-
Notifications
You must be signed in to change notification settings - Fork 0
/
scalesecSecretStore_test.go
197 lines (146 loc) · 5.55 KB
/
scalesecSecretStore_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
package scalesecSecretStore
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/logical"
)
// Path and Mount point values are set by the vault read and write commands:
// and should be consistant for all of these tests.
// vault write scalesecsecrets/test secret_key="secret_value"
// vault list scalesecsecrets/test
const MOUNT_POINT = "scalesecsecrets/"
const BACKEND_PATH = "test/"
func getBackend(t *testing.T) (logical.Backend, logical.Storage) {
configMap := map[string]string{}
configMap["plugin_name"] = "scalesecSecretStorePlugin"
configMap["plugin_type"] = "secret"
// key value set by vault secrets enable -options=config_key=config_value
configMap["config_key"] = "config_value"
backendConfig := &logical.BackendConfig{
Logger: logging.NewVaultLogger(log.Trace),
System: &logical.StaticSystemView{},
StorageView: &logical.InmemStorage{},
BackendUUID: "test",
Config: configMap,
}
backend, err := Factory(context.Background(), backendConfig)
if err != nil {
t.Fatalf("unable to create backend: %v", err)
}
return backend, backendConfig.StorageView
}
// Test the list command:
// vault list scalesecsecrets/test
func TestList(t *testing.T) {
b, storage := getBackend(t)
request := &logical.Request{
Operation: logical.ListOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
}
response, err := b.HandleRequest(context.Background(), request)
assert.Containsf(t, response.Data["keys"], "key1", "Vault List response should contain 'key1' - %v", response.Data)
assert.Containsf(t, response.Data["keys"], "key2", "Vault List response should contain 'key2' - %v", response.Data)
assert.Nil(t, err, "Response error %s", err)
assert.NotNil(t, response, "Response should not be null")
}
// Test the write command:
// vault write scalesecsecrets/test secret_key="secret_value"
func TestWrite(t *testing.T) {
b, storage := getBackend(t)
data := map[string]interface{}{}
data["secret_key"] = "secret_value"
request := &logical.Request{
Operation: logical.CreateOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
Data: data,
}
response, err := b.HandleRequest(context.Background(), request)
assert.Nil(t, err, "Response error %s", err)
assert.Nil(t, response, "Response message %v", response)
}
// *********************************************************
// Test both read commands:
// vault read scalesecsecrets/test
// vault read scalesecsecrets/test secret_key=key_name
// *********************************************************
// vault read scalesecsecrets/test
func TestRead(t *testing.T) {
b, storage := getBackend(t)
request := &logical.Request{
Operation: logical.ReadOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
}
response, err := b.HandleRequest(context.Background(), request)
// in our read with no data we return secretPath=test/
assert.Containsf(t, response.Data["secretPath"], BACKEND_PATH, "Vault read response should contain '%s' - %v", BACKEND_PATH, response.Data)
assert.Nil(t, err, "Response error %s", err)
assert.NotNil(t, response, "Response should not be null")
}
// vault read scalesecsecrets/test secret_key=key_name
func TestReadWithData(t *testing.T) {
b, storage := getBackend(t)
data := map[string]interface{}{}
data["secret_key"] = "key_name"
request := &logical.Request{
Operation: logical.ReadOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
Data: data,
}
response, err := b.HandleRequest(context.Background(), request)
// in our read with no data we return all_secrets_keys=all_secrets_values and secretPath=test/
assert.Containsf(t, response.Data["secretPath"], BACKEND_PATH, "Vault read response should contain '%s' - %v", BACKEND_PATH, response.Data)
assert.Containsf(t, response.Data["all_secrets_keys"], "all_secrets_values", "Vault read response should contain all_secrets_values - %v", response.Data)
assert.Nil(t, err, "Response error %s", err)
assert.NotNil(t, response, "Response should not be null")
}
// *********************************************************
// Test both delete commands:
// vault delete scalesecsecrets/test
// vault delete scalesecsecrets/test secret_key=key_name
// *********************************************************
// vault delete scalesecsecrets/test
func TestDelete(t *testing.T) {
b, storage := getBackend(t)
request := &logical.Request{
Operation: logical.DeleteOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
}
response, err := b.HandleRequest(context.Background(), request)
assert.Nil(t, err, "Response error %s", err)
b.Logger().Debug("Response Object: %v", response)
}
// vault delete scalesecsecrets/test secret_key=key_name
func TestDeleteWithData(t *testing.T) {
b, storage := getBackend(t)
data := map[string]interface{}{}
data["secret_key"] = "key_name"
request := &logical.Request{
Operation: logical.DeleteOperation,
Path: BACKEND_PATH,
MountPoint: MOUNT_POINT,
Storage: storage,
ClientToken: "test_token",
Data: data,
}
response, err := b.HandleRequest(context.Background(), request)
assert.Nil(t, err, "Response error %s", err)
b.Logger().Debug("Response Object: %v", response)
}