256 lines
8.5 KiB
JavaScript
256 lines
8.5 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*/
|
|
|
|
import { set } from '@ember/object';
|
|
import Service from '@ember/service';
|
|
import { module, test } from 'qunit';
|
|
import { setupTest } from 'ember-qunit';
|
|
import sinon from 'sinon';
|
|
|
|
import { storageKey, CONTROL_GROUP_PREFIX, TOKEN_SEPARATOR } from 'vault/services/control-group';
|
|
|
|
const versionStub = Service.extend();
|
|
|
|
function storage() {
|
|
return {
|
|
items: {},
|
|
getItem(key) {
|
|
var item = this.items[key];
|
|
return item && JSON.parse(item);
|
|
},
|
|
|
|
setItem(key, val) {
|
|
return (this.items[key] = JSON.stringify(val));
|
|
},
|
|
|
|
removeItem(key) {
|
|
delete this.items[key];
|
|
},
|
|
|
|
keys() {
|
|
return Object.keys(this.items);
|
|
},
|
|
};
|
|
}
|
|
|
|
module('Unit | Service | control group', function (hooks) {
|
|
setupTest(hooks);
|
|
|
|
hooks.beforeEach(function () {
|
|
this.owner.register('service:version', versionStub);
|
|
this.version = this.owner.lookup('service:version');
|
|
this.router = this.owner.lookup('service:router');
|
|
this.router.reopen({
|
|
transitionTo: sinon.stub(),
|
|
urlFor: sinon.stub().returns('/ui/vault/foo'),
|
|
currentURL: '/vault/secrets/kv/show/foo',
|
|
});
|
|
});
|
|
|
|
hooks.afterEach(function () {});
|
|
|
|
const isOSS = (context) => set(context, 'version.isOSS', true);
|
|
const isEnt = (context) => set(context, 'version.isOSS', false);
|
|
const resolvesArgs = (assert, result, expectedArgs) => {
|
|
return result.then((...args) => {
|
|
return assert.deepEqual(args, expectedArgs, 'resolves with the passed args');
|
|
});
|
|
};
|
|
|
|
[
|
|
[
|
|
'it resolves isOSS:true, wrapTTL: true, response: has wrap_info',
|
|
isOSS,
|
|
[[{ one: 'two', three: 'four' }], { wrap_info: { token: 'foo', accessor: 'bar' } }, true],
|
|
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
|
|
],
|
|
[
|
|
'it resolves isOSS:true, wrapTTL: false, response: has no wrap_info',
|
|
isOSS,
|
|
[[{ one: 'two', three: 'four' }], { wrap_info: null }, false],
|
|
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
|
|
],
|
|
[
|
|
'it resolves isOSS: false and wrapTTL:true response: has wrap_info',
|
|
isEnt,
|
|
[[{ one: 'two', three: 'four' }], { wrap_info: { token: 'foo', accessor: 'bar' } }, true],
|
|
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
|
|
],
|
|
[
|
|
'it resolves isOSS: false and wrapTTL:false response: has no wrap_info',
|
|
isEnt,
|
|
[[{ one: 'two', three: 'four' }], { wrap_info: null }, false],
|
|
(assert, result) => resolvesArgs(assert, result, [{ one: 'two', three: 'four' }]),
|
|
],
|
|
[
|
|
'it rejects isOSS: false, wrapTTL:false, response: has wrap_info',
|
|
isEnt,
|
|
[
|
|
[{ one: 'two', three: 'four' }],
|
|
{ foo: 'bar', wrap_info: { token: 'secret', accessor: 'lookup' } },
|
|
false,
|
|
],
|
|
(assert, result) => {
|
|
// ensure failure if we ever don't reject
|
|
assert.expect(2);
|
|
|
|
return result.then(
|
|
() => {},
|
|
(err) => {
|
|
assert.strictEqual(err.token, 'secret');
|
|
assert.strictEqual(err.accessor, 'lookup');
|
|
}
|
|
);
|
|
},
|
|
],
|
|
].forEach(function ([name, setup, args, expectation]) {
|
|
test(`checkForControlGroup: ${name}`, function (assert) {
|
|
const assertCount = name === 'it rejects isOSS: false, wrapTTL:false, response: has wrap_info' ? 2 : 1;
|
|
assert.expect(assertCount);
|
|
if (setup) {
|
|
setup(this);
|
|
}
|
|
const service = this.owner.lookup('service:control-group');
|
|
const result = service.checkForControlGroup(...args);
|
|
return expectation(assert, result);
|
|
});
|
|
});
|
|
|
|
test(`handleError: transitions to accessor and stores control group token`, function (assert) {
|
|
const error = {
|
|
accessor: '12345',
|
|
token: 'token',
|
|
creation_path: 'kv/',
|
|
creation_time: '2022-03-17T20:00:25.594Z',
|
|
ttl: 400,
|
|
};
|
|
const expected = { ...error, uiParams: { url: '/vault/secrets/kv/show/foo' } };
|
|
const service = this.owner.factoryFor('service:control-group').create({
|
|
storeControlGroupToken: sinon.spy(),
|
|
});
|
|
service.handleError(error);
|
|
assert.ok(service.storeControlGroupToken.calledWith(expected), 'calls storeControlGroupToken');
|
|
assert.ok(
|
|
