luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/audited_headers_test.go

225 lines
5.5 KiB
Go
Raw Normal View History

Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
package vault
import (
"reflect"
"testing"
"github.com/hashicorp/vault/helper/salt"
)
func mockAuditedHeadersConfig(t *testing.T) *AuditedHeadersConfig {
_, barrier, _ := mockBarrier(t)
view := NewBarrierView(barrier, "foo/")
return &AuditedHeadersConfig{
Headers: make(map[string]*auditedHeaderSettings),
view: view,
}
}
func TestAuditedHeadersConfig_CRUD(t *testing.T) {
conf := mockAuditedHeadersConfig(t)
testAuditedHeadersConfig_Add(t, conf)
testAuditedHeadersConfig_Remove(t, conf)
}
func testAuditedHeadersConfig_Add(t *testing.T, conf *AuditedHeadersConfig) {
err := conf.add("X-Test-Header", false)
if err != nil {
t.Fatalf("Error when adding header to config: %s", err)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
settings, ok := conf.Headers["x-test-header"]
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
if !ok {
t.Fatal("Expected header to be found in config")
}
if settings.HMAC {
t.Fatal("Expected HMAC to be set to false, got true")
}
out, err := conf.view.Get(auditedHeadersEntry)
if err != nil {
t.Fatalf("Could not retrieve headers entry from config: %s", err)
}
headers := make(map[string]*auditedHeaderSettings)
err = out.DecodeJSON(&headers)
if err != nil {
t.Fatalf("Error decoding header view: %s", err)
}
expected := map[string]*auditedHeaderSettings{
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
"x-test-header": &auditedHeaderSettings{
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
HMAC: false,
},
}
if !reflect.DeepEqual(headers, expected) {
t.Fatalf("Expected config didn't match actual. Expected: %#v, Got: %#v", expected, headers)
}
err = conf.add("X-Vault-Header", true)
if err != nil {
t.Fatalf("Error when adding header to config: %s", err)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
settings, ok = conf.Headers["x-vault-header"]
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
if !ok {
t.Fatal("Expected header to be found in config")
}
if !settings.HMAC {
t.Fatal("Expected HMAC to be set to true, got false")
}
out, err = conf.view.Get(auditedHeadersEntry)
if err != nil {
t.Fatalf("Could not retrieve headers entry from config: %s", err)
}
headers = make(map[string]*auditedHeaderSettings)
err = out.DecodeJSON(&headers)
if err != nil {
t.Fatalf("Error decoding header view: %s", err)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
expected["x-vault-header"] = &auditedHeaderSettings{
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
HMAC: true,
}
if !reflect.DeepEqual(headers, expected) {
t.Fatalf("Expected config didn't match actual. Expected: %#v, Got: %#v", expected, headers)
}
}
func testAuditedHeadersConfig_Remove(t *testing.T, conf *AuditedHeadersConfig) {
err := conf.remove("X-Test-Header")
if err != nil {
t.Fatalf("Error when adding header to config: %s", err)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
_, ok := conf.Headers["x-Test-HeAder"]
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
if ok {
t.Fatal("Expected header to not be found in config")
}
out, err := conf.view.Get(auditedHeadersEntry)
if err != nil {
t.Fatalf("Could not retrieve headers entry from config: %s", err)
}
headers := make(map[string]*auditedHeaderSettings)
err = out.DecodeJSON(&headers)
if err != nil {
t.Fatalf("Error decoding header view: %s", err)
}
expected := map[string]*auditedHeaderSettings{
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
"x-vault-header": &auditedHeaderSettings{
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
HMAC: true,
},
}
if !reflect.DeepEqual(headers, expected) {
t.Fatalf("Expected config didn't match actual. Expected: %#v, Got: %#v", expected, headers)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
err = conf.remove("x-VaulT-Header")
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
if err != nil {
t.Fatalf("Error when adding header to config: %s", err)
}
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
_, ok = conf.Headers["x-vault-header"]
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
if ok {
t.Fatal("Expected header to not be found in config")
}
out, err = conf.view.Get(auditedHeadersEntry)
if err != nil {
t.Fatalf("Could not retrieve headers entry from config: %s", err)
}
headers = make(map[string]*auditedHeaderSettings)
err = out.DecodeJSON(&headers)
if err != nil {
t.Fatalf("Error decoding header view: %s", err)
}
expected = make(map[string]*auditedHeaderSettings)
if !reflect.DeepEqual(headers, expected) {
t.Fatalf("Expected config didn't match actual. Expected: %#v, Got: %#v", expected, headers)
}
}
func TestAuditedHeadersConfig_ApplyConfig(t *testing.T) {
conf := mockAuditedHeadersConfig(t)
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
conf.add("X-TesT-Header", false)
conf.add("X-Vault-HeAdEr", true)
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
reqHeaders := map[string][]string{
"X-Test-Header": []string{"foo"},
"X-Vault-Header": []string{"bar", "bar"},
"Content-Type": []string{"json"},
}
hashFunc := func(s string) string { return "hashed" }
result := conf.ApplyConfig(reqHeaders, hashFunc)
expected := map[string][]string{
Compare headers case-insensitively for auditing Fixes #2362
2017-02-16 01:35:35 +00:00
"x-test-header": []string{"foo"},
"x-vault-header": []string{"hashed", "hashed"},
Configure the request headers that are output to the audit log (#2321) * Add /sys/config/audited-headers endpoint for configuring the headers that will be audited * Remove some debug lines * Add a persistant layer and refactor a bit * update the api endpoints to be more restful * Add comments and clean up a few functions * Remove unneeded hash structure functionaility * Fix existing tests * Add tests * Add test for Applying the header config * Add Benchmark for the ApplyConfig method * ResetTimer on the benchmark: * Update the headers comment * Add test for audit broker * Use hyphens instead of camel case * Add size paramater to the allocation of the result map * Fix the tests for the audit broker * PR feedback * update the path and permissions on config/* paths * Add docs file * Fix TestSystemBackend_RootPaths test
2017-02-02 19:49:20 +00:00
}
if !reflect.DeepEqual(result, expected) {
t.Fatalf("Expected headers did not match actual: Expected %#v\n Got %#v\n", expected, result)
}
//Make sure we didn't edit the reqHeaders map
reqHeadersCopy := map[string][]string{
"X-Test-Header": []string{"foo"},
"X-Vault-Header": []string{"bar", "bar"},
"Content-Type": []string{"json"},
}
if !reflect.DeepEqual(reqHeaders, reqHeadersCopy) {
t.Fatalf("Req headers were changed, expected %#v\n got %#v", reqHeadersCopy, reqHeaders)
}
}
func BenchmarkAuditedHeaderConfig_ApplyConfig(b *testing.B) {
conf := &AuditedHeadersConfig{
Headers: make(map[string]*auditedHeaderSettings),
view: nil,
}
conf.Headers = map[string]*auditedHeaderSettings{
"X-Test-Header": &auditedHeaderSettings{false},
"X-Vault-Header": &auditedHeaderSettings{true},
}
reqHeaders := map[string][]string{
"X-Test-Header": []string{"foo"},
"X-Vault-Header": []string{"bar", "bar"},
"Content-Type": []string{"json"},
}
salter, err := salt.NewSalt(nil, nil)
if err != nil {
b.Fatal(err)
}
hashFunc := func(s string) string { return salter.GetIdentifiedHMAC(s) }
// Reset the timer since we did a lot above
b.ResetTimer()
for i := 0; i < b.N; i++ {
conf.ApplyConfig(reqHeaders, hashFunc)
}
}