27bb03bbc0
* adding copyright header * fix fmt and a test
160 lines
4.5 KiB
Go
160 lines
4.5 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package http
|
|
|
|
import (
|
|
"encoding/json"
|
|
"reflect"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/vault"
|
|
)
|
|
|
|
func TestSysPolicies(t *testing.T) {
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
ln, addr := TestServer(t, core)
|
|
defer ln.Close()
|
|
TestServerAuth(t, addr, token)
|
|
|
|
resp := testHttpGet(t, token, addr+"/v1/sys/policy")
|
|
|
|
var actual map[string]interface{}
|
|
expected := map[string]interface{}{
|
|
"lease_id": "",
|
|
"renewable": false,
|
|
"lease_duration": json.Number("0"),
|
|
"wrap_info": nil,
|
|
"warnings": nil,
|
|
"auth": nil,
|
|
"data": map[string]interface{}{
|
|
"policies": []interface{}{"default", "root"},
|
|
"keys": []interface{}{"default", "root"},
|
|
},
|
|
"policies": []interface{}{"default", "root"},
|
|
"keys": []interface{}{"default", "root"},
|
|
}
|
|
testResponseStatus(t, resp, 200)
|
|
testResponseBody(t, resp, &actual)
|
|
expected["request_id"] = actual["request_id"]
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
|
}
|
|
}
|
|
|
|
func TestSysReadPolicy(t *testing.T) {
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
ln, addr := TestServer(t, core)
|
|
defer ln.Close()
|
|
TestServerAuth(t, addr, token)
|
|
|
|
resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")
|
|
|
|
var actual map[string]interface{}
|
|
expected := map[string]interface{}{
|
|
"lease_id": "",
|
|
"renewable": false,
|
|
"lease_duration": json.Number("0"),
|
|
"wrap_info": nil,
|
|
"warnings": nil,
|
|
"auth": nil,
|
|
"data": map[string]interface{}{
|
|
"name": "root",
|
|
"rules": "",
|
|
},
|
|
"name": "root",
|
|
"rules": "",
|
|
}
|
|
testResponseStatus(t, resp, 200)
|
|
testResponseBody(t, resp, &actual)
|
|
expected["request_id"] = actual["request_id"]
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
|
}
|
|
}
|
|
|
|
func TestSysWritePolicy(t *testing.T) {
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
ln, addr := TestServer(t, core)
|
|
defer ln.Close()
|
|
TestServerAuth(t, addr, token)
|
|
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
|
|
"rules": `path "*" { capabilities = ["read"] }`,
|
|
})
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/policy")
|
|
|
|
var actual map[string]interface{}
|
|
expected := map[string]interface{}{
|
|
"lease_id": "",
|
|
"renewable": false,
|
|
"lease_duration": json.Number("0"),
|
|
"wrap_info": nil,
|
|
"warnings": nil,
|
|
"auth": nil,
|
|
"data": map[string]interface{}{
|
|
"policies": []interface{}{"default", "foo", "root"},
|
|
"keys": []interface{}{"default", "foo", "root"},
|
|
},
|
|
"policies": []interface{}{"default", "foo", "root"},
|
|
"keys": []interface{}{"default", "foo", "root"},
|
|
}
|
|
testResponseStatus(t, resp, 200)
|
|
testResponseBody(t, resp, &actual)
|
|
expected["request_id"] = actual["request_id"]
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
|
}
|
|
|
|
resp = testHttpPost(t, token, addr+"/v1/sys/policy/response-wrapping", map[string]interface{}{
|
|
"rules": ``,
|
|
})
|
|
testResponseStatus(t, resp, 400)
|
|
}
|
|
|
|
func TestSysDeletePolicy(t *testing.T) {
|
|
core, _, token := vault.TestCoreUnsealed(t)
|
|
ln, addr := TestServer(t, core)
|
|
defer ln.Close()
|
|
TestServerAuth(t, addr, token)
|
|
|
|
resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
|
|
"rules": `path "*" { capabilities = ["read"] }`,
|
|
})
|
|
testResponseStatus(t, resp, 200)
|
|
|
|
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
|
|
testResponseStatus(t, resp, 204)
|
|
|
|
// Also attempt to delete these since they should not be allowed (ignore
|
|
// responses, if they exist later that's sufficient)
|
|
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")
|
|
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/response-wrapping")
|
|
|
|
resp = testHttpGet(t, token, addr+"/v1/sys/policy")
|
|
|
|
var actual map[string]interface{}
|
|
expected := map[string]interface{}{
|
|
"lease_id": "",
|
|
"renewable": false,
|
|
"lease_duration": json.Number("0"),
|
|
"wrap_info": nil,
|
|
"warnings": nil,
|
|
"auth": nil,
|
|
"data": map[string]interface{}{
|
|
"policies": []interface{}{"default", "root"},
|
|
"keys": []interface{}{"default", "root"},
|
|
},
|
|
"policies": []interface{}{"default", "root"},
|
|
"keys": []interface{}{"default", "root"},
|
|
}
|
|
testResponseStatus(t, resp, 200)
|
|
testResponseBody(t, resp, &actual)
|
|
expected["request_id"] = actual["request_id"]
|
|
if !reflect.DeepEqual(actual, expected) {
|
|
t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
|
|
}
|
|
}
|