this.router.transitionTo.calledWith('vault.cluster.access.control-group-accessor', '12345'),
|
|
'calls router transitionTo'
|
|
);
|
|
});
|
|
|
|
test(`logFromError: returns correct content string`, function (assert) {
|
|
const error = {
|
|
accessor: '12345',
|
|
token: 'token',
|
|
creation_path: 'kv/',
|
|
creation_time: '2022-03-17T20:00:25.594Z',
|
|
ttl: 400,
|
|
};
|
|
const service = this.owner.factoryFor('service:control-group').create({
|
|
storeControlGroupToken: sinon.spy(),
|
|
});
|
|
const contentString = service.logFromError(error);
|
|
assert.ok(
|
|
this.router.urlFor.calledWith('vault.cluster.access.control-group-accessor', '12345'),
|
|
'calls urlFor with accessor'
|
|
);
|
|
assert.ok(service.storeControlGroupToken.calledWith(error), 'calls storeControlGroupToken');
|
|
assert.ok(contentString.content.includes('12345'), 'contains accessor');
|
|
assert.ok(contentString.content.includes('kv/'), 'contains creation path');
|
|
assert.ok(contentString.content.includes('token'), 'contains token');
|
|
});
|
|
|
|
test('storageKey', function (assert) {
|
|
const accessor = '12345';
|
|
const path = 'kv/foo/bar';
|
|
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
|
|
assert.strictEqual(storageKey(accessor, path), expectedKey, 'uses expected key');
|
|
});
|
|
|
|
test('keyFromAccessor', function (assert) {
|
|
const store = storage();
|
|
const accessor = '12345';
|
|
const path = 'kv/foo/bar';
|
|
const data = { foo: 'bar' };
|
|
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
|
|
const subject = this.owner.factoryFor('service:control-group').create({
|
|
storage() {
|
|
return store;
|
|
},
|
|
});
|
|
|
|
store.setItem(expectedKey, data);
|
|
store.setItem(`${CONTROL_GROUP_PREFIX}2345${TOKEN_SEPARATOR}${path}`, 'ok');
|
|
|
|
assert.strictEqual(subject.keyFromAccessor(accessor), expectedKey, 'finds key given the accessor');
|
|
assert.strictEqual(subject.keyFromAccessor('foo'), null, 'returns null if no key was found');
|
|
});
|
|
|
|
test('storeControlGroupToken', function (assert) {
|
|
const store = storage();
|
|
const subject = this.owner.factoryFor('service:control-group').create({
|
|
storage() {
|
|
return store;
|
|
},
|
|
});
|
|
const info = {
|
|
accessor: '12345',
|
|
creation_path: 'foo/',
|
|
creation_time: '2022-03-17T20:00:25.594Z',
|
|
ttl: 300,
|
|
};
|
|
const key = `${CONTROL_GROUP_PREFIX}${info.accessor}${TOKEN_SEPARATOR}${info.creation_path}`;
|
|
|
|
subject.storeControlGroupToken(info);
|
|
assert.deepEqual(store.items[key], JSON.stringify(info), 'stores the whole info object');
|
|
});
|
|
|
|
test('deleteControlGroupToken', function (assert) {
|
|
const store = storage();
|
|
const subject = this.owner.factoryFor('service:control-group').create({
|
|
storage() {
|
|
return store;
|
|
},
|
|
});
|
|
const accessor = 'foo';
|
|
const path = 'kv/one';
|
|
|
|
const expectedKey = `${CONTROL_GROUP_PREFIX}${accessor}${TOKEN_SEPARATOR}${path}`;
|
|
store.setItem(expectedKey, { one: '2' });
|
|
subject.deleteControlGroupToken(accessor);
|
|
assert.strictEqual(Object.keys(store.items).length, 0, 'there are no keys stored in storage');
|
|
});
|
|
|
|
test('deleteTokens', function (assert) {
|
|
const store = storage();
|
|
const subject = this.owner.factoryFor('service:control-group').create({
|
|
storage() {
|
|
return store;
|
|
},
|
|
});
|
|
|
|
const keyOne = `${CONTROL_GROUP_PREFIX}foo`;
|
|
const keyTwo = `${CONTROL_GROUP_PREFIX}bar`;
|
|
store.setItem(keyOne, { one: '2' });
|
|
store.setItem(keyTwo, { two: '2' });
|
|
store.setItem('value', 'one');
|
|
assert.strictEqual(Object.keys(store.items).length, 3, 'stores 3 values');
|
|
subject.deleteTokens();
|
|
assert.strictEqual(Object.keys(store.items).length, 1, 'removes tokens with control group prefix');
|
|
assert.strictEqual(store.getItem('value'), 'one', 'keeps the non-prefixed value');
|
|
});
|
|
|
|
test('wrapInfoForAccessor', function (assert) {
|
|
const store = storage();
|
|
const subject = this.owner.factoryFor('service:control-group').create({
|
|
storage() {
|
|
return store;
|
|
},
|
|
});
|
|
|
|
const keyOne = `${CONTROL_GROUP_PREFIX}foo`;
|
|
store.setItem(keyOne, { one: '2' });
|
|
assert.deepEqual(subject.wrapInfoForAccessor('foo'), { one: '2' });
|
|
});
|
|
});
|