open-vault/builtin/logical/mysql/backend_test.go

package mysql

import (
	"context"
	"database/sql"
	"fmt"
	"log"
	"os"
	"reflect"
	"testing"

	"github.com/hashicorp/vault/logical"
	logicaltest "github.com/hashicorp/vault/logical/testing"
	"github.com/mitchellh/mapstructure"
	"github.com/ory/dockertest"
)

func prepareTestContainer(t *testing.T) (func(), string) {
	if os.Getenv("MYSQL_URL") != "" {
		return func() {}, os.Getenv("MYSQL_URL")
	}

	pool, err := dockertest.NewPool("")
	if err != nil {
		t.Fatalf("Failed to connect to docker: %s", err)
	}

	resource, err := pool.Run("mysql", "5.7", []string{"MYSQL_ROOT_PASSWORD=secret"})
	if err != nil {
		t.Fatalf("Could not start local MySQL docker container: %s", err)
	}

	cleanup := func() {
		err := pool.Purge(resource)
		if err != nil {
			t.Fatalf("Failed to cleanup local container: %s", err)
		}
	}

	retURL := fmt.Sprintf("root:secret@(localhost:%s)/mysql?parseTime=true", resource.GetPort("3306/tcp"))

	// exponential backoff-retry
	if err = pool.Retry(func() error {
		var err error
		var db *sql.DB
		db, err = sql.Open("mysql", retURL)
		if err != nil {
			return err
		}
		defer db.Close()
		return db.Ping()
	}); err != nil {
		cleanup()
		t.Fatalf("Could not connect to MySQL docker container: %s", err)
	}

	return cleanup, retURL
}

func TestBackend_config_connection(t *testing.T) {
	var resp *logical.Response
	var err error
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}
	b, err := Factory(context.Background(), config)
	if err != nil {
		t.Fatal(err)
	}

	configData := map[string]interface{}{
		"connection_url":       "sample_connection_url",
		"max_open_connections": 9,
		"max_idle_connections": 7,
		"verify_connection":    false,
	}

	configReq := &logical.Request{
		Operation: logical.UpdateOperation,
		Path:      "config/connection",
		Storage:   config.StorageView,
		Data:      configData,
	}
	resp, err = b.HandleRequest(context.Background(), configReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("err:%s resp:%#v\n", err, resp)
	}

	configReq.Operation = logical.ReadOperation
	resp, err = b.HandleRequest(context.Background(), configReq)
	if err != nil || (resp != nil && resp.IsError()) {
		t.Fatalf("err:%s resp:%#v\n", err, resp)
	}

	delete(configData, "verify_connection")
	delete(configData, "connection_url")
	if !reflect.DeepEqual(configData, resp.Data) {
		t.Fatalf("bad: expected:%#v\nactual:%#v\n", configData, resp.Data)
	}
}

func TestBackend_basic(t *testing.T) {
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}
	b, err := Factory(context.Background(), config)
	if err != nil {
		t.Fatal(err)
	}

	cleanup, connURL := prepareTestContainer(t)
	defer cleanup()

	connData := map[string]interface{}{
		"connection_url": connURL,
	}

	// for wildcard based mysql user
	logicaltest.Test(t, logicaltest.TestCase{
		Backend: b,
		Steps: []logicaltest.TestStep{
			testAccStepConfig(t, connData, false),
			testAccStepRole(t, true),
			testAccStepReadCreds(t, "web"),
		},
	})
}

func TestBackend_basicHostRevoke(t *testing.T) {
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}
	b, err := Factory(context.Background(), config)
	if err != nil {
		t.Fatal(err)
	}

	cleanup, connURL := prepareTestContainer(t)
	defer cleanup()

	connData := map[string]interface{}{
		"connection_url": connURL,
	}

	// for host based mysql user
	logicaltest.Test(t, logicaltest.TestCase{
		Backend: b,
		Steps: []logicaltest.TestStep{
			testAccStepConfig(t, connData, false),
			testAccStepRole(t, false),
			testAccStepReadCreds(t, "web"),
		},
	})
}

func TestBackend_roleCrud(t *testing.T) {
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}
	b, err := Factory(context.Background(), config)
	if err != nil {
		t.Fatal(err)
	}

	cleanup, connURL := prepareTestContainer(t)
	defer cleanup()

