luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/vault/identity_store_test.go

474 lines
12 KiB
Go
Raw Normal View History

Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
package vault
import (
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
"context"
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
"testing"
"time"
Merge Identity Entities if two claim the same alias (#5075) * Merge Identity Entities if two claim the same alias Past bugs/race conditions meant two entities could be created each claiming the same alias. There are planned longer term fixes for this (outside of the race condition being fixed in 0.10.4) that involve changing the data model, but this is an immediate workaround that has the same net effect: if two entities claim the same alias, assume they were created due to this race condition and merge them. In this situation, also automatically merge policies so we don't lose e.g. RGPs.
2018-08-09 20:37:36 +00:00
"github.com/go-test/deep"
"github.com/golang/protobuf/ptypes"
Passthrough EntityID to backends (#4663) * passthrough entity id * address review feedback
2018-05-31 14:18:34 +00:00
uuid "github.com/hashicorp/go-uuid"
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
credGithub "github.com/hashicorp/vault/builtin/credential/github"
Merge Identity Entities if two claim the same alias (#5075) * Merge Identity Entities if two claim the same alias Past bugs/race conditions meant two entities could be created each claiming the same alias. There are planned longer term fixes for this (outside of the race condition being fixed in 0.10.4) that involve changing the data model, but this is an immediate workaround that has the same net effect: if two entities claim the same alias, assume they were created due to this race condition and merge them. In this situation, also automatically merge policies so we don't lose e.g. RGPs.
2018-08-09 20:37:36 +00:00
"github.com/hashicorp/vault/helper/identity"
"github.com/hashicorp/vault/helper/storagepacker"
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
"github.com/hashicorp/vault/logical"
)
Passthrough EntityID to backends (#4663) * passthrough entity id * address review feedback
2018-05-31 14:18:34 +00:00
func TestIdentityStore_EntityIDPassthrough(t *testing.T) {
// Enable GitHub auth and initialize
is, ghAccessor, core := testIdentityStoreWithGithubAuth(t)
alias := &logical.Alias{
MountType: "github",
MountAccessor: ghAccessor,
Name: "githubuser",
}
// Create an entity with GitHub alias
entity, err := is.CreateOrFetchEntity(alias)
if err != nil {
t.Fatal(err)
}
if entity == nil {
t.Fatalf("expected a non-nil entity")
}
// Create a token with the above created entity set on it
Move TokenEntry into logical. (#4729) This allows the HTTP logicalAuth handler to cache the value in the logical.Request, avoiding a lookup later when performing acl checks/counting a use.
2018-06-08 21:24:27 +00:00
ent := &logical.TokenEntry{
Passthrough EntityID to backends (#4663) * passthrough entity id * address review feedback
2018-05-31 14:18:34 +00:00
ID: "testtokenid",
Path: "test",
Policies: []string{"root"},
CreationTime: time.Now().Unix(),
EntityID: entity.ID,
}
if err := core.tokenStore.create(context.Background(), ent); err != nil {
t.Fatalf("err: %s", err)
}
// Set a request handler to the noop backend which responds with the entity
// ID received in the request object
requestHandler := func(ctx context.Context, req *logical.Request) (*logical.Response, error) {
return &logical.Response{
Data: map[string]interface{}{
"entity_id": req.EntityID,
},
}, nil
}
noop := &NoopBackend{
RequestHandler: requestHandler,
}
// Mount the noop backend
_, barrier, _ := mockBarrier(t)
view := NewBarrierView(barrier, "logical/")
meUUID, err := uuid.GenerateUUID()
if err != nil {
t.Fatal(err)
}
err = core.router.Mount(noop, "test/backend/", &MountEntry{Path: "test/backend/", Type: "noop", UUID: meUUID, Accessor: "noop-accessor"}, view)
if err != nil {
t.Fatal(err)
}
// Make the request with the above created token
Add request timeouts in normal request path and to expirations (#4971) * Add request timeouts in normal request path and to expirations * Add ability to adjust default max request duration * Some test fixes * Ensure tests have defaults set for max request duration * Add context cancel checking to inmem/file * Fix tests * Fix tests * Set default max request duration to basically infinity for this release for BC * Address feedback
2018-07-24 21:50:49 +00:00
resp, err := core.HandleRequest(context.Background(), &logical.Request{
Passthrough EntityID to backends (#4663) * passthrough entity id * address review feedback
2018-05-31 14:18:34 +00:00
ClientToken: "testtokenid",
Operation: logical.ReadOperation,
Path: "test/backend/foo",
})
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v\n err: %v", resp, err)
}
// Expected entity ID to be in the response
if resp.Data["entity_id"] != entity.ID {
