mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-14 10:37:00 +02:00
Code Issues Projects Releases Wiki Activity
bc69ef899a
vault/helper/builtinplugins/builtinplugins_test.go
hashicorp-copywrite[bot] 0b12cdcfd1
[COMPLIANCE] License changes (#22290) 
* Adding explicit MPL license for sub-package.

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Adding explicit MPL license for sub-package.

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Updating the license from MPL to Business Source License.

Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.

* add missing license headers

* Update copyright file headers to BUS-1.1

* Fix test that expected exact offset on hcl file

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2023-08-10 18:14:03 -07:00

151 lines
4.6 KiB
Go
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package builtinplugins
import (
"testing"
logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
"github.com/hashicorp/vault/api"
logicalDb "github.com/hashicorp/vault/builtin/logical/database"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"
)
// TestBuiltinPluginsWork exists to confirm that all the credential and secrets plugins in Registry can successfully be
// initialized. Database plugins are excluded as there is no general way to initialize them - they require
// plugin-specific configuration at the time of initialization.
//
// This detects coding errors which would cause the plugins to panic on initialization - various aspects of the
// configuration of a framework.Backend are checked during Backend.init(), which runs as a sync.Once function triggered
// upon first request.
//
// In this test, a help request is used to trigger that initialization, since it is valid for all plugins.
func TestBuiltinPluginsWork(t *testing.T) {
cluster := vault.NewTestCluster(
t,
&vault.CoreConfig{
BuiltinRegistry: Registry,
LogicalBackends: map[string]logical.Factory{
// This needs to be here for madly overcomplicated reasons, otherwise we end up mounting a KV v1 even
// when we try to explicitly mount a KV v2...
//
// vault.NewCore hardcodes "kv" to vault.PassthroughBackendFactory if no explicit entry is configured,
// and this hardcoding is re-overridden in command.logicalBackends to point back to the real KV plugin.
// As far as I can tell, nothing at all relies upon the definition of "kv" in builtinplugins.Registry,
// as it always gets resolved via the logicalBackends map and the pluginCatalog is never queried.
"kv": logicalKv.Factory,
// Semi-similarly, "database" is added in command.logicalBackends and not at all in
// builtinplugins.Registry, so we need to add it here to be able to test it!
"database": logicalDb.Factory,
},
PendingRemovalMountsAllowed: true,
},
&vault.TestClusterOptions{
HandlerFunc: vaulthttp.Handler,
NumCores: 1,
},
)
cluster.Start()
defer cluster.Cleanup()
cores := cluster.Cores
vault.TestWaitActive(t, cores[0].Core)
client := cores[0].Client
for _, authType := range append(
Registry.Keys(consts.PluginTypeCredential),
"token",
) {
deprecationStatus, _ := Registry.DeprecationStatus(authType, consts.PluginTypeCredential)
if deprecationStatus == consts.Removed {
continue
}
t.Run("Auth Method "+authType, func(t *testing.T) {
// This builtin backend is automatically mounted and should not be mounted again
if authType != "token" {
if err := client.Sys().EnableAuthWithOptions(authType, &api.EnableAuthOptions{
Type: authType,
}); err != nil {
t.Fatal(err)
}
}
if _, err := client.Logical().ReadWithData(
"auth/"+authType,
map[string][]string{"help": {"1"}},
); err != nil {
t.Fatal(err)
}
})
}
for _, secretsType := range append(
Registry.Keys(consts.PluginTypeSecrets),
"database",
"cubbyhole",
"identity",
"sys",
) {
deprecationStatus, _ := Registry.DeprecationStatus(secretsType, consts.PluginTypeSecrets)
if deprecationStatus == consts.Removed {
continue
}
t.Run("Secrets Engine "+secretsType, func(t *testing.T) {
switch secretsType {
// These three builtin backends are automatically mounted and should not be mounted again
case "cubbyhole":
case "identity":
case "sys":
default:
if err := client.Sys().Mount(secretsType, &api.MountInput{
Type: secretsType,
}); err != nil {
t.Fatal(err)
}
}
if _, err := client.Logical().ReadWithData(
secretsType,
map[string][]string{"help": {"1"}},
); err != nil {
t.Fatal(err)
}
})
}
t.Run("Secrets Engine kv v2", func(t *testing.T) {
if err := client.Sys().Mount("kv-v2", &api.MountInput{
Type: "kv",
Options: map[string]string{
"version": "2",
},
}); err != nil {
t.Fatal(err)
}
if _, err := client.Logical().ReadWithData(
"kv-v2",
map[string][]string{"help": {"1"}},
); err != nil {
t.Fatal(err)
}
})
// This last part is not strictly necessary for original purpose of this test (checking the plugins initialize
// without errors), but whilst we have a test Vault with one of everything mounted, let's also test that the full
// OpenAPI document generation succeeds too.
t.Run("Whole OpenAPI document", func(t *testing.T) {
if _, err := client.Logical().Read("sys/internal/specs/openapi"); err != nil {
t.Fatal(err)
}
})
}
Reference in New Issue View Git Blame Copy Permalink