2015-03-16 02:34:47 +00:00
|
|
|
package http
|
|
|
|
|
|
|
|
import (
|
2015-05-27 21:19:12 +00:00
|
|
|
"bytes"
|
|
|
|
"io"
|
2015-03-16 02:34:47 +00:00
|
|
|
"net/http"
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
2015-04-05 00:42:19 +00:00
|
|
|
"time"
|
2015-03-16 02:34:47 +00:00
|
|
|
|
2015-04-19 20:18:09 +00:00
|
|
|
"github.com/hashicorp/vault/physical"
|
2015-03-16 02:34:47 +00:00
|
|
|
"github.com/hashicorp/vault/vault"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestLogical(t *testing.T) {
|
2015-03-29 23:14:54 +00:00
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
2015-03-16 02:34:47 +00:00
|
|
|
ln, addr := TestServer(t, core)
|
|
|
|
defer ln.Close()
|
2015-03-29 23:14:54 +00:00
|
|
|
TestServerAuth(t, addr, token)
|
2015-03-16 02:34:47 +00:00
|
|
|
|
2015-04-07 18:04:06 +00:00
|
|
|
// WRITE
|
2015-03-16 02:34:47 +00:00
|
|
|
resp := testHttpPut(t, addr+"/v1/secret/foo", map[string]interface{}{
|
|
|
|
"data": "bar",
|
|
|
|
})
|
|
|
|
testResponseStatus(t, resp, 204)
|
|
|
|
|
2015-04-07 18:04:06 +00:00
|
|
|
// READ
|
2015-03-16 02:34:47 +00:00
|
|
|
resp, err := http.Get(addr + "/v1/secret/foo")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var actual map[string]interface{}
|
|
|
|
expected := map[string]interface{}{
|
2015-03-16 20:29:51 +00:00
|
|
|
"renewable": false,
|
2015-04-05 00:42:19 +00:00
|
|
|
"lease_duration": float64((30 * 24 * time.Hour) / time.Second),
|
2015-03-16 02:34:47 +00:00
|
|
|
"data": map[string]interface{}{
|
|
|
|
"data": "bar",
|
|
|
|
},
|
2015-04-05 00:42:19 +00:00
|
|
|
"auth": nil,
|
2015-03-16 02:34:47 +00:00
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
testResponseBody(t, resp, &actual)
|
2015-04-08 20:35:32 +00:00
|
|
|
delete(actual, "lease_id")
|
2015-03-16 02:34:47 +00:00
|
|
|
if !reflect.DeepEqual(actual, expected) {
|
2015-04-05 00:42:19 +00:00
|
|
|
t.Fatalf("bad: %#v %#v", actual, expected)
|
2015-03-16 02:34:47 +00:00
|
|
|
}
|
2015-04-07 18:04:06 +00:00
|
|
|
|
|
|
|
// DELETE
|
|
|
|
resp = testHttpDelete(t, addr+"/v1/secret/foo")
|
|
|
|
testResponseStatus(t, resp, 204)
|
|
|
|
|
|
|
|
resp, err = http.Get(addr + "/v1/secret/foo")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 404)
|
2015-03-16 02:34:47 +00:00
|
|
|
}
|
2015-03-16 02:42:24 +00:00
|
|
|
|
|
|
|
func TestLogical_noExist(t *testing.T) {
|
2015-03-29 23:14:54 +00:00
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
2015-03-16 02:42:24 +00:00
|
|
|
ln, addr := TestServer(t, core)
|
|
|
|
defer ln.Close()
|
2015-03-29 23:14:54 +00:00
|
|
|
TestServerAuth(t, addr, token)
|
2015-03-16 02:42:24 +00:00
|
|
|
|
|
|
|
resp, err := http.Get(addr + "/v1/secret/foo")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 404)
|
|
|
|
}
|
2015-04-19 20:18:09 +00:00
|
|
|
|
|
|
|
func TestLogical_StandbyRedirect(t *testing.T) {
|
|
|
|
ln1, addr1 := TestListener(t)
|
|
|
|
defer ln1.Close()
|
|
|
|
ln2, addr2 := TestListener(t)
|
|
|
|
defer ln2.Close()
|
|
|
|
|
|
|
|
// Create an HA Vault
|
|
|
|
inm := physical.NewInmemHA()
|
2015-04-29 01:12:57 +00:00
|
|
|
conf := &vault.CoreConfig{
|
|
|
|
Physical: inm,
|
|
|
|
AdvertiseAddr: addr1,
|
|
|
|
DisableMlock: true,
|
|
|
|
}
|
2015-04-19 20:18:09 +00:00
|
|
|
core1, err := vault.NewCore(conf)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
key, root := vault.TestCoreInit(t, core1)
|
|
|
|
if _, err := core1.Unseal(vault.TestKeyCopy(key)); err != nil {
|
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a second HA Vault
|
2015-04-29 01:12:57 +00:00
|
|
|
conf2 := &vault.CoreConfig{
|
|
|
|
Physical: inm,
|
|
|
|
AdvertiseAddr: addr2,
|
|
|
|
