mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 19:47:02 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
481 lines
14 KiB
JavaScript
481 lines
14 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import sinon from 'sinon';
|
|
import { module, test } from 'qunit';
|
|
import { setupTest } from 'ember-qunit';
|
|
|
|
module('Unit | Model | secret-engine', function (hooks) {
|
|
setupTest(hooks);
|
|
hooks.beforeEach(function () {
|
|
this.store = this.owner.lookup('service:store');
|
|
});
|
|
|
|
module('modelTypeForKV', function () {
|
|
test('is secret by default', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine');
|
|
assert.strictEqual(model.get('modelTypeForKV'), 'secret');
|
|
});
|
|
|
|
test('is secret-v2 for kv v2', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
version: 2,
|
|
type: 'kv',
|
|
});
|
|
assert.strictEqual(model.get('modelTypeForKV'), 'secret-v2');
|
|
});
|
|
|
|
test('is secret-v2 for generic v2', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
version: 2,
|
|
type: 'kv',
|
|
});
|
|
|
|
assert.strictEqual(model.get('modelTypeForKV'), 'secret-v2');
|
|
});
|
|
|
|
test('is secret when v2 if not kv or generic', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
version: 2,
|
|
type: 'ssh',
|
|
});
|
|
|
|
assert.strictEqual(model.get('modelTypeForKV'), 'secret');
|
|
});
|
|
});
|
|
|
|
module('formFields', function () {
|
|
test('it returns correct fields by default', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: '',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFields'), [
|
|
'type',
|
|
'path',
|
|
'description',
|
|
'accessor',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
]);
|
|
});
|
|
|
|
test('it returns correct fields for KV v1', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'kv',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFields'), [
|
|
'type',
|
|
'path',
|
|
'description',
|
|
'accessor',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
'version',
|
|
]);
|
|
});
|
|
|
|
test('it returns correct fields for KV v2', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'kv',
|
|
version: '2',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFields'), [
|
|
'type',
|
|
'path',
|
|
'description',
|
|
'accessor',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
'version',
|
|
'casRequired',
|
|
'deleteVersionAfter',
|
|
'maxVersions',
|
|
]);
|
|
});
|
|
|
|
test('it returns correct fields for keymgmt', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'keymgmt',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFields'), [
|
|
'type',
|
|
'path',
|
|
'description',
|
|
'accessor',
|
|
'local',
|
|
'sealWrap',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
]);
|
|
});
|
|
});
|
|
|
|
module('formFieldGroups', function () {
|
|
test('returns correct values by default', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'aws',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path'] },
|
|
{
|
|
'Method Options': [
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
test('returns correct values for KV', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'kv',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path', 'maxVersions', 'casRequired', 'deleteVersionAfter'] },
|
|
{
|
|
'Method Options': [
|
|
'version',
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
|
|
test('returns correct values for generic', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'generic',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path'] },
|
|
{
|
|
'Method Options': [
|
|
'version',
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.defaultLeaseTtl',
|
|
'config.maxLeaseTtl',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
|
|
test('returns correct values for database', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'database',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl'] },
|
|
{
|
|
'Method Options': [
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
|
|
test('returns correct values for pki', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'pki',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl', 'config.allowedManagedKeys'] },
|
|
{
|
|
'Method Options': [
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
|
|
test('returns correct values for keymgmt', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'keymgmt',
|
|
});
|
|
|
|
assert.deepEqual(model.get('formFieldGroups'), [
|
|
{ default: ['path'] },
|
|
{
|
|
'Method Options': [
|
|
'description',
|
|
'config.listingVisibility',
|
|
'local',
|
|
'sealWrap',
|
|
'config.allowedManagedKeys',
|
|
'config.auditNonHmacRequestKeys',
|
|
'config.auditNonHmacResponseKeys',
|
|
'config.passthroughRequestHeaders',
|
|
'config.allowedResponseHeaders',
|
|
],
|
|
},
|
|
]);
|
|
});
|
|
});
|
|
|
|
module('engineType', function () {
