Vault SSH: CRUD test for dynamic role

This commit is contained in:
vishalnayak 2015-07-31 15:17:40 -04:00
parent b592dcc3af
commit c4bd85c241
3 changed files with 51 additions and 30 deletions

View file

@ -20,7 +20,7 @@ const (
testCidr = "127.0.0.1/32"
testDynamicRoleName = "testDynamicRoleName"
testOTPRoleName = "testOTPRoleName"
testKey = "testKey"
testKeyName = "testKeyName"
testSharedPrivateKey = `
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvYvoRcWRxqOim5VZnuM6wHCbLUeiND0yaM1tvOl+Fsrz55DG
@ -90,32 +90,51 @@ func TestSSHDynamicKeyBackend(t *testing.T) {
func TestSSHBackend_OTPRoleCrud(t *testing.T) {
data := map[string]interface{}{
"key_type": testOTPKeyType,
"cidr": testCidr,
"default_user": testUserName,
"cidr": testCidr,
}
logicaltest.Test(t, logicaltest.TestCase{
Factory: Factory,
Steps: []logicaltest.TestStep{
testOTPRoleWrite(t, data),
testOTPRoleRead(t, data),
testOTPRoleDelete(t),
testOTPRoleRead(t, nil),
testRoleWrite(t, testOTPRoleName, data),
testRoleRead(t, testOTPRoleName, data),
testRoleDelete(t, testOTPRoleName),
testRoleRead(t, testOTPRoleName, nil),
},
})
}
func testOTPRoleWrite(t *testing.T, data map[string]interface{}) logicaltest.TestStep {
func TestSSHBackend_DynamicRoleCrud(t *testing.T) {
data := map[string]interface{}{
"key_type": testDynamicKeyType,
"key": testKeyName,
"admin_user": testAdminUser,
"cidr": testCidr,
}
logicaltest.Test(t, logicaltest.TestCase{
Factory: Factory,
Steps: []logicaltest.TestStep{
testNamedKeys(t),
testRoleWrite(t, testDynamicRoleName, data),
testRoleRead(t, testDynamicRoleName, data),
testRoleDelete(t, testDynamicRoleName),
testRoleRead(t, testDynamicRoleName, nil),
},
})
}
func testRoleWrite(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: "roles/" + testOTPRoleName,
Path: "roles/" + name,
Data: data,
}
}
func testOTPRoleRead(t *testing.T, data map[string]interface{}) logicaltest.TestStep {
func testRoleRead(t *testing.T, name string, data map[string]interface{}) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.ReadOperation,
Path: "roles/" + testOTPRoleName,
Path: "roles/" + name,
Check: func(resp *logical.Response) error {
if resp == nil {
if data == nil {
@ -123,34 +142,35 @@ func testOTPRoleRead(t *testing.T, data map[string]interface{}) logicaltest.Test
}
return fmt.Errorf("bad: %#v", resp)
}
var d struct {
KeyType string `mapstructure:"key_type"`
DefaultUser string `mapstructure:"default_user"`
Port string `mapstructure:"port"`
Cidr string `mapstructure:"cidr"`
}
var d sshRole
if err := mapstructure.Decode(resp.Data, &d); err != nil {
return err
return fmt.Errorf("error decoding response:%s", err)
}
if d.KeyType != data["key_type"] || d.DefaultUser != data["default_user"] || d.Cidr != data["cidr"] {
return fmt.Errorf("bad: %#v", resp)
if name == testOTPRoleName {
if d.KeyType != data["key_type"] || d.DefaultUser != data["default_user"] || d.CIDR != data["cidr"] {
return fmt.Errorf("data mismatch. bad: %#v", resp)
}
} else {
if d.AdminUser != data["admin_user"] || d.CIDR != data["cidr"] || d.KeyName != data["key"] || d.KeyType != data["key_type"] {
return fmt.Errorf("data mismatch. bad: %#v", resp)
}
}
return nil
},
}
}
func testOTPRoleDelete(t *testing.T) logicaltest.TestStep {
func testRoleDelete(t *testing.T, name string) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.DeleteOperation,
Path: "roles/" + testOTPRoleName,
Path: "roles/" + name,
}
}
func testNamedKeys(t *testing.T) logicaltest.TestStep {
return logicaltest.TestStep{
Operation: logical.WriteOperation,
Path: fmt.Sprintf("keys/%s", testKey),
Path: fmt.Sprintf("keys/%s", testKeyName),
Data: map[string]interface{}{
"key": testSharedPrivateKey,
},
@ -163,7 +183,7 @@ func testNewDynamicKeyRole(t *testing.T) logicaltest.TestStep {
Path: fmt.Sprintf("roles/%s", testDynamicRoleName),
Data: map[string]interface{}{
"key_type": "dynamic",
"key": testKey,
"key": testKeyName,
"admin_user": testAdminUser,
"cidr": testCidr,
"port": testPort,

View file

@ -212,13 +212,13 @@ func (b *backend) pathRoleDelete(req *logical.Request, d *framework.FieldData) (
}
type sshRole struct {
KeyType string `json:"key_type"`
KeyName string `json:"key"`
KeyBits string `json:"key_bits"`
AdminUser string `json:"admin_user"`
DefaultUser string `json:"default_user"`
CIDR string `json:"cidr"`
Port string `json:"port"`
KeyType string `mapstructure:"key_type" json:"key_type"`
KeyName string `mapstructure:"key" json:"key"`
KeyBits string `mapstructure:"key_bits" json:"key_bits"`
AdminUser string `mapstructure:"admin_user" json:"admin_user"`
DefaultUser string `mapstructure:"default_user" json:"default_user"`
CIDR string `mapstructure:"cidr" json:"cidr"`
Port string `mapstructure:"port" json:"port"`
}
const pathRoleHelpSyn = `

View file

@ -126,6 +126,7 @@ func Test(t TestT, c TestCase) {
return c.Factory(conf)
},
},
DisableMlock: true,
})
if err != nil {
t.Fatal("error initializing core: ", err)