vault: Testing sys/renew
This commit is contained in:
Armon Dadgar
parent
15b7dc2d02
commit
e52f1ee960
|
|
@ -241,6 +241,9 @@ func (m *ExpirationManager) Renew(vaultID string, increment time.Duration) (*log
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Attach the VaultID
|
||||
resp.Lease.VaultID = vaultID
|
||||
|
||||
// Update the lease entry
|
||||
le.Data = resp.Data
|
||||
le.Lease = resp.Lease
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ func PassthroughBackendFactory(map[string]string) (logical.Backend, error) {
|
|||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.ReadOperation: b.handleRead,
|
||||
logical.RenewOperation: b.handleRead,
|
||||
logical.WriteOperation: b.handleWrite,
|
||||
logical.DeleteOperation: b.handleDelete,
|
||||
logical.ListOperation: b.handleList,
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package vault
|
|||
|
||||
import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/hashicorp/vault/logical/framework"
|
||||
|
|
@ -66,6 +67,28 @@ func NewSystemBackend(core *Core) logical.Backend {
|
|||
HelpSynopsis: strings.TrimSpace(sysHelp["remount"][0]),
|
||||
HelpDescription: strings.TrimSpace(sysHelp["remount"][1]),
|
||||
},
|
||||
|
||||
&framework.Path{
|
||||
Pattern: "renew/(?P<vault_id>.+)",
|
||||
|
||||
Fields: map[string]*framework.FieldSchema{
|
||||
"vault_id": &framework.FieldSchema{
|
||||
Type: framework.TypeString,
|
||||
Description: strings.TrimSpace(sysHelp["vault_id"][0]),
|
||||
},
|
||||
"increment": &framework.FieldSchema{
|
||||
Type: framework.TypeInt,
|
||||
Description: strings.TrimSpace(sysHelp["increment"][0]),
|
||||
},
|
||||
},
|
||||
|
||||
Callbacks: map[logical.Operation]framework.OperationFunc{
|
||||
logical.WriteOperation: b.handleRenew,
|
||||
},
|
||||
|
||||
HelpSynopsis: strings.TrimSpace(sysHelp["renew"][0]),
|
||||
HelpDescription: strings.TrimSpace(sysHelp["renew"][1]),
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
|
@ -169,6 +192,20 @@ func (b *SystemBackend) handleRemount(
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
// handleRenew is used to renew a lease with a given VaultID
|
||||
func (b *SystemBackend) handleRenew(
|
||||
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||
// Get all the options
|
||||
vaultID := data.Get("vault_id").(string)
|
||||
incrementRaw := data.Get("increment").(int)
|
||||
|
||||
// Convert the increment
|
||||
increment := time.Duration(incrementRaw) * time.Second
|
||||
|
||||
// Invoke the expiration manager directly
|
||||
return b.Core.expiration.Renew(vaultID, increment)
|
||||
}
|
||||
|
||||
// sysHelp is all the help text for the sys backend.
|
||||
var sysHelp = map[string][2]string{
|
||||
"mounts": {
|
||||
|
|
@ -210,4 +247,24 @@ west coast.
|
|||
Change the mount point of an already-mounted backend.
|
||||
`,
|
||||
},
|
||||
|
||||
"renew": {
|
||||
"Renew a lease on a secret",
|
||||
`
|
||||
When a secret is read, it may optionally include a lease interval
|
||||
and a boolean indicating if renew is possible. For secrets that support
|
||||
lease renewal, this endpoint is used to extend the validity of the
|
||||
lease and to prevent an automatic revocation.
|
||||
`,
|
||||
},
|
||||
|
||||
"vault_id": {
|
||||
"The vault identifier to renew. This is included with a lease.",
|
||||
"",
|
||||
},
|
||||
|
||||
"increment": {
|
||||
"The desired increment in seconds to the lease",
|
||||
"",
|
||||
},
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,7 +143,53 @@ func TestSystemBackend_remount_system(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestSystemBackend_renew(t *testing.T) {
|
||||
core, b := testCoreSystemBackend(t)
|
||||
|
||||
// Create a key with a lease
|
||||
req := logical.TestRequest(t, logical.WriteOperation, "secret/foo")
|
||||
req.Data["foo"] = "bar"
|
||||
req.Data["lease"] = "1h"
|
||||
resp, err := core.HandleRequest(req)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if resp != nil {
|
||||
t.Fatalf("bad: %#v", resp)
|
||||
}
|
||||
|
||||
// Read a key with a VaultID
|
||||
req = logical.TestRequest(t, logical.ReadOperation, "secret/foo")
|
||||
resp, err = core.HandleRequest(req)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if resp == nil || resp.Lease == nil || resp.Lease.VaultID == "" {
|
||||
t.Fatalf("bad: %#v", resp)
|
||||
}
|
||||
|
||||
// Attempt renew
|
||||
req2 := logical.TestRequest(t, logical.WriteOperation, "renew/"+resp.Lease.VaultID)
|
||||
req2.Data["increment"] = 100
|
||||
resp2, err := b.HandleRequest(req2)
|
||||
if err != nil {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
|
||||
if resp2.Lease.VaultID != resp.Lease.VaultID {
|
||||
t.Fatalf("bad: %#v", resp)
|
||||
}
|
||||
if resp2.Data["foo"] != "bar" {
|
||||
t.Fatalf("bad: %#v", resp)
|
||||
}
|
||||
}
|
||||
|
||||
func testSystemBackend(t *testing.T) logical.Backend {
|
||||
c, _ := TestCoreUnsealed(t)
|
||||
return NewSystemBackend(c)
|
||||
}
|
||||
|
||||
func testCoreSystemBackend(t *testing.T) (*Core, logical.Backend) {
|
||||
c, _ := TestCoreUnsealed(t)
|
||||
return c, NewSystemBackend(c)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue