a581e96b78
* Lazy load plugins to avoid setup-unwrap cycle * Remove commented blocks * Refactor NewTestCluster, use single core cluster on basic plugin tests * Set c.pluginDirectory in TestAddTestPlugin for setupPluginCatalog to work properly * Add special path to mock plugin * Move ensureCoresSealed to vault/testing.go * Use same method for EnsureCoresSealed and Cleanup * Bump ensureCoresSealed timeout to 60s * Correctly handle nil opts on NewTestCluster * Add metadata flag to APIClientMeta, use meta-enabled plugin when mounting to bootstrap * Check metadata flag directly on the plugin process * Plumb isMetadataMode down to PluginRunner * Add NOOP shims when running in metadata mode * Remove unused flag from the APIMetadata object * Remove setupSecretPlugins and setupCredentialPlugins functions * Move when we setup rollback manager to after the plugins are initialized * Fix tests * Fix merge issue * start rollback manager after the credential setup * Add guards against running certain client and server functions while in metadata mode * Call initialize once a plugin is loaded on the fly * Add more tests, update basic secret/auth plugin tests to trigger lazy loading * Skip mount if plugin removed from catalog * Fixup * Remove commented line on LookupPlugin * Fail on mount operation if plugin is re-added to catalog and mount is on existing path * Check type and special paths on startBackend * Fix merge conflicts * Refactor PluginRunner run methods to use runCommon, fix TestSystemBackend_Plugin_auth
97 lines
2.1 KiB
Go
97 lines
2.1 KiB
Go
package plugin
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/helper/logformat"
|
|
"github.com/hashicorp/vault/helper/pluginutil"
|
|
vaulthttp "github.com/hashicorp/vault/http"
|
|
"github.com/hashicorp/vault/logical"
|
|
"github.com/hashicorp/vault/logical/plugin"
|
|
"github.com/hashicorp/vault/logical/plugin/mock"
|
|
"github.com/hashicorp/vault/vault"
|
|
log "github.com/mgutz/logxi/v1"
|
|
)
|
|
|
|
func TestBackend_impl(t *testing.T) {
|
|
var _ logical.Backend = &backend{}
|
|
}
|
|
|
|
func TestBackend(t *testing.T) {
|
|
config, cleanup := testConfig(t)
|
|
defer cleanup()
|
|
|
|
_, err := Backend(config)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestBackend_Factory(t *testing.T) {
|
|
config, cleanup := testConfig(t)
|
|
defer cleanup()
|
|
|
|
_, err := Factory(config)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func TestBackend_PluginMain(t *testing.T) {
|
|
args := []string{}
|
|
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" && os.Getenv(pluginutil.PluginMetadaModeEnv) != "true" {
|
|
return
|
|
}
|
|
|
|
caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv)
|
|
if caPEM == "" {
|
|
t.Fatal("CA cert not passed in")
|
|
}
|
|
|
|
args = append(args, fmt.Sprintf("--ca-cert=%s", caPEM))
|
|
|
|
apiClientMeta := &pluginutil.APIClientMeta{}
|
|
flags := apiClientMeta.FlagSet()
|
|
flags.Parse(args)
|
|
tlsConfig := apiClientMeta.GetTLSConfig()
|
|
tlsProviderFunc := pluginutil.VaultPluginTLSProvider(tlsConfig)
|
|
|
|
err := plugin.Serve(&plugin.ServeOpts{
|
|
BackendFactoryFunc: mock.Factory,
|
|
TLSProviderFunc: tlsProviderFunc,
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
func testConfig(t *testing.T) (*logical.BackendConfig, func()) {
|
|
cluster := vault.NewTestCluster(t, nil, &vault.TestClusterOptions{
|
|
HandlerFunc: vaulthttp.Handler,
|
|
})
|
|
cluster.Start()
|
|
cores := cluster.Cores
|
|
|
|
core := cores[0]
|
|
|
|
sys := vault.TestDynamicSystemView(core.Core)
|
|
|
|
config := &logical.BackendConfig{
|
|
Logger: logformat.NewVaultLogger(log.LevelTrace),
|
|
System: sys,
|
|
Config: map[string]string{
|
|
"plugin_name": "mock-plugin",
|
|
},
|
|
}
|
|
|
|
os.Setenv(pluginutil.PluginCACertPEMEnv, cluster.CACertPEMFile)
|
|
|
|
vault.TestAddTestPlugin(t, core.Core, "mock-plugin", "TestBackend_PluginMain")
|
|
|
|
return config, func() {
|
|
cluster.Cleanup()
|
|
}
|
|
}
|