luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/http/handler_test.go

890 lines
24 KiB
Go
Raw Normal View History

adding copyright header (#19555) * adding copyright header * fix fmt and a test
2023-03-15 16:00:52 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
package http
import (
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
"context"
Support processing parameters sent as a URL-encoded form (#8325)
2020-02-12 22:20:22 +00:00
"crypto/tls"
Added JSON Decode and Encode helpers. Changed all the occurances of Unmarshal to use the helpers. Fixed http/ package tests.
2016-07-06 16:25:40 +00:00
"encoding/json"
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
"errors"
Support processing parameters sent as a URL-encoded form (#8325)
2020-02-12 22:20:22 +00:00
"io/ioutil"
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
"net/http"
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
"net/http/httptest"
The big one (#5346)
2018-09-18 03:03:00 +00:00
"net/textproto"
Support processing parameters sent as a URL-encoded form (#8325)
2020-02-12 22:20:22 +00:00
"net/url"
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
"reflect"
Set allowed headers via API instead of defaulting to wildcard. (#3023)
2017-08-07 14:03:30 +00:00
"strings"
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
"testing"
Add mount UUID to the secret and auth list API responses (#6633)
2019-04-24 19:27:43 +00:00
"github.com/go-test/deep"
Add HTTP response headers for hostname and raft node ID (if applicable) (#11289)
2021-04-20 22:25:04 +00:00
"github.com/hashicorp/go-cleanhttp"
Run all builtins as plugins (#5536)
2018-11-07 01:21:24 +00:00
"github.com/hashicorp/vault/helper/namespace"
Add plugin version to GRPC interface (#17088) Add plugin version to GRPC interface Added a version interface in the sdk/logical so that it can be shared between all plugin types, and then wired it up to RunningVersion in the mounts, auth list, and database systems. I've tested that this works with auth, database, and secrets plugin types, with the following logic to populate RunningVersion: If a plugin has a PluginVersion() method implemented, then that is used If not, and the plugin is built into the Vault binary, then the go.mod version is used Otherwise, the it will be the empty string. My apologies for the length of this PR. * Placeholder backend should be external We use a placeholder backend (previously a framework.Backend) before a GRPC plugin is lazy-loaded. This makes us later think the plugin is a builtin plugin. So we added a `placeholderBackend` type that overrides the `IsExternal()` method so that later we know that the plugin is external, and don't give it a default builtin version.
2022-09-15 23:37:59 +00:00
"github.com/hashicorp/vault/helper/versions"
Switch to go modules (#6585) * Switch to go modules * Make fmt
2019-04-13 07:44:06 +00:00
"github.com/hashicorp/vault/sdk/helper/consts"
Create sdk/ and api/ submodules (#6583)
2019-04-12 21:54:35 +00:00
"github.com/hashicorp/vault/sdk/logical"
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
"github.com/hashicorp/vault/vault"
)
The big one (#5346)
2018-09-18 03:03:00 +00:00
func TestHandler_parseMFAHandler(t *testing.T) {
var err error
var expectedMFACreds logical.MFACreds
req := &logical.Request{
Headers: make(map[string][]string),
}
headerName := textproto.CanonicalMIMEHeaderKey(MFAHeaderName)
