open-vault/api/client_test.go

package api

import (
	"bytes"
	"io"
	"net/http"
	"os"
	"testing"
)

func init() {
	// Ensure our special envvars are not present
	os.Setenv("VAULT_ADDR", "")
	os.Setenv("VAULT_TOKEN", "")
}

func TestDefaultConfig_envvar(t *testing.T) {
	os.Setenv("VAULT_ADDR", "https://vault.mycompany.com")
	defer os.Setenv("VAULT_ADDR", "")

	config := DefaultConfig()
	if config.Address != "https://vault.mycompany.com" {
		t.Fatalf("bad: %s", config.Address)
	}

	os.Setenv("VAULT_TOKEN", "testing")
	defer os.Setenv("VAULT_TOKEN", "")

	client, err := NewClient(config)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	if token := client.Token(); token != "testing" {
		t.Fatalf("bad: %s", token)
	}
}

func TestClientToken(t *testing.T) {
	tokenValue := "foo"
	handler := func(w http.ResponseWriter, req *http.Request) {}

	config, ln := testHTTPServer(t, http.HandlerFunc(handler))
	defer ln.Close()

	client, err := NewClient(config)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	client.SetToken(tokenValue)

	// Verify the token is set
	if v := client.Token(); v != tokenValue {
		t.Fatalf("bad: %s", v)
	}

	client.ClearToken()

	if v := client.Token(); v != "" {
		t.Fatalf("bad: %s", v)
	}
}

func TestClientRedirect(t *testing.T) {
	primary := func(w http.ResponseWriter, req *http.Request) {
		w.Write([]byte("test"))
	}
	config, ln := testHTTPServer(t, http.HandlerFunc(primary))
	defer ln.Close()

	standby := func(w http.ResponseWriter, req *http.Request) {
		w.Header().Set("Location", config.Address)
		w.WriteHeader(307)
	}
	config2, ln2 := testHTTPServer(t, http.HandlerFunc(standby))
	defer ln2.Close()

	client, err := NewClient(config2)
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	// Set the token manually
	client.SetToken("foo")

	// Do a raw "/" request
	resp, err := client.RawRequest(client.NewRequest("PUT", "/"))
	if err != nil {
		t.Fatalf("err: %s", err)
	}

	// Copy the response
	var buf bytes.Buffer
	io.Copy(&buf, resp.Body)

	// Verify we got the response from the primary
	if buf.String() != "test" {
		t.Fatalf("Bad: %s", buf.String())
	}
}

func TestClientEnvSettings(t *testing.T) {
	cwd, _ := os.Getwd()
	oldCACert := os.Getenv(EnvVaultCACert)
	oldCAPath := os.Getenv(EnvVaultCAPath)
	oldClientCert := os.Getenv(EnvVaultClientCert)
	oldClientKey := os.Getenv(EnvVaultClientKey)
	oldSkipVerify := os.Getenv(EnvVaultInsecure)
	oldMaxRetries := os.Getenv(EnvVaultMaxRetries)
	os.Setenv(EnvVaultCACert, cwd+"/test-fixtures/keys/cert.pem")
	os.Setenv(EnvVaultCAPath, cwd+"/test-fixtures/keys")
	os.Setenv(EnvVaultClientCert, cwd+"/test-fixtures/keys/cert.pem")
	os.Setenv(EnvVaultClientKey, cwd+"/test-fixtures/keys/key.pem")
	os.Setenv(EnvVaultInsecure, "true")
	os.Setenv(EnvVaultMaxRetries, "5")
	defer os.Setenv(EnvVaultCACert, oldCACert)
	defer os.Setenv(EnvVaultCAPath, oldCAPath)
	defer os.Setenv(EnvVaultClientCert, oldClientCert)
	defer os.Setenv(EnvVaultClientKey, oldClientKey)
	defer os.Setenv(EnvVaultInsecure, oldSkipVerify)
	defer os.Setenv(EnvVaultMaxRetries, oldMaxRetries)

	config := DefaultConfig()
	if err := config.ReadEnvironment(); err != nil {
		t.Fatalf("error reading environment: %v", err)
	}

