2020-04-01 17:21:32 +00:00
|
|
|
package sealhelper
|
2020-02-19 22:46:29 +00:00
|
|
|
|
|
|
|
import (
|
2020-04-01 17:21:32 +00:00
|
|
|
"path"
|
2020-10-23 18:16:04 +00:00
|
|
|
"strconv"
|
2020-04-01 17:21:32 +00:00
|
|
|
|
2020-02-19 22:46:29 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
|
|
"github.com/hashicorp/vault/builtin/logical/transit"
|
|
|
|
"github.com/hashicorp/vault/helper/testhelpers/teststorage"
|
|
|
|
"github.com/hashicorp/vault/http"
|
2020-10-13 23:38:21 +00:00
|
|
|
"github.com/hashicorp/vault/internalshared/configutil"
|
2020-02-19 22:46:29 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/helper/logging"
|
|
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
|
|
"github.com/hashicorp/vault/vault"
|
2020-05-14 13:19:27 +00:00
|
|
|
"github.com/hashicorp/vault/vault/seal"
|
2020-02-19 22:46:29 +00:00
|
|
|
"github.com/mitchellh/go-testing-interface"
|
|
|
|
)
|
|
|
|
|
|
|
|
type TransitSealServer struct {
|
|
|
|
*vault.TestCluster
|
|
|
|
}
|
|
|
|
|
2021-02-18 20:40:18 +00:00
|
|
|
func NewTransitSealServer(t testing.T, idx int) *TransitSealServer {
|
2020-02-19 22:46:29 +00:00
|
|
|
conf := &vault.CoreConfig{
|
|
|
|
LogicalBackends: map[string]logical.Factory{
|
|
|
|
"transit": transit.Factory,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
opts := &vault.TestClusterOptions{
|
|
|
|
NumCores: 1,
|
|
|
|
HandlerFunc: http.Handler,
|
2020-10-23 18:16:04 +00:00
|
|
|
Logger: logging.NewVaultLogger(hclog.Trace).Named(t.Name()).Named("transit-seal" + strconv.Itoa(idx)),
|
2020-02-19 22:46:29 +00:00
|
|
|
}
|
|
|
|
teststorage.InmemBackendSetup(conf, opts)
|
|
|
|
cluster := vault.NewTestCluster(t, conf, opts)
|
|
|
|
cluster.Start()
|
|
|
|
|
|
|
|
if err := cluster.Cores[0].Client.Sys().Mount("transit", &api.MountInput{
|
|
|
|
Type: "transit",
|
|
|
|
}); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return &TransitSealServer{cluster}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (tss *TransitSealServer) MakeKey(t testing.T, key string) {
|
|
|
|
client := tss.Cores[0].Client
|
|
|
|
if _, err := client.Logical().Write(path.Join("transit", "keys", key), nil); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if _, err := client.Logical().Write(path.Join("transit", "keys", key, "config"), map[string]interface{}{
|
|
|
|
"deletion_allowed": true,
|
|
|
|
}); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-23 19:37:16 +00:00
|
|
|
func (tss *TransitSealServer) MakeSeal(t testing.T, key string) (vault.Seal, error) {
|
2020-02-19 22:46:29 +00:00
|
|
|
client := tss.Cores[0].Client
|
|
|
|
wrapperConfig := map[string]string{
|
|
|
|
"address": client.Address(),
|
|
|
|
"token": client.Token(),
|
|
|
|
"mount_path": "transit",
|
|
|
|
"key_name": key,
|
|
|
|
"tls_ca_cert": tss.CACertPEMFile,
|
|
|
|
}
|
2022-08-23 19:37:16 +00:00
|
|
|
transitSeal, _, err := configutil.GetTransitKMSFunc(&configutil.KMS{Config: wrapperConfig})
|
2020-02-19 22:46:29 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("error setting wrapper config: %v", err)
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
return vault.NewAutoSeal(&seal.Access{
|
2020-02-19 22:46:29 +00:00
|
|
|
Wrapper: transitSeal,
|
|
|
|
})
|
|
|
|
}
|