open-vault/ui/tests/unit/services/control-group-test.js
2023-03-22 13:19:11 -05:00

256 lines
8.5 KiB
JavaScript

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { set } from '@ember/object';
import Service from '@ember/service';
import { module, test } from 'qunit';
import { setupTest } from 'ember-qunit';
import sinon from 'sinon';
import { storageKey, CONTROL_GROUP_PREFIX, TOKEN_SEPARATOR } from 'vault/services/control-group';
const versionStub = Service.extend();
function storage() {
return {
items: {},
getItem(key) {
var item = this.items[key];
return item && JSON.parse(item);
},
setItem(key, val) {
return (this.items[key] = JSON.stringify(val));
},
removeItem(key) {
delete this.items[key];
},
keys() {
return Object.keys(this.items);
},
};
}
module('Unit | Service | control group', function (hooks) {
setupTest(hooks);
hooks.beforeEach(function () {
this.owner.register('service:version', versionStub);
this.version = this.owner.lookup('service:version');
this.router = this.owner.lookup('service:router');
this.router.reopen({
transitionTo: sinon.stub(),
urlFor: sinon.stub().returns('/ui/vault/foo'),
currentURL: '/vault/secrets/kv/show/foo',
});
});
hooks.afterEach(function () {});
const isOSS = (context) => set(context, 'version.isOSS', true);
const isEnt = (context) => set(context, 'version.isOSS', false);
const resolvesArgs = (assert, result, expectedArgs) => {
return result.then((...args) => {
return assert.deepEqual(args, expectedArgs, 'resolves with the passed args');
});
};
[
[
'it resolves isOSS:true, wrapTTL: true, response: has wrap_info',
isOSS,
[[{ one: 'two', three: 'four' }], { wrap_info: { token: 'foo', accessor: 'bar' } }, true],
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
],
[
'it resolves isOSS:true, wrapTTL: false, response: has no wrap_info',
isOSS,
[[{ one: 'two', three: 'four' }], { wrap_info: null }, false],
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
],
[
'it resolves isOSS: false and wrapTTL:true response: has wrap_info',
isEnt,
[[{ one: 'two', three: 'four' }], { wrap_info: { token: 'foo', accessor: 'bar' } }, true],
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
],
[
'it resolves isOSS: false and wrapTTL:false response: has no wrap_info',
isEnt,
[[{ one: 'two', three: 'four' }], { wrap_info: null }, false],
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
],
[
'it rejects isOSS: false, wrapTTL:false, response: has wrap_info',
isEnt,
[
[{ one: 'two', three: 'four' }],
{ foo: 'bar', wrap_info: { token: 'secret', accessor: 'lookup' } },
false,
],
(assert, result) => {
// ensure failure if we ever don't reject
assert.expect(2);
return result.then(
() => {},
(err) => {
assert.strictEqual(err.token, 'secret');
assert.strictEqual(err.accessor, 'lookup');
}
);
},
],
].forEach(function ([name, setup, args, expectation]) {
test(`checkForControlGroup: ${name}`, function (assert) {
const assertCount = name === 'it rejects isOSS: false, wrapTTL:false, response: has wrap_info' ? 2 : 1;
assert.expect(assertCount);
if (setup) {
setup(this);
}
const service = this.owner.lookup('service:control-group');
const result = service.checkForControlGroup(...args);
return expectation(assert, result);
});
});
test(`handleError: transitions to accessor and stores control group token`, function (assert) {
const error = {
accessor: '12345',
token: 'token',
creation_path: 'kv/',
creation_time: '2022-03-17T20:00:25.594Z',
ttl: 400,
};
const expected = { ...error, uiParams: { url: '/vault/secrets/kv/show/foo' } };
const service = this.owner.factoryFor('service:control-group').create({
storeControlGroupToken: sinon.spy(),
});
service.handleError(error);
assert.ok(service.storeControlGroupToken.calledWith(expected), 'calls storeControlGroupToken');
assert.ok(
