backport of commit 8a174b05b045662423ce76be62687faab7e2514d (#22207)

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-08-04 11:45:55 -04:00 committed by GitHub
parent 6510f797ee
commit 05cd21f13b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 32 additions and 14 deletions

View file

@ -56,7 +56,8 @@ func TestAcmeBasicWorkflow(t *testing.T) {
{"issuer", "issuer/int-ca/acme/"}, {"issuer", "issuer/int-ca/acme/"},
{"issuer_role", "issuer/int-ca/roles/test-role/acme/"}, {"issuer_role", "issuer/int-ca/roles/test-role/acme/"},
} }
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
for _, tc := range cases { for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
@ -359,7 +360,8 @@ func TestAcmeBasicWorkflowWithEab(t *testing.T) {
t.Parallel() t.Parallel()
cluster, client, _ := setupAcmeBackend(t) cluster, client, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
// Enable EAB // Enable EAB
_, err := client.Logical().WriteWithContext(context.Background(), "pki/config/acme", map[string]interface{}{ _, err := client.Logical().WriteWithContext(context.Background(), "pki/config/acme", map[string]interface{}{
@ -559,7 +561,8 @@ func TestAcmeClusterPathNotConfigured(t *testing.T) {
{"issuer", "pki/issuer/default/acme/directory"}, {"issuer", "pki/issuer/default/acme/directory"},
{"issuer_role", "pki/issuer/default/roles/test-role/acme/directory"}, {"issuer_role", "pki/issuer/default/roles/test-role/acme/directory"},
} }
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
for _, tc := range cases { for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
@ -594,7 +597,8 @@ func TestAcmeAccountsCrossingDirectoryPath(t *testing.T) {
accountKey, err := rsa.GenerateKey(rand.Reader, 2048) accountKey, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err, "failed creating rsa key") require.NoError(t, err, "failed creating rsa key")
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
acmeClient := getAcmeClientForCluster(t, cluster, baseAcmeURL, accountKey) acmeClient := getAcmeClientForCluster(t, cluster, baseAcmeURL, accountKey)
// Create new account // Create new account
@ -629,7 +633,8 @@ func TestAcmeEabCrossingDirectoryPath(t *testing.T) {
accountKey, err := rsa.GenerateKey(rand.Reader, 2048) accountKey, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err, "failed creating rsa key") require.NoError(t, err, "failed creating rsa key")
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
acmeClient := getAcmeClientForCluster(t, cluster, baseAcmeURL, accountKey) acmeClient := getAcmeClientForCluster(t, cluster, baseAcmeURL, accountKey)
// fetch a new EAB // fetch a new EAB
@ -716,7 +721,9 @@ func TestAcmeTruncatesToIssuerExpiry(t *testing.T) {
cluster, client, _ := setupAcmeBackend(t) cluster, client, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
mount := "pki" mount := "pki"
resp, err := client.Logical().WriteWithContext(context.Background(), mount+"/issuers/generate/intermediate/internal", resp, err := client.Logical().WriteWithContext(context.Background(), mount+"/issuers/generate/intermediate/internal",
map[string]interface{}{ map[string]interface{}{
@ -804,7 +811,8 @@ func TestAcmeRoleExtKeyUsage(t *testing.T) {
cluster, client, _ := setupAcmeBackend(t) cluster, client, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
roleName := "test-role" roleName := "test-role"
@ -907,7 +915,9 @@ func TestIssuerRoleDirectoryAssociations(t *testing.T) {
defer cluster.Cleanup() defer cluster.Cleanup()
// Setup DNS for validations. // Setup DNS for validations.
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
dns := dnstest.SetupResolver(t, "dadgarcorp.com") dns := dnstest.SetupResolver(t, "dadgarcorp.com")
defer dns.Cleanup() defer dns.Cleanup()
_, err := client.Logical().WriteWithContext(testCtx, "pki/config/acme", map[string]interface{}{ _, err := client.Logical().WriteWithContext(testCtx, "pki/config/acme", map[string]interface{}{
@ -1040,7 +1050,9 @@ func TestACMESubjectFieldsAndExtensionsIgnored(t *testing.T) {
defer cluster.Cleanup() defer cluster.Cleanup()
// Setup DNS for validations. // Setup DNS for validations.
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
dns := dnstest.SetupResolver(t, "dadgarcorp.com") dns := dnstest.SetupResolver(t, "dadgarcorp.com")
defer dns.Cleanup() defer dns.Cleanup()
_, err := client.Logical().WriteWithContext(testCtx, "pki/config/acme", map[string]interface{}{ _, err := client.Logical().WriteWithContext(testCtx, "pki/config/acme", map[string]interface{}{
@ -1086,7 +1098,8 @@ func TestAcmeWithCsrIncludingBasicConstraintExtension(t *testing.T) {
cluster, client, _ := setupAcmeBackend(t) cluster, client, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
baseAcmeURL := "/v1/pki/acme/" baseAcmeURL := "/v1/pki/acme/"
accountKey, err := rsa.GenerateKey(rand.Reader, 2048) accountKey, err := rsa.GenerateKey(rand.Reader, 2048)
@ -1415,7 +1428,9 @@ func TestAcmeValidationError(t *testing.T) {
cluster, _, _ := setupAcmeBackend(t) cluster, _, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
baseAcmeURL := "/v1/pki/acme/" baseAcmeURL := "/v1/pki/acme/"
accountKey, err := rsa.GenerateKey(rand.Reader, 2048) accountKey, err := rsa.GenerateKey(rand.Reader, 2048)
require.NoError(t, err, "failed creating rsa key") require.NoError(t, err, "failed creating rsa key")
@ -1521,7 +1536,8 @@ func TestAcmeRevocationAcrossAccounts(t *testing.T) {
cluster, vaultClient, _ := setupAcmeBackend(t) cluster, vaultClient, _ := setupAcmeBackend(t)
defer cluster.Cleanup() defer cluster.Cleanup()
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
baseAcmeURL := "/v1/pki/acme/" baseAcmeURL := "/v1/pki/acme/"
accountKey1, err := rsa.GenerateKey(rand.Reader, 2048) accountKey1, err := rsa.GenerateKey(rand.Reader, 2048)
@ -1745,7 +1761,9 @@ func TestACMEClientRequestLimits(t *testing.T) {
}, },
} }
testCtx := context.Background() testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute)
defer cancel()
acmeConfig := map[string]interface{}{ acmeConfig := map[string]interface{}{
"enabled": true, "enabled": true,
"allowed_issuers": "*", "allowed_issuers": "*",

View file

@ -91,7 +91,7 @@ func TestAcmeConfig(t *testing.T) {
testCtx := context.Background() testCtx := context.Background()
for _, tc := range cases { for _, tc := range cases {
deadline := time.Now().Add(time.Second * 10) deadline := time.Now().Add(1 * time.Minute)
subTestCtx, _ := context.WithDeadline(testCtx, deadline) subTestCtx, _ := context.WithDeadline(testCtx, deadline)
_, err := client.Logical().WriteWithContext(subTestCtx, "pki/roles/exists", roleConfig) _, err := client.Logical().WriteWithContext(subTestCtx, "pki/roles/exists", roleConfig)