t.Fatalf("expected entity ID to be passed through to the backend")
}
}
AppRole/Identity: Fix for race when creating an entity during login (#3932) * possible fix for race in approle login while creating entity * Add a test that hits the login request concurrently * address review comments
2018-02-09 15:40:56 +00:00
func TestIdentityStore_CreateOrFetchEntity(t *testing.T) {
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
is, ghAccessor, _ := testIdentityStoreWithGithubAuth(t)
alias := &logical.Alias{
MountType: "github",
MountAccessor: ghAccessor,
Name: "githubuser",
}
AppRole/Identity: Fix for race when creating an entity during login (#3932) * possible fix for race in approle login while creating entity * Add a test that hits the login request concurrently * address review comments
2018-02-09 15:40:56 +00:00
entity, err := is.CreateOrFetchEntity(alias)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil {
t.Fatal(err)
}
if entity == nil {
t.Fatalf("expected a non-nil entity")
}
if len(entity.Aliases) != 1 {
t.Fatalf("bad: length of aliases; expected: 1, actual: %d", len(entity.Aliases))
}
if entity.Aliases[0].Name != alias.Name {
t.Fatalf("bad: alias name; expected: %q, actual: %q", alias.Name, entity.Aliases[0].Name)
}
AppRole/Identity: Fix for race when creating an entity during login (#3932) * possible fix for race in approle login while creating entity * Add a test that hits the login request concurrently * address review comments
2018-02-09 15:40:56 +00:00
entity, err = is.CreateOrFetchEntity(alias)
if err != nil {
t.Fatal(err)
}
if entity == nil {
t.Fatalf("expected a non-nil entity")
}
if len(entity.Aliases) != 1 {
t.Fatalf("bad: length of aliases; expected: 1, actual: %d", len(entity.Aliases))
}
if entity.Aliases[0].Name != alias.Name {
t.Fatalf("bad: alias name; expected: %q, actual: %q", alias.Name, entity.Aliases[0].Name)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
}
}
func TestIdentityStore_EntityByAliasFactors(t *testing.T) {
var err error
var resp *logical.Response
is, ghAccessor, _ := testIdentityStoreWithGithubAuth(t)
registerData := map[string]interface{}{
"name": "testentityname",
"metadata": []string{"someusefulkey=someusefulvalue"},
"policies": []string{"testpolicy1", "testpolicy2"},
}
registerReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "entity",
Data: registerData,
}
// Register the entity
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
resp, err = is.HandleRequest(context.Background(), registerReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
idRaw, ok := resp.Data["id"]
if !ok {
t.Fatalf("entity id not present in response")
}
entityID := idRaw.(string)
if entityID == "" {
t.Fatalf("invalid entity id")
}
aliasData := map[string]interface{}{
"entity_id": entityID,
"name": "alias_name",
"mount_accessor": ghAccessor,
}
aliasReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "alias",
Data: aliasData,
}
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
resp, err = is.HandleRequest(context.Background(), aliasReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
if resp == nil {
t.Fatalf("expected a non-nil response")
}
External identity groups (#3447) * external identity groups * add local LDAP groups as well to group aliases * add group aliases for okta credential backend * Fix panic in tests * fix build failure * remove duplicated struct tag * add test steps to test out removal of group member during renewals * Add comment for having a prefix check in router * fix tests * s/parent_id/canonical_id * s/parent/canonical in comments and errors
2017-11-02 20:05:48 +00:00
entity, err := is.entityByAliasFactors(ghAccessor, "alias_name", false)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil {
t.Fatal(err)
}
if entity == nil {
t.Fatalf("expected a non-nil entity")
}
if entity.ID != entityID {
t.Fatalf("bad: entity ID; expected: %q actual: %q", entityID, entity.ID)
}
}
func TestIdentityStore_WrapInfoInheritance(t *testing.T) {
var err error
var resp *logical.Response
core, is, ts, _ := testCoreWithIdentityTokenGithub(t)
registerData := map[string]interface{}{
"name": "testentityname",
"metadata": []string{"someusefulkey=someusefulvalue"},
"policies": []string{"testpolicy1", "testpolicy2"},
}
registerReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "entity",
Data: registerData,
}
// Register the entity
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
resp, err = is.HandleRequest(context.Background(), registerReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("err:%v resp:%#v", err, resp)
}
idRaw, ok := resp.Data["id"]
if !ok {
t.Fatalf("entity id not present in response")
}
entityID := idRaw.(string)
if entityID == "" {
t.Fatalf("invalid entity id")
}
// Create a token which has EntityID set and has update permissions to
// sys/wrapping/wrap
Move TokenEntry into logical. (#4729) This allows the HTTP logicalAuth handler to cache the value in the logical.Request, avoiding a lookup later when performing acl checks/counting a use.
