open-vault/vault/external_tests/misc/kvv2_upgrade_test.go

package misc

import (
	"bytes"
	"context"
	"strings"
	"sync"
	"testing"
	"time"

	"github.com/hashicorp/go-hclog"
	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
	"github.com/hashicorp/vault/api"
	"github.com/hashicorp/vault/helper/testhelpers"
	vaulthttp "github.com/hashicorp/vault/http"
	"github.com/hashicorp/vault/sdk/logical"
	"github.com/hashicorp/vault/sdk/physical"
	"github.com/hashicorp/vault/vault"
	"github.com/kr/pretty"
)

// Tests the regression in
// https://github.com/hashicorp/vault-plugin-secrets-kv/pull/31
func TestKVv2_UpgradePaths(t *testing.T) {
	m := new(sync.Mutex)
	logOut := new(bytes.Buffer)
	logger := hclog.New(&hclog.LoggerOptions{
		Output: logOut,
		Mutex:  m,
	})

	coreConfig := &vault.CoreConfig{
		LogicalBackends: map[string]logical.Factory{
			"kv": logicalKv.Factory,
		},
		EnableRaw: true,
		Logger:    logger,
	}
	cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
		HandlerFunc: vaulthttp.Handler,
	})
	cluster.Start()
	defer cluster.Cleanup()

	core := cluster.Cores[0]
	vault.TestWaitActive(t, core.Core)
	client := core.Client

	// Enable KVv2
	err := client.Sys().Mount("kv", &api.MountInput{
		Type: "kv-v2",
	})
	if err != nil {
		t.Fatal(err)
	}

	cluster.EnsureCoresSealed(t)

	ctx := context.Background()

	// Delete the policy from storage, to trigger the clean slate necessary for
	// the error
	mounts, err := core.UnderlyingStorage.List(ctx, "logical/")
	if err != nil {
		t.Fatal(err)
	}
	kvMount := mounts[0]
	basePaths, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount)
	if err != nil {
		t.Fatal(err)
	}
	basePath := basePaths[0]

	beforeList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)
	if err != nil {
		t.Fatal(err)
	}
	t.Log(pretty.Sprint(beforeList))

	// Delete policy/archive
	if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"policy/")); err != nil {
		t.Fatal(err)
	}
	if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"archive/")); err != nil {
		t.Fatal(err)
	}

	afterList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)
	if err != nil {
		t.Fatal(err)
	}
	t.Log(pretty.Sprint(afterList))

	testhelpers.EnsureCoresUnsealed(t, cluster)

	// Need to give it time to actually set up
	time.Sleep(10 * time.Second)

	m.Lock()
	defer m.Unlock()
	if strings.Contains(logOut.String(), "cannot write to storage during setup") {
		t.Fatal("got a cannot write to storage during setup error")
	}
}
Recovery Mode (#7559) * Initial work * rework * s/dr/recovery * Add sys/raw support to recovery mode (#7577) * Factor the raw paths out so they can be run with a SystemBackend. # Conflicts: # vault/logical_system.go * Add handleLogicalRecovery which is like handleLogical but is only sufficient for use with the sys-raw endpoint in recovery mode. No authentication is done yet. * Integrate with recovery-mode. We now handle unauthenticated sys/raw requests, albeit on path v1/raw instead v1/sys/raw. * Use sys/raw instead raw during recovery. * Don't bother persisting the recovery token. Authenticate sys/raw requests with it. * RecoveryMode: Support generate-root for autounseals (#7591) * Recovery: Abstract config creation and log settings * Recovery mode integration test. (#7600) * Recovery: Touch up (#7607) * Recovery: Touch up * revert the raw backend creation changes * Added recovery operation token prefix * Move RawBackend to its own file * Update API path and hit it using CLI flag on generate-root * Fix a panic triggered when handling a request that yields a nil response. (#7618) * Improve integ test to actually make changes while in recovery mode and verify they're still there after coming back in regular mode. * Refuse to allow a second recovery token to be generated. * Resize raft cluster to size 1 and start as leader (#7626) * RecoveryMode: Setup raft cluster post unseal (#7635) * Setup raft cluster post unseal in recovery mode * Remove marking as unsealed as its not needed * Address review comments * Accept only one seal config in recovery mode as there is no scope for migration 2019-10-15 04:55:31 +00:00			`package misc`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00
			`import (`
			`"bytes"`
			`"context"`
			`"strings"`
Fix data race in kvv2_upgrade_test (#6825) 2019-06-04 22:48:31 +00:00			`"sync"`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00			`"testing"`
			`"time"`

			`"github.com/hashicorp/go-hclog"`
			`logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"`
			`"github.com/hashicorp/vault/api"`
			`"github.com/hashicorp/vault/helper/testhelpers"`
			`vaulthttp "github.com/hashicorp/vault/http"`
Fixed wrong imports in test after refactoring (#6639) 2019-04-25 16:08:03 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
			`"github.com/hashicorp/vault/sdk/physical"`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00			`"github.com/hashicorp/vault/vault"`
			`"github.com/kr/pretty"`
			`)`

			`// Tests the regression in`
			`// https://github.com/hashicorp/vault-plugin-secrets-kv/pull/31`
			`func TestKVv2_UpgradePaths(t *testing.T) {`
Fix data race in kvv2_upgrade_test (#6825) 2019-06-04 22:48:31 +00:00			`m := new(sync.Mutex)`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00			`logOut := new(bytes.Buffer)`
			`logger := hclog.New(&hclog.LoggerOptions{`
			`Output: logOut,`
Fix data race in kvv2_upgrade_test (#6825) 2019-06-04 22:48:31 +00:00			`Mutex: m,`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00			`})`

			`coreConfig := &vault.CoreConfig{`
			`LogicalBackends: map[string]logical.Factory{`
			`"kv": logicalKv.Factory,`
			`},`
			`EnableRaw: true,`
			`Logger: logger,`
			`}`
			`cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{`
			`HandlerFunc: vaulthttp.Handler,`
			`})`
			`cluster.Start()`
			`defer cluster.Cleanup()`

			`core := cluster.Cores[0]`
			`vault.TestWaitActive(t, core.Core)`
			`client := core.Client`

			`// Enable KVv2`
			`err := client.Sys().Mount("kv", &api.MountInput{`
			`Type: "kv-v2",`
			`})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`cluster.EnsureCoresSealed(t)`

			`ctx := context.Background()`

			`// Delete the policy from storage, to trigger the clean slate necessary for`
			`// the error`
			`mounts, err := core.UnderlyingStorage.List(ctx, "logical/")`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`kvMount := mounts[0]`
			`basePaths, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`basePath := basePaths[0]`

			`beforeList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`t.Log(pretty.Sprint(beforeList))`

			`// Delete policy/archive`
			`if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"policy/")); err != nil {`
			`t.Fatal(err)`
			`}`
			`if err = logical.ClearView(ctx, physical.NewView(core.UnderlyingStorage, "logical/"+kvMount+basePath+"archive/")); err != nil {`
			`t.Fatal(err)`
			`}`

			`afterList, err := core.UnderlyingStorage.List(ctx, "logical/"+kvMount+basePath)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`t.Log(pretty.Sprint(afterList))`

			`testhelpers.EnsureCoresUnsealed(t, cluster)`

			`// Need to give it time to actually set up`
			`time.Sleep(10 * time.Second)`

Fix data race in kvv2_upgrade_test (#6825) 2019-06-04 22:48:31 +00:00			`m.Lock()`
			`defer m.Unlock()`
Add unit test for KV issue 31 (#6591) 2019-04-16 16:53:24 +00:00			`if strings.Contains(logOut.String(), "cannot write to storage during setup") {`
			`t.Fatal("got a cannot write to storage during setup error")`
			`}`
			`}`