forked from hashicorp/vault
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpath_map_upgrade_api_test.go
93 lines (77 loc) · 2.14 KB
/
path_map_upgrade_api_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package command
import (
"testing"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/api"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/vault"
credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
)
func TestPathMap_Upgrade_API(t *testing.T) {
var err error
coreConfig := &vault.CoreConfig{
DisableMlock: true,
DisableCache: true,
Logger: log.NewNullLogger(),
CredentialBackends: map[string]logical.Factory{
"app-id": credAppId.Factory,
},
}
cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler,
})
cluster.Start()
defer cluster.Cleanup()
cores := cluster.Cores
vault.TestWaitActive(t, cores[0].Core)
client := cores[0].Client
// Enable the app-id method
err = client.Sys().EnableAuthWithOptions("app-id", &api.EnableAuthOptions{
Type: "app-id",
})
if err != nil {
t.Fatal(err)
}
// Create an app-id
_, err = client.Logical().Write("auth/app-id/map/app-id/test-app-id", map[string]interface{}{
"policy": "test-policy",
})
if err != nil {
t.Fatal(err)
}
// Create a user-id
_, err = client.Logical().Write("auth/app-id/map/user-id/test-user-id", map[string]interface{}{
"value": "test-app-id",
})
if err != nil {
t.Fatal(err)
}
// Perform a login. It should succeed.
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
"app_id": "test-app-id",
"user_id": "test-user-id",
})
if err != nil {
t.Fatal(err)
}
// List the hashed app-ids in the storage
secret, err := client.Logical().List("auth/app-id/map/app-id")
if err != nil {
t.Fatal(err)
}
hashedAppID := secret.Data["keys"].([]interface{})[0].(string)
// Try reading it. This used to cause an issue which is fixed in [GH-3806].
_, err = client.Logical().Read("auth/app-id/map/app-id/" + hashedAppID)
if err != nil {
t.Fatal(err)
}
// Ensure that there was no issue by performing another login
_, err = client.Logical().Write("auth/app-id/login", map[string]interface{}{
"app_id": "test-app-id",
"user_id": "test-user-id",
})
if err != nil {
t.Fatal(err)
}
}