mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-12-16 15:01:13 +01:00
Code Issues Projects Releases Wiki Activity

Working tests

Browse Source
This commit is contained in:
Nicolas Corrarello 2017-09-29 09:33:58 +01:00
parent bf68079051
commit 7e5c465ecb
1 changed files with 39 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
builtin/logical/nomad/backend_test.go
View File

@ -72,6 +72,20 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress string, noma
policy = "read" policy = "read"
} }
`, `,
}
anonPolicy := &nomadapi.ACLPolicy{
Name: "anonymous",
Description: "Deny all access for anonymous requests",
Rules: `namespace "default" {
policy = "deny"
}
agent {
policy = "deny"
}
node {
policy = "deny"
}
`,
} }
nomadAuthConfig := nomadapi.DefaultConfig() nomadAuthConfig := nomadapi.DefaultConfig()
nomadAuthConfig.Address = retAddress nomadAuthConfig.Address = retAddress
@ -81,6 +95,10 @@ func prepareTestContainer(t *testing.T) (cleanup func(), retAddress string, noma
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
_, err = nomadAuth.ACLPolicies().Upsert(anonPolicy, nil)
if err != nil {
t.Fatal(err)
}
return err return err
}); err != nil { }); err != nil {
cleanup() cleanup()
@ -143,9 +161,10 @@ func TestBackend_renew_revoke(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
cleanup, connURL, connToken := prepareTestContainer(t) //cleanup, connURL, connToken := prepareTestContainer(t)
defer cleanup() //defer cleanup()
//Ignore cleanup until I can find why the bloody test is not working
_, connURL, connToken := prepareTestContainer(t)
connData := map[string]interface{}{ connData := map[string]interface{}{
"address": connURL, "address": connURL,
"token": connToken, "token": connToken,
@ -190,12 +209,13 @@ func TestBackend_renew_revoke(t *testing.T) {
generatedSecret.TTL = 6 * time.Hour generatedSecret.TTL = 6 * time.Hour
var d struct { var d struct {
Token string `mapstructure:"secret_id"` Token string `mapstructure:"secret_id"`
Accessor string `mapstructure:"accessor_id"`
} }
if err := mapstructure.Decode(resp.Data, &d); err != nil { if err := mapstructure.Decode(resp.Data, &d); err != nil {
t.Fatal(err) t.Fatal(err)
} }
log.Printf("[WARN] Generated token: %s", d.Token) log.Printf("[WARN] Generated token: %s with accesor %s", d.Token, d.Accessor)
// Build a client and verify that the credentials work // Build a client and verify that the credentials work
nomadapiConfig := nomadapi.DefaultConfig() nomadapiConfig := nomadapi.DefaultConfig()
@ -207,7 +227,7 @@ func TestBackend_renew_revoke(t *testing.T) {
} }
log.Printf("[WARN] Verifying that the generated token works...") log.Printf("[WARN] Verifying that the generated token works...")
_, err = client.Jobs().List, nil _, err = client.Agent().Members, nil
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -228,9 +248,19 @@ func TestBackend_renew_revoke(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
log.Printf("[WARN] Verifying that the generated token does not work...") // Build a management client and verify that the token does not exist anymore
_, err = client.Jobs().List, nil nomadmgmtConfig := nomadapi.DefaultConfig()
nomadmgmtConfig.Address = connData["address"].(string)
nomadmgmtConfig.SecretID = connData["token"].(string)
mgmtclient, err := nomadapi.NewClient(nomadmgmtConfig)
q := &nomadapi.QueryOptions{
Namespace: "default",
}
log.Printf("[WARN] Verifying that the generated token does not exist...")
_, _, err = mgmtclient.ACLTokens().Info(d.Accessor, q)
if err == nil { if err == nil {
t.Fatal("expected error") t.Fatal("err: expected error")
} }
} }