open-vault/physical/consul_test.go

484 lines
10 KiB
Go

package physical
import (
"fmt"
"os"
"reflect"
"testing"
"time"
"github.com/hashicorp/consul/api"
)
type consulConf map[string]string
var (
addrCount int = 0
)
func testHostIP() string {
a := addrCount
addrCount++
return fmt.Sprintf("127.0.0.%d", a)
}
func testConsulBackend(t *testing.T) *ConsulBackend {
return testConsulBackendConfig(t, &consulConf{})
}
func testConsulBackendConfig(t *testing.T, conf *consulConf) *ConsulBackend {
const serviceID = "vaultTestService"
be, err := newConsulBackend(*conf)
if err != nil {
t.Fatalf("Expected Consul to initialize: %v", err)
}
c, ok := be.(*ConsulBackend)
if !ok {
t.Fatalf("Expected ConsulBackend")
}
c.service = &api.AgentServiceRegistration{
ID: serviceID,
Name: c.serviceName,
Tags: serviceTags(c.active),
Port: 8200,
Address: testHostIP(),
EnableTagOverride: false,
}
c.sealedCheck = &api.AgentCheckRegistration{
ID: c.checkID(),
Name: "Vault Sealed Status",
Notes: "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
ServiceID: serviceID,
AgentServiceCheck: api.AgentServiceCheck{
TTL: c.checkTimeout.String(),
Status: api.HealthPassing,
},
}
return c
}
func testConsul_testConsulBackend(t *testing.T) {
c := testConsulBackend(t)
if c == nil {
t.Fatalf("bad")
}
if c.active != false {
t.Fatalf("bad")
}
if c.unsealed != false {
t.Fatalf("bad")
}
if c.service == nil {
t.Fatalf("bad")
}
if c.sealedCheck == nil {
t.Fatalf("bad")
}
}
func TestConsul_newConsulBackend(t *testing.T) {
tests := []struct {
name string
consulConfig map[string]string
fail bool
advertiseAddr string
checkTimeout time.Duration
path string
service string
address string
scheme string
token string
max_parallel int
disableReg bool
}{
{
name: "Valid default config",
consulConfig: map[string]string{},
checkTimeout: 5 * time.Second,
advertiseAddr: "http://127.0.0.1:8200",
path: "vault/",
service: "vault",
address: "127.0.0.1:8500",
scheme: "http",
token: "",
max_parallel: 4,
disableReg: false,
},
{
name: "Valid modified config",
consulConfig: map[string]string{
"path": "seaTech/",
"service": "astronomy",
"advertiseAddr": "http://127.0.0.2:8200",
"check_timeout": "6s",
"address": "127.0.0.2",
"scheme": "https",
"token": "deadbeef-cafeefac-deadc0de-feedface",
"max_parallel": "4",
"disable_registration": "false",
},
checkTimeout: 6 * time.Second,
path: "seaTech/",
service: "astronomy",
advertiseAddr: "http://127.0.0.2:8200",
address: "127.0.0.2",
scheme: "https",
token: "deadbeef-cafeefac-deadc0de-feedface",
max_parallel: 4,
},
{
name: "check timeout too short",
fail: true,
consulConfig: map[string]string{
"check_timeout": "99ms",
},
},
}
for _, test := range tests {
be, err := newConsulBackend(test.consulConfig)
if test.fail {
if err == nil {
t.Fatalf(`Expected config "%s" to fail`, test.name)
} else {
continue
}
} else if !test.fail && err != nil {
t.Fatalf("Expected config %s to not fail: %v", test.name, err)
}
c, ok := be.(*ConsulBackend)
if !ok {
t.Fatalf("Expected ConsulBackend: %s", test.name)
}
if err := c.UpdateAdvertiseAddr(test.advertiseAddr); err != nil {
t.Fatalf("bad: %v", err)
}
if test.checkTimeout != c.checkTimeout {
t.Errorf("bad: %v != %v", test.checkTimeout, c.checkTimeout)
}
if test.path != c.path {
t.Errorf("bad: %s %v != %v", test.name, test.path, c.path)
}
if test.service != c.serviceName {
t.Errorf("bad: %v != %v", test.service, c.serviceName)
}
if test.address != c.consulClientConf.Address {
t.Errorf("bad: %s %v != %v", test.name, test.address, c.consulClientConf.Address)
}
if test.scheme != c.consulClientConf.Scheme {
t.Errorf("bad: %v != %v", test.scheme, c.consulClientConf.Scheme)
}
if test.token != c.consulClientConf.Token {
t.Errorf("bad: %v != %v", test.token, c.consulClientConf.Token)
}
// FIXME(sean@): Unable to test max_parallel
// if test.max_parallel != cap(c.permitPool) {
// t.Errorf("bad: %v != %v", test.max_parallel, cap(c.permitPool))
// }
}
}
func TestConsul_serviceTags(t *testing.T) {
tests := []struct {
active bool
tags []string
}{
{
active: true,
tags: []string{"active"},
},
{
active: false,
tags: []string{"standby"},
},
}
for _, test := range tests {
tags := serviceTags(test.active)
if !reflect.DeepEqual(tags[:], test.tags[:]) {
t.Errorf("Bad %v: %v %v", test.active, tags, test.tags)
}
}
}
func TestConsul_UpdateAdvertiseAddr(t *testing.T) {
tests := []struct {
addr string
host string
port int
pass bool
}{
{
addr: "http://127.0.0.1:8200/",
host: "127.0.0.1",
port: 8200,
pass: true,
},
{
addr: "http://127.0.0.1:8200",
host: "127.0.0.1",
