Added tests
This commit is contained in:
vishalnayak
parent
de1a1be564
commit
3a4021d6c4
|
|
@ -84,7 +84,7 @@ func (b *backend) periodicFunc(req *logical.Request) error {
|
|||
if b.nextTidyTime.IsZero() || !time.Now().Before(b.nextTidyTime) {
|
||||
// safety_buffer defaults to 72h
|
||||
safety_buffer := 259200
|
||||
tidyBlacklistConfigEntry, err := configTidyBlacklistRoleTag(req.Storage)
|
||||
tidyBlacklistConfigEntry, err := configTidyRoleTags(req.Storage)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -101,7 +101,7 @@ func (b *backend) periodicFunc(req *logical.Request) error {
|
|||
|
||||
// reset the safety_buffer to 72h
|
||||
safety_buffer = 259200
|
||||
tidyWhitelistConfigEntry, err := configTidyWhitelistIdentity(req.Storage)
|
||||
tidyWhitelistConfigEntry, err := configTidyIdentities(req.Storage)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,96 @@ import (
|
|||
logicaltest "github.com/hashicorp/vault/logical/testing"
|
||||
)
|
||||
|
||||
func TestBackend_ConfigTidyIdentities(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
||||
b, err := Factory(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
data := map[string]interface{}{
|
||||
"safety_buffer": "60",
|
||||
}
|
||||
|
||||
_, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "config/tidy/identities",
|
||||
Storage: storage,
|
||||
Data: data,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBackend_ConfigTidyRoleTags(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
||||
b, err := Factory(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
data := map[string]interface{}{
|
||||
"safety_buffer": "60",
|
||||
}
|
||||
|
||||
_, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "config/tidy/roletags",
|
||||
Storage: storage,
|
||||
Data: data,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBackend_TidyIdentities(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
||||
b, err := Factory(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "tidy/identities",
|
||||
Storage: storage,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBackend_TidyRoleTags(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
config.StorageView = storage
|
||||
|
||||
b, err := Factory(config)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
_, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "tidy/roletags",
|
||||
Storage: storage,
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestBackend_ConfigClient(t *testing.T) {
|
||||
config := logical.TestBackendConfig()
|
||||
storage := &logical.InmemStorage{}
|
||||
|
|
@ -421,6 +511,7 @@ func TestBackend_PathImageTag(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
||||
// create the backend
|
||||
storage := &logical.InmemStorage{}
|
||||
config := logical.TestBackendConfig()
|
||||
config.StorageView = storage
|
||||
|
|
@ -429,6 +520,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// create an image entry
|
||||
data := map[string]interface{}{
|
||||
"ami_id": "abcd-123",
|
||||
"policies": "p,q,r,s",
|
||||
|
|
@ -444,6 +536,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// create a role tag against an image registered before
|
||||
data2 := map[string]interface{}{
|
||||
"policies": "p,q,r,s",
|
||||
}
|
||||
|
|
@ -467,6 +560,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatalf("role tag not present in the response data: %#v\n", resp.Data)
|
||||
}
|
||||
|
||||
// blacklist that role tag
|
||||
resp, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "blacklist/roletag/" + tag,
|
||||
|
|
@ -479,6 +573,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatalf("failed to blacklist the roletag: %s\n", tag)
|
||||
}
|
||||
|
||||
// read the blacklist entry
|
||||
resp, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.ReadOperation,
|
||||
Path: "blacklist/roletag/" + tag,
|
||||
|
|
@ -494,6 +589,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatalf("failed to read the blacklisted role tag:%s. Err: %s\n", tag, resp.Data["error"])
|
||||
}
|
||||
|
||||
// delete the blacklisted entry
|
||||