	connData := map[string]interface{}{
		"connection_url": connURL,
	}

	logicaltest.Test(t, logicaltest.TestCase{
		Backend: b,
		Steps: []logicaltest.TestStep{
			testAccStepConfig(t, connData, false),
			// test SQL with wildcard based user
			testAccStepRole(t, true),
			testAccStepReadRole(t, "web", testRoleWildCard),
			testAccStepDeleteRole(t, "web"),
			// test SQL with host  based user
			testAccStepRole(t, false),
			testAccStepReadRole(t, "web", testRoleHost),
			testAccStepDeleteRole(t, "web"),
		},
	})
}

func TestBackend_leaseWriteRead(t *testing.T) {
	config := logical.TestBackendConfig()
	config.StorageView = &logical.InmemStorage{}
	b, err := Factory(context.Background(), config)
	if err != nil {
		t.Fatal(err)
	}

	cleanup, connURL := prepareTestContainer(t)
	defer cleanup()

	connData := map[string]interface{}{
		"connection_url": connURL,
	}

	logicaltest.Test(t, logicaltest.TestCase{
		Backend: b,
		Steps: []logicaltest.TestStep{
			testAccStepConfig(t, connData, false),
			testAccStepWriteLease(t),
			testAccStepReadLease(t),
		},
	})

}

func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "config/connection",
		Data:      d,
		ErrorOk:   true,
		Check: func(resp *logical.Response) error {
			if expectError {
				if resp.Data == nil {
					return fmt.Errorf("data is nil")
				}
				var e struct {
					Error string `mapstructure:"error"`
				}
				if err := mapstructure.Decode(resp.Data, &e); err != nil {
					return err
				}
				if len(e.Error) == 0 {
					return fmt.Errorf("expected error, but write succeeded")
				}
				return nil
			} else if resp != nil && resp.IsError() {
				return fmt.Errorf("got an error response: %v", resp.Error())
			}
			return nil
		},
	}
}

func testAccStepRole(t *testing.T, wildCard bool) logicaltest.TestStep {

	pathData := make(map[string]interface{})
	if wildCard == true {
		pathData = map[string]interface{}{
			"sql": testRoleWildCard,
		}
	} else {
		pathData = map[string]interface{}{
			"sql":            testRoleHost,
			"revocation_sql": testRevocationSQL,
		}
	}

	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "roles/web",
		Data:      pathData,
	}

}

func testAccStepDeleteRole(t *testing.T, n string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.DeleteOperation,
		Path:      "roles/" + n,
	}
}

func testAccStepReadCreds(t *testing.T, name string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.ReadOperation,
		Path:      "creds/" + name,
		Check: func(resp *logical.Response) error {
			var d struct {
				Username string `mapstructure:"username"`
				Password string `mapstructure:"password"`
			}
			if err := mapstructure.Decode(resp.Data, &d); err != nil {
				return err
			}
			log.Printf("[WARN] Generated credentials: %v", d)

			return nil
		},
	}
}

func testAccStepReadRole(t *testing.T, name string, sql string) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.ReadOperation,
		Path:      "roles/" + name,
		Check: func(resp *logical.Response) error {
			if resp == nil {
				if sql == "" {
					return nil
				}

				return fmt.Errorf("bad: %#v", resp)
			}

			var d struct {
				SQL string `mapstructure:"sql"`
			}
			if err := mapstructure.Decode(resp.Data, &d); err != nil {
				return err
			}

			if d.SQL != sql {
				return fmt.Errorf("bad: %#v", resp)
			}

			return nil
		},
	}
}

func testAccStepWriteLease(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.UpdateOperation,
		Path:      "config/lease",
		Data: map[string]interface{}{
			"lease":     "1h5m",
			"lease_max": "24h",
		},
	}
}

func testAccStepReadLease(t *testing.T) logicaltest.TestStep {
	return logicaltest.TestStep{
		Operation: logical.ReadOperation,
		Path:      "config/lease",
		Check: func(resp *logical.Response) error {
			if resp.Data["lease"] != "1h5m0s" || resp.Data["lease_max"] != "24h0m0s" {
				return fmt.Errorf("bad: %#v", resp)
			}

			return nil
		},
	}
}

const testRoleWildCard = `
CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'%';
`
const testRoleHost = `
CREATE USER '{{name}}'@'10.1.1.2' IDENTIFIED BY '{{password}}';
GRANT SELECT ON *.* TO '{{name}}'@'10.1.1.2';
`
const testRevocationSQL = `
REVOKE ALL PRIVILEGES, GRANT OPTION FROM '{{name}}'@'10.1.1.2'; 
DROP USER '{{name}}'@'10.1.1.2';
`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`package mysql`

