2015-03-13 18:11:59 +00:00
|
|
|
package vault
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2015-04-02 01:36:13 +00:00
|
|
|
"github.com/hashicorp/vault/audit"
|
2015-04-01 03:24:51 +00:00
|
|
|
"github.com/hashicorp/vault/logical"
|
|
|
|
"github.com/hashicorp/vault/logical/framework"
|
2015-03-13 18:11:59 +00:00
|
|
|
"github.com/hashicorp/vault/physical"
|
|
|
|
)
|
|
|
|
|
|
|
|
// This file contains a number of methods that are useful for unit
|
|
|
|
// tests within other packages.
|
|
|
|
|
|
|
|
// TestCore returns a pure in-memory, uninitialized core for testing.
|
|
|
|
func TestCore(t *testing.T) *Core {
|
2015-04-02 01:36:13 +00:00
|
|
|
noopAudits := map[string]audit.Factory{
|
|
|
|
"noop": func(map[string]string) (audit.Backend, error) {
|
|
|
|
return new(noopAudit), nil
|
|
|
|
},
|
|
|
|
}
|
2015-04-01 03:24:51 +00:00
|
|
|
noopBackends := make(map[string]logical.Factory)
|
2015-07-01 00:30:43 +00:00
|
|
|
noopBackends["noop"] = func(*logical.BackendConfig) (logical.Backend, error) {
|
2015-04-01 03:24:51 +00:00
|
|
|
return new(framework.Backend), nil
|
|
|
|
}
|
2015-07-01 00:30:43 +00:00
|
|
|
noopBackends["http"] = func(*logical.BackendConfig) (logical.Backend, error) {
|
2015-05-27 21:19:12 +00:00
|
|
|
return new(rawHTTP), nil
|
|
|
|
}
|
2015-04-01 03:24:51 +00:00
|
|
|
|
2015-03-13 18:11:59 +00:00
|
|
|
physicalBackend := physical.NewInmem()
|
|
|
|
c, err := NewCore(&CoreConfig{
|
2015-04-01 03:24:51 +00:00
|
|
|
Physical: physicalBackend,
|
2015-04-02 01:36:13 +00:00
|
|
|
AuditBackends: noopAudits,
|
2015-04-01 03:24:51 +00:00
|
|
|
LogicalBackends: noopBackends,
|
|
|
|
CredentialBackends: noopBackends,
|
2015-04-29 01:12:57 +00:00
|
|
|
DisableMlock: true,
|
2015-03-13 18:11:59 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return c
|
|
|
|
}
|
|
|
|
|
|
|
|
// TestCoreInit initializes the core with a single key, and returns
|
2015-03-24 18:37:07 +00:00
|
|
|
// the key that must be used to unseal the core and a root token.
|
|
|
|
func TestCoreInit(t *testing.T, core *Core) ([]byte, string) {
|
2015-03-13 18:11:59 +00:00
|
|
|
result, err := core.Initialize(&SealConfig{
|
|
|
|
SecretShares: 1,
|
|
|
|
SecretThreshold: 1,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
2015-03-24 18:37:07 +00:00
|
|
|
return result.SecretShares[0], result.RootToken
|
2015-03-15 00:47:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// TestCoreUnsealed returns a pure in-memory core that is already
|
|
|
|
// initialized and unsealed.
|
2015-03-29 23:14:54 +00:00
|
|
|
func TestCoreUnsealed(t *testing.T) (*Core, []byte, string) {
|
2015-03-15 00:47:11 +00:00
|
|
|
core := TestCore(t)
|
2015-03-24 18:37:07 +00:00
|
|
|
key, token := TestCoreInit(t, core)
|
2015-03-15 01:25:36 +00:00
|
|
|
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
|
2015-03-15 00:47:11 +00:00
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
sealed, err := core.Sealed()
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err checking seal status: %s", err)
|
|
|
|
}
|
|
|
|
if sealed {
|
|
|
|
t.Fatal("should not be sealed")
|
|
|
|
}
|
|
|
|
|
2015-03-24 18:37:07 +00:00
|
|
|
return core, key, token
|
2015-03-13 18:11:59 +00:00
|
|
|
}
|
2015-03-15 01:25:36 +00:00
|
|
|
|
|
|
|
// TestKeyCopy is a silly little function to just copy the key so that
|
|
|
|
// it can be used with Unseal easily.
|
|
|
|
func TestKeyCopy(key []byte) []byte {
|
|
|
|
result := make([]byte, len(key))
|
|
|
|
copy(result, key)
|
|
|
|
return result
|
|
|
|
}
|
2015-04-02 01:36:13 +00:00
|
|
|
|
|
|
|
type noopAudit struct{}
|
|
|
|
|
2015-06-19 01:30:18 +00:00
|
|
|
func (n *noopAudit) LogRequest(a *logical.Auth, r *logical.Request, e error) error {
|
2015-04-02 01:36:13 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (n *noopAudit) LogResponse(a *logical.Auth, r *logical.Request, re *logical.Response, err error) error {
|
|
|
|
return nil
|
|
|
|
}
|
2015-05-27 21:19:12 +00:00
|
|
|
|
|
|
|
type rawHTTP struct{}
|
|
|
|
|
|
|
|
func (n *rawHTTP) HandleRequest(req *logical.Request) (*logical.Response, error) {
|
|
|
|
return &logical.Response{
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
logical.HTTPStatusCode: 200,
|
|
|
|
logical.HTTPContentType: "plain/text",
|
|
|
|
logical.HTTPRawBody: []byte("hello world"),
|
|
|
|
},
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (n *rawHTTP) SpecialPaths() *logical.Paths {
|
|
|
|
return &logical.Paths{Unauthenticated: []string{"*"}}
|
|
|
|
}
|