_, err = b.HandleRequest(&logical.Request{
|
||||
Operation: logical.DeleteOperation,
|
||||
Path: "blacklist/roletag/" + tag,
|
||||
|
|
@ -503,6 +599,7 @@ func TestBackend_PathBlacklistRoleTag(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// try to read the deleted entry
|
||||
tagEntry, err := blacklistRoleTagEntry(storage, tag)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ func (b *backend) pathBlacklistRoleTagDelete(
|
|||
return logical.ErrorResponse("missing role_tag"), nil
|
||||
}
|
||||
|
||||
err := req.Storage.Delete("blacklist/roletag/" + tag)
|
||||
err := req.Storage.Delete("blacklist/roletag/" + base64.StdEncoding.EncodeToString([]byte(tag)))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,6 +28,8 @@ expiration, before it is removed from the backend storage.`,
|
|||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.CreateOperation: b.pathConfigTidyIdentitiesCreateUpdate,
|
||||
logical.UpdateOperation: b.pathConfigTidyIdentitiesCreateUpdate,
|
||||
logical.ReadOperation: b.pathConfigTidyIdentitiesRead,
|
||||
logical.DeleteOperation: b.pathConfigTidyIdentitiesDelete,
|
||||
},
|
||||
|
||||
HelpSynopsis: pathConfigTidyIdentitiesHelpSyn,
|
||||
|
|
@ -39,14 +41,14 @@ func (b *backend) pathConfigTidyIdentitiesExistenceCheck(req *logical.Request, d
|
|||
b.configMutex.RLock()
|
||||
defer b.configMutex.RUnlock()
|
||||
|
||||
entry, err := configTidyWhitelistIdentity(req.Storage)
|
||||
entry, err := configTidyIdentities(req.Storage)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return entry != nil, nil
|
||||
}
|
||||
|
||||
func configTidyWhitelistIdentity(s logical.Storage) (*tidyWhitelistIdentityConfig, error) {
|
||||
func configTidyIdentities(s logical.Storage) (*tidyWhitelistIdentityConfig, error) {
|
||||
entry, err := s.Get("config/tidy/identities")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -65,7 +67,7 @@ func configTidyWhitelistIdentity(s logical.Storage) (*tidyWhitelistIdentityConfi
|
|||
func (b *backend) pathConfigTidyIdentitiesCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||
b.configMutex.Lock()
|
||||
defer b.configMutex.Unlock()
|
||||
configEntry, err := configTidyWhitelistIdentity(req.Storage)
|
||||
configEntry, err := configTidyIdentities(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -101,7 +103,7 @@ func (b *backend) pathConfigTidyIdentitiesRead(req *logical.Request, data *frame
|
|||
b.configMutex.RLock()
|
||||
defer b.configMutex.RUnlock()
|
||||
|
||||
clientConfig, err := configTidyWhitelistIdentity(req.Storage)
|
||||
clientConfig, err := configTidyIdentities(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,14 +41,14 @@ func (b *backend) pathConfigTidyRoleTagsExistenceCheck(req *logical.Request, dat
|
|||
b.configMutex.RLock()
|
||||
defer b.configMutex.RUnlock()
|
||||
|
||||
entry, err := configTidyBlacklistRoleTag(req.Storage)
|
||||
entry, err := configTidyRoleTags(req.Storage)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
return entry != nil, nil
|
||||
}
|
||||
|
||||
func configTidyBlacklistRoleTag(s logical.Storage) (*tidyBlacklistRoleTagConfig, error) {
|
||||
func configTidyRoleTags(s logical.Storage) (*tidyBlacklistRoleTagConfig, error) {
|
||||
entry, err := s.Get("config/tidy/roletags")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -67,7 +67,7 @@ func configTidyBlacklistRoleTag(s logical.Storage) (*tidyBlacklistRoleTagConfig,
|
|||
func (b *backend) pathConfigTidyRoleTagsCreateUpdate(req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||
b.configMutex.Lock()
|
||||
defer b.configMutex.Unlock()
|
||||
configEntry, err := configTidyBlacklistRoleTag(req.Storage)
|
||||
configEntry, err := configTidyRoleTags(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -103,7 +103,7 @@ func (b *backend) pathConfigTidyRoleTagsRead(req *logical.Request, data *framewo
|
|||
b.configMutex.RLock()
|
||||
defer b.configMutex.RUnlock()
|
||||
|
||||
clientConfig, err := configTidyBlacklistRoleTag(req.Storage)
|
||||
clientConfig, err := configTidyRoleTags(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue