2016-04-04 14:44:22 +00:00
|
|
|
package vault
|
|
|
|
|
|
|
|
import (
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
|
|
|
|
2016-08-19 20:45:17 +00:00
|
|
|
log "github.com/mgutz/logxi/v1"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/helper/logformat"
|
2016-04-04 14:44:22 +00:00
|
|
|
"github.com/hashicorp/vault/logical"
|
2017-08-03 17:24:27 +00:00
|
|
|
"github.com/hashicorp/vault/physical/inmem"
|
2016-04-04 14:44:22 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCore_Init(t *testing.T) {
|
2016-04-25 19:39:04 +00:00
|
|
|
c, conf := testCore_NewTestCore(t, nil)
|
|
|
|
testCore_Init_Common(t, c, conf, &SealConfig{SecretShares: 5, SecretThreshold: 3}, nil)
|
|
|
|
|
2016-12-05 17:28:12 +00:00
|
|
|
c, conf = testCore_NewTestCore(t, newTestSeal(t))
|
2016-04-25 19:39:04 +00:00
|
|
|
bc, rc := TestSealDefConfigs()
|
|
|
|
rc.SecretShares = 4
|
|
|
|
rc.SecretThreshold = 2
|
|
|
|
testCore_Init_Common(t, c, conf, bc, rc)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testCore_NewTestCore(t *testing.T, seal Seal) (*Core, *CoreConfig) {
|
2016-08-19 20:45:17 +00:00
|
|
|
logger := logformat.NewVaultLogger(log.LevelTrace)
|
|
|
|
|
2017-08-03 17:24:27 +00:00
|
|
|
inm, err := inmem.NewInmem(nil, logger)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
conf := &CoreConfig{
|
|
|
|
Physical: inm,
|
|
|
|
DisableMlock: true,
|
|
|
|
LogicalBackends: map[string]logical.Factory{
|
|
|
|
"generic": LeasedPassthroughBackendFactory,
|
|
|
|
},
|
2016-04-25 19:39:04 +00:00
|
|
|
Seal: seal,
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
|
|
|
c, err := NewCore(conf)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
return c, conf
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
|
2016-04-25 19:39:04 +00:00
|
|
|
func testCore_Init_Common(t *testing.T, c *Core, conf *CoreConfig, barrierConf, recoveryConf *SealConfig) {
|
2016-04-04 14:44:22 +00:00
|
|
|
init, err := c.Initialized()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if init {
|
|
|
|
t.Fatalf("should not be init")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the seal configuration
|
|
|
|
outConf, err := c.seal.BarrierConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if outConf != nil {
|
|
|
|
t.Fatalf("bad: %v", outConf)
|
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
if recoveryConf != nil {
|
|
|
|
outConf, err := c.seal.RecoveryConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if outConf != nil {
|
|
|
|
t.Fatalf("bad: %v", outConf)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
|
2016-09-13 22:42:24 +00:00
|
|
|
res, err := c.Initialize(&InitParams{
|
|
|
|
BarrierConfig: barrierConf,
|
|
|
|
RecoveryConfig: recoveryConf,
|
|
|
|
})
|
2016-04-04 14:44:22 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
2016-04-25 19:39:04 +00:00
|
|
|
if len(res.SecretShares) != (barrierConf.SecretShares - barrierConf.StoredShares) {
|
|
|
|
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *barrierConf)
|
|
|
|
}
|
|
|
|
if recoveryConf != nil {
|
|
|
|
if len(res.RecoveryShares) != recoveryConf.SecretShares {
|
|
|
|
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *recoveryConf)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
|
2016-04-04 14:44:22 +00:00
|
|
|
if res.RootToken == "" {
|
2016-04-25 19:39:04 +00:00
|
|
|
t.Fatalf("Bad: %#v", res)
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
|
|
|
|
2016-09-13 22:42:24 +00:00
|
|
|
_, err = c.Initialize(&InitParams{
|
|
|
|
BarrierConfig: barrierConf,
|
|
|
|
RecoveryConfig: recoveryConf,
|
|
|
|
})
|
2016-04-04 14:44:22 +00:00
|
|
|
if err != ErrAlreadyInit {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
init, err = c.Initialized()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !init {
|
|
|
|
t.Fatalf("should be init")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the seal configuration
|
|
|
|
outConf, err = c.seal.BarrierConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
if !reflect.DeepEqual(outConf, barrierConf) {
|
|
|
|
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
|
|
|
|
}
|
|
|
|
if recoveryConf != nil {
|
|
|
|
outConf, err = c.seal.RecoveryConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(outConf, recoveryConf) {
|
|
|
|
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// New Core, same backend
|
|
|
|
c2, err := NewCore(conf)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
2016-09-13 22:42:24 +00:00
|
|
|
_, err = c2.Initialize(&InitParams{
|
|
|
|
BarrierConfig: barrierConf,
|
|
|
|
RecoveryConfig: recoveryConf,
|
|
|
|
})
|
2016-04-04 14:44:22 +00:00
|
|
|
if err != ErrAlreadyInit {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
init, err = c2.Initialized()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !init {
|
|
|
|
t.Fatalf("should be init")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the seal configuration
|
|
|
|
outConf, err = c2.seal.BarrierConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2016-04-25 19:39:04 +00:00
|
|
|
if !reflect.DeepEqual(outConf, barrierConf) {
|
|
|
|
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
|
|
|
|
}
|
|
|
|
if recoveryConf != nil {
|
|
|
|
outConf, err = c2.seal.RecoveryConfig()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if !reflect.DeepEqual(outConf, recoveryConf) {
|
|
|
|
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
}
|
|
|
|
}
|