luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/vault/seal_testing.go
Jeff Mitchell 9687ccc8fa Tackle #4929 a different way (#4932) 
* Tackle #4929 a different way

This turns c.sealed into an atomic, which allows us to call sealInternal
without a lock. By doing so we can better control lock grabbing when a
condition causing the standby loop to get out of active happens. This
encapsulates that logic into two distinct pieces (although they could
be combined into one), and makes lock guarding more understandable.

* Re-add context canceling to the non-HA version of sealInternal

* Return explicitly after stopCh triggered
2018-07-24 13:57:25 -07:00

81 lines
1.9 KiB
Go
Raw Blame History

package vault
import (
"context"
"github.com/mitchellh/go-testing-interface"
)
var (
TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs
TestSealDefConfigs = testSealDefConfigs
)
type TestSealOpts struct {
StoredKeysDisabled bool
RecoveryKeysDisabled bool
}
func NewTestSeal(t testing.T, opts *TestSealOpts) Seal {
return NewDefaultSeal()
}
func testCoreUnsealedWithConfigs(t testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) {
seal := NewTestSeal(t, nil)
core := TestCoreWithSeal(t, seal, false)
result, err := core.Initialize(context.Background(), &InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
if err != nil {
t.Fatalf("err: %s", err)
}
err = core.UnsealWithStoredKeys(context.Background())
if err != nil {
t.Fatalf("err: %s", err)
}
if core.Sealed() {
for _, key := range result.SecretShares {
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
}
if core.Sealed() {
t.Fatal("should not be sealed")
}
}
return core, result.SecretShares, result.RecoveryShares, result.RootToken
}
func testSealDefConfigs() (*SealConfig, *SealConfig) {
return &SealConfig{
SecretShares: 5,
SecretThreshold: 3,
}, nil
}
func TestCoreUnsealedWithConfigSealOpts(t testing.T, barrierConf, recoveryConf *SealConfig, sealOpts *TestSealOpts) (*Core, [][]byte, [][]byte, string) {
seal := NewTestSeal(t, sealOpts)
core := TestCoreWithSeal(t, seal, false)
result, err := core.Initialize(context.Background(), &InitParams{
BarrierConfig: barrierConf,
RecoveryConfig: recoveryConf,
})
if err != nil {
t.Fatalf("err: %s", err)
}
for _, key := range result.SecretShares {
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
t.Fatalf("unseal err: %s", err)
}
}
if core.Sealed() {
t.Fatal("should not be sealed")
}
return core, result.SecretShares, result.RecoveryShares, result.RootToken
}
Reference in a new issue View git blame Copy permalink