open-vault/logical/plugin/pb/translation_test.go
Chris Hoffman a7ada08b3b
Core handling of TTLs (#4230)
* govet cleanup in token store

* adding general ttl handling to login requests

* consolidating TTL calculation to system view

* deprecate LeaseExtend

* deprecate LeaseExtend

* set the increment to the correct value

* move calculateTTL out of SystemView

* remove unused value

* add back clearing of lease id

* implement core ttl in some backends

* removing increment and issue time from lease options

* adding ttl tests, fixing some compile issue

* adding ttl tests

* fixing some explicit max TTL logic

* fixing up some tests

* removing unneeded test

* off by one errors...

* adding back some logic for bc

* adding period to return on renewal

* tweaking max ttl capping slightly

* use the appropriate precision for ttl calculation

* deprecate proto fields instead of delete

* addressing feedback

* moving TTL handling for backends to core

* mongo is a secret backend not auth

* adding estimated ttl for backends that also manage the expiration time

* set the estimate values before calling the renew request

* moving calculate TTL to framework, revert removal of increment and issue time from logical

* minor edits

* addressing feedback

* address more feedback
2018-04-03 12:20:20 -04:00

270 lines
6.6 KiB
Go

package pb
import (
"errors"
"reflect"
"testing"
"time"
"github.com/hashicorp/vault/helper/errutil"
"github.com/hashicorp/vault/helper/wrapping"
"github.com/hashicorp/vault/logical"
)
func TestTranslation_Errors(t *testing.T) {
errs := []error{
nil,
errors.New("test"),
errutil.UserError{Err: "test"},
errutil.InternalError{Err: "test"},
logical.CodedError(403, "test"),
&logical.StatusBadRequest{Err: "test"},
logical.ErrUnsupportedOperation,
logical.ErrUnsupportedPath,
logical.ErrInvalidRequest,
logical.ErrPermissionDenied,
logical.ErrMultiAuthzPending,
}
for _, err := range errs {
pe := ErrToProtoErr(err)
e := ProtoErrToErr(pe)
if !reflect.DeepEqual(e, err) {
t.Fatalf("Errs did not match: %#v, %#v", e, err)
}
}
}
func TestTranslation_StorageEntry(t *testing.T) {
tCases := []*logical.StorageEntry{
nil,
&logical.StorageEntry{Key: "key", Value: []byte("value")},
&logical.StorageEntry{Key: "key1", Value: []byte("value1"), SealWrap: true},
&logical.StorageEntry{Key: "key1", SealWrap: true},
}
for _, c := range tCases {
p := LogicalStorageEntryToProtoStorageEntry(c)
e := ProtoStorageEntryToLogicalStorageEntry(p)
if !reflect.DeepEqual(c, e) {
t.Fatalf("Entries did not match: %#v, %#v", e, c)
}
}
}
func TestTranslation_Request(t *testing.T) {
tCases := []*logical.Request{
nil,
&logical.Request{
ID: "ID",
ReplicationCluster: "RID",
Operation: logical.CreateOperation,
Path: "test/foo",
ClientToken: "token",
ClientTokenAccessor: "accessor",
DisplayName: "display",
MountPoint: "test",
MountType: "secret",
MountAccessor: "test-231234",
ClientTokenRemainingUses: 1,
EntityID: "tester",
PolicyOverride: true,
Unauthenticated: true,
Connection: &logical.Connection{
RemoteAddr: "localhost",
},
},
&logical.Request{
ID: "ID",
ReplicationCluster: "RID",
Operation: logical.CreateOperation,
Path: "test/foo",
Data: map[string]interface{}{
"string": "string",
"bool": true,
"array": []interface{}{"1", "2"},
"map": map[string]interface{}{
"key": "value",
},
},
Secret: &logical.Secret{
LeaseOptions: logical.LeaseOptions{
TTL: time.Second,
MaxTTL: time.Second,
Renewable: true,
Increment: time.Second,
IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
},
InternalData: map[string]interface{}{
"role": "test",
},
LeaseID: "LeaseID",
},
Auth: &logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: time.Second,
MaxTTL: time.Second,
Renewable: true,
Increment: time.Second,
IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
},
InternalData: map[string]interface{}{
"role": "test",
},
DisplayName: "test",
Policies: []string{"test", "Test"},
Metadata: map[string]string{
"test": "test",
},
ClientToken: "token",
Accessor: "accessor",
Period: 5 * time.Second,
NumUses: 1,
EntityID: "id",
Alias: &logical.Alias{
MountType: "type",
MountAccessor: "accessor",
Name: "name",
},
GroupAliases: []*logical.Alias{
&logical.Alias{
MountType: "type",
MountAccessor: "accessor",
Name: "name",
},
},
},
Headers: map[string][]string{
"X-Vault-Test": []string{"test"},
},
ClientToken: "token",
ClientTokenAccessor: "accessor",
DisplayName: "display",
MountPoint: "test",
MountType: "secret",
MountAccessor: "test-231234",
WrapInfo: &logical.RequestWrapInfo{
TTL: time.Second,
Format: "token",
SealWrap: true,
},
ClientTokenRemainingUses: 1,
EntityID: "tester",
PolicyOverride: true,
Unauthenticated: true,
},
}
for _, c := range tCases {
p, err := LogicalRequestToProtoRequest(c)
if err != nil {
t.Fatal(err)
}
r, err := ProtoRequestToLogicalRequest(p)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(c, r) {
t.Fatalf("Requests did not match: \n%#v, \n%#v", c, r)
}
}
}
func TestTranslation_Response(t *testing.T) {
tCases := []*logical.Response{
nil,
&logical.Response{
Data: map[string]interface{}{
"data": "blah",
},
Warnings: []string{"warning"},
},
&logical.Response{
Data: map[string]interface{}{
"string": "string",
"bool": true,
"array": []interface{}{"1", "2"},
"map": map[string]interface{}{
"key": "value",
},
},
Secret: &logical.Secret{
LeaseOptions: logical.LeaseOptions{
TTL: time.Second,
MaxTTL: time.Second,
Renewable: true,
Increment: time.Second,
IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
},
InternalData: map[string]interface{}{
"role": "test",
},
LeaseID: "LeaseID",
},
Auth: &logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: time.Second,
MaxTTL: time.Second,
Renewable: true,
Increment: time.Second,
IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
},
InternalData: map[string]interface{}{
"role": "test",
},
DisplayName: "test",
Policies: []string{"test", "Test"},
Metadata: map[string]string{
"test": "test",
},
ClientToken: "token",
Accessor: "accessor",
Period: 5 * time.Second,
NumUses: 1,
EntityID: "id",
Alias: &logical.Alias{
MountType: "type",
MountAccessor: "accessor",
Name: "name",
},
GroupAliases: []*logical.Alias{
&logical.Alias{
MountType: "type",
MountAccessor: "accessor",
Name: "name",
},
},
},
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: time.Second,
Token: "token",
Accessor: "accessor",
CreationTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
WrappedAccessor: "wrapped-accessor",
WrappedEntityID: "id",
Format: "token",
CreationPath: "test/foo",
SealWrap: true,
},
},
}
for _, c := range tCases {
p, err := LogicalResponseToProtoResponse(c)
if err != nil {
t.Fatal(err)
}
r, err := ProtoResponseToLogicalResponse(p)
if err != nil {
t.Fatal(err)
}
if !reflect.DeepEqual(c, r) {
t.Fatalf("Requests did not match: \n%#v, \n%#v", c, r)
}
}
}