2018-06-08 21:24:27 +00:00
te := &logical.TokenEntry{
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
Path: "test",
Policies: []string{"default", responseWrappingPolicyName},
EntityID: entityID,
Offline token revocation fix
2018-06-03 22:14:51 +00:00
TTL: time.Hour,
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
}
Offline token revocation fix
2018-06-03 22:14:51 +00:00
testMakeTokenDirectly(t, ts, te)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
wrapReq := &logical.Request{
Path: "sys/wrapping/wrap",
ClientToken: te.ID,
Operation: logical.UpdateOperation,
Data: map[string]interface{}{
"foo": "bar",
},
WrapInfo: &logical.RequestWrapInfo{
TTL: time.Duration(5 * time.Second),
},
}
Add request timeouts in normal request path and to expirations (#4971) * Add request timeouts in normal request path and to expirations * Add ability to adjust default max request duration * Some test fixes * Ensure tests have defaults set for max request duration * Add context cancel checking to inmem/file * Fix tests * Fix tests * Set default max request duration to basically infinity for this release for BC * Address feedback
2018-07-24 21:50:49 +00:00
resp, err = core.HandleRequest(context.Background(), wrapReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v, err: %v", resp, err)
}
if resp.WrapInfo == nil {
t.Fatalf("expected a non-nil WrapInfo")
}
if resp.WrapInfo.WrappedEntityID != entityID {
t.Fatalf("bad: WrapInfo in response not having proper entity ID set; expected: %q, actual:%q", entityID, resp.WrapInfo.WrappedEntityID)
}
}
func TestIdentityStore_TokenEntityInheritance(t *testing.T) {
Offline token revocation fix
2018-06-03 22:14:51 +00:00
c, _, _ := TestCoreUnsealed(t)
ts := c.tokenStore
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
// Create a token which has EntityID set
Move TokenEntry into logical. (#4729) This allows the HTTP logicalAuth handler to cache the value in the logical.Request, avoiding a lookup later when performing acl checks/counting a use.
2018-06-08 21:24:27 +00:00
te := &logical.TokenEntry{
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
Path: "test",
Policies: []string{"dev", "prod"},
EntityID: "testentityid",
Offline token revocation fix
2018-06-03 22:14:51 +00:00
TTL: time.Hour,
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
}
Offline token revocation fix
2018-06-03 22:14:51 +00:00
testMakeTokenDirectly(t, ts, te)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
// Create a child token; this should inherit the EntityID
tokenReq := &logical.Request{
Operation: logical.UpdateOperation,
Path: "create",
ClientToken: te.ID,
}
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
resp, err := ts.HandleRequest(context.Background(), tokenReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v err: %v", err, resp)
}
if resp.Auth.EntityID != te.EntityID {
t.Fatalf("bad: entity ID; expected: %v, actual: %v", te.EntityID, resp.Auth.EntityID)
}
// Create an orphan token; this should not inherit the EntityID
tokenReq.Path = "create-orphan"
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers
2018-01-08 18:31:38 +00:00
resp, err = ts.HandleRequest(context.Background(), tokenReq)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("bad: resp: %#v err: %v", err, resp)
}
if resp.Auth.EntityID != "" {
t.Fatalf("expected entity ID to be not set")
}
}
Merge Identity Entities if two claim the same alias (#5075) * Merge Identity Entities if two claim the same alias Past bugs/race conditions meant two entities could be created each claiming the same alias. There are planned longer term fixes for this (outside of the race condition being fixed in 0.10.4) that involve changing the data model, but this is an immediate workaround that has the same net effect: if two entities claim the same alias, assume they were created due to this race condition and merge them. In this situation, also automatically merge policies so we don't lose e.g. RGPs.
2018-08-09 20:37:36 +00:00
func TestIdentityStore_MergeConflictingAliases(t *testing.T) {
err := AddTestCredentialBackend("github", credGithub.Factory)
if err != nil {
t.Fatalf("err: %s", err)
}
c, unsealKey, root := TestCoreUnsealed(t)
meGH := &MountEntry{
Table: credentialTableType,
Path: "github/",
Type: "github",
Description: "github auth",
}
err = c.enableCredential(context.Background(), meGH)
if err != nil {
t.Fatal(err)
}
alias := &identity.Alias{
ID: "alias1",
CanonicalID: "entity1",
MountType: "github",
MountAccessor: meGH.Accessor,
Name: "githubuser",
}
entity := &identity.Entity{
ID: "entity1",
Name: "name1",
Policies: []string{"foo", "bar"},
Aliases: []*identity.Alias{
alias,
},
}
entity.BucketKeyHash = c.identityStore.entityPacker.BucketKeyHashByItemID(entity.ID)
// Now add the alias to two entities, skipping all existing checking by
// writing directly
entityAny, err := ptypes.MarshalAny(entity)
if err != nil {
t.Fatal(err)
}
item := &storagepacker.Item{
ID: entity.ID,
Message: entityAny,
}
if err = c.identityStore.entityPacker.PutItem(item); err != nil {
t.Fatal(err)
}
entity.ID = "entity2"
entity.Name = "name2"
entity.Policies = []string{"bar", "baz"}
alias.ID = "alias2"
alias.CanonicalID = "entity2"
entity.BucketKeyHash = c.identityStore.entityPacker.BucketKeyHashByItemID(entity.ID)
entityAny, err = ptypes.MarshalAny(entity)
if err != nil {
t.Fatal(err)
}
item = &storagepacker.Item{
ID: entity.ID,
Message: entityAny,
}
if err = c.identityStore.entityPacker.PutItem(item); err != nil {
t.Fatal(err)
}
// Seal and unseal. If things are broken, we will now fail to unseal.