// Set TOTP passcode in the MFA header
req.Headers[headerName] = []string{
"my_totp:123456",
"my_totp:111111",
"my_second_mfa:hi=hello",
"my_third_mfa",
}
err = parseMFAHeader(req)
if err != nil {
t.Fatal(err)
}
// Verify that it is being parsed properly
expectedMFACreds = logical.MFACreds{
"my_totp": []string{
"123456",
"111111",
},
"my_second_mfa": []string{
"hi=hello",
},
"my_third_mfa": []string{},
}
if !reflect.DeepEqual(expectedMFACreds, req.MFACreds) {
t.Fatalf("bad: parsed MFACreds; expected: %#v\n actual: %#v\n", expectedMFACreds, req.MFACreds)
}
// Split the creds of a method type in different headers and check if they
// all get merged together
req.Headers[headerName] = []string{
"my_mfa:passcode=123456",
"my_mfa:month=july",
"my_mfa:day=tuesday",
}
err = parseMFAHeader(req)
if err != nil {
t.Fatal(err)
}
expectedMFACreds = logical.MFACreds{
"my_mfa": []string{
"passcode=123456",
"month=july",
"day=tuesday",
},
}
if !reflect.DeepEqual(expectedMFACreds, req.MFACreds) {
t.Fatalf("bad: parsed MFACreds; expected: %#v\n actual: %#v\n", expectedMFACreds, req.MFACreds)
}
// Header without method name should error out
req.Headers[headerName] = []string{
":passcode=123456",
}
err = parseMFAHeader(req)
if err == nil {
t.Fatalf("expected an error; actual: %#v\n", req.MFACreds)
}
// Header without method name and method value should error out
req.Headers[headerName] = []string{
":",
}
err = parseMFAHeader(req)
if err == nil {
t.Fatalf("expected an error; actual: %#v\n", req.MFACreds)
}
// Header without method name and method value should error out
req.Headers[headerName] = []string{
"my_totp:",
}
err = parseMFAHeader(req)
if err == nil {
t.Fatalf("expected an error; actual: %#v\n", req.MFACreds)
}
}
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
func TestHandler_cors(t *testing.T) {
core, _, _ := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
// Enable CORS and allow from any origin for testing.
corsConfig := core.CORSConfig()
Add context to storage backends and wire it through a lot of places (#3817)
2018-01-19 06:44:44 +00:00
err := corsConfig.Enable(context.Background(), []string{addr}, nil)
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
if err != nil {
t.Fatalf("Error enabling CORS: %s", err)
}
req, err := http.NewRequest(http.MethodOptions, addr+"/v1/sys/seal-status", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
req.Header.Set("Origin", "BAD ORIGIN")
// Requests from unacceptable origins will be rejected with a 403.
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
if resp.StatusCode != http.StatusForbidden {
t.Fatalf("Bad status:\nexpected: 403 Forbidden\nactual: %s", resp.Status)
}
//
// Test preflight requests
//
// Set a valid origin
req.Header.Set("Origin", addr)
// Server should NOT accept arbitrary methods.
req.Header.Set("Access-Control-Request-Method", "FOO")
client = cleanhttp.DefaultClient()
resp, err = client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
// Fail if an arbitrary method is accepted.
if resp.StatusCode != http.StatusMethodNotAllowed {
t.Fatalf("Bad status:\nexpected: 405 Method Not Allowed\nactual: %s", resp.Status)
}
// Server SHOULD accept acceptable methods.
req.Header.Set("Access-Control-Request-Method", http.MethodPost)
client = cleanhttp.DefaultClient()
resp, err = client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
//
// Test that the CORS headers are applied correctly.
