luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/command/pki_list_intermediate_test.go
Kit Haines 5ece71109a
Vault 11798 vault cli issue intermediate (#18467) 
* The verify-sign command in it's cleanest existing form.

* Working state

* Updates to proper verification syntax

Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>

* make fmt

* Git CI caught some stuff.

* Base functionality.

* make fmt; changelog

* pki issue command.

* Make fmt. Changelog.

* Error Handling Is Almost A Tutorial

* What I thought empty issuers response fix would be.

* Some tests

* PR-review updates.

* make fmt.

* Fix null response data for listing empty issuers causing a crash.

* Update command/pki_list_children_command.go

Fix double specifier

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>

* Add test for pki_list_children.

* Fix tests.

* Update descriptions for correctness based on PR reviews.

* make fmt.

* Updates based on PR feedback.

* Allow multiple arguements (space separated)

* Remove bad merge-thing.

* White-space hell fix change.

* Tests, and return information for issue ca

* Fix make fmt error introduced here: https://github.com/hashicorp/vault/pull/18876

* Update command/pki_issue_intermediate.go

Puncutation.

Co-authored-by: Alexander Scheel <alex.scheel@hashicorp.com>

* Remove smart quotes for standard quotes.

* More information as part of the help text.

* Better help text.

* Add missing "/" into error message.

---------

Co-authored-by: 'Alex Scheel' <alex.scheel@hashicorp.com>
Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2023-01-27 16:41:16 -05:00

