2015-03-05 22:34:05 +00:00
|
|
|
package vault
|
|
|
|
|
2015-03-15 20:52:43 +00:00
|
|
|
import (
|
2015-03-16 18:24:49 +00:00
|
|
|
"reflect"
|
|
|
|
"sort"
|
2015-03-15 20:52:43 +00:00
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/logical"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestBarrierView_impl(t *testing.T) {
|
|
|
|
var _ logical.Storage = new(BarrierView)
|
|
|
|
}
|
2015-03-05 22:34:05 +00:00
|
|
|
|
2015-03-15 21:26:48 +00:00
|
|
|
func TestBarrierView_spec(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "foo/")
|
|
|
|
logical.TestStorage(t, view)
|
|
|
|
}
|
|
|
|
|
2015-03-31 20:32:24 +00:00
|
|
|
func TestBarrierView_BadKeysKeys(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "foo/")
|
|
|
|
|
|
|
|
_, err := view.List("../")
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
|
|
|
|
_, err = view.Get("../")
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
|
|
|
|
err = view.Delete("../foo")
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
|
|
|
|
le := &logical.StorageEntry{
|
|
|
|
Key: "../foo",
|
|
|
|
Value: []byte("test"),
|
|
|
|
}
|
|
|
|
err = view.Put(le)
|
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-05 22:34:05 +00:00
|
|
|
func TestBarrierView(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "foo/")
|
|
|
|
|
|
|
|
// Write a key outside of foo/
|
|
|
|
entry := &Entry{Key: "test", Value: []byte("test")}
|
|
|
|
if err := barrier.Put(entry); err != nil {
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// List should have no visibility
|
|
|
|
keys, err := view.List("")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if len(keys) != 0 {
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get should have no visibility
|
|
|
|
out, err := view.Get("test")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if out != nil {
|
|
|
|
t.Fatalf("bad: %v", out)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Try to put the same entry via the view
|
2015-03-15 20:52:43 +00:00
|
|
|
if err := view.Put(entry.Logical()); err != nil {
|
2015-03-05 22:34:05 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check it is nested
|
2015-03-15 20:52:43 +00:00
|
|
|
entry, err = barrier.Get("foo/test")
|
2015-03-05 22:34:05 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
if entry == nil {
|
2015-03-05 22:34:05 +00:00
|
|
|
t.Fatalf("missing nested foo/test")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete nested
|
|
|
|
if err := view.Delete("test"); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the nested key
|
2015-03-15 20:52:43 +00:00
|
|
|
entry, err = barrier.Get("foo/test")
|
2015-03-05 22:34:05 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
if entry != nil {
|
2015-03-05 22:34:05 +00:00
|
|
|
t.Fatalf("nested foo/test should be gone")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the non-nested key
|
2015-03-15 20:52:43 +00:00
|
|
|
entry, err = barrier.Get("test")
|
2015-03-05 22:34:05 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
if entry == nil {
|
2015-03-05 22:34:05 +00:00
|
|
|
t.Fatalf("root test missing")
|
|
|
|
}
|
|
|
|
}
|
2015-03-12 19:36:38 +00:00
|
|
|
|
|
|
|
func TestBarrierView_SubView(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
root := NewBarrierView(barrier, "foo/")
|
|
|
|
view := root.SubView("bar/")
|
|
|
|
|
|
|
|
// List should have no visibility
|
|
|
|
keys, err := view.List("")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if len(keys) != 0 {
|
|
|
|
t.Fatalf("bad: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get should have no visibility
|
|
|
|
out, err := view.Get("test")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if out != nil {
|
|
|
|
t.Fatalf("bad: %v", out)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Try to put the same entry via the view
|
2015-03-15 20:52:43 +00:00
|
|
|
entry := &logical.StorageEntry{Key: "test", Value: []byte("test")}
|
2015-03-12 19:36:38 +00:00
|
|
|
if err := view.Put(entry); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check it is nested
|
2015-03-15 20:52:43 +00:00
|
|
|
bout, err := barrier.Get("foo/bar/test")
|
2015-03-12 19:36:38 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
if bout == nil {
|
2015-03-12 19:36:38 +00:00
|
|
|
t.Fatalf("missing nested foo/bar/test")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for visibility in root
|
|
|
|
out, err = root.Get("bar/test")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if out == nil {
|
|
|
|
t.Fatalf("missing nested bar/test")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete nested
|
|
|
|