	tlsConfig := config.HttpClient.Transport.(*http.Transport).TLSClientConfig
	if len(tlsConfig.RootCAs.Subjects()) == 0 {
		t.Fatalf("bad: expected a cert pool with at least one subject")
	}
	if len(tlsConfig.Certificates) != 1 {
		t.Fatalf("bad: expected client tls config to have a client certificate")
	}
	if tlsConfig.InsecureSkipVerify != true {
		t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)
	}
}
api: store token cookie, tests 2015-03-11 22:42:08 +00:00			`package api`

			`import (`
api: Support redirect for HA 2015-04-20 18:30:35 +00:00			`"bytes"`
			`"io"`
api: store token cookie, tests 2015-03-11 22:42:08 +00:00			`"net/http"`
Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 15:43:20 +00:00			`"os"`
api: store token cookie, tests 2015-03-11 22:42:08 +00:00			`"testing"`
			`)`

Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 15:43:20 +00:00			`func init() {`
			`// Ensure our special envvars are not present`
Use VAULT_ADDR instead 2015-04-23 15:46:22 +00:00			`os.Setenv("VAULT_ADDR", "")`
Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 15:43:20 +00:00			`os.Setenv("VAULT_TOKEN", "")`
			`}`

			`func TestDefaultConfig_envvar(t *testing.T) {`
Use VAULT_ADDR instead 2015-04-23 15:46:22 +00:00			`os.Setenv("VAULT_ADDR", "https://vault.mycompany.com")`
			`defer os.Setenv("VAULT_ADDR", "")`
Read environment variables for VAULT_HTTP_ADDR and VAULT_TOKEN 2015-04-23 15:43:20 +00:00
			`config := DefaultConfig()`
			`if config.Address != "https://vault.mycompany.com" {`
			`t.Fatalf("bad: %s", config.Address)`
			`}`

			`os.Setenv("VAULT_TOKEN", "testing")`
			`defer os.Setenv("VAULT_TOKEN", "")`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`if token := client.Token(); token != "testing" {`
			`t.Fatalf("bad: %s", token)`
			`}`
			`}`

api: store token cookie, tests 2015-03-11 22:42:08 +00:00			`func TestClientToken(t *testing.T) {`
			`tokenValue := "foo"`
Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`handler := func(w http.ResponseWriter, req *http.Request) {}`
api: store token cookie, tests 2015-03-11 22:42:08 +00:00
			`config, ln := testHTTPServer(t, http.HandlerFunc(handler))`
			`defer ln.Close()`

			`client, err := NewClient(config)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

Remove cookie authentication. 2015-08-22 00:36:19 +00:00			`client.SetToken(tokenValue)`
api: store token cookie, tests 2015-03-11 22:42:08 +00:00
			`// Verify the token is set`
			`if v := client.Token(); v != tokenValue {`
			`t.Fatalf("bad: %s", v)`
			`}`

			`client.ClearToken()`

			`if v := client.Token(); v != "" {`
			`t.Fatalf("bad: %s", v)`
			`}`
			`}`
api: SetToken 2015-03-31 04:20:23 +00:00
api: Support redirect for HA 2015-04-20 18:30:35 +00:00			`func TestClientRedirect(t *testing.T) {`
			`primary := func(w http.ResponseWriter, req *http.Request) {`
			`w.Write([]byte("test"))`
			`}`
			`config, ln := testHTTPServer(t, http.HandlerFunc(primary))`
			`defer ln.Close()`

			`standby := func(w http.ResponseWriter, req *http.Request) {`
			`w.Header().Set("Location", config.Address)`
			`w.WriteHeader(307)`
			`}`
			`config2, ln2 := testHTTPServer(t, http.HandlerFunc(standby))`
			`defer ln2.Close()`

			`client, err := NewClient(config2)`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

Update documentation around cookies 2015-09-03 14:36:59 +00:00			`// Set the token manually`
api: Support redirect for HA 2015-04-20 18:30:35 +00:00			`client.SetToken("foo")`

