package vault import ( "reflect" "testing" "github.com/hashicorp/vault/logical" ) func TestSystemBackend_RootPaths(t *testing.T) { expected := []string{ "mounts/*", "remount", } b := testSystemBackend(t) actual := b.RootPaths() if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad: %#v", actual) } } func TestSystemBackend_mounts(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.ReadOperation, "mounts") resp, err := b.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } exp := map[string]interface{}{ "secret/": map[string]string{ "type": "generic", "description": "generic secret storage", }, "sys/": map[string]string{ "type": "system", "description": "system endpoints used for control, policy and debugging", }, } if !reflect.DeepEqual(resp.Data, exp) { t.Fatalf("got: %#v expect: %#v", resp.Data, exp) } } func TestSystemBackend_mount(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.WriteOperation, "mounts/prod/secret/") req.Data["type"] = "generic" resp, err := b.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } if resp != nil { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_mount_invalid(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.WriteOperation, "mounts/prod/secret/") req.Data["type"] = "nope" resp, err := b.HandleRequest(req) if err != logical.ErrInvalidRequest { t.Fatalf("err: %v", err) } if resp.Data["error"] != "unknown backend type: nope" { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_unmount(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.DeleteOperation, "mounts/secret/") resp, err := b.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } if resp != nil { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_unmount_invalid(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.DeleteOperation, "mounts/foo/") resp, err := b.HandleRequest(req) if err != logical.ErrInvalidRequest { t.Fatalf("err: %v", err) } if resp.Data["error"] != "no matching mount" { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_remount(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.WriteOperation, "remount") req.Data["from"] = "secret" req.Data["to"] = "foo" resp, err := b.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } if resp != nil { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_remount_invalid(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.WriteOperation, "remount") req.Data["from"] = "unknown" req.Data["to"] = "foo" resp, err := b.HandleRequest(req) if err != logical.ErrInvalidRequest { t.Fatalf("err: %v", err) } if resp.Data["error"] != "no matching mount at 'unknown/'" { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_remount_system(t *testing.T) { b := testSystemBackend(t) req := logical.TestRequest(t, logical.WriteOperation, "remount") req.Data["from"] = "sys" req.Data["to"] = "foo" resp, err := b.HandleRequest(req) if err != logical.ErrInvalidRequest { t.Fatalf("err: %v", err) } if resp.Data["error"] != "cannot remount 'sys/'" { t.Fatalf("bad: %v", resp) } } func TestSystemBackend_renew(t *testing.T) { core, b := testCoreSystemBackend(t) // Create a key with a lease req := logical.TestRequest(t, logical.WriteOperation, "secret/foo") req.Data["foo"] = "bar" req.Data["lease"] = "1h" resp, err := core.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } if resp != nil { t.Fatalf("bad: %#v", resp) } // Read a key with a VaultID req = logical.TestRequest(t, logical.ReadOperation, "secret/foo") resp, err = core.HandleRequest(req) if err != nil { t.Fatalf("err: %v", err) } if resp == nil || resp.Lease == nil || resp.Lease.VaultID == "" { t.Fatalf("bad: %#v", resp) } // Attempt renew req2 := logical.TestRequest(t, logical.WriteOperation, "renew/"+resp.Lease.VaultID) req2.Data["increment"] = 100 resp2, err := b.HandleRequest(req2) if err != nil { t.Fatalf("err: %v", err) } if resp2.Lease.VaultID != resp.Lease.VaultID { t.Fatalf("bad: %#v", resp) } if resp2.Data["foo"] != "bar" { t.Fatalf("bad: %#v", resp) } } func testSystemBackend(t *testing.T) logical.Backend { c, _ := TestCoreUnsealed(t) return NewSystemBackend(c) } func testCoreSystemBackend(t *testing.T) (*Core, logical.Backend) { c, _ := TestCoreUnsealed(t) return c, NewSystemBackend(c) }