//
expHeaders := map[string]string{
"Access-Control-Allow-Origin": addr,
Fix exporting stdAllowedHeaders
2017-08-07 19:02:08 +00:00
"Access-Control-Allow-Headers": strings.Join(vault.StdAllowedHeaders, ","),
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
"Access-Control-Max-Age": "300",
make fmt
2018-10-02 18:30:10 +00:00
"Vary": "Origin",
Cors headers (#2021)
2017-06-17 04:04:55 +00:00
}
for expHeader, expected := range expHeaders {
actual := resp.Header.Get(expHeader)
if actual == "" {
t.Fatalf("bad:\nHeader: %#v was not on response.", expHeader)
}
if actual != expected {
t.Fatalf("bad:\nExpected: %#v\nActual: %#v\n", expected, actual)
}
}
}
Add HTTP response headers for hostname and raft node ID (if applicable) (#11289)
2021-04-20 22:25:04 +00:00
func TestHandler_HostnameHeader(t *testing.T) {
t.Parallel()
testCases := []struct {
description string
config *vault.CoreConfig
headerPresent bool
}{
{
description: "with no header configured",
config: nil,
headerPresent: false,
},
{
description: "with header configured",
config: &vault.CoreConfig{
EnableResponseHeaderHostname: true,
},
headerPresent: true,
},
}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
var core *vault.Core
if tc.config == nil {
core, _, _ = vault.TestCoreUnsealed(t)
} else {
core, _, _ = vault.TestCoreUnsealedWithConfig(t, tc.config)
}
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/seal-status", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
if resp == nil {
t.Fatal("nil response")
}
hnHeader := resp.Header.Get("X-Vault-Hostname")
if tc.headerPresent && hnHeader == "" {
t.Logf("header configured = %t", core.HostnameHeaderEnabled())
t.Fatal("missing 'X-Vault-Hostname' header entry in response")
}
if !tc.headerPresent && hnHeader != "" {
t.Fatal("didn't expect 'X-Vault-Hostname' header but it was present anyway")
}
rniHeader := resp.Header.Get("X-Vault-Raft-Node-ID")
if rniHeader != "" {
t.Fatalf("no raft node ID header was expected, since we're not running a raft cluster. instead, got %s", rniHeader)
}
})
}
}
Add 'no-store' response header from all the API outlets (#2183)
2016-12-15 22:53:07 +00:00
func TestHandler_CacheControlNoStore(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
req.Header.Set(consts.AuthHeaderName, token)
Add 'no-store' response header from all the API outlets (#2183)
2016-12-15 22:53:07 +00:00
req.Header.Set(WrapTTLHeaderName, "60s")
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
if resp == nil {
t.Fatalf("nil response")
}
actual := resp.Header.Get("Cache-Control")
if actual == "" {
t.Fatalf("missing 'Cache-Control' header entry in response writer")
}
if actual != "no-store" {
t.Fatalf("bad: Cache-Control. Expected: 'no-store', Actual: %q", actual)
}
}
VAULT-1564 report in-flight requests (#13024) * VAULT-1564 report in-flight requests * adding a changelog * Changing some variable names and fixing comments * minor style change * adding unauthenticated support for in-flight-req * adding documentation for the listener.profiling stanza * adding an atomic counter for the inflight requests addressing comments * addressing comments * logging completed requests * fixing a test * providing log_requests_info as a config option to determine at which level requests should be logged * removing a member and a method from the StatusHeaderResponseWriter struct * adding api docks * revert changes in NewHTTPResponseWriter * Fix logging invalid log_requests_info value * Addressing comments * Fixing a test * use an tomic value for logRequestsInfo, and moving the CreateClientID function to Core * fixing go.sum * minor refactoring * protecting InFlightRequests from data race * another try on fixing a data race * another try to fix a data race * addressing comments * fixing couple of tests * changing log_requests_info to log_requests_level * minor style change * fixing a test * removing the lock in InFlightRequests * use single-argument form for interface assertion * adding doc for the new configuration paramter * adding the new doc to the nav data file * minor fix
2021-12-08 22:34:42 +00:00
func TestHandler_InFlightRequest(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
req, err := http.NewRequest("GET", addr+"/v1/sys/in-flight-req", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
req.Header.Set(consts.AuthHeaderName, token)
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
if resp == nil {
t.Fatalf("nil response")
}
