vault: tests passing

2015-03-29 16:18:08 -07:00 · 2015-03-29 16:18:08 -07:00 · e9a3a34c27
parent 4cacaf62f0
commit e9a3a34c27
6 changed files with 22 additions and 29 deletions
--- a/vault/auth_test.go
+++ b/vault/auth_test.go
@ -48,7 +48,7 @@ func (n *NoopCred) HandleLogin(req *credential.Request) (*credential.Response, e
 }

 func TestCore_DefaultAuthTable(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	verifyDefaultAuthTable(t, c.auth)

 	// Start a second core with same physical
@ -72,7 +72,7 @@ func TestCore_DefaultAuthTable(t *testing.T) {
 }

 func TestCore_EnableCredential(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	c.credentialBackends["noop"] = func(map[string]string) (credential.Backend, error) {
 		return &NoopCred{}, nil
 	}
@ -111,7 +111,7 @@ func TestCore_EnableCredential(t *testing.T) {
 }

 func TestCore_EnableCredential_Token(t *testing.T) {
-	c, _ := TestCoreUnsealed(t)
+	c, _, _ := TestCoreUnsealed(t)
 	me := &MountEntry{
 		Path: "foo",
 		Type: "token",
@ -123,7 +123,7 @@ func TestCore_EnableCredential_Token(t *testing.T) {
 }

 func TestCore_DisableCredential(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	c.credentialBackends["noop"] = func(map[string]string) (credential.Backend, error) {
 		return &NoopCred{}, nil
 	}
@ -172,7 +172,7 @@ func TestCore_DisableCredential(t *testing.T) {
 }

 func TestCore_DisableCredential_Protected(t *testing.T) {
-	c, _ := TestCoreUnsealed(t)
+	c, _, _ := TestCoreUnsealed(t)
 	err := c.disableCredential("token")
 	if err.Error() != "token credential backend cannot be disabled" {
 		t.Fatalf("err: %v", err)
--- a/vault/core_test.go
+++ b/vault/core_test.go
@ -313,7 +313,7 @@ func TestCore_Route_Sealed(t *testing.T) {

 // Attempt to unseal after doing a first seal
 func TestCore_SealUnseal(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	if err := c.Seal(); err != nil {
 		t.Fatalf("err: %v", err)
 	}
@ -324,7 +324,7 @@ func TestCore_SealUnseal(t *testing.T) {

 // Ensure we get a VaultID
 func TestCore_HandleRequest_Lease(t *testing.T) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)

 	req := &logical.Request{
 		Operation: logical.WriteOperation,
@ -365,7 +365,7 @@ func TestCore_HandleRequest_Lease(t *testing.T) {
 }

 func TestCore_HandleRequest_MissingToken(t *testing.T) {
-	c, _, _ := TestCoreUnsealedToken(t)
+	c, _, _ := TestCoreUnsealed(t)

 	req := &logical.Request{
 		Operation: logical.WriteOperation,
@ -385,7 +385,7 @@ func TestCore_HandleRequest_MissingToken(t *testing.T) {
 }

 func TestCore_HandleRequest_InvalidToken(t *testing.T) {
-	c, _, _ := TestCoreUnsealedToken(t)
+	c, _, _ := TestCoreUnsealed(t)

 	req := &logical.Request{
 		Operation: logical.WriteOperation,
@ -407,7 +407,7 @@ func TestCore_HandleRequest_InvalidToken(t *testing.T) {

 // Test a root path is denied if non-root
 func TestCore_HandleRequest_RootPath(t *testing.T) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	testCoreMakeToken(t, c, root, "child", []string{"test"})

 	req := &logical.Request{
@ -426,7 +426,7 @@ func TestCore_HandleRequest_RootPath(t *testing.T) {

 // Test a root path is allowed if non-root but with sudo
 func TestCore_HandleRequest_RootPath_WithSudo(t *testing.T) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)

 	// Set the 'test' policy object to permit access to sys/policy
 	req := &logical.Request{
@ -463,7 +463,7 @@ func TestCore_HandleRequest_RootPath_WithSudo(t *testing.T) {

