open-vault/command/rekey_test.go

package command

import (
	"encoding/hex"
	"os"
	"strings"
	"testing"

	"github.com/hashicorp/vault/http"
	"github.com/hashicorp/vault/vault"
	"github.com/mitchellh/cli"
)

func TestRekey(t *testing.T) {
	core, key, _ := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Key: hex.EncodeToString(key),
		Meta: Meta{
			Ui: ui,
		},
	}

	args := []string{"-address", addr}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	config, err := core.SealConfig()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if config.SecretShares != 5 {
		t.Fatal("should rekey")
	}
}

func TestRekey_arg(t *testing.T) {
	core, key, _ := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Meta: Meta{
			Ui: ui,
		},
	}

	args := []string{"-address", addr, hex.EncodeToString(key)}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	config, err := core.SealConfig()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if config.SecretShares != 5 {
		t.Fatal("should rekey")
	}
}

func TestRekey_init(t *testing.T) {
	core, key, _ := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Key: hex.EncodeToString(key),
		Meta: Meta{
			Ui: ui,
		},
	}

	args := []string{"-address", addr, "-init", "-key-threshold=10", "-key-shares=10"}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	config, err := core.RekeyConfig()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if config.SecretShares != 10 {
		t.Fatal("should rekey")
	}
	if config.SecretThreshold != 10 {
		t.Fatal("should rekey")
	}
}

func TestRekey_cancel(t *testing.T) {
	core, key, _ := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Key: hex.EncodeToString(key),
		Meta: Meta{
			Ui: ui,
		},
	}

	args := []string{"-address", addr, "-init"}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	args = []string{"-address", addr, "-cancel"}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	config, err := core.RekeyConfig()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if config != nil {
		t.Fatal("should not rekey")
	}
}

func TestRekey_status(t *testing.T) {
	core, key, _ := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Key: hex.EncodeToString(key),
		Meta: Meta{
			Ui: ui,
		},
	}

	args := []string{"-address", addr, "-init"}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	args = []string{"-address", addr, "-status"}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	if !strings.Contains(string(ui.OutputWriter.Bytes()), "Started: true") {
		t.Fatalf("bad: %s", ui.OutputWriter.String())
	}
}

func TestRekey_init_pgp(t *testing.T) {
	core, key, token := vault.TestCoreUnsealed(t)
	ln, addr := http.TestServer(t, core)
	defer ln.Close()

	ui := new(cli.MockUi)
	c := &RekeyCommand{
		Key: hex.EncodeToString(key),
		Meta: Meta{
			Ui: ui,
		},
	}

	tempDir, pubFiles, err := getPubKeyFiles(t)
	if err != nil {
		t.Fatal(err)
	}
	defer os.RemoveAll(tempDir)

	args := []string{
		"-address", addr,
		"-init",
		"-key-shares", "3",
		"-pgp-keys", pubFiles[0] + ",@" + pubFiles[1] + "," + pubFiles[2],
		"-key-threshold", "2",
	}

	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	config, err := core.RekeyConfig()
	if err != nil {
		t.Fatalf("err: %s", err)
	}
	if config.SecretShares != 3 {
		t.Fatal("should rekey")
	}
	if config.SecretThreshold != 2 {
		t.Fatal("should rekey")
	}

	args = []string{
		"-address", addr,
	}
	if code := c.Run(args); code != 0 {
		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
	}

	parseDecryptAndTestUnsealKeys(t, ui.OutputWriter.String(), token, core)
}
command/rekey: adding tests 2015-05-28 22:22:42 +00:00			`package command`

			`import (`
			`"encoding/hex"`
Add support for pgp-keys argument to rekey, as well as tests, plus refactor common bits out of init. 2015-08-25 21:24:19 +00:00			`"os"`
command/rekey: adding tests 2015-05-28 22:22:42 +00:00			`"strings"`
			`"testing"`