var actual map[string]interface{}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if actual == nil || len(actual) == 0 {
t.Fatal("expected to get at least one in-flight request, got nil or zero length map")
}
for _, v := range actual {
reqInfo, ok := v.(map[string]interface{})
if !ok {
t.Fatal("failed to read in-flight request")
}
if reqInfo["request_path"] != "/v1/sys/in-flight-req" {
t.Fatalf("expected /v1/sys/in-flight-req in-flight request path, got %s", actual["request_path"])
}
}
}
Return logical.StatusBadRequest on requests with missing token (#8457) * Add test for 400 status on missing token * Return logical.StatusBadRequest on missing token * remove commented out code Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 20:17:25 +00:00
// TestHandler_MissingToken tests the response / error code if a request comes
// in with a missing client token. See
// https://github.com/hashicorp/vault/issues/8377
func TestHandler_MissingToken(t *testing.T) {
// core, _, token := vault.TestCoreUnsealed(t)
core, _, _ := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/internal/ui/mounts/cubbyhole", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
req.Header.Set(WrapTTLHeaderName, "60s")
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatal(err)
}
Authenticate to "login" endpoint for non-existent mount path bug (#13162) * changing response from missing client token to permission denied * removing todo comment * fix tests * adding changelog * fixing changelog
2021-11-23 01:06:59 +00:00
if resp.StatusCode != 403 {
t.Fatalf("expected code 403, got: %d", resp.StatusCode)
Return logical.StatusBadRequest on requests with missing token (#8457) * Add test for 400 status on missing token * Return logical.StatusBadRequest on missing token * remove commented out code Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
2020-10-26 20:17:25 +00:00
}
}
Make single-lease revocation behave like expiration (#4883) This change makes it so that if a lease is revoked through user action, we set the expiration time to now and update pending, just as we do with tokens. This allows the normal retry logic to apply in these cases as well, instead of just erroring out immediately. The idea being that once you tell Vault to revoke something it should keep doing its darndest to actually make that happen.
2018-07-11 19:45:09 +00:00
func TestHandler_Accepted(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("POST", addr+"/v1/auth/token/tidy", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
req.Header.Set(consts.AuthHeaderName, token)
Make single-lease revocation behave like expiration (#4883) This change makes it so that if a lease is revoked through user action, we set the expiration time to now and update pending, just as we do with tokens. This allows the normal retry logic to apply in these cases as well, instead of just erroring out immediately. The idea being that once you tell Vault to revoke something it should keep doing its darndest to actually make that happen.
2018-07-11 19:45:09 +00:00
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
testResponseStatus(t, resp, 202)
}
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
// We use this test to verify header auth
func TestSysMounts_headerAuth(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
req.Header.Set(consts.AuthHeaderName, token)
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
Use cleanhttp instead of bare http.Client
2015-10-22 18:37:12 +00:00
client := cleanhttp.DefaultClient()
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"wrap_info": nil,
"warnings": nil,
"auth": nil,
"data": map[string]interface{}{
"secret/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "key/value secret storage",
"type": "kv",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": false,
"options": map[string]interface{}{"version": "1"},
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "kv"),
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"sys/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "system endpoints used for control, policy and debugging",
"type": "system",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"config": map[string]interface{}{
make fmt
2019-02-20 20:12:21 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
Fix TestSysMounts, TestSysMounts_headerAuth. (#6246)
2019-02-15 19:15:02 +00:00
"passthrough_request_headers": []interface{}{"Accept"},