|
|
test('strips leading ns_ from type', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
// eg. ns_cubbyhole, ns_identity, ns_system
|
|
type: 'ns_identity',
|
|
});
|
|
assert.strictEqual(model.engineType, 'identity');
|
|
});
|
|
test('returns type by default', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'zebras',
|
|
});
|
|
assert.strictEqual(model.engineType, 'zebras');
|
|
});
|
|
});
|
|
|
|
module('icon', function () {
|
|
test('returns secrets if no engineType', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: '',
|
|
});
|
|
assert.strictEqual(model.icon, 'secrets');
|
|
});
|
|
test('returns secrets if kmip', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'kmip',
|
|
});
|
|
assert.strictEqual(model.icon, 'secrets');
|
|
});
|
|
test('returns key if keymgmt', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'keymgmt',
|
|
});
|
|
assert.strictEqual(model.icon, 'key');
|
|
});
|
|
test('returns engineType by default', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'ducks',
|
|
});
|
|
assert.strictEqual(model.icon, 'ducks');
|
|
});
|
|
});
|
|
|
|
module('shouldIncludeInList', function () {
|
|
test('returns false if excludeList includes type', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'system',
|
|
});
|
|
assert.false(model.shouldIncludeInList);
|
|
});
|
|
test('returns true if excludeList does not include type', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'hippos',
|
|
});
|
|
assert.true(model.shouldIncludeInList);
|
|
});
|
|
});
|
|
|
|
module('localDisplay', function () {
|
|
test('returns local if local', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
local: true,
|
|
});
|
|
assert.strictEqual(model.localDisplay, 'local');
|
|
});
|
|
test('returns replicated if !local', function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
local: false,
|
|
});
|
|
assert.strictEqual(model.localDisplay, 'replicated');
|
|
});
|
|
});
|
|
|
|
module('saveCA', function () {
|
|
test('does not call endpoint if type != ssh', async function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'not-ssh',
|
|
});
|
|
const saveSpy = sinon.spy(model, 'save');
|
|
await model.saveCA({});
|
|
assert.ok(saveSpy.notCalled, 'save not called');
|
|
});
|
|
test('calls save with correct params', async function (assert) {
|
|
assert.expect(4);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'ssh',
|
|
privateKey: 'private-key',
|
|
publicKey: 'public-key',
|
|
generateSigningKey: true,
|
|
});
|
|
const saveStub = sinon.stub(model, 'save').callsFake((params) => {
|
|
assert.deepEqual(
|
|
params,
|
|
{
|
|
adapterOptions: {
|
|
options: {},
|
|
apiPath: 'config/ca',
|
|
attrsToSend: ['privateKey', 'publicKey', 'generateSigningKey'],
|
|
},
|
|
},
|
|
'send correct params to save'
|
|
);
|
|
return;
|
|
});
|
|
|
|
await model.saveCA({});
|
|
assert.strictEqual(model.privateKey, 'private-key', 'value exists before save');
|
|
assert.strictEqual(model.publicKey, 'public-key', 'value exists before save');
|
|
assert.true(model.generateSigningKey, 'value true before save');
|
|
|
|
saveStub.restore();
|
|
});
|
|
test('sets properties when isDelete', async function (assert) {
|
|
assert.expect(7);
|
|
const model = this.store.createRecord('secret-engine', {
|
|
type: 'ssh',
|
|
privateKey: 'private-key',
|
|
publicKey: 'public-key',
|
|
generateSigningKey: true,
|
|
});
|
|
const saveStub = sinon.stub(model, 'save').callsFake((params) => {
|
|
assert.deepEqual(
|
|
params,
|
|
{
|
|
adapterOptions: {
|
|
options: { isDelete: true },
|
|
apiPath: 'config/ca',
|
|
attrsToSend: ['privateKey', 'publicKey', 'generateSigningKey'],
|
|
},
|
|
},
|
|
'send correct params to save'
|
|
);
|
|
return;
|
|
});
|
|
assert.strictEqual(model.privateKey, 'private-key', 'value exists before save');
|
|
assert.strictEqual(model.publicKey, 'public-key', 'value exists before save');
|
|
assert.true(model.generateSigningKey, 'value true before save');
|
|
|
|
await model.saveCA({ isDelete: true });
|
|
assert.strictEqual(model.privateKey, null, 'value null after save');
|
|
assert.strictEqual(model.publicKey, null, 'value null after save');
|
|
assert.false(model.generateSigningKey, 'value false after save');
|
|
saveStub.restore();
|
|
});
|
|
});
|
|
|
|
module('saveZeroAddressConfig', function () {
|
|
test('calls save with correct params', async function (assert) {
|
|
assert.expect(1);
|
|
const model = this.store.createRecord('secret-engine', {});
|
|
const saveStub = sinon.stub(model, 'save').callsFake((params) => {
|
|
assert.deepEqual(
|
|
params,
|
|
{
|
|
adapterOptions: {
|
|
adapterMethod: 'saveZeroAddressConfig',
|
|
},
|
|
},
|
|
'send correct params to save'
|
|
);
|
|
return;
|
|
});
|
|
await model.saveZeroAddressConfig();
|
|
saveStub.restore();
|
|
});
|
|
});
|
|
});
|