this.router.transitionTo.calledWith('vault.cluster.access.control-group-accessor', '12345'),
'calls router transitionTo'
);
});
test(`logFromError: returns correct content string`, function (assert) {
const error = {
accessor: '12345',
token: 'token',
creation_path: 'kv/',
creation_time: '2022-03-17T20:00:25.594Z',
ttl: 400,
};
const service = this.owner.factoryFor('service:control-group').create({
storeControlGroupToken: sinon.spy(),
});
const contentString = service.logFromError(error);
assert.ok(
this.router.urlFor.calledWith('vault.cluster.access.control-group-accessor', '12345'),
'calls urlFor with accessor'
);
assert.ok(service.storeControlGroupToken.calledWith(error), 'calls storeControlGroupToken');
assert.ok(contentString.content.includes('12345'), 'contains accessor');
assert.ok(contentString.content.includes('kv/'), 'contains creation path');
assert.ok(contentString.content.includes('token'), 'contains token');
});
test('storageKey', function (assert) {
const accessor = '12345';
const path = 'kv/foo/bar';
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
assert.strictEqual(storageKey(accessor, path), expectedKey, 'uses expected key');
});
test('keyFromAccessor', function (assert) {
const store = storage();
const accessor = '12345';
const path = 'kv/foo/bar';
const data = { foo: 'bar' };
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
const subject = this.owner.factoryFor('service:control-group').create({
storage() {
return store;
},
});
store.setItem(expectedKey, data);
store.setItem(`${CONTROL_GROUP_PREFIX}2345${TOKEN_SEPARATOR}${path}`, 'ok');
assert.strictEqual(subject.keyFromAccessor(accessor), expectedKey, 'finds key given the accessor');
assert.strictEqual(subject.keyFromAccessor('foo'), null, 'returns null if no key was found');
});
test('storeControlGroupToken', function (assert) {
const store = storage();
const subject = this.owner.factoryFor('service:control-group').create({
storage() {
return store;
},
});
const info = {
accessor: '12345',
creation_path: 'foo/',
creation_time: '2022-03-17T20:00:25.594Z',
ttl: 300,
};
const key = `${CONTROL_GROUP_PREFIX}${info.accessor}${TOKEN_SEPARATOR}${info.creation_path}`;
subject.storeControlGroupToken(info);
assert.deepEqual(store.items[key], JSON.stringify(info), 'stores the whole info object');
});
test('deleteControlGroupToken', function (assert) {
const store = storage();
const subject = this.owner.factoryFor('service:control-group').create({
storage() {
return store;
},
});
const accessor = 'foo';
const path = 'kv/one';
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
store.setItem(expectedKey, { one: '2' });
subject.deleteControlGroupToken(accessor);
assert.strictEqual(Object.keys(store.items).length, 0, 'there are no keys stored in storage');
});
test('deleteTokens', function (assert) {
const store = storage();
const subject = this.owner.factoryFor('service:control-group').create({
storage() {
return store;
},
});
const keyOne = `${CONTROL_GROUP_PREFIX}foo`;
const keyTwo = `${CONTROL_GROUP_PREFIX}bar`;
store.setItem(keyOne, { one: '2' });
store.setItem(keyTwo, { two: '2' });
store.setItem('value', 'one');
assert.strictEqual(Object.keys(store.items).length, 3, 'stores 3 values');
subject.deleteTokens();
assert.strictEqual(Object.keys(store.items).length, 1, 'removes tokens with control group prefix');
assert.strictEqual(store.getItem('value'), 'one', 'keeps the non-prefixed value');
});
test('wrapInfoForAccessor', function (assert) {
const store = storage();
const subject = this.owner.factoryFor('service:control-group').create({
storage() {
return store;
},
});
const keyOne = `${CONTROL_GROUP_PREFIX}foo`;
store.setItem(keyOne, { one: '2' });
assert.deepEqual(subject.wrapInfoForAccessor('foo'), { one: '2' });
});
});