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": true,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.DefaultBuiltinVersion,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
"cubbyhole/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "per-token private secret storage",
"type": "cubbyhole",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
Add option to disable caching per-backend. (#2455)
2017-03-08 14:20:09 +00:00
"force_no_cache": false,
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": true,
"seal_wrap": false,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "cubbyhole"),
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
"identity/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "identity store",
"type": "identity",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
"config": map[string]interface{}{
Adds OIDC Token and UserInfo endpoints (#12711)
2021-10-14 01:59:36 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
"passthrough_request_headers": []interface{}{"Authorization"},
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": false,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "identity"),
Porting identity store (#3419) * porting identity to OSS * changes that glue things together * add testing bits * wrapped entity id * fix mount error * some more changes to core * fix storagepacker tests * fix some more tests * fix mount tests * fix http mount tests * audit changes for identity * remove upgrade structs on the oss side * added go-memdb to vendor
2017-10-11 17:21:20 +00:00
},
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
},
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
"secret/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "key/value secret storage",
"type": "kv",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": false,
"options": map[string]interface{}{"version": "1"},
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "kv"),
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
"sys/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "system endpoints used for control, policy and debugging",
"type": "system",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
"config": map[string]interface{}{
make fmt
2019-02-20 20:12:21 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
Fix TestSysMounts, TestSysMounts_headerAuth. (#6246)
2019-02-15 19:15:02 +00:00
"passthrough_request_headers": []interface{}{"Accept"},
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": true,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.DefaultBuiltinVersion,
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
"cubbyhole/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "per-token private secret storage",
"type": "cubbyhole",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
"config": map[string]interface{}{
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": true,
"seal_wrap": false,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "cubbyhole"),
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
"identity/": map[string]interface{}{
Run go fmt (#7823)
2019-11-07 16:54:34 +00:00
"description": "identity store",
"type": "identity",
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable
2019-10-17 17:33:00 +00:00
"external_entropy_access": false,
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
"config": map[string]interface{}{
Adds OIDC Token and UserInfo endpoints (#12711)
2021-10-14 01:59:36 +00:00
"default_lease_ttl": json.Number("0"),
"max_lease_ttl": json.Number("0"),
"force_no_cache": false,
"passthrough_request_headers": []interface{}{"Authorization"},
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
Plugins: Consistently use plugin_version (#17171) * Delete Sha field, rename RunningSha -> RunningSha256 * Rename version -> plugin_version
2022-09-20 11:35:50 +00:00
"local": false,
"seal_wrap": false,
"options": interface{}(nil),
"plugin_version": "",
"running_sha256": "",
"running_plugin_version": versions.GetBuiltinVersion(consts.PluginTypeSecrets, "identity"),
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
},
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
expected["request_id"] = actual["request_id"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
for k, v := range actual["data"].(map[string]interface{}) {
if v.(map[string]interface{})["accessor"] == "" {
t.Fatalf("no accessor from %s", k)
}
Add mount UUID to the secret and auth list API responses (#6633)
