open-vault/ui/tests/acceptance/enterprise-kmip-test.js

313 lines
10 KiB
JavaScript

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { currentURL, currentRouteName, settled, fillIn, waitUntil, find } from '@ember/test-helpers';
import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit';
import { create } from 'ember-cli-page-object';
import consoleClass from 'vault/tests/pages/components/console/ui-panel';
import authPage from 'vault/tests/pages/auth';
import scopesPage from 'vault/tests/pages/secrets/backend/kmip/scopes';
import rolesPage from 'vault/tests/pages/secrets/backend/kmip/roles';
import credentialsPage from 'vault/tests/pages/secrets/backend/kmip/credentials';
import mountSecrets from 'vault/tests/pages/settings/mount-secret-backend';
const uiConsole = create(consoleClass);
const getRandomPort = () => {
let a = Math.floor(100000 + Math.random() * 900000);
a = String(a);
return a.substring(0, 4);
};
const mount = async (shouldConfig = true) => {
const now = Date.now();
const path = `kmip-${now}`;
const addr = `127.0.0.1:${getRandomPort()}`; // use random port
await settled();
const commands = shouldConfig
? [`write sys/mounts/${path} type=kmip`, `write ${path}/config listen_addrs=${addr}`]
: [`write sys/mounts/${path} type=kmip`];
await uiConsole.runCommands(commands);
await settled();
const res = uiConsole.lastLogOutput;
if (res.includes('Error')) {
throw new Error(`Error mounting secrets engine: ${res}`);
}
return path;
};
const createScope = async () => {
const path = await mount();
await settled();
const scope = `scope-${Date.now()}`;
await settled();
await uiConsole.runCommands([`write ${path}/scope/${scope} -force`]);
await settled();
const res = uiConsole.lastLogOutput;
if (res.includes('Error')) {
throw new Error(`Error creating scope: ${res}`);
}
return { path, scope };
};
const createRole = async () => {
const { path, scope } = await createScope();
await settled();
const role = `role-${Date.now()}`;
await uiConsole.runCommands([`write ${path}/scope/${scope}/role/${role} operation_all=true`]);
await settled();
const res = uiConsole.lastLogOutput;
if (res.includes('Error')) {
throw new Error(`Error creating role: ${res}`);
}
return { path, scope, role };
};
const generateCreds = async () => {
const { path, scope, role } = await createRole();
await settled();
await uiConsole.runCommands([
`write ${path}/scope/${scope}/role/${role}/credential/generate format=pem -field=serial_number`,
]);
const serial = uiConsole.lastLogOutput;
if (serial.includes('Error')) {
throw new Error(`Credential generation failed with error: ${serial}`);
}
return { path, scope, role, serial };
};
module('Acceptance | Enterprise | KMIP secrets', function (hooks) {
setupApplicationTest(hooks);
hooks.beforeEach(async function () {
await authPage.login();
return;
});
test('it enables KMIP secrets engine', async function (assert) {
const path = `kmip-${Date.now()}`;
await mountSecrets.enable('kmip', path);
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes`,
'mounts and redirects to the kmip scopes page'
);
assert.ok(scopesPage.isEmpty, 'renders empty state');
});
test('it can configure a KMIP secrets engine', async function (assert) {
const path = await mount(false);
await scopesPage.visit({ backend: path });
await settled();
await scopesPage.configurationLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/configuration`,
'configuration navigates to the config page'
);
assert.ok(scopesPage.isEmpty, 'config page renders empty state');
await scopesPage.configureLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/configure`,
'configuration navigates to the configure page'
);
const addr = `127.0.0.1:${getRandomPort()}`;
await fillIn('[data-test-string-list-input="0"]', addr);
await scopesPage.submit();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/configuration`,
'redirects to configuration page after saving config'
);
assert.notOk(scopesPage.isEmpty, 'configuration page no longer renders empty state');
});
test('it can revoke from the credentials show page', async function (assert) {
const { path, scope, role, serial } = await generateCreds();
await settled();
await credentialsPage.visitDetail({ backend: path, scope, role, serial });
await settled();
await waitUntil(() => find('[data-test-confirm-action-trigger]'));
assert.dom('[data-test-confirm-action-trigger]').exists('delete button exists');
await credentialsPage.delete().confirmDelete();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles/${role}/credentials`,
'redirects to the credentials list'
);
assert.ok(credentialsPage.isEmpty, 'renders an empty credentials page');
