Add more tests
This commit is contained in:
Jeff Mitchell
parent
31e1ed2417
commit
c5008bcaac
|
|
@ -107,16 +107,19 @@ func TestClientEnvSettings(t *testing.T) {
|
|||
oldClientCert := os.Getenv(EnvVaultClientCert)
|
||||
oldClientKey := os.Getenv(EnvVaultClientKey)
|
||||
oldSkipVerify := os.Getenv(EnvVaultInsecure)
|
||||
oldWrapTTL := os.Getenv(EnvVaultWrapTTL)
|
||||
os.Setenv("VAULT_CACERT", cwd+"/test-fixtures/keys/cert.pem")
|
||||
os.Setenv("VAULT_CAPATH", cwd+"/test-fixtures/keys")
|
||||
os.Setenv("VAULT_CLIENT_CERT", cwd+"/test-fixtures/keys/cert.pem")
|
||||
os.Setenv("VAULT_CLIENT_KEY", cwd+"/test-fixtures/keys/key.pem")
|
||||
os.Setenv("VAULT_SKIP_VERIFY", "true")
|
||||
os.Setenv("VAULT_WRAP_TTL", "60")
|
||||
defer os.Setenv("VAULT_CACERT", oldCACert)
|
||||
defer os.Setenv("VAULT_CAPATH", oldCAPath)
|
||||
defer os.Setenv("VAULT_CLIENT_CERT", oldClientCert)
|
||||
defer os.Setenv("VAULT_CLIENT_KEY", oldClientKey)
|
||||
defer os.Setenv("VAULT_SKIP_VERIFY", oldSkipVerify)
|
||||
defer os.Setenv("VAULT_WRAP_TTL", oldWrapTTL)
|
||||
|
||||
config := DefaultConfig()
|
||||
if err := config.ReadEnvironment(); err != nil {
|
||||
|
|
@ -133,4 +136,8 @@ func TestClientEnvSettings(t *testing.T) {
|
|||
if tlsConfig.InsecureSkipVerify != true {
|
||||
t.Fatalf("bad: %v", tlsConfig.InsecureSkipVerify)
|
||||
}
|
||||
|
||||
if config.WrapTTL != "60" {
|
||||
t.Fatalf("bad: %v", config.WrapTTL)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,7 +17,11 @@ func TestParseSecret(t *testing.T) {
|
|||
},
|
||||
"warnings": [
|
||||
"a warning!"
|
||||
]
|
||||
],
|
||||
"wrap_info": {
|
||||
"token": "token",
|
||||
"ttl": 60
|
||||
}
|
||||
}`)
|
||||
|
||||
secret, err := ParseSecret(strings.NewReader(raw))
|
||||
|
|
@ -35,6 +39,10 @@ func TestParseSecret(t *testing.T) {
|
|||
Warnings: []string{
|
||||
"a warning!",
|
||||
},
|
||||
WrapInfo: &SecretWrapInfo{
|
||||
Token: "token",
|
||||
TTL: 60,
|
||||
},
|
||||
}
|
||||
if !reflect.DeepEqual(secret, expected) {
|
||||
t.Fatalf("bad: %#v %#v", secret, expected)
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
"encoding/json"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"errors"
|
||||
|
||||
|
|
@ -26,6 +27,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
Connection: &logical.Connection{
|
||||
RemoteAddr: "127.0.0.1",
|
||||
},
|
||||
WrapTTL: 60 * time.Second,
|
||||
},
|
||||
errors.New("this is an error"),
|
||||
testFormatJSONReqBasicStr,
|
||||
|
|
@ -64,5 +66,5 @@ func TestFormatJSON_formatRequest(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"remote_address":"127.0.0.1"},"error":"this is an error"}
|
||||
const testFormatJSONReqBasicStr = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"display_name":"","policies":["root"],"metadata":null},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1"},"error":"this is an error"}
|
||||
`
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ func TestCopy_request(t *testing.T) {
|
|||
Data: map[string]interface{}{
|
||||
"foo": "bar",
|
||||
},
|
||||
WrapTTL: 60 * time.Second,
|
||||
}
|
||||
arg := expected
|
||||
|
||||
|
|
@ -66,6 +67,10 @@ func TestCopy_response(t *testing.T) {
|
|||
Data: map[string]interface{}{
|
||||
"foo": "bar",
|
||||
},
|
||||
WrapInfo: &logical.WrapInfo{
|
||||
TTL: 60,
|
||||
Token: "foo",
|
||||
},
|
||||
}
|
||||
arg := expected
|
||||
|
||||
|
|
@ -131,11 +136,19 @@ func TestHash(t *testing.T) {
|
|||
Data: map[string]interface{}{
|
||||
"foo": "bar",
|
||||
},
|
||||
WrapInfo: &logical.WrapInfo{
|
||||
TTL: 60,
|
||||
Token: "bar",
|
||||
},
|
||||
},
|
||||
&logical.Response{
|
||||
Data: map[string]interface{}{
|
||||
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
|
||||
},
|
||||
WrapInfo: &logical.WrapInfo{
|
||||
TTL: 60,
|
||||
Token: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
package http
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"reflect"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/go-cleanhttp"
|
||||
|
|
@ -64,6 +66,33 @@ func TestSysMounts_headerAuth(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// We use this test to verify header auth wrapping
|
||||
func TestSysMounts_headerAuth_Wrapped(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
defer ln.Close()
|
||||
|
||||
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
req.Header.Set(AuthHeaderName, token)
|
||||
req.Header.Set(WrapTTLHeaderName, "60s")
|
||||
|
||||
client := cleanhttp.DefaultClient()
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
}
|
||||
|
||||
testResponseStatus(t, resp, 200)
|
||||
buf := bytes.NewBuffer(nil)
|
||||
buf.ReadFrom(resp.Body)
|
||||
if strings.TrimSpace(buf.String()) != "null" {
|
||||
t.Fatalf("bad: %v", buf.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestHandler_sealed(t *testing.T) {
|
||||
core, _, token := vault.TestCoreUnsealed(t)
|
||||
ln, addr := TestServer(t, core)
|
||||
|
|
|
|||
Loading…
Reference in New Issue