			`// Do a raw "/" request`
			`resp, err := client.RawRequest(client.NewRequest("PUT", "/"))`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`

			`// Copy the response`
			`var buf bytes.Buffer`
			`io.Copy(&buf, resp.Body)`

			`// Verify we got the response from the primary`
			`if buf.String() != "test" {`
			`t.Fatalf("Bad: %s", buf.String())`
			`}`
			`}`
Move environment variable reading logic to API. This allows the same environment variables to be read, parsed, and used from any API client as was previously handled in the CLI. The CLI now uses the API environment variable reading capability, then overrides any values from command line flags, if necessary. Fixes #618 2015-11-03 19:21:14 +00:00
			`func TestClientEnvSettings(t *testing.T) {`
			`cwd, _ := os.Getwd()`
			`oldCACert := os.Getenv(EnvVaultCACert)`
			`oldCAPath := os.Getenv(EnvVaultCAPath)`
			`oldClientCert := os.Getenv(EnvVaultClientCert)`
			`oldClientKey := os.Getenv(EnvVaultClientKey)`
			`oldSkipVerify := os.Getenv(EnvVaultInsecure)`
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00			`oldMaxRetries := os.Getenv(EnvVaultMaxRetries)`
Make the API client retry on 5xx errors. This should help with transient issues. Full control over min/max delays and number of retries (and ability to turn off) is provided in the API and via env vars. Fix tests. 2016-07-06 20:42:34 +00:00			`os.Setenv(EnvVaultCACert, cwd+"/test-fixtures/keys/cert.pem")`
			`os.Setenv(EnvVaultCAPath, cwd+"/test-fixtures/keys")`
			`os.Setenv(EnvVaultClientCert, cwd+"/test-fixtures/keys/cert.pem")`
			`os.Setenv(EnvVaultClientKey, cwd+"/test-fixtures/keys/key.pem")`
			`os.Setenv(EnvVaultInsecure, "true")`
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00			`os.Setenv(EnvVaultMaxRetries, "5")`
Make the API client retry on 5xx errors. This should help with transient issues. Full control over min/max delays and number of retries (and ability to turn off) is provided in the API and via env vars. Fix tests. 2016-07-06 20:42:34 +00:00			`defer os.Setenv(EnvVaultCACert, oldCACert)`
			`defer os.Setenv(EnvVaultCAPath, oldCAPath)`
			`defer os.Setenv(EnvVaultClientCert, oldClientCert)`
			`defer os.Setenv(EnvVaultClientKey, oldClientKey)`
			`defer os.Setenv(EnvVaultInsecure, oldSkipVerify)`
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages 2016-07-11 21:37:46 +00:00			`defer os.Setenv(EnvVaultMaxRetries, oldMaxRetries)`
Move environment variable reading logic to API. This allows the same environment variables to be read, parsed, and used from any API client as was previously handled in the CLI. The CLI now uses the API environment variable reading capability, then overrides any values from command line flags, if necessary. Fixes #618 2015-11-03 19:21:14 +00:00
			`config := DefaultConfig()`
			`if err := config.ReadEnvironment(); err != nil {`
			`t.Fatalf("error reading environment: %v", err)`
			`}`

			`tlsConfig := config.HttpClient.Transport.(*http.Transport).TLSClientConfig`
			`if len(tlsConfig.RootCAs.Subjects()) == 0 {`
			`t.Fatalf("bad: expected a cert pool with at least one subject")`
			`}`
			`if len(tlsConfig.Certificates) != 1 {`
			`t.Fatalf("bad: expected client tls config to have a client certificate")`
			`}`
			`if tlsConfig.InsecureSkipVerify != true {`
all: Cleanup from running go vet 2016-04-13 19:38:29 +00:00			`t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)`
Move environment variable reading logic to API. This allows the same environment variables to be read, parsed, and used from any API client as was previously handled in the CLI. The CLI now uses the API environment variable reading capability, then overrides any values from command line flags, if necessary. Fixes #618 2015-11-03 19:21:14 +00:00			`}`
			`}`