TestCore_Rekey_Init(t *testing.T) {
c, _, _ := TestCoreUnsealed(t)
// Try an invalid config
badConf := &SealConfig{
SecretThreshold: 5,
SecretShares: 1,
}
err := c.RekeyInit(badConf)
if err == nil {
t.Fatalf("should fail")
}
// Start a rekey
newConf := &SealConfig{
SecretThreshold: 3,
SecretShares: 5,
}
err = c.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
// Second should fail
err = c.RekeyInit(newConf)
if err == nil {
t.Fatalf("should fail")
}
}
func TestCore_Rekey_Update(t *testing.T) {
c, master, root := TestCoreUnsealed(t)
// Start a rekey
newConf := &SealConfig{
SecretThreshold: 3,
SecretShares: 5,
}
err := c.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
// Provide the master
result, err := c.RekeyUpdate(master)
if err != nil {
t.Fatalf("err: %v", err)
}
if result == nil || len(result.SecretShares) != 5 {
t.Fatalf("Bad: %#v", result)
}
// Should be no progress
num, err := c.RekeyProgress()
if err != nil {
t.Fatalf("err: %v", err)
}
if num != 0 {
t.Fatalf("bad: %d", num)
}
// Should be no config
conf, err := c.RekeyConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if conf != nil {
t.Fatalf("bad: %v", conf)
}
// SealConfig should update
conf, err = c.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(conf, newConf) {
t.Fatalf("bad: %#v", conf)
}
// Attempt unseal
err = c.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
for i := 0; i < 3; i++ {
_, err = c.Unseal(result.SecretShares[i])
if err != nil {
t.Fatalf("err: %v", err)
}
}
if sealed, _ := c.Sealed(); sealed {
t.Fatalf("should be unsealed")
}
// Start another rekey, this time we require a quorum!
newConf = &SealConfig{
SecretThreshold: 1,
SecretShares: 1,
}
err = c.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
// Provide the parts master
oldResult := result
for i := 0; i < 3; i++ {
result, err = c.RekeyUpdate(oldResult.SecretShares[i])
if err != nil {
t.Fatalf("err: %v", err)
}
// Should be progress
num, err := c.RekeyProgress()
if err != nil {
t.Fatalf("err: %v", err)
}
if (i == 2 && num != 0) || (i != 2 && num != i+1) {
t.Fatalf("bad: %d", num)
}
}
if result == nil || len(result.SecretShares) != 1 {
t.Fatalf("Bad: %#v", result)
}
// Attempt unseal
err = c.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
unseal, err := c.Unseal(result.SecretShares[0])
if err != nil {
t.Fatalf("err: %v", err)
}
if !unseal {
t.Fatalf("should be unsealed")
}
// SealConfig should update
conf, err = c.SealConfig()
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(conf, newConf) {
t.Fatalf("bad: %#v", conf)
}
}
func TestCore_Rekey_InvalidMaster(t *testing.T) {
c, master, _ := TestCoreUnsealed(t)
// Start a rekey
newConf := &SealConfig{
SecretThreshold: 3,
SecretShares: 5,
}
err := c.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
// Provide the master (invalid)
master[0]++
_, err = c.RekeyUpdate(master)
if err == nil {
t.Fatalf("expected error")
}
}
core: adding tests for HA rekey and rotate
2015-05-29 19:16:34 +00:00
func testWaitActive(t *testing.T, core *Core) {
start := time.Now()
var standby bool
var err error
for time.Now().Sub(start) < time.Second {
standby, err = core.Standby()
if err != nil {
t.Fatalf("err: %v", err)
}
if !standby {
break
}
}
if standby {
t.Fatalf("should not be in standby mode")
}
}
func TestCore_Standby_Rotate(t *testing.T) {
// Create the first core and initialize it
inm := physical.NewInmemHA()
advertiseOriginal := "http://127.0.0.1:8200"
core, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
key, root := TestCoreInit(t, core)
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Wait for core to become active
testWaitActive(t, core)
// Create a second core, attached to same in-memory store
advertiseOriginal2 := "http://127.0.0.1:8500"
core2, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal2,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
if _, err := core2.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Rotate the encryption key
req := &logical.Request{
Operation: logical.WriteOperation,
Path: "sys/rotate",
ClientToken: root,
}
_, err = core.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Seal the first core, should step down
err = core.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
// Wait for core2 to become active
testWaitActive(t, core2)
// Read the key status
req = &logical.Request{
Operation: logical.ReadOperation,
Path: "sys/key-status",
ClientToken: root,
}
resp, err := core2.HandleRequest(req)
if err != nil {
t.Fatalf("err: %v", err)
}
// Verify the response
if resp.Data["term"] != 2 {
t.Fatalf("bad: %#v", resp)
}
}
func TestCore_Standby_Rekey(t *testing.T) {
// Create the first core and initialize it
inm := physical.NewInmemHA()
advertiseOriginal := "http://127.0.0.1:8200"
core, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
key, root := TestCoreInit(t, core)
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Wait for core to become active
testWaitActive(t, core)
// Create a second core, attached to same in-memory store
advertiseOriginal2 := "http://127.0.0.1:8500"
core2, err := NewCore(&CoreConfig{
Physical: inm,
AdvertiseAddr: advertiseOriginal2,
DisableMlock: true,
})
if err != nil {
t.Fatalf("err: %v", err)
}
if _, err := core2.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
// Rekey the master key
newConf := &SealConfig{
SecretShares: 1,
SecretThreshold: 1,
}
err = core.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
result, err := core.RekeyUpdate(key)
if err != nil {
t.Fatalf("err: %v", err)
}
if result == nil {
t.Fatalf("rekey failed")
}
// Seal the first core, should step down
err = core.Seal(root)
if err != nil {
t.Fatalf("err: %v", err)
}
// Wait for core2 to become active
testWaitActive(t, core2)
// Rekey the master key again
err = core2.RekeyInit(newConf)
if err != nil {
t.Fatalf("err: %v", err)
}
result, err = core2.RekeyUpdate(result.SecretShares[0])
if err != nil {
t.Fatalf("err: %v", err)
}
if result == nil {
t.Fatalf("rekey failed")
}
}