 // Check that standard permissions work
 func TestCore_HandleRequest_PermissionDenied(t *testing.T) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	testCoreMakeToken(t, c, root, "child", []string{"test"})

 	req := &logical.Request{
@ -486,7 +486,7 @@ func TestCore_HandleRequest_PermissionDenied(t *testing.T) {

 // Check that standard permissions work
 func TestCore_HandleRequest_PermissionAllowed(t *testing.T) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	testCoreMakeToken(t, c, root, "child", []string{"test"})

 	// Set the 'test' policy object to permit access to secret/
@ -540,7 +540,7 @@ func TestCore_HandleLogin_Token(t *testing.T) {
 			},
 		},
 	}
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	c.credentialBackends["noop"] = func(map[string]string) (credential.Backend, error) {
 		return noop, nil
 	}
--- a/vault/logical_system_test.go
+++ b/vault/logical_system_test.go
@ -496,11 +496,11 @@ func TestSystemBackend_policyCRUD(t *testing.T) {
 }

 func testSystemBackend(t *testing.T) logical.Backend {
-	c, _ := TestCoreUnsealed(t)
+	c, _, _ := TestCoreUnsealed(t)
 	return NewSystemBackend(c)
 }

 func testCoreSystemBackend(t *testing.T) (*Core, logical.Backend, string) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	return c, NewSystemBackend(c), root
 }
--- a/vault/mount_test.go
+++ b/vault/mount_test.go
@ -6,7 +6,7 @@ import (
 )

 func TestCore_DefaultMountTable(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	verifyDefaultTable(t, c.mounts)

 	// Start a second core with same physical
@ -30,7 +30,7 @@ func TestCore_DefaultMountTable(t *testing.T) {
 }

 func TestCore_Mount(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	me := &MountEntry{
 		Path: "foo",
 		Type: "generic",
@ -65,7 +65,7 @@ func TestCore_Mount(t *testing.T) {
 }

 func TestCore_Unmount(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	err := c.unmount("secret")
 	if err != nil {
 		t.Fatalf("err: %v", err)
@ -96,7 +96,7 @@ func TestCore_Unmount(t *testing.T) {
 }

 func TestCore_Remount(t *testing.T) {
-	c, key := TestCoreUnsealed(t)
+	c, key, _ := TestCoreUnsealed(t)
 	err := c.remount("secret", "foo")
 	if err != nil {
 		t.Fatalf("err: %v", err)
@ -127,7 +127,7 @@ func TestCore_Remount(t *testing.T) {
 }

 func TestCore_Remount_Protected(t *testing.T) {
-	c, _ := TestCoreUnsealed(t)
+	c, _, _ := TestCoreUnsealed(t)
 	err := c.remount("sys", "foo")
 	if err.Error() != "cannot remount 'sys/'" {
 		t.Fatalf("err: %v", err)
--- a/vault/testing.go
+++ b/vault/testing.go
@ -38,13 +38,6 @@ func TestCoreInit(t *testing.T, core *Core) ([]byte, string) {
 // TestCoreUnsealed returns a pure in-memory core that is already
 // initialized and unsealed.
 func TestCoreUnsealed(t *testing.T) (*Core, []byte, string) {
-	core, key, token := TestCoreUnsealedToken(t)
-	return core, key, token
-}
-
-// TestCoreUnsealedToken returns a pure in-memory core that is already
-// initialized and unsealed along with the root token.
-func TestCoreUnsealedToken(t *testing.T) (*Core, []byte, string) {
 	core := TestCore(t)
 	key, token := TestCoreInit(t, core)
 	if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
--- a/vault/token_store_test.go
+++ b/vault/token_store_test.go
@ -9,7 +9,7 @@ import (
 )

 func mockTokenStore(t *testing.T) (*Core, *TokenStore, string) {
-	c, _, root := TestCoreUnsealedToken(t)
+	c, _, root := TestCoreUnsealed(t)
 	ts, err := NewTokenStore(c)
 	if err != nil {
 		t.Fatalf("err: %v", err)