2019-04-24 19:27:43 +00:00
if v.(map[string]interface{})["uuid"] == "" {
t.Fatalf("no uuid from %s", k)
}
Re-add injecting into top routes (#5244)
2018-09-05 15:45:17 +00:00
expected[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
Add mount UUID to the secret and auth list API responses (#6633)
2019-04-24 19:27:43 +00:00
expected[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
expected["data"].(map[string]interface{})[k].(map[string]interface{})["accessor"] = v.(map[string]interface{})["accessor"]
Add mount UUID to the secret and auth list API responses (#6633)
2019-04-24 19:27:43 +00:00
expected["data"].(map[string]interface{})[k].(map[string]interface{})["uuid"] = v.(map[string]interface{})["uuid"]
Create and persist human-friendly-ish mount accessors (#2918)
2017-06-26 17:14:36 +00:00
}
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
Fix TestSysMounts, TestSysMounts_headerAuth. (#6246)
2019-02-15 19:15:02 +00:00
if diff := deep.Equal(actual, expected); len(diff) > 0 {
t.Fatalf("bad, diff: %#v", diff)
http: allow header for auth token [GH-124]
2015-05-11 17:56:41 +00:00
}
}
HTTP should return 503 when sealed
2015-05-19 07:59:19 +00:00
Add more tests
2016-05-08 01:08:13 +00:00
// We use this test to verify header auth wrapping
func TestSysMounts_headerAuth_Wrapped(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
req.Header.Set(consts.AuthHeaderName, token)
Add more tests
2016-05-08 01:08:13 +00:00
req.Header.Set(WrapTTLHeaderName, "60s")
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
var actual map[string]interface{}
expected := map[string]interface{}{
"request_id": "",
"lease_id": "",
"renewable": false,
"lease_duration": json.Number("0"),
"data": nil,
"wrap_info": map[string]interface{}{
"ttl": json.Number("60"),
},
"warnings": nil,
"auth": nil,
}
Add more tests
2016-05-08 01:08:13 +00:00
testResponseStatus(t, resp, 200)
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
testResponseBody(t, resp, &actual)
actualToken, ok := actual["wrap_info"].(map[string]interface{})["token"]
if !ok || actualToken == "" {
t.Fatal("token missing in wrap info")
}
expected["wrap_info"].(map[string]interface{})["token"] = actualToken
actualCreationTime, ok := actual["wrap_info"].(map[string]interface{})["creation_time"]
if !ok || actualCreationTime == "" {
t.Fatal("creation_time missing in wrap info")
}
expected["wrap_info"].(map[string]interface{})["creation_time"] = actualCreationTime
Store original request path in WrapInfo (#3100) * Store original request path in WrapInfo as CreationPath * Add wrapping_token_creation_path to CLI output * Add CreationPath to AuditResponseWrapInfo * Fix tests * Add and fix tests, update API docs with new sample responses
2017-08-02 22:28:58 +00:00
actualCreationPath, ok := actual["wrap_info"].(map[string]interface{})["creation_path"]
if !ok || actualCreationPath == "" {
t.Fatal("creation_path missing in wrap info")
}
expected["wrap_info"].(map[string]interface{})["creation_path"] = actualCreationPath
Port over bits (#3575)
2017-11-13 20:31:32 +00:00
actualAccessor, ok := actual["wrap_info"].(map[string]interface{})["accessor"]
if !ok || actualAccessor == "" {
t.Fatal("accessor missing in wrap info")
}
expected["wrap_info"].(map[string]interface{})["accessor"] = actualAccessor
Fix tests and update mapstructure
2016-08-08 20:00:31 +00:00
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad:\nExpected: %#v\nActual: %#v\n%T %T", expected, actual, actual["warnings"], actual["data"])
Add more tests
2016-05-08 01:08:13 +00:00
}
}
HTTP should return 503 when sealed
2015-05-19 07:59:19 +00:00
func TestHandler_sealed(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
core.Seal(token)
resp, err := http.Get(addr + "/v1/secret/foo")
if err != nil {
t.Fatalf("err: %s", err)
}
testResponseStatus(t, resp, 503)
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
The big one (#5346)
2018-09-18 03:03:00 +00:00
func TestHandler_ui_default(t *testing.T) {
core := vault.TestCoreUI(t, false)
ln, addr := TestServer(t, core)
defer ln.Close()
resp, err := http.Get(addr + "/ui/")
if err != nil {
t.Fatalf("err: %s", err)
}
testResponseStatus(t, resp, 404)
}
func TestHandler_ui_enabled(t *testing.T) {
core := vault.TestCoreUI(t, true)
ln, addr := TestServer(t, core)
defer ln.Close()
resp, err := http.Get(addr + "/ui/")
if err != nil {
t.Fatalf("err: %s", err)
}
testResponseStatus(t, resp, 200)
