open-vault/vault/seal_testing.go

87 lines
2.1 KiB
Go
Raw Normal View History

2016-04-26 00:14:16 +00:00
package vault
import (
2017-10-23 17:42:04 +00:00
"github.com/mitchellh/go-testing-interface"
2016-04-26 00:14:16 +00:00
)
var (
TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs
TestSealDefConfigs = testSealDefConfigs
)
2017-10-23 17:42:04 +00:00
type TestSealOpts struct {
StoredKeysDisabled bool
RecoveryKeysDisabled bool
2016-04-26 00:14:16 +00:00
}
2017-10-23 17:42:04 +00:00
func NewTestSeal(t testing.T, opts *TestSealOpts) Seal {
return &DefaultSeal{}
2016-12-05 17:28:12 +00:00
}
2017-10-23 17:42:04 +00:00
func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) {
seal := NewTestSeal(t, nil)
core := TestCoreWithSeal(t, seal, false)
result, err := core.Initialize(&InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
2016-04-27 20:59:06 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
err = core.UnsealWithStoredKeys()
if err != nil {
t.Fatalf("err: %s", err)
}
if sealed, _ := core.Sealed(); sealed {
for _, key := range result.SecretShares {
2017-01-17 20:43:10 +00:00
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
2016-04-27 20:59:06 +00:00
t.Fatalf("unseal err: %s", err)
}
}
sealed, err = core.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
}
return core, result.SecretShares, result.RecoveryShares, result.RootToken
}
func testSealDefConfigs() (*SealConfig, *SealConfig) {
2016-04-27 20:59:06 +00:00
return &SealConfig{
2017-10-23 17:42:04 +00:00
SecretShares: 5,
SecretThreshold: 3,
}, nil
}
func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *TestSealOpts) (*Core, [][]byte, [][]byte, string) {
seal := NewTestSeal(t, sealOpts)
core := TestCoreWithSeal(t, seal, false)
result, err := core.Initialize(&InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
if err != nil {
t.Fatalf("err: %s", err)
}
for _, key := range result.SecretShares {
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
2016-04-27 20:59:06 +00:00
}
2017-10-23 17:42:04 +00:00
}
sealed, err := core.Sealed()
if err != nil {
t.Fatalf("err checking seal status: %s", err)
}
if sealed {
t.Fatal("should not be sealed")
}
return core, result.SecretShares, result.RecoveryShares, result.RootToken
2016-04-27 20:59:06 +00:00
}