port: 8200,
pass: true,
},
{
addr: "127.0.0.1:8200",
pass: false,
},
{
addr: "127.0.0.1",
pass: false,
},
}
for _, test := range tests {
c := testConsulBackend(t)
if c == nil {
t.Fatalf("bad")
}
err := c.UpdateAdvertiseAddr(test.addr)
if test.pass {
if err != nil {
t.Fatalf("bad: %v", err)
}
} else {
if err == nil {
t.Fatalf("bad, expected fail")
} else {
continue
}
}
if c.advertiseHost != test.host {
t.Fatalf("bad: %v != %v", c.advertiseHost, test.host)
}
if c.advertisePort != test.port {
t.Fatalf("bad: %v != %v", c.advertisePort, test.port)
}
}
}
func TestConsul_AdvertiseActive(t *testing.T) {
addr := os.Getenv("CONSUL_HTTP_ADDR")
if addr == "" {
t.Skipf("No consul process running, skipping test")
}
c := testConsulBackend(t)
if c.active != false {
t.Fatalf("bad")
}
if err := c.AdvertiseActive(true); err != nil {
t.Fatalf("bad: %v", err)
}
if err := c.AdvertiseActive(true); err != nil {
t.Fatalf("bad: %v", err)
}
if err := c.AdvertiseActive(false); err != nil {
t.Fatalf("bad: %v", err)
}
if err := c.AdvertiseActive(false); err != nil {
t.Fatalf("bad: %v", err)
}
if err := c.AdvertiseActive(true); err != nil {
t.Fatalf("bad: %v", err)
}
}
func TestConsul_AdvertiseSealed(t *testing.T) {
addr := os.Getenv("CONSUL_HTTP_ADDR")
if addr == "" {
t.Skipf("No consul process running, skipping test")
}
c := testConsulBackend(t)
if c.unsealed == true {
t.Fatalf("bad")
}
if err := c.AdvertiseSealed(true); err != nil {
t.Fatalf("bad: %v", err)
}
if c.unsealed == true {
t.Fatalf("bad")
}
if err := c.AdvertiseSealed(true); err != nil {
t.Fatalf("bad: %v", err)
}
if c.unsealed == true {
t.Fatalf("bad")
}
if err := c.AdvertiseSealed(false); err != nil {
t.Fatalf("bad: %v", err)
}
if c.unsealed == false {
t.Fatalf("bad")
}
if err := c.AdvertiseSealed(false); err != nil {
t.Fatalf("bad: %v", err)
}
if c.unsealed == false {
t.Fatalf("bad")
}
if err := c.AdvertiseSealed(true); err != nil {
t.Fatalf("bad: %v", err)
}
if c.unsealed == true {
t.Fatalf("bad")
}
}
func TestConsul_checkID(t *testing.T) {
c := testConsulBackend(t)
if c.checkID() != "vault-sealed-check" {
t.Errorf("bad")
}
}
func TestConsul_serviceID(t *testing.T) {
passingTests := []struct {
name string
advertiseAddr string
serviceName string
expected string
}{
{
name: "valid host w/o slash",
advertiseAddr: "http://127.0.0.1:8200",
serviceName: "sea-tech-astronomy",
expected: "sea-tech-astronomy:127.0.0.1:8200",
},
{
name: "valid host w/ slash",
advertiseAddr: "http://127.0.0.1:8200/",
serviceName: "sea-tech-astronomy",
expected: "sea-tech-astronomy:127.0.0.1:8200",
},
{
name: "valid https host w/ slash",
advertiseAddr: "https://127.0.0.1:8200/",
serviceName: "sea-tech-astronomy",
expected: "sea-tech-astronomy:127.0.0.1:8200",
},
}
for _, test := range passingTests {
c := testConsulBackendConfig(t, &consulConf{
"service": test.serviceName,
})
if err := c.UpdateAdvertiseAddr(test.advertiseAddr); err != nil {
t.Fatalf("bad: %s %v", test.name, err)
}
serviceID := c.serviceID()
if serviceID != test.expected {
t.Fatalf("bad: %v != %v", serviceID, test.expected)
}
}
}
func TestConsulBackend(t *testing.T) {
addr := os.Getenv("CONSUL_HTTP_ADDR")
if addr == "" {
t.Skipf("No consul process running, skipping test")
}
conf := api.DefaultConfig()
conf.Address = addr
client, err := api.NewClient(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
randPath := fmt.Sprintf("vault-%d/", time.Now().Unix())
defer func() {
client.KV().DeleteTree(randPath, nil)
}()
b, err := NewBackend("consul", map[string]string{
"address": addr,
"path": randPath,
"max_parallel": "256",
})
if err != nil {
t.Fatalf("err: %s", err)
}
testBackend(t, b)
testBackend_ListPrefix(t, b)
}
func TestConsulHABackend(t *testing.T) {
addr := os.Getenv("CONSUL_HTTP_ADDR")
if addr == "" {
t.Skipf("No consul process running, skipping test")
}
conf := api.DefaultConfig()
conf.Address = addr
client, err := api.NewClient(conf)
if err != nil {
t.Fatalf("err: %v", err)
}
randPath := fmt.Sprintf("vault-%d/", time.Now().Unix())
defer func() {
client.KV().DeleteTree(randPath, nil)
}()
b, err := NewBackend("consul", map[string]string{
"address": addr,
"path": randPath,
"max_parallel": "-1",
})
if err != nil {
t.Fatalf("err: %s", err)
}
ha, ok := b.(HABackend)
if !ok {
t.Fatalf("consul does not implement HABackend")
}
testHABackend(t, ha, ha)
detect, ok := b.(AdvertiseDetect)
if !ok {
t.Fatalf("consul does not implement AdvertiseDetect")
}
host, err := detect.DetectHostAddr()
if err != nil {
t.Fatalf("err: %s", err)
}
if host == "" {
t.Fatalf("bad addr: %v", host)
}
}