luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/logical/framework/lease_test.go

101 lines
2.0 KiB
Go
Raw Blame History

package framework
import (
"testing"
"time"
"github.com/hashicorp/vault/logical"
)
func TestLeaseExtend(t *testing.T) {
now := time.Now().UTC().Round(time.Hour)
cases := map[string]struct {
Max time.Duration
MaxSession time.Duration
Request time.Duration
Result time.Duration
MaxFromLease bool
Error bool
}{
"valid request, good bounds": {
Max: 30 * time.Hour,
Request: 1 * time.Hour,
Result: 1 * time.Hour,
},
"valid request, zero max": {
Max: 0,
Request: 1 * time.Hour,
Result: 1 * time.Hour,
},
"request is zero": {
Max: 30 * time.Hour,
Request: 0,
Result: 30 * time.Hour,
},
"request is too long": {
Max: 3 * time.Hour,
Request: 7 * time.Hour,
Result: 3 * time.Hour,
},
"request would go past max session": {
Max: 9 * time.Hour,
MaxSession: 5 * time.Hour,
Request: 7 * time.Hour,
Result: 5 * time.Hour,
},
"request within max session": {
Max: 9 * time.Hour,
MaxSession: 5 * time.Hour,
Request: 4 * time.Hour,
Result: 4 * time.Hour,
},
// Don't think core will allow this, but let's protect against
// it at multiple layers anyways.
"request is negative": {
Max: 3 * time.Hour,
Request: -7 * time.Hour,
Error: true,
},
"max form lease, request too large": {
Request: 10 * time.Hour,
MaxFromLease: true,
Result: time.Hour,
},
}
for name, tc := range cases {
req := &logical.Request{
Auth: &logical.Auth{
LeaseOptions: logical.LeaseOptions{
TTL: 1 * time.Hour,
IssueTime: now,
Increment: tc.Request,
},
},
}
callback := LeaseExtend(tc.Max, tc.MaxSession, tc.MaxFromLease)
resp, err := callback(req, nil)
if (err != nil) != tc.Error {
t.Fatalf("bad: %s\nerr: %s", name, err)
}
if tc.Error {
continue
}
// Round it to the nearest hour
lease := now.Add(resp.Auth.TTL).Round(time.Hour).Sub(now)
if lease != tc.Result {
t.Fatalf("bad: %s\nlease: %s", name, lease)
}
}
}
Reference in New Issue View Git Blame Copy Permalink