Shave off a lot of PKI testing time by not requiring key generation when testing CSRs. Also enable all tests all the time.

2016-07-01 17:27:35 -04:00 · 2016-07-01 17:27:35 -04:00 · 4a8d9eb942
parent 22f0656252
commit 4a8d9eb942
1 changed files with 26 additions and 62 deletions
--- a/builtin/logical/pki/backend_test.go
+++ b/builtin/logical/pki/backend_test.go
@ -37,11 +37,6 @@ var (
 // Performs basic tests on CA functionality
 // Uses the RSA CA key
 func TestBackend_RSAKey(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -56,9 +51,8 @@ func TestBackend_RSAKey(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
-		Steps:          []logicaltest.TestStep{},
+		Backend: b,
+		Steps:   []logicaltest.TestStep{},
 	}

 	stepCount = len(testCase.Steps)
@ -73,11 +67,6 @@ func TestBackend_RSAKey(t *testing.T) {
 // Performs basic tests on CA functionality
 // Uses the EC CA key
 func TestBackend_ECKey(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -92,9 +81,8 @@ func TestBackend_ECKey(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
-		Steps:          []logicaltest.TestStep{},
+		Backend: b,
+		Steps:   []logicaltest.TestStep{},
 	}

 	stepCount = len(testCase.Steps)
@ -107,11 +95,6 @@ func TestBackend_ECKey(t *testing.T) {
 }

 func TestBackend_CSRValues(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -126,9 +109,8 @@ func TestBackend_CSRValues(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
-		Steps:          []logicaltest.TestStep{},
+		Backend: b,
+		Steps:   []logicaltest.TestStep{},
 	}

 	stepCount = len(testCase.Steps)
@ -141,11 +123,6 @@ func TestBackend_CSRValues(t *testing.T) {
 }

 func TestBackend_URLsCRUD(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -160,9 +137,8 @@ func TestBackend_URLsCRUD(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
-		Steps:          []logicaltest.TestStep{},
+		Backend: b,
+		Steps:   []logicaltest.TestStep{},
 	}

 	stepCount = len(testCase.Steps)
@ -178,11 +154,6 @@ func TestBackend_URLsCRUD(t *testing.T) {
 // of role flags to ensure that they are properly restricted
 // Uses the RSA CA key
 func TestBackend_RSARoles(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -197,8 +168,7 @@ func TestBackend_RSARoles(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
+		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
 				Operation: logical.UpdateOperation,
@ -226,11 +196,6 @@ func TestBackend_RSARoles(t *testing.T) {
 // of role flags to ensure that they are properly restricted
 // Uses the RSA CA key
 func TestBackend_RSARoles_CSR(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -245,8 +210,7 @@ func TestBackend_RSARoles_CSR(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
+		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
 				Operation: logical.UpdateOperation,
@ -274,11 +238,6 @@ func TestBackend_RSARoles_CSR(t *testing.T) {
 // of role flags to ensure that they are properly restricted
 // Uses the EC CA key
 func TestBackend_ECRoles(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -293,8 +252,7 @@ func TestBackend_ECRoles(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
+		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
 				Operation: logical.UpdateOperation,
@ -322,11 +280,6 @@ func TestBackend_ECRoles(t *testing.T) {
 // of role flags to ensure that they are properly restricted
 // Uses the EC CA key
 func TestBackend_ECRoles_CSR(t *testing.T) {
-	if os.Getenv(logicaltest.TestEnvVar) == "" {
-		t.Skip(fmt.Sprintf("Acceptance tests skipped unless env '%s' set", logicaltest.TestEnvVar))
-		return
-	}
-
 	defaultLeaseTTLVal := time.Hour * 24
 	maxLeaseTTLVal := time.Hour * 24 * 30
 	b, err := Factory(&logical.BackendConfig{
@ -341,8 +294,7 @@ func TestBackend_ECRoles_CSR(t *testing.T) {
 	}

 	testCase := logicaltest.TestCase{
-		AcceptanceTest: true,
-		Backend:        b,
+		Backend: b,
 		Steps: []logicaltest.TestStep{
 			logicaltest.TestStep{
 				Operation: logical.UpdateOperation,
@ -1452,6 +1404,9 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
 		}
 	}

+	generatedRSAKeys := map[int]crypto.Signer{}
+	generatedECKeys := map[int]crypto.Signer{}
+
 	/*
 		// For the number of tests being run, a seed of 1 has been tested
 		// to hit all of the various values below. However, for normal
@ -1646,6 +1601,7 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
 				ecKeyBits := []int{224, 256, 384, 521}

 				var privKey crypto.Signer
+				var ok bool
 				switch roleVals.KeyType {
 				case "rsa":
 					roleVals.KeyBits = rsaKeyBits[mathRand.Int()%2]
@ -1662,7 +1618,11 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
 						issueTestStep.ErrorOk = true
 					}

-					privKey, _ = rsa.GenerateKey(rand.Reader, testBitSize)
+					privKey, ok = generatedRSAKeys[testBitSize]
+					if !ok {
+						privKey, _ = rsa.GenerateKey(rand.Reader, testBitSize)
+						generatedRSAKeys[testBitSize] = privKey
+					}

 				case "ec":
 					roleVals.KeyBits = ecKeyBits[mathRand.Int()%4]
@ -1692,7 +1652,11 @@ func generateRoleSteps(t *testing.T, useCSRs bool) []logicaltest.TestStep {
 						issueTestStep.ErrorOk = true
 					}

-					privKey, _ = ecdsa.GenerateKey(curve, rand.Reader)
+					privKey, ok = generatedECKeys[testBitSize]
+					if !ok {
+						privKey, _ = ecdsa.GenerateKey(curve, rand.Reader)
+						generatedECKeys[testBitSize] = privKey
+					}
 				}
 				templ := &x509.CertificateRequest{
 					Subject: pkix.Name{