2015-03-13 17:55:54 +00:00
|
|
|
package vault
|
|
|
|
|
|
|
|
|
|
import (
|
2015-03-16 02:38:23 +00:00
|
|
|
"log"
|
|
|
|
|
"os"
|
2015-03-13 17:55:54 +00:00
|
|
|
"reflect"
|
|
|
|
|
"strings"
|
|
|
|
|
"testing"
|
|
|
|
|
"time"
|
2015-03-15 21:53:41 +00:00
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/logical"
|
|
|
|
|
"github.com/hashicorp/vault/physical"
|
2015-03-13 17:55:54 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// mockExpiration returns a mock expiration manager
|
|
|
|
|
func mockExpiration(t *testing.T) *ExpirationManager {
|
2015-03-15 21:53:41 +00:00
|
|
|
inm := physical.NewInmem()
|
|
|
|
|
b, err := NewAESGCMBarrier(inm)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Initialize and unseal
|
|
|
|
|
key, _ := b.GenerateKey()
|
|
|
|
|
b.Initialize(key)
|
|
|
|
|
b.Unseal(key)
|
|
|
|
|
|
|
|
|
|
// Create the barrier view
|
|
|
|
|
view := NewBarrierView(b, "expire/")
|
|
|
|
|
|
2015-03-13 17:55:54 +00:00
|
|
|
router := NewRouter()
|
2015-03-16 02:38:23 +00:00
|
|
|
logger := log.New(os.Stderr, "", log.LstdFlags)
|
|
|
|
|
return NewExpirationManager(router, view, logger)
|
2015-03-13 17:55:54 +00:00
|
|
|
}
|
|
|
|
|
|
2015-03-16 02:38:23 +00:00
|
|
|
/*
|
2015-03-13 18:31:43 +00:00
|
|
|
func TestExpiration_StartStop(t *testing.T) {
|
|
|
|
|
exp := mockExpiration(t)
|
2015-03-16 02:38:23 +00:00
|
|
|
err := exp.Start()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
2015-03-13 18:31:43 +00:00
|
|
|
|
2015-03-16 02:38:23 +00:00
|
|
|
err := exp.Restore()
|
2015-03-13 18:31:43 +00:00
|
|
|
if err.Error() != "cannot restore while running" {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = exp.Stop()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-16 02:38:23 +00:00
|
|
|
*/
|
2015-03-13 18:31:43 +00:00
|
|
|
|
2015-03-13 17:55:54 +00:00
|
|
|
func TestExpiration_Register(t *testing.T) {
|
|
|
|
|
exp := mockExpiration(t)
|
2015-03-15 21:53:41 +00:00
|
|
|
req := &logical.Request{
|
|
|
|
|
Operation: logical.ReadOperation,
|
2015-03-13 17:55:54 +00:00
|
|
|
Path: "prod/aws/foo",
|
|
|
|
|
}
|
2015-03-15 21:53:41 +00:00
|
|
|
resp := &logical.Response{
|
2015-03-13 17:55:54 +00:00
|
|
|
IsSecret: true,
|
2015-03-15 21:53:41 +00:00
|
|
|
Lease: &logical.Lease{
|
2015-03-13 17:55:54 +00:00
|
|
|
Duration: time.Hour,
|
|
|
|
|
MaxDuration: time.Hour,
|
|
|
|
|
},
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"access_key": "xyz",
|
|
|
|
|
"secret_key": "abcd",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
id, err := exp.Register(req, resp)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !strings.HasPrefix(id, req.Path) {
|
|
|
|
|
t.Fatalf("bad: %s", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(id) <= len(req.Path) {
|
|
|
|
|
t.Fatalf("bad: %s", id)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func TestLeaseEntry(t *testing.T) {
|
|
|
|
|
le := &leaseEntry{
|
|
|
|
|
VaultID: "foo/bar/1234",
|
|
|
|
|
Path: "foo/bar",
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"testing": true,
|
|
|
|
|
},
|
2015-03-15 21:53:41 +00:00
|
|
|
Lease: &logical.Lease{
|
2015-03-13 17:55:54 +00:00
|
|
|
Renewable: true,
|
|
|
|
|
Duration: time.Minute,
|
|
|
|
|
MaxDuration: time.Hour,
|
|
|
|
|
},
|
|
|
|
|
IssueTime: time.Now(),
|
2015-03-13 18:36:24 +00:00
|
|
|
RenewTime: time.Now(),
|
2015-03-13 17:55:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enc, err := le.encode()
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out, err := decodeLeaseEntry(enc)
|
|
|
|
|
if err != nil {
|
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !reflect.DeepEqual(out.Data, le.Data) {
|
|
|
|
|
t.Fatalf("got: %#v, expect %#v", out, le)
|
|
|
|
|
}
|
|
|
|
|
}
|
