stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 34 Wiki Activity

Introduce "mount" parameter for KV v2 methods (#25)

Browse Source 
The backend can be mounted on an arbitrary path, so this path can now be
passed as an arugment along with the corresponding method call.
This commit is contained in:
Stefan Kalscheuer
2019-03-17 14:00:57 +01:00
parent ad2986195d
commit 068f961454
3 changed files with 158 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@ -78,7 +78,7 @@ public class HTTPVaultConnectorTest {
private static final String SECRET_KEY_COMPLEX = "complex";
// KV v2 secret with 2 versions.
private static final String PATH_KV2 = "kv/";
private static final String MOUNT_KV2 = "kv";
private static final String SECRET2_KEY = "foo2";
private static final String SECRET2_VALUE1 = "bar2";
private static final String SECRET2_VALUE2 = "bar3";
@ -748,7 +748,7 @@ public class HTTPVaultConnectorTest {
// Try to read accessible path with known value.
SecretResponse res;
try {
res = connector.readSecretData(SECRET2_KEY);
res = connector.readSecretData(MOUNT_KV2, SECRET2_KEY);
assertThat("Metadata not populated for KV v2 secret", res.getMetadata(), is(notNullValue()));
assertThat("Unexpected secret version", res.getMetadata().getVersion(), is(2));
assertThat("Known secret returned invalid value.", res.getValue(), is(SECRET2_VALUE2));
@ -758,7 +758,7 @@ public class HTTPVaultConnectorTest {
// Try to read different version of same secret.
try {
res = connector.readSecretVersion(SECRET2_KEY, 1);
res = connector.readSecretVersion(MOUNT_KV2, SECRET2_KEY, 1);
assertThat("Unexpected secret version", res.getMetadata().getVersion(), is(1));
assertThat("Known secret returned invalid value.", res.getValue(), is(SECRET2_VALUE1));
} catch (VaultConnectorException e) {
@ -776,7 +776,7 @@ public class HTTPVaultConnectorTest {
// Try to read accessible path with known value.
try {
MetadataResponse res = connector.readSecretMetadata(SECRET2_KEY);
MetadataResponse res = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
assertThat("Metadata not populated for KV v2 secret", res.getMetadata(), is(notNullValue()));
assertThat("Unexpected secret version", res.getMetadata().getCurrentVersion(), is(2));
assertThat("Unexpected number of secret versions", res.getMetadata().getVersions().size(), is(2));
@ -798,16 +798,16 @@ public class HTTPVaultConnectorTest {
// Try to delete inexisting versions.
MetadataResponse meta;
try {
connector.deleteSecretVersions(SECRET2_KEY, 5, 42);
meta = connector.readSecretMetadata(SECRET2_KEY);
connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 5, 42);
meta = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
} catch (VaultConnectorException e) {
fail("Revealed non-existence of secret versions");
}
// Now delete existing version and verify.
try {
connector.deleteSecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
connector.deleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1);
meta = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
assertThat("Expected deletion time for secret 1", meta.getMetadata().getVersions().get(1).getDeletionTime(), is(notNullValue()));
} catch (VaultConnectorException e) {
fail("Deleting existing version failed");
@ -815,8 +815,8 @@ public class HTTPVaultConnectorTest {
// Undelete the just deleted version.
try {
connector.undeleteSecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
connector.undeleteSecretVersions(MOUNT_KV2, SECRET2_KEY, 1);
meta = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
assertThat("Expected deletion time for secret 1 to be reset", meta.getMetadata().getVersions().get(1).getDeletionTime(), is(nullValue()));
} catch (VaultConnectorException e) {
fail("Undeleting existing version failed");
@ -824,8 +824,8 @@ public class HTTPVaultConnectorTest {
// Now destroy it.
try {
connector.destroySecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
connector.destroySecretVersions(MOUNT_KV2, SECRET2_KEY, 1);
meta = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
assertThat("Expected secret 1 to be marked destroyed", meta.getMetadata().getVersions().get(1).isDestroyed(), is(true));
} catch (VaultConnectorException e) {
fail("Destroying existing version failed");
@ -833,8 +833,8 @@ public class HTTPVaultConnectorTest {
// Delete latest version.
try {
connector.deleteLatestSecretVersion(SECRET2_KEY);
meta = connector.readSecretMetadata(SECRET2_KEY);
connector.deleteLatestSecretVersion(MOUNT_KV2, SECRET2_KEY);
meta = connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
assertThat("Expected secret 2 to be deleted", meta.getMetadata().getVersions().get(2).getDeletionTime(), is(notNullValue()));
} catch (VaultConnectorException e) {
fail("Deleting latest version failed");
@ -842,12 +842,12 @@ public class HTTPVaultConnectorTest {
// Delete all versions.
try {
connector.deleteAllSecretVersions(SECRET2_KEY);
connector.deleteAllSecretVersions(MOUNT_KV2, SECRET2_KEY);
} catch (VaultConnectorException e) {
fail("Deleting latest version failed: " + e.getMessage());
}
try {
connector.readSecretMetadata(SECRET2_KEY);
connector.readSecretMetadata(MOUNT_KV2, SECRET2_KEY);
fail("Reading metadata of deleted secret should not succeed");
} catch (Exception e) {
assertThat(e, is(instanceOf(InvalidResponseException.class)));