open-vault/vault/init_test.go

172 lines
4 KiB
Go
Raw Normal View History

2016-04-04 14:44:22 +00:00
package vault
import (
"context"
2016-04-04 14:44:22 +00:00
"reflect"
"testing"
log "github.com/hashicorp/go-hclog"
wrapping "github.com/hashicorp/go-kms-wrapping"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical/inmem"
2016-04-04 14:44:22 +00:00
)
func TestCore_Init(t *testing.T) {
c, conf := testCore_NewTestCore(t, nil)
testCore_Init_Common(t, c, conf, &SealConfig{SecretShares: 5, SecretThreshold: 3}, nil)
}
func testCore_NewTestCore(t *testing.T, seal Seal) (*Core, *CoreConfig) {
2018-09-18 03:03:00 +00:00
return testCore_NewTestCoreLicensing(t, seal, nil)
}
func testCore_NewTestCoreLicensing(t *testing.T, seal Seal, licensingConfig *LicensingConfig) (*Core, *CoreConfig) {
logger := logging.NewVaultLogger(log.Trace)
2016-08-19 20:45:17 +00:00
inm, err := inmem.NewInmem(nil, logger)
if err != nil {
t.Fatal(err)
}
2016-04-04 14:44:22 +00:00
conf := &CoreConfig{
Physical: inm,
DisableMlock: true,
LogicalBackends: map[string]logical.Factory{
"kv": LeasedPassthroughBackendFactory,
2016-04-04 14:44:22 +00:00
},
2018-09-18 03:03:00 +00:00
Seal: seal,
LicensingConfig: licensingConfig,
2016-04-04 14:44:22 +00:00
}
c, err := NewCore(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
return c, conf
}
2016-04-04 14:44:22 +00:00
func testCore_Init_Common(t *testing.T, c *Core, conf *CoreConfig, barrierConf, recoveryConf *SealConfig) {
init, err := c.Initialized(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if init {
t.Fatalf("should not be init")
}
// Check the seal configuration
outConf, err := c.seal.BarrierConfig(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if outConf != nil {
t.Fatalf("bad: %v", outConf)
}
if recoveryConf != nil {
outConf, err := c.seal.RecoveryConfig(context.Background())
if err != nil {
t.Fatalf("err: %v", err)
}
if outConf != nil {
t.Fatalf("bad: %v", outConf)
}
2016-04-04 14:44:22 +00:00
}
res, err := c.Initialize(context.Background(), &InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if c.seal.BarrierType() == wrapping.Shamir && len(res.SecretShares) != barrierConf.SecretShares {
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *barrierConf)
}
if recoveryConf != nil {
if len(res.RecoveryShares) != recoveryConf.SecretShares {
t.Fatalf("Bad: got\n%#v\nexpected conf matching\n%#v\n", *res, *recoveryConf)
}
2016-04-04 14:44:22 +00:00
}
2016-04-04 14:44:22 +00:00
if res.RootToken == "" {
t.Fatalf("Bad: %#v", res)
2016-04-04 14:44:22 +00:00
}
_, err = c.Initialize(context.Background(), &InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
2016-04-04 14:44:22 +00:00
if err != ErrAlreadyInit {
t.Fatalf("err: %v", err)
}
init, err = c.Initialized(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if !init {
t.Fatalf("should be init")
}
// Check the seal configuration
outConf, err = c.seal.BarrierConfig(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, barrierConf) {
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
}
if recoveryConf != nil {
outConf, err = c.seal.RecoveryConfig(context.Background())
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, recoveryConf) {
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
}
2016-04-04 14:44:22 +00:00
}
// New Core, same backend
c2, err := NewCore(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
_, err = c2.Initialize(context.Background(), &InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
2016-04-04 14:44:22 +00:00
if err != ErrAlreadyInit {
t.Fatalf("err: %v", err)
}
init, err = c2.Initialized(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if !init {
t.Fatalf("should be init")
}
// Check the seal configuration
outConf, err = c2.seal.BarrierConfig(context.Background())
2016-04-04 14:44:22 +00:00
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, barrierConf) {
t.Fatalf("bad: %v expect: %v", outConf, barrierConf)
}
if recoveryConf != nil {
outConf, err = c2.seal.RecoveryConfig(context.Background())
if err != nil {
t.Fatalf("err: %v", err)
}
if !reflect.DeepEqual(outConf, recoveryConf) {
t.Fatalf("bad: %v expect: %v", outConf, recoveryConf)
}
2016-04-04 14:44:22 +00:00
}
}