f77bcc53c4
* This package is new for 1.5 so this is not a breaking change. * This is being moved because this code was originally intended to be used within plugins, however the design of password policies has changed such that this is no longer needed. Thus, this code doesn't need to be in the public SDK.
276 lines
6.8 KiB
Go
276 lines
6.8 KiB
Go
package plugin
|
|
|
|
import (
|
|
"context"
|
|
"reflect"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/golang/protobuf/proto"
|
|
plugin "github.com/hashicorp/go-plugin"
|
|
"github.com/hashicorp/vault/sdk/helper/consts"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
"github.com/hashicorp/vault/sdk/plugin/pb"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func TestSystem_GRPC_GRPC_impl(t *testing.T) {
|
|
var _ logical.SystemView = new(gRPCSystemViewClient)
|
|
}
|
|
|
|
func TestSystem_GRPC_defaultLeaseTTL(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.DefaultLeaseTTL()
|
|
actual := testSystemView.DefaultLeaseTTL()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_maxLeaseTTL(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.MaxLeaseTTL()
|
|
actual := testSystemView.MaxLeaseTTL()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_tainted(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.TaintedVal = true
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.Tainted()
|
|
actual := testSystemView.Tainted()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_cachingDisabled(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.CachingDisabledVal = true
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.CachingDisabled()
|
|
actual := testSystemView.CachingDisabled()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_replicationState(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.ReplicationStateVal = consts.ReplicationPerformancePrimary
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.ReplicationState()
|
|
actual := testSystemView.ReplicationState()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_responseWrapData(t *testing.T) {
|
|
t.SkipNow()
|
|
}
|
|
|
|
func TestSystem_GRPC_lookupPlugin(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
if _, err := testSystemView.LookupPlugin(context.Background(), "foo", consts.PluginTypeDatabase); err == nil {
|
|
t.Fatal("LookPlugin(): expected error on due to unsupported call from plugin")
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_mlockEnabled(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.EnableMlock = true
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected := sys.MlockEnabled()
|
|
actual := testSystemView.MlockEnabled()
|
|
if !reflect.DeepEqual(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_entityInfo(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.EntityVal = &logical.Entity{
|
|
ID: "id",
|
|
Name: "name",
|
|
Metadata: map[string]string{
|
|
"foo": "bar",
|
|
},
|
|
Aliases: []*logical.Alias{
|
|
&logical.Alias{
|
|
MountType: "logical",
|
|
MountAccessor: "accessor",
|
|
Name: "name",
|
|
Metadata: map[string]string{
|
|
"zip": "zap",
|
|
},
|
|
},
|
|
},
|
|
Disabled: true,
|
|
}
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
actual, err := testSystemView.EntityInfo("")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !proto.Equal(sys.EntityVal, actual) {
|
|
t.Fatalf("expected: %v, got: %v", sys.EntityVal, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_groupsForEntity(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.GroupsVal = []*logical.Group{
|
|
{
|
|
ID: "group1-id",
|
|
Name: "group1",
|
|
Metadata: map[string]string{
|
|
"group-metadata": "metadata-value",
|
|
},
|
|
},
|
|
}
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
actual, err := testSystemView.GroupsForEntity("")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if !proto.Equal(sys.GroupsVal[0], actual[0]) {
|
|
t.Fatalf("expected: %v, got: %v", sys.GroupsVal, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_pluginEnv(t *testing.T) {
|
|
sys := logical.TestSystemView()
|
|
sys.PluginEnvironment = &logical.PluginEnvironment{
|
|
VaultVersion: "0.10.42",
|
|
}
|
|
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer client.Close()
|
|
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
expected, err := sys.PluginEnv(context.Background())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
actual, err := testSystemView.PluginEnv(context.Background())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if !proto.Equal(expected, actual) {
|
|
t.Fatalf("expected: %v, got: %v", expected, actual)
|
|
}
|
|
}
|
|
|
|
func TestSystem_GRPC_GeneratePasswordFromPolicy(t *testing.T) {
|
|
policyName := "testpolicy"
|
|
expectedPassword := "87354qtnjgrehiogd9u0t43"
|
|
passGen := func() (password string, err error) {
|
|
return expectedPassword, nil
|
|
}
|
|
sys := &logical.StaticSystemView{
|
|
PasswordPolicies: map[string]logical.PasswordGenerator{
|
|
policyName: passGen,
|
|
},
|
|
}
|
|
|
|
client, server := plugin.TestGRPCConn(t, func(s *grpc.Server) {
|
|
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
|
|
impl: sys,
|
|
})
|
|
})
|
|
defer server.Stop()
|
|
defer client.Close()
|
|
|
|
testSystemView := newGRPCSystemView(client)
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
|
|
defer cancel()
|
|
|
|
password, err := testSystemView.GeneratePasswordFromPolicy(ctx, policyName)
|
|
if err != nil {
|
|
t.Fatalf("no error expected, got: %s", err)
|
|
}
|
|
|
|
if password != expectedPassword {
|
|
t.Fatalf("Actual password: %s\nExpected password: %s", password, expectedPassword)
|
|
}
|
|
}
|