open-vault/http/sys_init_test.go

package http

import (
	"encoding/hex"
	"net/http"
	"reflect"
	"testing"

	"github.com/hashicorp/vault/vault"
)

func TestSysInit_get(t *testing.T) {
	core := vault.TestCore(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()

	{
		// Pre-init
		resp, err := http.Get(addr + "/v1/sys/init")
		if err != nil {
			t.Fatalf("err: %s", err)
		}

		var actual map[string]interface{}
		expected := map[string]interface{}{
			"initialized": false,
		}
		testResponseStatus(t, resp, 200)
		testResponseBody(t, resp, &actual)
		if !reflect.DeepEqual(actual, expected) {
			t.Fatalf("bad: %#v", actual)
		}
	}

	vault.TestCoreInit(t, core)

	{
		// Post-init
		resp, err := http.Get(addr + "/v1/sys/init")
		if err != nil {
			t.Fatalf("err: %s", err)
		}

		var actual map[string]interface{}
		expected := map[string]interface{}{
			"initialized": true,
		}
		testResponseStatus(t, resp, 200)
		testResponseBody(t, resp, &actual)
		if !reflect.DeepEqual(actual, expected) {
			t.Fatalf("bad: %#v", actual)
		}
	}
}

// Test to check if the API errors out when wrong number of PGP keys are
// supplied
func TestSysInit_pgpKeysEntries(t *testing.T) {
	core := vault.TestCore(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()

	resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{
		"secret_shares":    5,
		"secret_threshold": 3,
		"pgp_keys":         []string{"pgpkey1"},
	})
	testResponseStatus(t, resp, 400)
}

// Test to check if the API errors out when wrong number of PGP keys are
// supplied for recovery config
func TestSysInit_pgpKeysEntriesForRecovery(t *testing.T) {
	core := vault.TestCoreNewSeal(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()

	resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{
		"secret_shares":      1,
		"secret_threshold":   1,
		"stored_shares":      1,
		"recovery_shares":    5,
		"recovery_threshold": 3,
		"recovery_pgp_keys":  []string{"pgpkey1"},
	})
	testResponseStatus(t, resp, 400)
}

func TestSysInit_put(t *testing.T) {
	core := vault.TestCore(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()

	resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{
		"secret_shares":    5,
		"secret_threshold": 3,
	})

	var actual map[string]interface{}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	keysRaw, ok := actual["keys"]
	if !ok {
		t.Fatalf("no keys: %#v", actual)
	}

	if _, ok := actual["root_token"]; !ok {
		t.Fatal("no root token")
	}

	for _, key := range keysRaw.([]interface{}) {
		keySlice, err := hex.DecodeString(key.(string))
		if err != nil {
			t.Fatalf("bad: %s", err)
		}

		if _, err := core.Unseal(keySlice); err != nil {
			t.Fatalf("bad: %s", err)
		}
	}

	seal, err := core.Sealed()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if seal {
		t.Fatal("should not be sealed")
	}
}
http: init endpoints 2015-03-12 19:37:41 +00:00			`package http`

			`import (`
			`"encoding/hex"`
			`"net/http"`
			`"reflect"`
			`"testing"`
vault: public testing methods 2015-03-13 18:11:59 +00:00
			`"github.com/hashicorp/vault/vault"`
http: init endpoints 2015-03-12 19:37:41 +00:00			`)`

			`func TestSysInit_get(t *testing.T) {`
vault: public testing methods 2015-03-13 18:11:59 +00:00			`core := vault.TestCore(t)`
http: make TestServer public 2015-03-13 18:13:33 +00:00			`ln, addr := TestServer(t, core)`
http: init endpoints 2015-03-12 19:37:41 +00:00			`defer ln.Close()`

			`{`
			`// Pre-init`
			`resp, err := http.Get(addr + "/v1/sys/init")`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
			`"initialized": false,`
			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
			`t.Fatalf("bad: %#v", actual)`
			`}`
			`}`

vault: public testing methods 2015-03-13 18:11:59 +00:00			`vault.TestCoreInit(t, core)`
http: init endpoints 2015-03-12 19:37:41 +00:00
			`{`
			`// Post-init`
			`resp, err := http.Get(addr + "/v1/sys/init")`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`var actual map[string]interface{}`
			`expected := map[string]interface{}{`
			`"initialized": true,`
			`}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`if !reflect.DeepEqual(actual, expected) {`
			`t.Fatalf("bad: %#v", actual)`
			`}`
			`}`
			`}`

init: pgp-keys input validations 2017-01-12 00:55:10 +00:00			`// Test to check if the API errors out when wrong number of PGP keys are`
			`// supplied`
			`func TestSysInit_pgpKeysEntries(t *testing.T) {`
			`core := vault.TestCore(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`

			`resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{`
Fmt 2018-03-20 18:58:22 +00:00			`"secret_shares": 5,`
Spelling (#4119) 2018-03-20 18:54:10 +00:00			`"secret_threshold": 3,`
Fmt 2018-03-20 18:58:22 +00:00			`"pgp_keys": []string{"pgpkey1"},`
init: pgp-keys input validations 2017-01-12 00:55:10 +00:00			`})`
			`testResponseStatus(t, resp, 400)`
			`}`

			`// Test to check if the API errors out when wrong number of PGP keys are`
			`// supplied for recovery config`
			`func TestSysInit_pgpKeysEntriesForRecovery(t *testing.T) {`
			`core := vault.TestCoreNewSeal(t)`
			`ln, addr := TestServer(t, core)`
			`defer ln.Close()`

			`resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{`
			`"secret_shares": 1,`
			`"secret_threshold": 1,`
			`"stored_shares": 1,`
			`"recovery_shares": 5,`
			`"recovery_threshold": 3,`
			`"recovery_pgp_keys": []string{"pgpkey1"},`
			`})`
			`testResponseStatus(t, resp, 400)`
			`}`

http: init endpoints 2015-03-12 19:37:41 +00:00			`func TestSysInit_put(t *testing.T) {`
vault: public testing methods 2015-03-13 18:11:59 +00:00			`core := vault.TestCore(t)`
http: make TestServer public 2015-03-13 18:13:33 +00:00			`ln, addr := TestServer(t, core)`
http: init endpoints 2015-03-12 19:37:41 +00:00			`defer ln.Close()`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`resp := testHttpPut(t, "", addr+"/v1/sys/init", map[string]interface{}{`
http: init endpoints 2015-03-12 19:37:41 +00:00			`"secret_shares": 5,`
			`"secret_threshold": 3,`
			`})`

			`var actual map[string]interface{}`
			`testResponseStatus(t, resp, 200)`
			`testResponseBody(t, resp, &actual)`
			`keysRaw, ok := actual["keys"]`
			`if !ok {`
			`t.Fatalf("no keys: %#v", actual)`
			`}`

http: root token in init 2015-03-29 23:22:09 +00:00			`if _, ok := actual["root_token"]; !ok {`
			`t.Fatal("no root token")`
			`}`

http: init endpoints 2015-03-12 19:37:41 +00:00			`for _, key := range keysRaw.([]interface{}) {`
			`keySlice, err := hex.DecodeString(key.(string))`
			`if err != nil {`
			`t.Fatalf("bad: %s", err)`
			`}`

			`if _, err := core.Unseal(keySlice); err != nil {`
			`t.Fatalf("bad: %s", err)`
			`}`
			`}`

			`seal, err := core.Sealed()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if seal {`
			`t.Fatal("should not be sealed")`
			`}`
			`}`