mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-17 03:57:01 +02:00
Code Issues Projects Releases Wiki Activity
a2de4c75cd
vault/internalshared/configutil/kms_test.go
Rachel Culpepper 254d8f8356
Vault-11623: OSS changes for seal config and env vars (#21116) 
* add config changes for name and priority fields in seal stanza

* change env vars and fix tests

* add header and fix func call

* tweak limits on seals

* fix missing import

* add docstrings
2023-06-21 16:30:59 -05:00

103 lines
3.7 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package configutil
import (
"os"
"reflect"
"testing"
)
func Test_getEnvConfig(t *testing.T) {
tests := []struct {
name string
kms *KMS
envVars map[string]string
want map[string]string
}{
{
"AliCloud wrapper",
&KMS{
Type: "alicloudkms",
Priority: 1,
},
map[string]string{"ALICLOUD_REGION": "test_region", "ALICLOUD_DOMAIN": "test_domain", "ALICLOUD_ACCESS_KEY": "test_access_key", "ALICLOUD_SECRET_KEY": "test_secret_key", "VAULT_ALICLOUDKMS_SEAL_KEY_ID": "test_key_id"},
map[string]string{"region": "test_region", "domain": "test_domain", "access_key": "test_access_key", "secret_key": "test_secret_key", "kms_key_id": "test_key_id"},
},
{
"AWS KMS wrapper",
&KMS{
Type: "awskms",
Priority: 1,
},
map[string]string{"AWS_REGION": "test_region", "AWS_ACCESS_KEY_ID": "test_access_key", "AWS_SECRET_ACCESS_KEY": "test_secret_key", "VAULT_AWSKMS_SEAL_KEY_ID": "test_key_id"},
map[string]string{"region": "test_region", "access_key": "test_access_key", "secret_key": "test_secret_key", "kms_key_id": "test_key_id"},
},
{
"Azure KeyVault wrapper",
&KMS{
Type: "azurekeyvault",
Priority: 1,
},
map[string]string{"AZURE_TENANT_ID": "test_tenant_id", "AZURE_CLIENT_ID": "test_client_id", "AZURE_CLIENT_SECRET": "test_client_secret", "AZURE_ENVIRONMENT": "test_environment", "VAULT_AZUREKEYVAULT_VAULT_NAME": "test_vault_name", "VAULT_AZUREKEYVAULT_KEY_NAME": "test_key_name"},
map[string]string{"tenant_id": "test_tenant_id", "client_id": "test_client_id", "client_secret": "test_client_secret", "environment": "test_environment", "vault_name": "test_vault_name", "key_name": "test_key_name"},
},
{
"GCP CKMS wrapper",
&KMS{
Type: "gcpckms",
Priority: 1,
},
map[string]string{"GOOGLE_CREDENTIALS": "test_credentials", "GOOGLE_PROJECT": "test_project", "GOOGLE_REGION": "test_region", "VAULT_GCPCKMS_SEAL_KEY_RING": "test_key_ring", "VAULT_GCPCKMS_SEAL_CRYPTO_KEY": "test_crypto_key"},
map[string]string{"credentials": "test_credentials", "project": "test_project", "region": "test_region", "key_ring": "test_key_ring", "crypto_key": "test_crypto_key"},
},
{
"OCI KMS wrapper",
&KMS{
Type: "ocikms",
Priority: 1,
},
map[string]string{"VAULT_OCIKMS_SEAL_KEY_ID": "test_key_id", "VAULT_OCIKMS_CRYPTO_ENDPOINT": "test_crypto_endpoint", "VAULT_OCIKMS_MANAGEMENT_ENDPOINT": "test_management_endpoint"},
map[string]string{"key_id": "test_key_id", "crypto_endpoint": "test_crypto_endpoint", "management_endpoint": "test_management_endpoint"},
},
{
"Transit wrapper",
&KMS{
Type: "transit",
Priority: 1,
},
map[string]string{"VAULT_ADDR": "test_address", "VAULT_TOKEN": "test_token", "VAULT_TRANSIT_SEAL_KEY_NAME": "test_key_name", "VAULT_TRANSIT_SEAL_MOUNT_PATH": "test_mount_path"},
map[string]string{"address": "test_address", "token": "test_token", "key_name": "test_key_name", "mount_path": "test_mount_path"},
},
{
"Environment vars not set",
&KMS{
Type: "awskms",
Priority: 1,
},
map[string]string{},
map[string]string{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
for envName, envVal := range tt.envVars {
if err := os.Setenv(envName, envVal); err != nil {
t.Errorf("error setting environment vars for test: %s", err)
}
}
if got := GetEnvConfigFunc(tt.kms); !reflect.DeepEqual(got, tt.want) {
t.Errorf("getEnvConfig() = %v, want %v", got, tt.want)
}
for env := range tt.envVars {
if err := os.Unsetenv(env); err != nil {
t.Errorf("error unsetting environment vars for test: %s", err)
}
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink