open-vault/builtin/logical/database/dbplugin/plugin_test.go

324 lines
6.5 KiB
Go
Raw Normal View History

2017-04-06 19:20:10 +00:00
package dbplugin
2017-03-23 22:54:15 +00:00
import (
"crypto/sha256"
"encoding/hex"
"errors"
"fmt"
"io"
"net"
"os"
"os/exec"
"testing"
"time"
"github.com/hashicorp/vault/helper/pluginutil"
"github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
2017-03-28 19:20:17 +00:00
log "github.com/mgutz/logxi/v1"
2017-03-23 22:54:15 +00:00
)
type mockPlugin struct {
users map[string][]string
CredentialsProducer
}
func (m *mockPlugin) Type() string { return "mock" }
func (m *mockPlugin) CreateUser(statements Statements, username, password, expiration string) error {
err := errors.New("err")
if username == "" || password == "" || expiration == "" {
return err
}
if _, ok := m.users[username]; ok {
return err
}
m.users[username] = []string{password, expiration}
return nil
}
func (m *mockPlugin) RenewUser(statements Statements, username, expiration string) error {
err := errors.New("err")
if username == "" || expiration == "" {
return err
}
if _, ok := m.users[username]; !ok {
return err
}
return nil
}
func (m *mockPlugin) RevokeUser(statements Statements, username string) error {
err := errors.New("err")
if username == "" {
return err
}
if _, ok := m.users[username]; !ok {
return err
}
delete(m.users, username)
return nil
}
func (m *mockPlugin) Initialize(conf map[string]interface{}) error {
err := errors.New("err")
if len(conf) != 1 {
return err
}
return nil
}
func (m *mockPlugin) Close() error {
m.users = nil
return nil
}
func getConf(t *testing.T) *DatabaseConfig {
command := fmt.Sprintf("%s -test.run=TestPlugin_Main", os.Args[0])
cmd := exec.Command(os.Args[0])
hash := sha256.New()
file, err := os.Open(cmd.Path)
if err != nil {
t.Fatal(err)
}
defer file.Close()
_, err = io.Copy(hash, file)
if err != nil {
t.Fatal(err)
}
sum := hash.Sum(nil)
conf := &DatabaseConfig{
DatabaseType: pluginTypeName,
PluginCommand: command,
PluginChecksum: hex.EncodeToString(sum),
ConnectionDetails: map[string]interface{}{
"test": true,
},
}
return conf
}
func getCore(t *testing.T) (*vault.Core, net.Listener, logical.SystemView) {
core, _, _, ln := vault.TestCoreUnsealedWithListener(t)
http.TestServerWithListener(t, ln, "", core)
sys := vault.TestDynamicSystemView(core)
return core, ln, sys
}
2017-03-27 18:46:20 +00:00
// This is not an actual test case, it's a helper function that will be executed
// by the go-plugin client via an exec call.
2017-03-23 22:54:15 +00:00
func TestPlugin_Main(t *testing.T) {
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" {
return
}
plugin := &mockPlugin{
users: make(map[string][]string),
CredentialsProducer: &sqlCredentialsProducer{5, 50},
}
NewPluginServer(plugin)
}
func TestPlugin_Initialize(t *testing.T) {
_, ln, sys := getCore(t)
defer ln.Close()
conf := getConf(t)
2017-03-28 19:20:17 +00:00
dbRaw, err := PluginFactory(conf, sys, &log.NullLogger{})
2017-03-23 22:54:15 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
err = dbRaw.Initialize(conf.ConnectionDetails)
if err != nil {
t.Fatalf("err: %s", err)
}
err = dbRaw.Close()
if err != nil {
t.Fatalf("err: %s", err)
}
}
func TestPlugin_CreateUser(t *testing.T) {
_, ln, sys := getCore(t)
defer ln.Close()
conf := getConf(t)
2017-03-28 19:20:17 +00:00
db, err := PluginFactory(conf, sys, &log.NullLogger{})
2017-03-23 22:54:15 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
defer db.Close()
err = db.Initialize(conf.ConnectionDetails)
if err != nil {
t.Fatalf("err: %s", err)
}
username, err := db.GenerateUsername("test")
if err != nil {
t.Fatalf("err: %s", err)
}
password, err := db.GeneratePassword()
if err != nil {
t.Fatalf("err: %s", err)
}
expiration, err := db.GenerateExpiration(time.Minute)
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
// try and save the same user again to verify it saved the first time, this
// should return an error
err = db.CreateUser(Statements{}, username, password, expiration)
if err == nil {
t.Fatal("expected an error, user wasn't created correctly")
}
// Create one more user
username, err = db.GenerateUsername("test")
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
}
func TestPlugin_RenewUser(t *testing.T) {
_, ln, sys := getCore(t)
defer ln.Close()
conf := getConf(t)
2017-03-28 19:20:17 +00:00
db, err := PluginFactory(conf, sys, &log.NullLogger{})
2017-03-23 22:54:15 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
defer db.Close()
err = db.Initialize(conf.ConnectionDetails)
if err != nil {
t.Fatalf("err: %s", err)
}
username, err := db.GenerateUsername("test")
if err != nil {
t.Fatalf("err: %s", err)
}
password, err := db.GeneratePassword()
if err != nil {
t.Fatalf("err: %s", err)
}
expiration, err := db.GenerateExpiration(time.Minute)
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
expiration, err = db.GenerateExpiration(time.Minute)
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.RenewUser(Statements{}, username, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
}
func TestPlugin_RevokeUser(t *testing.T) {
_, ln, sys := getCore(t)
defer ln.Close()
conf := getConf(t)
2017-03-28 19:20:17 +00:00
db, err := PluginFactory(conf, sys, &log.NullLogger{})
2017-03-23 22:54:15 +00:00
if err != nil {
t.Fatalf("err: %s", err)
}
defer db.Close()
err = db.Initialize(conf.ConnectionDetails)
if err != nil {
t.Fatalf("err: %s", err)
}
username, err := db.GenerateUsername("test")
if err != nil {
t.Fatalf("err: %s", err)
}
password, err := db.GeneratePassword()
if err != nil {
t.Fatalf("err: %s", err)
}
expiration, err := db.GenerateExpiration(time.Minute)
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
// Test default revoke statememts
err = db.RevokeUser(Statements{}, username)
if err != nil {
t.Fatalf("err: %s", err)
}
// Try adding the same username back so we can verify it was removed
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
username, err = db.GenerateUsername("test")
if err != nil {
t.Fatalf("err: %s", err)
}
expiration, err = db.GenerateExpiration(time.Minute)
if err != nil {
t.Fatalf("err: %s", err)
}
// try once more
err = db.CreateUser(Statements{}, username, password, expiration)
if err != nil {
t.Fatalf("err: %s", err)
}
err = db.RevokeUser(Statements{}, username)
if err != nil {
t.Fatalf("err: %s", err)
}
}