3ca73ad07e
* Initial refactoring of ACME PKI binary tests - Rework test suite to use a single Vault cluster with different mounts. - Refactor convenience methods to write PKI tests. * Add ACME test cases for mixed IP and DNS, along with IP only identifier requests * Parallelize the Vault PKI test suite
124 lines
3.7 KiB
Go
124 lines
3.7 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package pkiext_binary
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
)
|
|
|
|
type VaultPkiMount struct {
|
|
*VaultPkiCluster
|
|
mount string
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) UpdateClusterConfig(config map[string]interface{}) error {
|
|
defaultPath := "https://" + vpm.cluster.ClusterNodes[0].ContainerIPAddress + ":8200/v1/" + vpm.mount
|
|
defaults := map[string]interface{}{
|
|
"path": defaultPath,
|
|
"aia_path": defaultPath,
|
|
}
|
|
|
|
_, err := vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/config/cluster", mergeWithDefaults(config, defaults))
|
|
return err
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) UpdateAcmeConfig(enable bool, config map[string]interface{}) error {
|
|
defaults := map[string]interface{}{
|
|
"enabled": enable,
|
|
}
|
|
|
|
_, err := vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/config/acme", mergeWithDefaults(config, defaults))
|
|
return err
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) GenerateRootInternal(props map[string]interface{}) (*api.Secret, error) {
|
|
defaults := map[string]interface{}{
|
|
"common_name": "root-test.com",
|
|
"key_type": "ec",
|
|
"issuer_name": "root",
|
|
}
|
|
|
|
return vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/root/generate/internal", mergeWithDefaults(props, defaults))
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) GenerateIntermediateInternal(props map[string]interface{}) (*api.Secret, error) {
|
|
defaults := map[string]interface{}{
|
|
"common_name": "intermediary-test.com",
|
|
"key_type": "ec",
|
|
"issuer_name": "intermediary",
|
|
}
|
|
|
|
return vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/intermediate/generate/internal", mergeWithDefaults(props, defaults))
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) SignIntermediary(signingIssuer string, csr interface{}, props map[string]interface{}) (*api.Secret, error) {
|
|
defaults := map[string]interface{}{
|
|
"csr": csr,
|
|
}
|
|
|
|
return vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/issuer/"+signingIssuer+"/sign-intermediate",
|
|
mergeWithDefaults(props, defaults))
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) ImportBundle(pemBundle interface{}, props map[string]interface{}) (*api.Secret, error) {
|
|
defaults := map[string]interface{}{
|
|
"pem_bundle": pemBundle,
|
|
}
|
|
|
|
return vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/issuers/import/bundle", mergeWithDefaults(props, defaults))
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) UpdateDefaultIssuer(issuerId string, props map[string]interface{}) error {
|
|
defaults := map[string]interface{}{
|
|
"default": issuerId,
|
|
}
|
|
|
|
_, err := vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/config/issuers", mergeWithDefaults(props, defaults))
|
|
|
|
return err
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) UpdateIssuer(issuerRef string, props map[string]interface{}) error {
|
|
defaults := map[string]interface{}{}
|
|
|
|
_, err := vpm.GetActiveNode().Logical().JSONMergePatch(context.Background(),
|
|
vpm.mount+"/issuer/"+issuerRef, mergeWithDefaults(props, defaults))
|
|
|
|
return err
|
|
}
|
|
|
|
func (vpm *VaultPkiMount) UpdateRole(roleName string, config map[string]interface{}) error {
|
|
defaults := map[string]interface{}{}
|
|
|
|
_, err := vpm.GetActiveNode().Logical().WriteWithContext(context.Background(),
|
|
vpm.mount+"/roles/"+roleName, mergeWithDefaults(config, defaults))
|
|
|
|
return err
|
|
}
|
|
|
|
func mergeWithDefaults(config map[string]interface{}, defaults map[string]interface{}) map[string]interface{} {
|
|
myConfig := config
|
|
if myConfig == nil {
|
|
myConfig = map[string]interface{}{}
|
|
}
|
|
for key, value := range defaults {
|
|
if origVal, exists := config[key]; !exists {
|
|
myConfig[key] = value
|
|
} else {
|
|
myConfig[key] = origVal
|
|
}
|
|
}
|
|
|
|
return myConfig
|
|
}
|