244 lines
7 KiB
Go
Raw Blame History

package command
import (
"strings"
"testing"
"github.com/hashicorp/vault/api"
)
func TestPKIListIntermediate(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
// Relationship Map to Create
// pki-root | pki-newroot | pki-empty
// RootX1 RootX2 RootX4 RootX3
// | |
// ----------------------------------------------
// v v
// IntX1 IntX2 pki-int
// | |
// v v
// IntX3 (-----------------------) IntX3(also)
//
// Here X1,X2 have the same name (same mount)
// RootX4 uses the same key as RootX1 (but a different common_name/subject)
// RootX3 has the same name, and is on a different mount
// RootX1 has issued IntX1; RootX3 has issued IntX2
createComplicatedIssuerSetUp(t, client)
runPkiListIntermediateTests(t, client)
}
func runPkiListIntermediateTests(t *testing.T, client *api.Client) {
cases := []struct {
name string
args []string
expectedMatches map[string]bool
jsonOut bool
shouldError bool
expectErrorCont string
expectErrorNotCont string
nonJsonOutputCont string
}{
{
"rootX1-match-everything-no-constraints",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-subject_match=false", "-key_id_match=false", "-direct_sign=false", "-indirect_sign=false", "-path_match=false",
"pki-root/issuer/rootX1",
},
map[string]bool{
"pki-root/issuer/rootX1": true,
"pki-root/issuer/rootX2": true,
"pki-newroot/issuer/rootX3": true,
"pki-root/issuer/rootX4": true,
"pki-int/issuer/intX1": true,
"pki-int/issuer/intX2": true,
"pki-int/issuer/intX3": true,
"pki-int/issuer/intX3also": true,
"pki-int/issuer/rootX1": true,
"pki-int/issuer/rootX3": true,
},
true,
false,
"",
"",
"",
},
{
"rootX1-default-children",
[]string{"pki", "list-intermediates", "-format=json", "-use_names=true", "pki-root/issuer/rootX1"},
map[string]bool{
"pki-root/issuer/rootX1": true,
"pki-root/issuer/rootX2": false,
"pki-newroot/issuer/rootX3": false,
"pki-root/issuer/rootX4": false,
"pki-int/issuer/intX1": true,
"pki-int/issuer/intX2": false,
"pki-int/issuer/intX3": false,
"pki-int/issuer/intX3also": false,
"pki-int/issuer/rootX1": true,
"pki-int/issuer/rootX3": false,
},
true,
false,
"",
"",
"",
},
{
"rootX1-subject-match-only",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-key_id_match=false", "-direct_sign=false", "-indirect_sign=false",
"pki-root/issuer/rootX1",
},
map[string]bool{
"pki-root/issuer/rootX1": true,
"pki-root/issuer/rootX2": true,
"pki-newroot/issuer/rootX3": true,
"pki-root/issuer/rootX4": false,
"pki-int/issuer/intX1": true,
"pki-int/issuer/intX2": true,
"pki-int/issuer/intX3": false,
"pki-int/issuer/intX3also": false,
"pki-int/issuer/rootX1": true,
"pki-int/issuer/rootX3": true,
},
true,
false,
"",
"",
"",
},
{
"rootX1-in-path",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-subject_match=false", "-key_id_match=false", "-direct_sign=false", "-indirect_sign=false", "-path_match=true",
"pki-root/issuer/rootX1",
},
map[string]bool{
"pki-root/issuer/rootX1": true,
"pki-root/issuer/rootX2": false,
"pki-newroot/issuer/rootX3": false,
"pki-root/issuer/rootX4": false,
"pki-int/issuer/intX1": true,
"pki-int/issuer/intX2": false,
"pki-int/issuer/intX3": true,
"pki-int/issuer/intX3also": false,
"pki-int/issuer/rootX1": true,
"pki-int/issuer/rootX3": false,
},
true,
false,
"",
"",
"",
},
{
"rootX1-only-int-mount",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-subject_match=false", "-key_id_match=false", "-direct_sign=false", "-indirect_sign=false", "-path_match=true",
"pki-root/issuer/rootX1", "pki-int/",
},
map[string]bool{
"pki-int/issuer/intX1": true,
"pki-int/issuer/intX2": false,
"pki-int/issuer/intX3": true,
"pki-int/issuer/intX3also": false,
"pki-int/issuer/rootX1": true,
"pki-int/issuer/rootX3": false,
},
true,
false,
"",
"",
"",
},
{
"rootX1-subject-match-root-mounts-only",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-key_id_match=false", "-direct_sign=false", "-indirect_sign=false",
"pki-root/issuer/rootX1", "pki-root/", "pki-newroot", "pki-empty",
},
map[string]bool{
"pki-root/issuer/rootX1": true,
"pki-root/issuer/rootX2": true,
"pki-newroot/issuer/rootX3": true,
"pki-root/issuer/rootX4": false,
},
true,
false,
"",
"",
"",
},
{
"rootX1-subject-match-these-certs-only",
[]string{
"pki", "list-intermediates", "-format=json", "-use_names=true",
"-key_id_match=false", "-direct_sign=false", "-indirect_sign=false",
"pki-root/issuer/rootX1", "pki-root/issuer/rootX2", "pki-newroot/issuer/rootX3", "pki-root/issuer/rootX4",
},
map[string]bool{
"pki-root/issuer/rootX2": true,
"pki-newroot/issuer/rootX3": true,
"pki-root/issuer/rootX4": false,
},
true,
false,
"",
"",
"",
},
}
for _, testCase := range cases {
var errString string
var results map[string]interface{}
var stdOut string
if testCase.jsonOut {
results, errString = execPKIVerifyJson(t, client, false, testCase.shouldError, testCase.args)
} else {
stdOut, errString = execPKIVerifyNonJson(t, client, testCase.shouldError, testCase.args)
}
// Verify Error Behavior
if testCase.shouldError {
if errString == "" {
t.Fatalf("Expected error in Testcase %s : no error produced, got results %s", testCase.name, results)
}
if testCase.expectErrorCont != "" && !strings.Contains(errString, testCase.expectErrorCont) {
t.Fatalf("Expected error in Testcase %s to contain %s, but got error %s", testCase.name, testCase.expectErrorCont, errString)
}
if testCase.expectErrorNotCont != "" && strings.Contains(errString, testCase.expectErrorNotCont) {
t.Fatalf("Expected error in Testcase %s to not contain %s, but got error %s", testCase.name, testCase.expectErrorNotCont, errString)
}
} else {
if errString != "" {
t.Fatalf("Error in Testcase %s : no error expected, but got error: %s", testCase.name, errString)
}
}
// Verify Output
if testCase.jsonOut {
isMatch, errString := verifyExpectedJson(testCase.expectedMatches, results)
if !isMatch {
t.Fatalf("Expected Results for Testcase %s, do not match returned results %s", testCase.name, errString)
}
} else {
if !strings.Contains(stdOut, testCase.nonJsonOutputCont) {
t.Fatalf("Expected standard output for Testcase %s to contain %s, but got %s", testCase.name, testCase.nonJsonOutputCont, stdOut)
}
}
}
}
Reference in a new issue View git blame Copy permalink