mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-10 00:27:02 +02:00
Code Issues Projects Releases Wiki Activity
ad90e0b39d
vault/sdk/plugin/grpc_system_test.go
Michael Golowka ad90e0b39d
Add user configurable password policies available to secret engines (#8637) 
* Add random string generator with rules engine

This adds a random string generation library that validates random
strings against a set of rules. The library is designed for use as generating
passwords, but can be used to generate any random strings.
2020-05-27 12:28:00 -06:00

302 lines
7.4 KiB
Go
Raw Blame History

package plugin
import (
"context"
"reflect"
"testing"
"time"
"github.com/golang/protobuf/proto"
plugin "github.com/hashicorp/go-plugin"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/random"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/plugin/pb"
"google.golang.org/grpc"
)
func TestSystem_GRPC_GRPC_impl(t *testing.T) {
var _ logical.SystemView = new(gRPCSystemViewClient)
}
func TestSystem_GRPC_defaultLeaseTTL(t *testing.T) {
sys := logical.TestSystemView()
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.DefaultLeaseTTL()
actual := testSystemView.DefaultLeaseTTL()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_maxLeaseTTL(t *testing.T) {
sys := logical.TestSystemView()
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.MaxLeaseTTL()
actual := testSystemView.MaxLeaseTTL()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_tainted(t *testing.T) {
sys := logical.TestSystemView()
sys.TaintedVal = true
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.Tainted()
actual := testSystemView.Tainted()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_cachingDisabled(t *testing.T) {
sys := logical.TestSystemView()
sys.CachingDisabledVal = true
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.CachingDisabled()
actual := testSystemView.CachingDisabled()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_replicationState(t *testing.T) {
sys := logical.TestSystemView()
sys.ReplicationStateVal = consts.ReplicationPerformancePrimary
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.ReplicationState()
actual := testSystemView.ReplicationState()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_responseWrapData(t *testing.T) {
t.SkipNow()
}
func TestSystem_GRPC_lookupPlugin(t *testing.T) {
sys := logical.TestSystemView()
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
if _, err := testSystemView.LookupPlugin(context.Background(), "foo", consts.PluginTypeDatabase); err == nil {
t.Fatal("LookPlugin(): expected error on due to unsupported call from plugin")
}
}
func TestSystem_GRPC_mlockEnabled(t *testing.T) {
sys := logical.TestSystemView()
sys.EnableMlock = true
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected := sys.MlockEnabled()
actual := testSystemView.MlockEnabled()
if !reflect.DeepEqual(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_entityInfo(t *testing.T) {
sys := logical.TestSystemView()
sys.EntityVal = &logical.Entity{
ID: "id",
Name: "name",
Metadata: map[string]string{
"foo": "bar",
},
Aliases: []*logical.Alias{
&logical.Alias{
MountType: "logical",
MountAccessor: "accessor",
Name: "name",
Metadata: map[string]string{
"zip": "zap",
},
},
},
Disabled: true,
}
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
actual, err := testSystemView.EntityInfo("")
if err != nil {
t.Fatal(err)
}
if !proto.Equal(sys.EntityVal, actual) {
t.Fatalf("expected: %v, got: %v", sys.EntityVal, actual)
}
}
func TestSystem_GRPC_groupsForEntity(t *testing.T) {
sys := logical.TestSystemView()
sys.GroupsVal = []*logical.Group{
{
ID: "group1-id",
Name: "group1",
Metadata: map[string]string{
"group-metadata": "metadata-value",
},
},
}
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
actual, err := testSystemView.GroupsForEntity("")
if err != nil {
t.Fatal(err)
}
if !proto.Equal(sys.GroupsVal[0], actual[0]) {
t.Fatalf("expected: %v, got: %v", sys.GroupsVal, actual)
}
}
func TestSystem_GRPC_pluginEnv(t *testing.T) {
sys := logical.TestSystemView()
sys.PluginEnvironment = &logical.PluginEnvironment{
VaultVersion: "0.10.42",
}
client, _ := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer client.Close()
testSystemView := newGRPCSystemView(client)
expected, err := sys.PluginEnv(context.Background())
if err != nil {
t.Fatal(err)
}
actual, err := testSystemView.PluginEnv(context.Background())
if err != nil {
t.Fatal(err)
}
if !proto.Equal(expected, actual) {
t.Fatalf("expected: %v, got: %v", expected, actual)
}
}
func TestSystem_GRPC_GeneratePasswordFromPolicy(t *testing.T) {
policyName := "testpolicy"
expectedPolicy := &random.StringGenerator{
Length: 8,
Rules: []random.Rule{
&random.CharsetRule{
Charset: random.LowercaseRuneset,
MinChars: 1,
},
&random.CharsetRule{
Charset: random.UppercaseRuneset,
MinChars: 1,
},
&random.CharsetRule{
Charset: random.NumericRuneset,
MinChars: 1,
},
&random.CharsetRule{
Charset: random.ShortSymbolRuneset,
MinChars: 1,
},
},
}
sys := &logical.StaticSystemView{
PasswordPolicies: map[string]logical.PasswordPolicy{
policyName: logical.PasswordPolicy(expectedPolicy),
},
}
client, server := plugin.TestGRPCConn(t, func(s *grpc.Server) {
pb.RegisterSystemViewServer(s, &gRPCSystemViewServer{
impl: sys,
})
})
defer server.Stop()
defer client.Close()
testSystemView := newGRPCSystemView(client)
ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
defer cancel()
password, err := testSystemView.GeneratePasswordFromPolicy(ctx, policyName)
if err != nil {
t.Fatalf("no error expected, got: %s", err)
}
passRunes := []rune(password)
if len(passRunes) != expectedPolicy.Length {
t.Fatalf("Generated password should have length %d but was %d", expectedPolicy.Length, len(passRunes))
}
for _, rule := range expectedPolicy.Rules {
if !rule.Pass(passRunes) {
t.Fatalf("Password [%s] did not pass rule: %#v", password, rule)
}
}
}
Reference in New Issue View Git Blame Copy Permalink