if err = c.Seal(root); err != nil {
t.Fatal(err)
}
var unsealed bool
for i := 0; i < 3; i++ {
unsealed, err = c.Unseal(unsealKey[i])
if err != nil {
t.Fatal(err)
}
}
if !unsealed {
t.Fatal("still sealed")
}
newEntity, err := c.identityStore.CreateOrFetchEntity(&logical.Alias{
MountAccessor: meGH.Accessor,
MountType: "github",
Name: "githubuser",
})
if err != nil {
t.Fatal(err)
}
if newEntity == nil {
t.Fatal("nil new entity")
}
entityToUse := "entity1"
if newEntity.ID == "entity1" {
entityToUse = "entity2"
}
if len(newEntity.MergedEntityIDs) != 1 || newEntity.MergedEntityIDs[0] != entityToUse {
t.Fatalf("bad merged entity ids: %v", newEntity.MergedEntityIDs)
}
if diff := deep.Equal(newEntity.Policies, []string{"bar", "baz", "foo"}); diff != nil {
t.Fatal(diff)
}
newEntity, err = c.identityStore.MemDBEntityByID(entityToUse, false)
if err != nil {
t.Fatal(err)
}
if newEntity != nil {
t.Fatal("got a non-nil entity")
}
}
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
func testCoreWithIdentityTokenGithub(t *testing.T) (*Core, *IdentityStore, *TokenStore, string) {
is, ghAccessor, core := testIdentityStoreWithGithubAuth(t)
Offline token revocation fix
2018-06-03 22:14:51 +00:00
return core, is, core.tokenStore, ghAccessor
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
}
Port over bits (#3575)
2017-11-13 20:31:32 +00:00
func testCoreWithIdentityTokenGithubRoot(t *testing.T) (*Core, *IdentityStore, *TokenStore, string, string) {
is, ghAccessor, core, root := testIdentityStoreWithGithubAuthRoot(t)
Offline token revocation fix
2018-06-03 22:14:51 +00:00
return core, is, core.tokenStore, ghAccessor, root
Port over bits (#3575)
2017-11-13 20:31:32 +00:00
}
func testIdentityStoreWithGithubAuth(t *testing.T) (*IdentityStore, string, *Core) {
is, ghA, c, _ := testIdentityStoreWithGithubAuthRoot(t)
return is, ghA, c
}
disallow token use if entity is invalid (#4791)
2018-06-19 16:57:19 +00:00
// testIdentityStoreWithGithubAuthRoot returns an instance of identity store
// which is mounted by default. This function also enables the github auth
// backend to assist with testing aliases and entities that require an valid
// mount accessor of an auth backend.
Port over bits (#3575)
2017-11-13 20:31:32 +00:00
func testIdentityStoreWithGithubAuthRoot(t *testing.T) (*IdentityStore, string, *Core, string) {
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
// Add github credential factory to core config
err := AddTestCredentialBackend("github", credGithub.Factory)
if err != nil {
t.Fatalf("err: %s", err)
}
Port over bits (#3575)
2017-11-13 20:31:32 +00:00
c, _, root := TestCoreUnsealed(t)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
meGH := &MountEntry{
Table: credentialTableType,
Path: "github/",
Type: "github",
Description: "github auth",
}
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
err = c.enableCredential(context.Background(), meGH)
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
if err != nil {
t.Fatal(err)
}
disallow token use if entity is invalid (#4791)
2018-06-19 16:57:19 +00:00
return c.identityStore, meGH.Accessor, c, root
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
}
func TestIdentityStore_MetadataKeyRegex(t *testing.T) {
key := "validVALID012_-=+/"
if !metaKeyFormatRegEx(key) {
t.Fatal("failed to accept valid metadata key")
}
key = "a:b"
if metaKeyFormatRegEx(key) {
t.Fatal("accepted invalid metadata key")
}
}