			`"github.com/hashicorp/vault/http"`
			`"github.com/hashicorp/vault/vault"`
			`"github.com/mitchellh/cli"`
			`)`

			`func TestRekey(t *testing.T) {`
			`core, key, _ := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Key: hex.EncodeToString(key),`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`args := []string{"-address", addr}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`config, err := core.SealConfig()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if config.SecretShares != 5 {`
			`t.Fatal("should rekey")`
			`}`
			`}`

			`func TestRekey_arg(t *testing.T) {`
			`core, key, _ := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`args := []string{"-address", addr, hex.EncodeToString(key)}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`config, err := core.SealConfig()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if config.SecretShares != 5 {`
			`t.Fatal("should rekey")`
			`}`
			`}`

			`func TestRekey_init(t *testing.T) {`
			`core, key, _ := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Key: hex.EncodeToString(key),`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`args := []string{"-address", addr, "-init", "-key-threshold=10", "-key-shares=10"}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`config, err := core.RekeyConfig()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if config.SecretShares != 10 {`
			`t.Fatal("should rekey")`
			`}`
			`if config.SecretThreshold != 10 {`
			`t.Fatal("should rekey")`
			`}`
			`}`

			`func TestRekey_cancel(t *testing.T) {`
			`core, key, _ := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Key: hex.EncodeToString(key),`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`args := []string{"-address", addr, "-init"}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`args = []string{"-address", addr, "-cancel"}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`config, err := core.RekeyConfig()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if config != nil {`
			`t.Fatal("should not rekey")`
			`}`
			`}`

			`func TestRekey_status(t *testing.T) {`
			`core, key, _ := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Key: hex.EncodeToString(key),`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`args := []string{"-address", addr, "-init"}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`args = []string{"-address", addr, "-status"}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`if !strings.Contains(string(ui.OutputWriter.Bytes()), "Started: true") {`
			`t.Fatalf("bad: %s", ui.OutputWriter.String())`
			`}`
			`}`
Add support for pgp-keys argument to rekey, as well as tests, plus refactor common bits out of init. 2015-08-25 21:24:19 +00:00
			`func TestRekey_init_pgp(t *testing.T) {`
			`core, key, token := vault.TestCoreUnsealed(t)`
			`ln, addr := http.TestServer(t, core)`
			`defer ln.Close()`

			`ui := new(cli.MockUi)`
			`c := &RekeyCommand{`
			`Key: hex.EncodeToString(key),`
			`Meta: Meta{`
			`Ui: ui,`
			`},`
			`}`

			`tempDir, pubFiles, err := getPubKeyFiles(t)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`defer os.RemoveAll(tempDir)`

			`args := []string{`
			`"-address", addr,`
			`"-init",`
Address comments from review. 2015-08-25 22:33:58 +00:00			`"-key-shares", "3",`
Add support for pgp-keys argument to rekey, as well as tests, plus refactor common bits out of init. 2015-08-25 21:24:19 +00:00			`"-pgp-keys", pubFiles[0] + ",@" + pubFiles[1] + "," + pubFiles[2],`
Address comments from review. 2015-08-25 22:33:58 +00:00			`"-key-threshold", "2",`
Add support for pgp-keys argument to rekey, as well as tests, plus refactor common bits out of init. 2015-08-25 21:24:19 +00:00			`}`

			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`config, err := core.RekeyConfig()`
			`if err != nil {`
			`t.Fatalf("err: %s", err)`
			`}`
			`if config.SecretShares != 3 {`
			`t.Fatal("should rekey")`
			`}`
			`if config.SecretThreshold != 2 {`
			`t.Fatal("should rekey")`
			`}`

			`args = []string{`
			`"-address", addr,`
			`}`
			`if code := c.Run(args); code != 0 {`
			`t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())`
			`}`

			`parseDecryptAndTestUnsealKeys(t, ui.OutputWriter.String(), token, core)`
			`}`