luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Adding tests to ensure all backends are mountable (#3861)

This commit is contained in:
Chris Hoffman 2018-02-01 11:30:04 -05:00 committed by GitHub
parent dc326a83d4
commit ffa6fdaf1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 225 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
command/audit_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"io/ioutil"
"strings"
"testing"
@ -157,4 +158,42 @@ func TestAuditEnableCommand_Run(t *testing.T) {
_, cmd := testAuditEnableCommand(t)
assertNoTabs(t, cmd)
})
t.Run("mount_all", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerAllBackends(t)
defer closer()
files, err := ioutil.ReadDir("../builtin/audit")
if err != nil {
t.Fatal(err)
}
var backends []string
for _, f := range files {
if f.IsDir() {
backends = append(backends, f.Name())
}
}
for _, b := range backends {
ui, cmd := testAuditEnableCommand(t)
cmd.client = client
args := []string{
b,
}
switch b {
case "file":
args = append(args, "file_path=discard")
case "socket":
args = append(args, "address=127.0.0.1:8888")
}
code := cmd.Run(args)
if exp := 0; code != exp {
t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String())
}
}
})
}

50
command/auth_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"io/ioutil"
"strings"
"testing"
@ -141,4 +142,53 @@ func TestAuthEnableCommand_Run(t *testing.T) {
_, cmd := testAuthEnableCommand(t)
assertNoTabs(t, cmd)
})
t.Run("mount_all", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerAllBackends(t)
defer closer()
files, err := ioutil.ReadDir("../builtin/credential")
if err != nil {
t.Fatal(err)
}
var backends []string
for _, f := range files {
if f.IsDir() {
backends = append(backends, f.Name())
}
}
plugins, err := ioutil.ReadDir("../vendor/github.com/hashicorp")
if err != nil {
t.Fatal(err)
}
for _, p := range plugins {
if p.IsDir() && strings.HasPrefix(p.Name(), "vault-plugin-auth-") {
backends = append(backends, strings.TrimPrefix(p.Name(), "vault-plugin-auth-"))
}
}
if len(backends) != len(credentialBackends) {
t.Fatalf("expected %d credential backends, got %d", len(credentialBackends), len(backends))
}
for _, b := range backends {
if b == "token" {
continue
}
ui, cmd := testAuthEnableCommand(t)
cmd.client = client
code := cmd.Run([]string{
b,
})
if exp := 0; code != exp {
t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String())
}
}
})
}

14
command/command_test.go
View File

@ -62,6 +62,20 @@ func testVaultServer(tb testing.TB) (*api.Client, func()) {
return client, closer
}
func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) {
tb.Helper()
client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{
DisableMlock: true,
DisableCache: true,
Logger: defaultVaultLogger,
CredentialBackends: credentialBackends,
AuditBackends: auditBackends,
LogicalBackends: logicalBackends,
})
return client, closer
}
// testVaultServerUnseal creates a test vault cluster and returns a configured
// API client, list of unseal keys (as strings), and a closer function.
func testVaultServerUnseal(tb testing.TB) (*api.Client, []string, func()) {

