open-vault/builtin/logical/transit/path_config_keys_test.go

71 lines
1.6 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package transit
import (
"context"
"testing"
"github.com/hashicorp/vault/sdk/logical"
)
func TestTransit_ConfigKeys(t *testing.T) {
b, s := createBackendWithSysView(t)
doReq := func(req *logical.Request) *logical.Response {
resp, err := b.HandleRequest(context.Background(), req)
if err != nil || (resp != nil && resp.IsError()) {
t.Fatalf("got err:\n%#v\nreq:\n%#v\n", err, *req)
}
return resp
}
doErrReq := func(req *logical.Request) {
resp, err := b.HandleRequest(context.Background(), req)
if err == nil {
if resp == nil || !resp.IsError() {
t.Fatalf("expected error; req:\n%#v\n", *req)
}
}
}
// First read the global config
req := &logical.Request{
Storage: s,
Operation: logical.ReadOperation,
Path: "config/keys",
}
resp := doReq(req)
if resp.Data["disable_upsert"].(bool) != false {
t.Fatalf("expected disable_upsert to be false; got: %v", resp)
}
// Ensure we can upsert.
req.Operation = logical.CreateOperation
req.Path = "encrypt/upsert-1"
req.Data = map[string]interface{}{
"plaintext": "aGVsbG8K",
}
doReq(req)
// Disable upserting.
req.Operation = logical.UpdateOperation
req.Path = "config/keys"
req.Data = map[string]interface{}{
"disable_upsert": true,
}
doReq(req)
// Attempt upserting again, it should fail.
req.Operation = logical.CreateOperation
req.Path = "encrypt/upsert-2"
req.Data = map[string]interface{}{
"plaintext": "aGVsbG8K",
}
doErrReq(req)
// Redoing this with the first key should succeed.
req.Path = "encrypt/upsert-1"
doReq(req)
}