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
func TestHandler_error(t *testing.T) {
w := httptest.NewRecorder()
Clean up error string formatting (#4304)
2018-04-09 18:35:21 +00:00
respondError(w, 500, errors.New("test Error"))
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
if w.Code != 500 {
t.Fatalf("expected 500, got %d", w.Code)
}
// The code inside of the error should override
// the argument to respondError
w2 := httptest.NewRecorder()
e := logical.CodedError(403, "error text")
respondError(w2, 500, e)
if w2.Code != 403 {
t.Fatalf("expected 403, got %d", w2.Code)
}
// vault.ErrSealed is a special case
w3 := httptest.NewRecorder()
Port some replication bits to OSS (#2386)
2017-02-16 20:15:02 +00:00
respondError(w3, 400, consts.ErrSealed)
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
if w3.Code != 503 {
t.Fatalf("expected 503, got %d", w3.Code)
}
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697)
2017-12-16 01:19:37 +00:00
}
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
func TestHandler_requestAuth(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
rootCtx := namespace.RootContext(nil)
te, err := core.LookupToken(rootCtx, token)
if err != nil {
t.Fatalf("err: %s", err)
}
rWithAuthorization, err := http.NewRequest("GET", "v1/test/path", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
rWithAuthorization.Header.Set("Authorization", "Bearer "+token)
rWithVault, err := http.NewRequest("GET", "v1/test/path", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
rWithVault.Header.Set(consts.AuthHeaderName, token)
for _, r := range []*http.Request{rWithVault, rWithAuthorization} {
req := logical.TestRequest(t, logical.ReadOperation, "test/path")
r = r.WithContext(rootCtx)
Reorganize request handling code so that we don't touch storage until we have the stateLock. (#11835)
2021-06-11 17:18:16 +00:00
requestAuth(r, req)
err = core.PopulateTokenEntry(rootCtx, req)
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
if req.ClientToken != token {
t.Fatalf("client token should be filled with %s, got %s", token, req.ClientToken)
}
if req.TokenEntry() == nil {
t.Fatal("token entry should not be nil")
}
if !reflect.DeepEqual(req.TokenEntry(), te) {
t.Fatalf("token entry should be the same as the core")
}
if req.ClientTokenAccessor == "" {
t.Fatal("token accessor should not be empty")
}
}
rNothing, err := http.NewRequest("GET", "v1/test/path", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
req := logical.TestRequest(t, logical.ReadOperation, "test/path")
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
Reorganize request handling code so that we don't touch storage until we have the stateLock. (#11835)
2021-06-11 17:18:16 +00:00
requestAuth(rNothing, req)
err = core.PopulateTokenEntry(rootCtx, req)
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
if err != nil {
t.Fatalf("expected no error, got %s", err)
}
if req.ClientToken != "" {
t.Fatalf("client token should not be filled, got %s", req.ClientToken)
}
}
func TestHandler_getTokenFromReq(t *testing.T) {
r := http.Request{Header: http.Header{}}
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
tok, _ := getTokenFromReq(&r)
if tok != "" {
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
t.Fatalf("expected '' as result, got '%s'", tok)
}
r.Header.Set("Authorization", "Bearer TOKEN NOT_GOOD_TOKEN")
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
token, fromHeader := getTokenFromReq(&r)
if !fromHeader {
t.Fatal("expected from header")
} else if token != "TOKEN NOT_GOOD_TOKEN" {
t.Fatal("did not get expected token value")
} else if r.Header.Get("Authorization") == "" {
t.Fatal("expected value to be passed through")
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
}
r.Header.Set(consts.AuthHeaderName, "NEWTOKEN")
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
tok, _ = getTokenFromReq(&r)
if tok == "TOKEN" {
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
t.Fatalf("%s header should be prioritized", consts.AuthHeaderName)
} else if tok != "NEWTOKEN" {
t.Fatalf("expected 'NEWTOKEN' as result, got '%s'", tok)
}
r.Header = http.Header{}
r.Header.Set("Authorization", "Basic TOKEN")
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
tok, fromHeader = getTokenFromReq(&r)
if tok != "" {
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
t.Fatalf("expected '' as result, got '%s'", tok)
Add allowed_response_headers (#6115)
2019-02-05 21:02:15 +00:00