});
test('it can create a scope', async function (assert) {
const path = await mount(this);
await scopesPage.visit({ backend: path });
await settled();
await scopesPage.createLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/create`,
'navigates to the kmip scope create page'
);
// create scope
await scopesPage.scopeName('foo');
await settled();
await scopesPage.submit();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes`,
'navigates to the kmip scopes page after create'
);
assert.strictEqual(scopesPage.listItemLinks.length, 1, 'renders a single scope');
});
test('it can delete a scope from the list', async function (assert) {
const { path } = await createScope();
await scopesPage.visit({ backend: path });
await settled();
// delete the scope
await scopesPage.listItemLinks.objectAt(0).menuToggle();
await settled();
await scopesPage.delete();
await settled();
await scopesPage.confirmDelete();
await settled();
assert.strictEqual(scopesPage.listItemLinks.length, 0, 'no scopes');
assert.ok(scopesPage.isEmpty, 'renders the empty state');
});
test('it can create a role', async function (assert) {
// moving create scope here to help with flaky test
const path = await mount();
await settled();
const scope = `scope-for-can-create-role`;
await settled();
await uiConsole.runCommands([`write ${path}/scope/${scope} -force`]);
await settled();
const res = uiConsole.lastLogOutput;
if (res.includes('Error')) {
throw new Error(`Error creating scope: ${res}`);
}
const role = `role-new-role`;
await rolesPage.visit({ backend: path, scope });
await settled();
assert.ok(rolesPage.isEmpty, 'renders the empty role page');
await rolesPage.create();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles/create`,
'links to the role create form'
);
await rolesPage.roleName(role);
await settled();
await rolesPage.submit();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles`,
'redirects to roles list'
);
assert.strictEqual(rolesPage.listItemLinks.length, 1, 'renders a single role');
});
test('it can delete a role from the list', async function (assert) {
const { path, scope } = await createRole();
await rolesPage.visit({ backend: path, scope });
await settled();
// delete the role
await rolesPage.listItemLinks.objectAt(0).menuToggle();
await settled();
await rolesPage.delete();
await settled();
await rolesPage.confirmDelete();
await settled();
assert.strictEqual(rolesPage.listItemLinks.length, 0, 'renders no roles');
assert.ok(rolesPage.isEmpty, 'renders empty');
});
test('it can delete a role from the detail page', async function (assert) {
const { path, scope, role } = await createRole();
await settled();
await rolesPage.visitDetail({ backend: path, scope, role });
await settled();
await waitUntil(() => find('[data-test-kmip-link-edit-role]'));
await rolesPage.detailEditLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles/${role}/edit`,
'navigates to role edit'
);
await rolesPage.cancelLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles/${role}`,
'cancel navigates to role show'
);
await rolesPage.delete().confirmDelete();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles`,
'redirects to the roles list'
);
assert.ok(rolesPage.isEmpty, 'renders an empty roles page');
});
test('it can create a credential', async function (assert) {
// TODO come back and figure out why issue here with test
const { path, scope, role } = await createRole();
await credentialsPage.visit({ backend: path, scope, role });
await settled();
assert.ok(credentialsPage.isEmpty, 'renders empty creds page');
await credentialsPage.generateCredentialsLink();
await settled();
assert.strictEqual(
currentURL(),
`/vault/secrets/${path}/kmip/scopes/${scope}/roles/${role}/credentials/generate`,
'navigates to generate credentials'
);
await credentialsPage.submit();
await settled();
assert.strictEqual(
currentRouteName(),
'vault.cluster.secrets.backend.kmip.credentials.show',
'generate redirects to the show page'
);
await credentialsPage.backToRoleLink();
await settled();
assert.strictEqual(credentialsPage.listItemLinks.length, 1, 'renders a single credential');
});
test('it can revoke a credential from the list', async function (assert) {
const { path, scope, role } = await generateCreds();
await credentialsPage.visit({ backend: path, scope, role });
// revoke the credentials
await settled();
await credentialsPage.listItemLinks.objectAt(0).menuToggle();
await settled();
await credentialsPage.delete().confirmDelete();
await settled();
assert.strictEqual(credentialsPage.listItemLinks.length, 0, 'renders no credentials');
assert.ok(credentialsPage.isEmpty, 'renders empty');
});
});