b826c56686
* Use SHA2-256 hash with prefix to upgrade the paths * test the SHA1 upgrade to SHA256 * Remove hash identifier and the delimiter; use 's' instead * Added API test to verify the correctness of the fix * Fix broken test * remove unneeded test
94 lines
2.1 KiB
Go
94 lines
2.1 KiB
Go
package command
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
vaulthttp "github.com/hashicorp/vault/http"
|
|
"github.com/hashicorp/vault/logical"
|
|
"github.com/hashicorp/vault/vault"
|
|
logxi "github.com/mgutz/logxi/v1"
|
|
|
|
credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
|
|
)
|
|
|
|
func TestPathMap_Upgrade_API(t *testing.T) {
|
|
var err error
|
|
coreConfig := &vault.CoreConfig{
|
|
DisableMlock: true,
|
|
DisableCache: true,
|
|
Logger: logxi.NullLog,
|
|
CredentialBackends: map[string]logical.Factory{
|
|
"app-id": credAppId.Factory,
|
|
},
|
|
}
|
|
|
|
cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
|
|
HandlerFunc: vaulthttp.Handler,
|
|
})
|
|
|
|
cluster.Start()
|
|
defer cluster.Cleanup()
|
|
|
|
cores := cluster.Cores
|
|
|
|
vault.TestWaitActive(t, cores[0].Core)
|
|
|
|
client := cores[0].Client
|
|
|
|
// Enable the app-id method
|
|
err = client.Sys().EnableAuthWithOptions("app-id", &api.EnableAuthOptions{
|
|
Type: "app-id",
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Create an app-id
|
|
_, err = client.Logical().Write("auth/app-id/map/app-id/test-app-id", map[string]interface{}{
|
|
"policy": "test-policy",
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Create a user-id
|
|
_, err = client.Logical().Write("auth/app-id/map/user-id/test-user-id", map[string]interface{}{
|
|
"value": "test-app-id",
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Perform a login. It should succeed.
|
|
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
|
|
"app_id": "test-app-id",
|
|
"user_id": "test-user-id",
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// List the hashed app-ids in the storage
|
|
secret, err := client.Logical().List("auth/app-id/map/app-id")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
hashedAppID := secret.Data["keys"].([]interface{})[0].(string)
|
|
|
|
// Try reading it. This used to cause an issue which is fixed in [GH-3806].
|
|
_, err = client.Logical().Read("auth/app-id/map/app-id/" + hashedAppID)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
// Ensure that there was no issue by performing another login
|
|
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
|
|
"app_id": "test-app-id",
|
|
"user_id": "test-user-id",
|
|
})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|