} else if fromHeader {
t.Fatal("expected not from header")
Add support for token passed Authorization Bearer header (#5397) * Support Authorization Bearer as token header * add requestAuth test * remove spew debug output in test * Add Authorization in CORS Allowed headers * use const where applicable * use less allocations in bearer token checking * address PR comments on tests and apply last commit * reorder error checking in a TestHandler_requestAuth
2018-10-01 17:33:21 +00:00
}
}
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697)
2017-12-16 01:19:37 +00:00
func TestHandler_nonPrintableChars(t *testing.T) {
Add config flag to disable non-printable character check (#4917)
2018-07-12 20:29:36 +00:00
testNonPrintable(t, false)
testNonPrintable(t, true)
}
func testNonPrintable(t *testing.T, disable bool) {
Wrap storage calls with encoding checks (#5819) * Add encoding backend * More work on encoding checks * Update error message * Update physical/encoding.go * Disable key checks if configured
2018-11-19 21:13:16 +00:00
core, _, token := vault.TestCoreUnsealedWithConfig(t, &vault.CoreConfig{
DisableKeyEncodingChecks: disable,
})
Add config flag to disable non-printable character check (#4917)
2018-07-12 20:29:36 +00:00
ln, addr := TestListener(t)
props := &vault.HandlerProperties{
Core: core,
DisablePrintableCheck: disable,
}
TestServerWithListenerAndProperties(t, ln, addr, core, props)
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697)
2017-12-16 01:19:37 +00:00
defer ln.Close()
Add config flag to disable non-printable character check (#4917)
2018-07-12 20:29:36 +00:00
req, err := http.NewRequest("PUT", addr+"/v1/cubbyhole/foo\u2028bar", strings.NewReader(`{"zip": "zap"}`))
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697)
2017-12-16 01:19:37 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
The big one (#5346)
2018-09-18 03:03:00 +00:00
req.Header.Set(consts.AuthHeaderName, token)
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697)
2017-12-16 01:19:37 +00:00
client := cleanhttp.DefaultClient()
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
Add config flag to disable non-printable character check (#4917)
2018-07-12 20:29:36 +00:00
if disable {
testResponseStatus(t, resp, 204)
} else {
testResponseStatus(t, resp, 400)
}
This adds a new error class which can be used by logical backends to specify more concrete error cases to make their way back up the stack. Over time there is probably a cleaner way of doing this, but that's looking like a more massive rewrite and this solves some issues in the meantime. Use a CodedError to return a more concrete HTTP return code for operations you want to do so. Returning a regular error leaves the existing behavior in place.
2015-08-10 17:27:25 +00:00
}
Support processing parameters sent as a URL-encoded form (#8325)
2020-02-12 22:20:22 +00:00
func TestHandler_Parse_Form(t *testing.T) {
cluster := vault.NewTestCluster(t, &vault.CoreConfig{}, &vault.TestClusterOptions{
HandlerFunc: Handler,
})
cluster.Start()
defer cluster.Cleanup()
cores := cluster.Cores
core := cores[0].Core
vault.TestWaitActive(t, core)
c := cleanhttp.DefaultClient()
c.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: cluster.RootCAs,
},
}
values := url.Values{
"zip": []string{"zap"},
"abc": []string{"xyz"},
"multi": []string{"first", "second"},
"empty": []string{},
}
req, err := http.NewRequest("POST", cores[0].Client.Address()+"/v1/secret/foo", nil)
if err != nil {
t.Fatal(err)
}
req.Body = ioutil.NopCloser(strings.NewReader(values.Encode()))
req.Header.Set("x-vault-token", cluster.RootToken)
req.Header.Set("content-type", "application/x-www-form-urlencoded")
resp, err := c.Do(req)
if err != nil {
t.Fatal(err)
}
if resp.StatusCode != 204 {
t.Fatalf("bad response: %#v\nrequest was: %#v\nurl was: %#v", *resp, *req, req.URL)
}
client := cores[0].Client
client.SetToken(cluster.RootToken)
Revert the WithContext changes to vault tests (#14947)
2022-04-07 19:12:58 +00:00
apiResp, err := client.Logical().Read("secret/foo")
Support processing parameters sent as a URL-encoded form (#8325)
2020-02-12 22:20:22 +00:00
if err != nil {
t.Fatal(err)
}
if apiResp == nil {
t.Fatal("api resp is nil")
}
expected := map[string]interface{}{
"zip": "zap",
"abc": "xyz",
"multi": "first,second",
}
if diff := deep.Equal(expected, apiResp.Data); diff != nil {
t.Fatal(diff)
}
reformat using 'make fmt' (#13794)
2022-01-27 18:06:34 +00:00
}