if err := view.Delete("test"); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the nested key
|
2015-03-15 20:52:43 +00:00
|
|
|
bout, err = barrier.Get("foo/bar/test")
|
2015-03-12 19:36:38 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
if bout != nil {
|
2015-03-12 19:36:38 +00:00
|
|
|
t.Fatalf("nested foo/bar/test should be gone")
|
|
|
|
}
|
|
|
|
}
|
2015-03-16 18:24:49 +00:00
|
|
|
|
|
|
|
func TestBarrierView_Scan(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "view/")
|
|
|
|
|
|
|
|
expect := []string{}
|
|
|
|
ent := []*logical.StorageEntry{
|
|
|
|
&logical.StorageEntry{Key: "foo", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "zip", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/zap", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/baz", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/zoo", Value: []byte("test")},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, e := range ent {
|
|
|
|
expect = append(expect, e.Key)
|
|
|
|
if err := view.Put(e); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var out []string
|
|
|
|
cb := func(path string) {
|
|
|
|
out = append(out, path)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Collect the keys
|
2017-01-06 20:42:18 +00:00
|
|
|
if err := logical.ScanView(view, cb); err != nil {
|
2015-03-16 18:24:49 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
sort.Strings(out)
|
|
|
|
sort.Strings(expect)
|
|
|
|
if !reflect.DeepEqual(out, expect) {
|
|
|
|
t.Fatalf("out: %v expect: %v", out, expect)
|
|
|
|
}
|
|
|
|
}
|
2015-03-18 19:03:33 +00:00
|
|
|
|
|
|
|
func TestBarrierView_CollectKeys(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "view/")
|
|
|
|
|
|
|
|
expect := []string{}
|
|
|
|
ent := []*logical.StorageEntry{
|
|
|
|
&logical.StorageEntry{Key: "foo", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "zip", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/zap", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/baz", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/zoo", Value: []byte("test")},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, e := range ent {
|
|
|
|
expect = append(expect, e.Key)
|
|
|
|
if err := view.Put(e); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Collect the keys
|
2017-01-06 20:42:18 +00:00
|
|
|
out, err := logical.CollectKeys(view)
|
2015-03-18 19:03:33 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
sort.Strings(out)
|
|
|
|
sort.Strings(expect)
|
|
|
|
if !reflect.DeepEqual(out, expect) {
|
|
|
|
t.Fatalf("out: %v expect: %v", out, expect)
|
|
|
|
}
|
|
|
|
}
|
2015-04-02 17:45:00 +00:00
|
|
|
|
|
|
|
func TestBarrierView_ClearView(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "view/")
|
|
|
|
|
|
|
|
expect := []string{}
|
|
|
|
ent := []*logical.StorageEntry{
|
|
|
|
&logical.StorageEntry{Key: "foo", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "zip", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/zap", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/baz", Value: []byte("test")},
|
|
|
|
&logical.StorageEntry{Key: "foo/bar/zoo", Value: []byte("test")},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, e := range ent {
|
|
|
|
expect = append(expect, e.Key)
|
|
|
|
if err := view.Put(e); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Clear the keys
|
2017-01-06 20:42:18 +00:00
|
|
|
if err := logical.ClearView(view); err != nil {
|
2015-04-02 17:45:00 +00:00
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Collect the keys
|
2017-01-06 20:42:18 +00:00
|
|
|
out, err := logical.CollectKeys(view)
|
2015-04-02 17:45:00 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if len(out) != 0 {
|
|
|
|
t.Fatalf("have keys: %#v", out)
|
|
|
|
}
|
|
|
|
}
|
2017-01-07 23:18:22 +00:00
|
|
|
func TestBarrierView_Readonly(t *testing.T) {
|
|
|
|
_, barrier, _ := mockBarrier(t)
|
|
|
|
view := NewBarrierView(barrier, "foo/")
|
|
|
|
|
|
|
|
// Add a key before enabling read-only
|
|
|
|
entry := &Entry{Key: "test", Value: []byte("test")}
|
|
|
|
if err := view.Put(entry.Logical()); err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Enable read only mode
|
|
|
|
view.readonly = true
|
|
|
|
|
|
|
|
// Put should fail in readonly mode
|
|
|
|
if err := view.Put(entry.Logical()); err != logical.ErrReadOnly {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete nested
|
|
|
|
if err := view.Delete("test"); err != logical.ErrReadOnly {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check the non-nested key
|
|
|
|
e, err := view.Get("test")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if e == nil {
|
|
|
|
t.Fatalf("key test missing")
|
|
|
|
}
|
|
|
|
}
|