134
command/commands.go
View File

@ -64,6 +64,72 @@ import (
physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
)
var (
auditBackends = map[string]audit.Factory{
"file": auditFile.Factory,
"socket": auditSocket.Factory,
"syslog": auditSyslog.Factory,
}
credentialBackends = map[string]logical.Factory{
"app-id": credAppId.Factory,
"approle": credAppRole.Factory,
"aws": credAws.Factory,
"centrify": credCentrify.Factory,
"cert": credCert.Factory,
"gcp": credGcp.Factory,
"github": credGitHub.Factory,
"kubernetes": credKube.Factory,
"ldap": credLdap.Factory,
"okta": credOkta.Factory,
"plugin": plugin.Factory,
"radius": credRadius.Factory,
"userpass": credUserpass.Factory,
}
logicalBackends = map[string]logical.Factory{
"aws": aws.Factory,
"cassandra": cassandra.Factory,
"consul": consul.Factory,
"database": database.Factory,
"mongodb": mongodb.Factory,
"mssql": mssql.Factory,
"mysql": mysql.Factory,
"nomad": nomad.Factory,
"pki": pki.Factory,
"plugin": plugin.Factory,
"postgresql": postgresql.Factory,
"rabbitmq": rabbitmq.Factory,
"ssh": ssh.Factory,
"totp": totp.Factory,
"transit": transit.Factory,
}
physicalBackends = map[string]physical.Factory{
"azure": physAzure.NewAzureBackend,
"cassandra": physCassandra.NewCassandraBackend,
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
"consul": physConsul.NewConsulBackend,
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
"couchdb": physCouchDB.NewCouchDBBackend,
"dynamodb": physDynamoDB.NewDynamoDBBackend,
"etcd": physEtcd.NewEtcdBackend,
"file_transactional": physFile.NewTransactionalFileBackend,
"file": physFile.NewFileBackend,
"gcs": physGCS.NewGCSBackend,
"inmem_ha": physInmem.NewInmemHA,
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
"inmem_transactional": physInmem.NewTransactionalInmem,
"inmem": physInmem.NewInmem,
"mssql": physMSSQL.NewMSSQLBackend,
"mysql": physMySQL.NewMySQLBackend,
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
"s3": physS3.NewS3Backend,
"swift": physSwift.NewSwiftBackend,
"zookeeper": physZooKeeper.NewZooKeeperBackend,
}
)
// DeprecatedCommand is a command that wraps an existing command and prints a
// deprecation notice and points the user to the new command. Deprecated
// commands are always hidden from help output.
@ -415,68 +481,12 @@ func init() {
BaseCommand: &BaseCommand{
UI: serverCmdUi,
},
AuditBackends: map[string]audit.Factory{
"file": auditFile.Factory,
"socket": auditSocket.Factory,
"syslog": auditSyslog.Factory,
},
CredentialBackends: map[string]logical.Factory{
"app-id": credAppId.Factory,
"approle": credAppRole.Factory,
"aws": credAws.Factory,
"centrify": credCentrify.Factory,
"cert": credCert.Factory,
"gcp": credGcp.Factory,
"github": credGitHub.Factory,
"kubernetes": credKube.Factory,
"ldap": credLdap.Factory,
"okta": credOkta.Factory,
"plugin": plugin.Factory,
"radius": credRadius.Factory,
"userpass": credUserpass.Factory,
},
LogicalBackends: map[string]logical.Factory{
"aws": aws.Factory,
"cassandra": cassandra.Factory,
"consul": consul.Factory,
"database": database.Factory,
"mongodb": mongodb.Factory,
"mssql": mssql.Factory,
"mysql": mysql.Factory,
"nomad": nomad.Factory,
"pki": pki.Factory,
"plugin": plugin.Factory,
"postgresql": postgresql.Factory,
"rabbitmq": rabbitmq.Factory,
"ssh": ssh.Factory,
"totp": totp.Factory,
"transit": transit.Factory,
},
PhysicalBackends: map[string]physical.Factory{
"azure": physAzure.NewAzureBackend,
"cassandra": physCassandra.NewCassandraBackend,
"cockroachdb": physCockroachDB.NewCockroachDBBackend,
"consul": physConsul.NewConsulBackend,
"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
"couchdb": physCouchDB.NewCouchDBBackend,
"dynamodb": physDynamoDB.NewDynamoDBBackend,
"etcd": physEtcd.NewEtcdBackend,
"file_transactional": physFile.NewTransactionalFileBackend,
"file": physFile.NewFileBackend,
"gcs": physGCS.NewGCSBackend,
"inmem_ha": physInmem.NewInmemHA,
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
"inmem_transactional": physInmem.NewTransactionalInmem,
"inmem": physInmem.NewInmem,
"mssql": physMSSQL.NewMSSQLBackend,
"mysql": physMySQL.NewMySQLBackend,
"postgresql": physPostgreSQL.NewPostgreSQLBackend,
"s3": physS3.NewS3Backend,
"swift": physSwift.NewSwiftBackend,
"zookeeper": physZooKeeper.NewZooKeeperBackend,
},
ShutdownCh: MakeShutdownCh(),
SighupCh: MakeSighupCh(),
AuditBackends: auditBackends,
CredentialBackends: credentialBackends,
LogicalBackends: logicalBackends,
PhysicalBackends: physicalBackends,
ShutdownCh: MakeShutdownCh(),
SighupCh: MakeSighupCh(),
}, nil
},
"ssh": func() (cli.Command, error) {

50
command/secrets_enable_test.go
View File

@ -1,6 +1,7 @@
package command
import (
"io/ioutil"
"strings"
"testing"
@ -168,4 +169,53 @@ func TestSecretsEnableCommand_Run(t *testing.T) {
_, cmd := testSecretsEnableCommand(t)
assertNoTabs(t, cmd)
})
t.Run("mount_all", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerAllBackends(t)
defer closer()
files, err := ioutil.ReadDir("../builtin/logical")
if err != nil {
t.Fatal(err)
}
var backends []string
for _, f := range files {
if f.IsDir() {
if f.Name() == "plugin" {
continue
}
backends = append(backends, f.Name())
}
}
plugins, err := ioutil.ReadDir("../vendor/github.com/hashicorp")
if err != nil {
t.Fatal(err)
}
for _, p := range plugins {
if p.IsDir() && strings.HasPrefix(p.Name(), "vault-plugin-") && !strings.HasPrefix(p.Name(), "vault-plugin-auth-") {
backends = append(backends, strings.TrimPrefix(p.Name(), "vault-plugin-"))
}
}
// Removing one from logical list since plugin is a virtual backend
if len(backends) != len(logicalBackends)-1 {
t.Fatalf("expected %d logical backends, got %d", len(logicalBackends)-1, len(backends))
}
for _, b := range backends {
ui, cmd := testSecretsEnableCommand(t)
cmd.client = client
code := cmd.Run([]string{
b,
})
if exp := 0; code != exp {
t.Errorf("type %s, expected %d to be %d - %s", b, code, exp, ui.OutputWriter.String()+ui.ErrorWriter.String())
}
}
})
}