open-vault/plugins/database/mssql/mssql_test.go

package mssql

import (
	"database/sql"
	"fmt"
	"os"
	"strings"
	"sync"
	"testing"
	"time"

	"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
	"github.com/hashicorp/vault/plugins/helper/database/connutil"
)

var (
	testMSQLImagePull sync.Once
)

func TestMSSQL_Initialize(t *testing.T) {
	if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
		return
	}
	connURL := os.Getenv("MSSQL_URL")

	connectionDetails := map[string]interface{}{
		"connection_url": connURL,
	}

	dbRaw, _ := New()
	db := dbRaw.(*MSSQL)

	err := db.Initialize(connectionDetails, true)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	connProducer := db.ConnectionProducer.(*connutil.SQLConnectionProducer)
	if !connProducer.Initialized {
		t.Fatal("Database should be initalized")
	}

	err = db.Close()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
}

func TestMSSQL_CreateUser(t *testing.T) {
	if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
		return
	}
	connURL := os.Getenv("MSSQL_URL")

	connectionDetails := map[string]interface{}{
		"connection_url": connURL,
	}

	dbRaw, _ := New()
	db := dbRaw.(*MSSQL)
	err := db.Initialize(connectionDetails, true)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	usernameConfig := dbplugin.UsernameConfig{
		DisplayName: "test",
		RoleName:    "test",
	}

	// Test with no configured Creation Statememt
	_, _, err = db.CreateUser(dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute))
	if err == nil {
		t.Fatal("Expected error when no creation statement is provided")
	}

	statements := dbplugin.Statements{
		CreationStatements: testMSSQLRole,
	}

	username, password, err := db.CreateUser(statements, usernameConfig, time.Now().Add(time.Minute))
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if err = testCredsExist(t, connURL, username, password); err != nil {
		t.Fatalf("Could not connect with new credentials: %s", err)
	}
}

func TestMSSQL_RevokeUser(t *testing.T) {
	if os.Getenv("MSSQL_URL") == "" || os.Getenv("VAULT_ACC") != "1" {
		return
	}
	connURL := os.Getenv("MSSQL_URL")

	connectionDetails := map[string]interface{}{
		"connection_url": connURL,
	}

	dbRaw, _ := New()
	db := dbRaw.(*MSSQL)
	err := db.Initialize(connectionDetails, true)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	statements := dbplugin.Statements{
		CreationStatements: testMSSQLRole,
	}

	usernameConfig := dbplugin.UsernameConfig{
		DisplayName: "test",
		RoleName:    "test",
	}

	username, password, err := db.CreateUser(statements, usernameConfig, time.Now().Add(2*time.Second))
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if err = testCredsExist(t, connURL, username, password); err != nil {
		t.Fatalf("Could not connect with new credentials: %s", err)
	}

	// Test default revoke statememts
	err = db.RevokeUser(statements, username)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if err := testCredsExist(t, connURL, username, password); err == nil {
		t.Fatal("Credentials were not revoked")
	}

	username, password, err = db.CreateUser(statements, usernameConfig, time.Now().Add(2*time.Second))
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if err = testCredsExist(t, connURL, username, password); err != nil {
		t.Fatalf("Could not connect with new credentials: %s", err)
	}

	// Test custom revoke statememt
	statements.RevocationStatements = testMSSQLDrop
	err = db.RevokeUser(statements, username)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if err := testCredsExist(t, connURL, username, password); err == nil {
		t.Fatal("Credentials were not revoked")
	}
}

func testCredsExist(t testing.TB, connURL, username, password string) error {
	// Log in with the new creds
	parts := strings.Split(connURL, "@")
	connURL = fmt.Sprintf("sqlserver://%s:%s@%s", username, password, parts[1])
	db, err := sql.Open("mssql", connURL)
	if err != nil {
		return err
	}
	defer db.Close()
	return db.Ping()
}

const testMSSQLRole = `
CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';
CREATE USER [{{name}}] FOR LOGIN [{{name}}];
GRANT SELECT, INSERT, UPDATE, DELETE ON SCHEMA::dbo TO [{{name}}];`

const testMSSQLDrop = `
DROP USER [{{name}}];
DROP LOGIN [{{name}}];
`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`package mssql`

			`import (`
			`"database/sql"`
			`"fmt"`
			`"os"`
			`"strings"`
			`"sync"`
			`"testing"`
			`"time"`

			`"github.com/hashicorp/vault/builtin/logical/database/dbplugin"`
			`"github.com/hashicorp/vault/plugins/helper/database/connutil"`
			`)`

			`var (`
			`testMSQLImagePull sync.Once`
			`)`

			`func TestMSSQL_Initialize(t *testing.T) {`
Only run mssql acceptance test when running as VAULT_ACC=1 2017-04-13 21:40:59 +00:00			`if os.Getenv("MSSQL_URL") == "" \|\| os.Getenv("VAULT_ACC") != "1" {`
Move mssql to be an acceptance test 2017-04-13 21:30:15 +00:00			`return`
			`}`
			`connURL := os.Getenv("MSSQL_URL")`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00
			`connectionDetails := map[string]interface{}{`
			`"connection_url": connURL,`
			`}`

Fix MSSQL test 2017-04-26 17:52:10 +00:00			`dbRaw, _ := New()`
			`db := dbRaw.(*MSSQL)`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00
			`err := db.Initialize(connectionDetails, true)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`connProducer := db.ConnectionProducer.(*connutil.SQLConnectionProducer)`
			`if !connProducer.Initialized {`
			`t.Fatal("Database should be initalized")`
			`}`

			`err = db.Close()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`}`

			`func TestMSSQL_CreateUser(t *testing.T) {`
Only run mssql acceptance test when running as VAULT_ACC=1 2017-04-13 21:40:59 +00:00			`if os.Getenv("MSSQL_URL") == "" \|\| os.Getenv("VAULT_ACC") != "1" {`
Move mssql to be an acceptance test 2017-04-13 21:30:15 +00:00			`return`
			`}`
			`connURL := os.Getenv("MSSQL_URL")`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00
			`connectionDetails := map[string]interface{}{`
			`"connection_url": connURL,`
			`}`

Fix MSSQL test 2017-04-26 17:52:10 +00:00			`dbRaw, _ := New()`
			`db := dbRaw.(*MSSQL)`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`err := db.Initialize(connectionDetails, true)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

Use the role name in the db username (#2812) 2017-06-06 13:49:49 +00:00			`usernameConfig := dbplugin.UsernameConfig{`
			`DisplayName: "test",`
			`RoleName: "test",`
			`}`

Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`// Test with no configured Creation Statememt`
Use the role name in the db username (#2812) 2017-06-06 13:49:49 +00:00			`_, _, err = db.CreateUser(dbplugin.Statements{}, usernameConfig, time.Now().Add(time.Minute))`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`if err == nil {`
			`t.Fatal("Expected error when no creation statement is provided")`
			`}`

			`statements := dbplugin.Statements{`
			`CreationStatements: testMSSQLRole,`
			`}`

Use the role name in the db username (#2812) 2017-06-06 13:49:49 +00:00			`username, password, err := db.CreateUser(statements, usernameConfig, time.Now().Add(time.Minute))`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if err = testCredsExist(t, connURL, username, password); err != nil {`
			`t.Fatalf("Could not connect with new credentials: %s", err)`
			`}`
			`}`

			`func TestMSSQL_RevokeUser(t *testing.T) {`
Only run mssql acceptance test when running as VAULT_ACC=1 2017-04-13 21:40:59 +00:00			`if os.Getenv("MSSQL_URL") == "" \|\| os.Getenv("VAULT_ACC") != "1" {`
Move mssql to be an acceptance test 2017-04-13 21:30:15 +00:00			`return`
			`}`
			`connURL := os.Getenv("MSSQL_URL")`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00
			`connectionDetails := map[string]interface{}{`
			`"connection_url": connURL,`
			`}`

Fix MSSQL test 2017-04-26 17:52:10 +00:00			`dbRaw, _ := New()`
			`db := dbRaw.(*MSSQL)`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`err := db.Initialize(connectionDetails, true)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`statements := dbplugin.Statements{`
			`CreationStatements: testMSSQLRole,`
			`}`

Use the role name in the db username (#2812) 2017-06-06 13:49:49 +00:00			`usernameConfig := dbplugin.UsernameConfig{`
			`DisplayName: "test",`
			`RoleName: "test",`
			`}`

			`username, password, err := db.CreateUser(statements, usernameConfig, time.Now().Add(2*time.Second))`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if err = testCredsExist(t, connURL, username, password); err != nil {`
			`t.Fatalf("Could not connect with new credentials: %s", err)`
			`}`

			`// Test default revoke statememts`
			`err = db.RevokeUser(statements, username)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if err := testCredsExist(t, connURL, username, password); err == nil {`
			`t.Fatal("Credentials were not revoked")`
			`}`
Add test for custiom mssql revoke statement 2017-05-01 22:43:21 +00:00
Use the role name in the db username (#2812) 2017-06-06 13:49:49 +00:00			`username, password, err = db.CreateUser(statements, usernameConfig, time.Now().Add(2*time.Second))`
Add test for custiom mssql revoke statement 2017-05-01 22:43:21 +00:00			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if err = testCredsExist(t, connURL, username, password); err != nil {`
			`t.Fatalf("Could not connect with new credentials: %s", err)`
			`}`

			`// Test custom revoke statememt`
			`statements.RevocationStatements = testMSSQLDrop`
			`err = db.RevokeUser(statements, username)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if err := testCredsExist(t, connURL, username, password); err == nil {`
			`t.Fatal("Credentials were not revoked")`
			`}`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`}`

			`func testCredsExist(t testing.TB, connURL, username, password string) error {`
			`// Log in with the new creds`
Move mssql to be an acceptance test 2017-04-13 21:30:15 +00:00			`parts := strings.Split(connURL, "@")`
			`connURL = fmt.Sprintf("sqlserver://%s:%s@%s", username, password, parts[1])`
Move plugins into main vault repo 2017-04-13 20:48:32 +00:00			`db, err := sql.Open("mssql", connURL)`
			`if err != nil {`
			`return err`
			`}`
			`defer db.Close()`
			`return db.Ping()`
			`}`

			const testMSSQLRole = `
			`CREATE LOGIN [{{name}}] WITH PASSWORD = '{{password}}';`
			`CREATE USER [{{name}}] FOR LOGIN [{{name}}];`
			GRANT SELECT, INSERT, UPDATE, DELETE ON SCHEMA::dbo TO [{{name}}];`
Add test for custiom mssql revoke statement 2017-05-01 22:43:21 +00:00
			const testMSSQLDrop = `
			`DROP USER [{{name}}];`
			`DROP LOGIN [{{name}}];`
			`