			`import (`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`"context"`
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`"database/sql"`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`"fmt"`
			`"log"`
			`"os"`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`"reflect"`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`"testing"`

			`"github.com/hashicorp/vault/logical"`
			`logicaltest "github.com/hashicorp/vault/logical/testing"`
			`"github.com/mitchellh/mapstructure"`
Re-add dockertest and fix up imports and update script (#4909) 2018-07-11 21:49:13 +00:00			`"github.com/ory/dockertest"`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`)`

Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`func prepareTestContainer(t *testing.T) (func(), string) {`
			`if os.Getenv("MYSQL_URL") != "" {`
			`return func() {}, os.Getenv("MYSQL_URL")`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`}`

Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`pool, err := dockertest.NewPool("")`
			`if err != nil {`
			`t.Fatalf("Failed to connect to docker: %s", err)`
			`}`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`resource, err := pool.Run("mysql", "5.7", []string{"MYSQL_ROOT_PASSWORD=secret"})`
			`if err != nil {`
			`t.Fatalf("Could not start local MySQL docker container: %s", err)`
			`}`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`cleanup := func() {`
			`err := pool.Purge(resource)`
			`if err != nil {`
			`t.Fatalf("Failed to cleanup local container: %s", err)`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`}`
			`}`

Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`retURL := fmt.Sprintf("root:secret@(localhost:%s)/mysql?parseTime=true", resource.GetPort("3306/tcp"))`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`// exponential backoff-retry`
			`if err = pool.Retry(func() error {`
			`var err error`
			`var db *sql.DB`
			`db, err = sql.Open("mysql", retURL)`
			`if err != nil {`
			`return err`
			`}`
Purge opened connections on retries during tests (#4452) 2018-04-26 15:28:58 +00:00			`defer db.Close()`
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`return db.Ping()`
			`}); err != nil {`
			`cleanup()`
			`t.Fatalf("Could not connect to MySQL docker container: %s", err)`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`}`
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00
			`return cleanup, retURL`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`}`

Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`func TestBackend_config_connection(t *testing.T) {`
			`var resp *logical.Response`
			`var err error`
			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b, err := Factory(context.Background(), config)`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

			`configData := map[string]interface{}{`
			`"connection_url": "sample_connection_url",`
max_idle_connections added 2016-07-20 13:26:26 +00:00			`"max_open_connections": 9,`
			`"max_idle_connections": 7,`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`"verify_connection": false,`
			`}`

			`configReq := &logical.Request{`
			`Operation: logical.UpdateOperation,`
			`Path: "config/connection",`
			`Storage: config.StorageView,`
			`Data: configData,`
			`}`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`resp, err = b.HandleRequest(context.Background(), configReq)`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("err:%s resp:%#v\n", err, resp)`
			`}`

			`configReq.Operation = logical.ReadOperation`
Pass context to backends (#3750) * Start work on passing context to backends * More work on passing context * Unindent logical system * Unindent token store * Unindent passthrough * Unindent cubbyhole * Fix tests * use requestContext in rollback and expiration managers 2018-01-08 18:31:38 +00:00			`resp, err = b.HandleRequest(context.Background(), configReq)`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`if err != nil \|\| (resp != nil && resp.IsError()) {`
			`t.Fatalf("err:%s resp:%#v\n", err, resp)`
			`}`

Remove unused VerifyConnection from storage entries of SQL backends 2016-07-19 15:55:49 +00:00			`delete(configData, "verify_connection")`
Remove sensitive fields when reading config data (#4216) * Remove sensitive fields when reading config data * Do not use structs; build and return map explicitly * Revert tag in postgresql * Fix tests 2018-03-30 14:17:39 +00:00			`delete(configData, "connection_url")`
Allow reading of config in sql backends 2016-06-11 15:48:40 +00:00			`if !reflect.DeepEqual(configData, resp.Data) {`
			`t.Fatalf("bad: expected:%#v\nactual:%#v\n", configData, resp.Data)`
			`}`
			`}`

secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`func TestBackend_basic(t *testing.T) {`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b, err := Factory(context.Background(), config)`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`cleanup, connURL := prepareTestContainer(t)`
			`defer cleanup()`

Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`connData := map[string]interface{}{`
			`"connection_url": connURL,`
Don't deprecate value field yet 2016-02-19 19:59:15 +00:00			`}`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00
Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00			`// for wildcard based mysql user`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`logicaltest.Test(t, logicaltest.TestCase{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`Backend: b,`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`Steps: []logicaltest.TestStep{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`testAccStepConfig(t, connData, false),`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`testAccStepRole(t, true),`
			`testAccStepReadCreds(t, "web"),`
			`},`
			`})`
			`}`

			`func TestBackend_basicHostRevoke(t *testing.T) {`
			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b, err := Factory(context.Background(), config)`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`cleanup, connURL := prepareTestContainer(t)`
			`defer cleanup()`

Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`connData := map[string]interface{}{`
			`"connection_url": connURL,`
			`}`

Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00			`// for host based mysql user`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`logicaltest.Test(t, logicaltest.TestCase{`
			`Backend: b,`
			`Steps: []logicaltest.TestStep{`
			`testAccStepConfig(t, connData, false),`
			`testAccStepRole(t, false),`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`testAccStepReadCreds(t, "web"),`
			`},`
			`})`
			`}`
postgres: connection_url fix 2016-02-19 02:03:47 +00:00
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`func TestBackend_roleCrud(t *testing.T) {`
			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b, err := Factory(context.Background(), config)`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`if err != nil {`
			`t.Fatal(err)`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`}`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00
Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`cleanup, connURL := prepareTestContainer(t)`
			`defer cleanup()`

Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`connData := map[string]interface{}{`
			`"connection_url": connURL,`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`}`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`logicaltest.Test(t, logicaltest.TestCase{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`Backend: b,`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`Steps: []logicaltest.TestStep{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`testAccStepConfig(t, connData, false),`
fixed some more issues I had with the tests. 2016-10-03 19:58:09 +00:00			`// test SQL with wildcard based user`
			`testAccStepRole(t, true),`
Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00			`testAccStepReadRole(t, "web", testRoleWildCard),`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`testAccStepDeleteRole(t, "web"),`
fixed some more issues I had with the tests. 2016-10-03 19:58:09 +00:00			`// test SQL with host based user`
			`testAccStepRole(t, false),`
			`testAccStepReadRole(t, "web", testRoleHost),`
			`testAccStepDeleteRole(t, "web"),`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`},`
			`})`
			`}`

Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00			`func TestBackend_leaseWriteRead(t *testing.T) {`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`config := logical.TestBackendConfig()`
			`config.StorageView = &logical.InmemStorage{}`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b, err := Factory(context.Background(), config)`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`if err != nil {`
			`t.Fatal(err)`
			`}`

Explicitly use 5.7 and below to test mysql backends (#4429) 2018-04-23 17:03:02 +00:00			`cleanup, connURL := prepareTestContainer(t)`
			`defer cleanup()`

Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`connData := map[string]interface{}{`
			`"connection_url": connURL,`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`}`
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00
			`logicaltest.Test(t, logicaltest.TestCase{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`Backend: b,`
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00			`Steps: []logicaltest.TestStep{`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`testAccStepConfig(t, connData, false),`
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00			`testAccStepWriteLease(t),`
			`testAccStepReadLease(t),`
			`},`
			`})`

			`}`

mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`func testAccStepConfig(t *testing.T, d map[string]interface{}, expectError bool) logicaltest.TestStep {`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`Path: "config/connection",`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`Data: d,`
			`ErrorOk: true,`
			`Check: func(resp *logical.Response) error {`
			`if expectError {`
			`if resp.Data == nil {`
			`return fmt.Errorf("data is nil")`
			`}`
			`var e struct {`
			Error string `mapstructure:"error"`
			`}`
			`if err := mapstructure.Decode(resp.Data, &e); err != nil {`
			`return err`
			`}`
			`if len(e.Error) == 0 {`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`return fmt.Errorf("expected error, but write succeeded")`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`}`
			`return nil`
Convert MySQL tests to Dockerized versions 2016-07-01 15:36:28 +00:00			`} else if resp != nil && resp.IsError() {`
			`return fmt.Errorf("got an error response: %v", resp.Error())`
mysql: provide allow_verification option to disable connection_url check 2016-02-18 22:02:59 +00:00			`}`
			`return nil`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`},`
			`}`
			`}`

Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`func testAccStepRole(t *testing.T, wildCard bool) logicaltest.TestStep {`

fixed some more issues I had with the tests. 2016-10-03 19:58:09 +00:00			`pathData := make(map[string]interface{})`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`if wildCard == true {`
fixed some more issues I had with the tests. 2016-10-03 19:58:09 +00:00			`pathData = map[string]interface{}{`
			`"sql": testRoleWildCard,`
Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00			`}`
			`} else {`
fixed some more issues I had with the tests. 2016-10-03 19:58:09 +00:00			`pathData = map[string]interface{}{`
Postgres revocation sql, beta mode (#1972) 2016-10-05 17:52:59 +00:00			`"sql": testRoleHost,`
			`"revocation_sql": testRevocationSQL,`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`}`
			`}`
Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`Path: "roles/web",`
Reduced duplicated code and fixed comments and simple variable name mistakes 2016-10-03 18:53:05 +00:00			`Data: pathData,`
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`}`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`}`

			`func testAccStepDeleteRole(t *testing.T, n string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.DeleteOperation,`
			`Path: "roles/" + n,`
			`}`
			`}`

			`func testAccStepReadCreds(t *testing.T, name string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.ReadOperation,`
			`Path: "creds/" + name,`
			`Check: func(resp *logical.Response) error {`
			`var d struct {`
			Username string `mapstructure:"username"`
			Password string `mapstructure:"password"`
			`}`
			`if err := mapstructure.Decode(resp.Data, &d); err != nil {`
			`return err`
			`}`
			`log.Printf("[WARN] Generated credentials: %v", d)`

			`return nil`
			`},`
			`}`
			`}`

			`func testAccStepReadRole(t *testing.T, name string, sql string) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.ReadOperation,`
			`Path: "roles/" + name,`
			`Check: func(resp *logical.Response) error {`
			`if resp == nil {`
			`if sql == "" {`
			`return nil`
			`}`

			`return fmt.Errorf("bad: %#v", resp)`
			`}`

			`var d struct {`
			SQL string `mapstructure:"sql"`
			`}`
			`if err := mapstructure.Decode(resp.Data, &d); err != nil {`
			`return err`
			`}`

			`if d.SQL != sql {`
			`return fmt.Errorf("bad: %#v", resp)`
			`}`

			`return nil`
			`},`
			`}`
			`}`

Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00			`func testAccStepWriteLease(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
WriteOperation -> UpdateOperation 2016-01-07 15:30:47 +00:00			`Operation: logical.UpdateOperation,`
Fix #533, add a reader for lease values (#529) and an acceptance test for mysql to prove it works 2015-08-13 19:32:40 +00:00			`Path: "config/lease",`
			`Data: map[string]interface{}{`
			`"lease": "1h5m",`
			`"lease_max": "24h",`
			`},`
			`}`
			`}`

			`func testAccStepReadLease(t *testing.T) logicaltest.TestStep {`
			`return logicaltest.TestStep{`
			`Operation: logical.ReadOperation,`
			`Path: "config/lease",`
			`Check: func(resp *logical.Response) error {`
			`if resp.Data["lease"] != "1h5m0s" \|\| resp.Data["lease_max"] != "24h0m0s" {`
			`return fmt.Errorf("bad: %#v", resp)`
			`}`

			`return nil`
			`},`
			`}`
			`}`

Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			const testRoleWildCard = `
secret/mysql: adding acceptance test 2015-04-25 19:56:23 +00:00			`CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';`
			`GRANT SELECT ON . TO '{{name}}'@'%';`
			`
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			const testRoleHost = `
			`CREATE USER '{{name}}'@'10.1.1.2' IDENTIFIED BY '{{password}}';`
			`GRANT SELECT ON . TO '{{name}}'@'10.1.1.2';`
			`
Postgres revocation sql, beta mode (#1972) 2016-10-05 17:52:59 +00:00			const testRevocationSQL = `
Added test for revoking mysql user with wild card host and non-wildcard host 2016-10-03 02:28:54 +00:00			`REVOKE ALL PRIVILEGES, GRANT OPTION FROM '{{name}}'@'10.1.1.2';`
			`DROP USER '{{name}}'@'10.1.1.2';`
			`