open-vault/command/operator_diagnose_test.go

343 lines
8.0 KiB
Go

// +build !race
package command
import (
"context"
"fmt"
"io/ioutil"
"strings"
"testing"
"github.com/hashicorp/vault/vault/diagnose"
"github.com/mitchellh/cli"
)
func testOperatorDiagnoseCommand(tb testing.TB) *OperatorDiagnoseCommand {
tb.Helper()
ui := cli.NewMockUi()
return &OperatorDiagnoseCommand{
diagnose: diagnose.New(ioutil.Discard),
BaseCommand: &BaseCommand{
UI: ui,
},
skipEndEnd: true,
}
}
func TestOperatorDiagnoseCommand_Run(t *testing.T) {
t.Parallel()
cases := []struct {
name string
args []string
expected []*diagnose.Result
}{
{
"diagnose_ok",
[]string{
"-config", "./server/test-fixtures/config_diagnose_ok.hcl",
},
[]*diagnose.Result{
{
Name: "parse-config",
Status: diagnose.OkStatus,
},
{
Name: "init-listeners",
Status: diagnose.WarningStatus,
Children: []*diagnose.Result{
{
Name: "create-listeners",
Status: diagnose.OkStatus,
},
{
Name: "check-listener-tls",
Status: diagnose.WarningStatus,
Warnings: []string{
"TLS is disabled in a Listener config stanza.",
},
},
},
},
{
Name: "storage",
Status: diagnose.OkStatus,
Children: []*diagnose.Result{
{
Name: "create-storage-backend",
Status: diagnose.OkStatus,
},
{
Name: "test-storage-tls-consul",
Status: diagnose.OkStatus,
},
{
Name: "test-consul-direct-access-storage",
Status: diagnose.OkStatus,
},
},
},
},
},
{
"diagnose_invalid_storage",
[]string{
"-config", "./server/test-fixtures/nostore_config.hcl",
},
[]*diagnose.Result{
{
Name: "storage",
Status: diagnose.ErrorStatus,
Message: "no storage stanza found in config",
Children: []*diagnose.Result{
{
Name: "create-storage-backend",
Status: diagnose.ErrorStatus,
},
},
},
},
},
{
"diagnose_listener_config_ok",
[]string{
"-config", "./server/test-fixtures/tls_config_ok.hcl",
},
[]*diagnose.Result{
{
Name: "init-listeners",
Status: diagnose.OkStatus,
Children: []*diagnose.Result{
{
Name: "create-listeners",
Status: diagnose.OkStatus,
},
{
Name: "check-listener-tls",
Status: diagnose.OkStatus,
},
},
},
},
},
{
"diagnose_invalid_https_storage",
[]string{
"-config", "./server/test-fixtures/config_bad_https_storage.hcl",
},
[]*diagnose.Result{
{
Name: "storage",
Status: diagnose.ErrorStatus,
Children: []*diagnose.Result{
{
Name: "create-storage-backend",
Status: diagnose.OkStatus,
},
{
Name: "test-storage-tls-consul",
Status: diagnose.ErrorStatus,
Message: "expired",
},
{
Name: "test-consul-direct-access-storage",
Status: diagnose.OkStatus,
},
},
},
},
},
{
"diagnose_invalid_https_hastorage",
[]string{
"-config", "./server/test-fixtures/config_diagnose_hastorage_bad_https.hcl",
},
[]*diagnose.Result{
{
Name: "storage",
Status: diagnose.WarningStatus,
Children: []*diagnose.Result{
{
Name: "create-storage-backend",
Status: diagnose.OkStatus,
},
{
Name: "test-storage-tls-consul",
Status: diagnose.OkStatus,
},
{
Name: "test-consul-direct-access-storage",
Status: diagnose.WarningStatus,
Warnings: []string{
"consul storage does not connect to local agent, but directly to server",
},
},
},
},
{
Name: "setup-ha-storage",
Status: diagnose.ErrorStatus,
Children: []*diagnose.Result{
{
Name: "create-ha-storage-backend",
Status: diagnose.OkStatus,
},
{
Name: "test-consul-direct-access-storage",
Status: diagnose.WarningStatus,
Warnings: []string{
"consul storage does not connect to local agent, but directly to server",
},
},
{
Name: "test-ha-storage-tls-consul",