DisableMlock: true,
|
|
|
|
}
|
2015-04-19 20:18:09 +00:00
|
|
|
core2, err := vault.NewCore(conf2)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if _, err := core2.Unseal(vault.TestKeyCopy(key)); err != nil {
|
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
TestServerWithListener(t, ln1, addr1, core1)
|
|
|
|
TestServerWithListener(t, ln2, addr2, core2)
|
|
|
|
TestServerAuth(t, addr1, root)
|
|
|
|
|
|
|
|
// WRITE to STANDBY
|
|
|
|
resp := testHttpPut(t, addr2+"/v1/secret/foo", map[string]interface{}{
|
|
|
|
"data": "bar",
|
|
|
|
})
|
|
|
|
testResponseStatus(t, resp, 307)
|
|
|
|
|
|
|
|
//// READ to standby
|
|
|
|
resp, err = http.Get(addr2 + "/v1/auth/token/lookup-self")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var actual map[string]interface{}
|
|
|
|
expected := map[string]interface{}{
|
|
|
|
"renewable": false,
|
|
|
|
"lease_duration": float64(0),
|
|
|
|
"data": map[string]interface{}{
|
|
|
|
"meta": nil,
|
|
|
|
"num_uses": float64(0),
|
|
|
|
"path": "auth/token/root",
|
|
|
|
"policies": []interface{}{"root"},
|
|
|
|
"display_name": "root",
|
|
|
|
"id": root,
|
|
|
|
},
|
|
|
|
"auth": nil,
|
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
testResponseBody(t, resp, &actual)
|
|
|
|
delete(actual, "lease_id")
|
|
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
|
|
t.Fatalf("bad: %#v %#v", actual, expected)
|
|
|
|
}
|
|
|
|
|
|
|
|
//// DELETE to standby
|
|
|
|
resp = testHttpDelete(t, addr2+"/v1/secret/foo")
|
|
|
|
testResponseStatus(t, resp, 307)
|
|
|
|
}
|
2015-04-27 22:17:59 +00:00
|
|
|
|
|
|
|
func TestLogical_CreateToken(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
TestServerAuth(t, addr, token)
|
|
|
|
|
|
|
|
// WRITE
|
|
|
|
resp := testHttpPut(t, addr+"/v1/auth/token/create", map[string]interface{}{
|
|
|
|
"data": "bar",
|
|
|
|
})
|
|
|
|
|
|
|
|
var actual map[string]interface{}
|
|
|
|
expected := map[string]interface{}{
|
|
|
|
"lease_id": "",
|
|
|
|
"renewable": false,
|
|
|
|
"lease_duration": float64(0),
|
|
|
|
"data": nil,
|
|
|
|
"auth": map[string]interface{}{
|
|
|
|
"policies": []interface{}{"root"},
|
|
|
|
"metadata": nil,
|
|
|
|
"lease_duration": float64(0),
|
|
|
|
"renewable": false,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
testResponseBody(t, resp, &actual)
|
|
|
|
delete(actual["auth"].(map[string]interface{}), "client_token")
|
|
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
|
|
t.Fatalf("bad: %#v %#v", actual, expected)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should not get auth cookie
|
|
|
|
if cookies := resp.Cookies(); len(cookies) != 0 {
|
|
|
|
t.Fatalf("should not get cookies: %#v", cookies)
|
|
|
|
}
|
|
|
|
}
|
2015-05-27 21:19:12 +00:00
|
|
|
|
|
|
|
func TestLogical_RawHTTP(t *testing.T) {
|
|
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
|
|
ln, addr := TestServer(t, core)
|
|
|
|
defer ln.Close()
|
|
|
|
TestServerAuth(t, addr, token)
|
|
|
|
|
|
|
|
resp := testHttpPost(t, addr+"/v1/sys/mounts/foo", map[string]interface{}{
|
|
|
|
"type": "http",
|
|
|
|
})
|
|
|
|
testResponseStatus(t, resp, 204)
|
|
|
|
|
|
|
|
// Get the raw response
|
|
|
|
resp, err := http.Get(addr + "/v1/foo/raw")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
|
|
|
|
// Test the headers
|
|
|
|
if resp.Header.Get("Content-Type") != "plain/text" {
|
|
|
|
t.Fatalf("Bad: %#v", resp.Header)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the body
|
|
|
|
body := new(bytes.Buffer)
|
|
|
|
io.Copy(body, resp.Body)
|
|
|
|
if string(body.Bytes()) != "hello world" {
|
|
|
|
t.Fatalf("Bad: %s", body.Bytes())
|
|
|
|
}
|
|
|
|
}
|