2016-04-26 00:14:16 +00:00
|
|
|
package vault
|
|
|
|
|
|
|
|
import (
|
2017-10-23 17:42:04 +00:00
|
|
|
"github.com/mitchellh/go-testing-interface"
|
2016-04-26 00:14:16 +00:00
|
|
|
)
|
|
|
|
|
2017-02-08 01:44:26 +00:00
|
|
|
var (
|
|
|
|
TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs
|
|
|
|
TestSealDefConfigs = testSealDefConfigs
|
|
|
|
)
|
|
|
|
|
2017-10-23 17:42:04 +00:00
|
|
|
type TestSealOpts struct {
|
|
|
|
StoredKeysDisabled bool
|
|
|
|
RecoveryKeysDisabled bool
|
2016-04-26 00:14:16 +00:00
|
|
|
}
|
|
|
|
|
2017-10-23 17:42:04 +00:00
|
|
|
func NewTestSeal(t testing.T, opts *TestSealOpts) Seal {
|
|
|
|
return &DefaultSeal{}
|
2016-12-05 17:28:12 +00:00
|
|
|
}
|
|
|
|
|
2017-10-23 17:42:04 +00:00
|
|
|
func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) {
|
|
|
|
seal := NewTestSeal(t, nil)
|
2017-09-15 04:21:35 +00:00
|
|
|
core := TestCoreWithSeal(t, seal, false)
|
2016-09-13 22:42:24 +00:00
|
|
|
result, err := core.Initialize(&InitParams{
|
|
|
|
BarrierConfig: barrierConf,
|
|
|
|
RecoveryConfig: recoveryConf,
|
|
|
|
})
|
2016-04-27 20:59:06 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
err = core.UnsealWithStoredKeys()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
if sealed, _ := core.Sealed(); sealed {
|
|
|
|
for _, key := range result.SecretShares {
|
2017-01-17 20:43:10 +00:00
|
|
|
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
|
2016-04-27 20:59:06 +00:00
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sealed, err = core.Sealed()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err checking seal status: %s", err)
|
|
|
|
}
|
|
|
|
if sealed {
|
|
|
|
t.Fatal("should not be sealed")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return core, result.SecretShares, result.RecoveryShares, result.RootToken
|
|
|
|
}
|
|
|
|
|
2017-02-08 01:44:26 +00:00
|
|
|
func testSealDefConfigs() (*SealConfig, *SealConfig) {
|
2016-04-27 20:59:06 +00:00
|
|
|
return &SealConfig{
|
2017-10-23 17:42:04 +00:00
|
|
|
SecretShares: 5,
|
|
|
|
SecretThreshold: 3,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *TestSealOpts) (*Core, [][]byte, [][]byte, string) {
|
|
|
|
seal := NewTestSeal(t, sealOpts)
|
|
|
|
core := TestCoreWithSeal(t, seal, false)
|
|
|
|
result, err := core.Initialize(&InitParams{
|
|
|
|
BarrierConfig: barrierConf,
|
|
|
|
RecoveryConfig: recoveryConf,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
for _, key := range result.SecretShares {
|
|
|
|
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
|
|
|
|
t.Fatalf("unseal err: %s", err)
|
2016-04-27 20:59:06 +00:00
|
|
|
}
|
2017-10-23 17:42:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
sealed, err := core.Sealed()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err checking seal status: %s", err)
|
|
|
|
}
|
|
|
|
if sealed {
|
|
|
|
t.Fatal("should not be sealed")
|
|
|
|
}
|
|
|
|
|
|
|
|
return core, result.SecretShares, result.RecoveryShares, result.RootToken
|
2016-04-27 20:59:06 +00:00
|
|
|
}
|