Status: diagnose.ErrorStatus,
Message: "x509: certificate has expired or is not yet valid",
},
},
},
{
Name: "find-cluster-addr",
Status: diagnose.ErrorStatus,
},
},
},
{
"diagnose_invalid_https_sr",
[]string{
"-config", "./server/test-fixtures/diagnose_bad_https_consul_sr.hcl",
},
[]*diagnose.Result{
{
Name: "service-discovery",
Status: diagnose.ErrorStatus,
Children: []*diagnose.Result{
{
Name: "test-serviceregistration-tls-consul",
Status: diagnose.ErrorStatus,
Message: "failed to verify certificate: x509: certificate has expired or is not yet valid",
},
{
Name: "test-consul-direct-access-service-discovery",
Status: diagnose.WarningStatus,
Warnings: []string{
diagnose.DirAccessErr,
},
},
},
},
},
},
{
"diagnose_direct_storage_access",
[]string{
"-config", "./server/test-fixtures/diagnose_ok_storage_direct_access.hcl",
},
[]*diagnose.Result{
{
Name: "storage",
Status: diagnose.WarningStatus,
Children: []*diagnose.Result{
{
Name: "create-storage-backend",
Status: diagnose.OkStatus,
},
{
Name: "test-storage-tls-consul",
Status: diagnose.OkStatus,
},
{
Name: "test-consul-direct-access-storage",
Status: diagnose.WarningStatus,
Warnings: []string{
diagnose.DirAccessErr,
},
},
},
},
},
},
}
t.Run("validations", func(t *testing.T) {
t.Parallel()
for _, tc := range cases {
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
cmd := testOperatorDiagnoseCommand(t)
cmd.client = client
cmd.Run(tc.args)
result := cmd.diagnose.Finalize(context.Background())
if err := compareResults(tc.expected, result.Children); err != nil {
t.Fatalf("Did not find expected test results: %v", err)
}
})
}
})
}
func compareResults(expected []*diagnose.Result, actual []*diagnose.Result) error {
for _, exp := range expected {
found := false
// Check them all so we don't have to be order specific
for _, act := range actual {
if exp.Name == act.Name {
found = true
if err := compareResult(exp, act); err != nil {
return err
}
break
}
}
if !found {
return fmt.Errorf("could not find expected test result: %s", exp.Name)
}
}
return nil
}
func compareResult(exp *diagnose.Result, act *diagnose.Result) error {
if exp.Name != act.Name {
return fmt.Errorf("names mismatch: %s vs %s", exp.Name, act.Name)
}
if exp.Status != act.Status {
if act.Status != diagnose.OkStatus {
return fmt.Errorf("section %s, status mismatch: %s vs %s, got error %s", exp.Name, exp.Status, act.Status, act.Message)
}
return fmt.Errorf("section %s, status mismatch: %s vs %s", exp.Name, exp.Status, act.Status)
}
if exp.Message != "" && exp.Message != act.Message && !strings.Contains(act.Message, exp.Message) {
return fmt.Errorf("section %s, message not found: %s in %s", exp.Name, exp.Message, act.Message)
}
if len(exp.Warnings) != len(act.Warnings) {
return fmt.Errorf("section %s, warning count mismatch: %d vs %d", exp.Name, len(exp.Warnings), len(act.Warnings))
}
for j := range exp.Warnings {
if !strings.Contains(act.Warnings[j], exp.Warnings[j]) {
return fmt.Errorf("section %s, warning message not found: %s in %s", exp.Name, exp.Warnings[j], act.Warnings[j])
}
}
if len(exp.Children) > len(act.Children) {
errStrings := []string{}
for _, c := range act.Children {
errStrings = append(errStrings, fmt.Sprintf("%+v", c))
}
return fmt.Errorf(strings.Join(errStrings, ","))
}
if len(exp.Children) > 0 {
return compareResults(exp.Children, act.Children)
}
return nil
}