stklcode/jvaultconnector
stklcode/jvaultconnector
1
0
Fork 0
Code Issues Actions Releases 33 Wiki Activity

Extend unit test to new KV v2 methods [skip ci]

Browse Source 
This test does not yet work without changes, because KV v2 is mounted on
 non-standard path and this is not yet supported (see #25).
This commit is contained in:
Stefan Kalscheuer 2018-11-20 12:11:37 +01:00
parent 493bed55f0
commit c2bd54ca22
2 changed files with 124 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
src/test/java/de/stklcode/jvault/connector/HTTPVaultConnectorTest.java
View File

@ -77,6 +77,12 @@ public class HTTPVaultConnectorTest {
private static final String SECRET_KEY_JSON = "json";
private static final String SECRET_KEY_COMPLEX = "complex";
// KV v2 secret with 2 versions.
private static final String PATH_KV2 = "kv/";
private static final String SECRET2_KEY = "foo2";
private static final String SECRET2_VALUE1 = "bar2";
private static final String SECRET2_VALUE2 = "bar3";
private Process vaultProcess;
private VaultConnector connector;
@ -730,6 +736,123 @@ public class HTTPVaultConnectorTest {
}
}
/**
* Test reading of secrets from KV v2 store.
*/
@Test
public void readSecretV2Test() {
authUser();
assumeTrue(connector.isAuthorized());
// Try to read accessible path with known value.
SecretResponse res;
try {
res = connector.readSecretData(SECRET2_KEY);
assertThat("Metadata not populated for KV v2 secret", res.getMetadata(), is(notNullValue()));
assertThat("Unexpected secret version", res.getMetadata().getVersion(), is(2));
assertThat("Known secret returned invalid value.", res.getValue(), is(SECRET2_VALUE2));
} catch (VaultConnectorException e) {
fail("Valid secret path could not be read: " + e.getMessage());
}
// Try to read different version of same secret.
try {
res = connector.readSecretVersion(SECRET2_KEY, 1);
assertThat("Unexpected secret version", res.getMetadata().getVersion(), is(1));
assertThat("Known secret returned invalid value.", res.getValue(), is(SECRET2_VALUE1));
} catch (VaultConnectorException e) {
fail("Valid secret version could not be read: " + e.getMessage());
}
}
/**
* Test reading of secret metadata from KV v2 store.
*/
@Test
public void readSecretMetadataTest() {
authUser();
assumeTrue(connector.isAuthorized());
// Try to read accessible path with known value.
try {
MetadataResponse res = connector.readSecretMetadata(SECRET2_KEY);
assertThat("Metadata not populated for KV v2 secret", res.getMetadata(), is(notNullValue()));
assertThat("Unexpected secret version", res.getMetadata().getCurrentVersion(), is(2));
assertThat("Unexpected number of secret versions", res.getMetadata().getVersions().size(), is(2));
assertThat("Creation date should be present", res.getMetadata().getCreatedTime(), is(notNullValue()));
assertThat("Update date should be present", res.getMetadata().getUpdatedTime(), is(notNullValue()));
} catch (VaultConnectorException e) {
fail("Valid secret path could not be read: " + e.getMessage());
}
}
/**
* Test deleting specific secret versions from KV v2 store.
*/
@Test
public void handleSecretVersionsTest() {
authUser();
assumeTrue(connector.isAuthorized());
// Try to delete inexisting versions.
MetadataResponse meta;
try {
connector.deleteSecretVersions(SECRET2_KEY, 5, 42);
meta = connector.readSecretMetadata(SECRET2_KEY);
} catch (VaultConnectorException e) {
fail("Revealed non-existence of secret versions");
}
// Now delete existing version and verify.
try {
connector.deleteSecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
assertThat("Expected deletion time for secret 1", meta.getMetadata().getVersions().get(1).getDeletionTime(), is(notNullValue()));
} catch (VaultConnectorException e) {
fail("Deleting existing version failed");
}
// Undelete the just deleted version.
try {
connector.undeleteSecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
assertThat("Expected deletion time for secret 1 to be reset", meta.getMetadata().getVersions().get(1).getDeletionTime(), is(nullValue()));
} catch (VaultConnectorException e) {
fail("Undeleting existing version failed");
}
// Now destroy it.
try {
connector.destroySecretVersions(SECRET2_KEY, 1);
meta = connector.readSecretMetadata(SECRET2_KEY);
assertThat("Expected secret 1 to be marked destroyed", meta.getMetadata().getVersions().get(1).isDestroyed(), is(true));
} catch (VaultConnectorException e) {
fail("Destroying existing version failed");
}
// Delete latest version.
try {
connector.deleteLatestSecretVersion(SECRET2_KEY);
meta = connector.readSecretMetadata(SECRET2_KEY);
assertThat("Expected secret 2 to be deleted", meta.getMetadata().getVersions().get(2).getDeletionTime(), is(notNullValue()));
} catch (VaultConnectorException e) {
fail("Deleting latest version failed");
}
// Delete all versions.
try {
connector.deleteAllSecretVersions(SECRET2_KEY);
} catch (VaultConnectorException e) {
fail("Deleting latest version failed: " + e.getMessage());
}
try {
connector.readSecretMetadata(SECRET2_KEY);
fail("Reading metadata of deleted secret should not succeed");
} catch (Exception e) {
assertThat(e, is(instanceOf(InvalidResponseException.class)));
}
}
/**
* Test listing secrets.
*/

2
src/test/resources/data_dir/sys/policy/_user
View File

@ -1 +1 @@
{"Value":"AAAAAQLCgjqndhozT2JTFStJ8yqLGSlBsqtol6u7Rfl1oX1fIfYevraxwpCFORxRx3v77RDNX0xzXkJ1taJ8LVx/9m4GEp5XPh2AsB0nPy0Sfr0s1jqR4Ev8d+z6X01099F6mNfUAnx3gmGuubXZC28Sp3dLBf9Xy080mD0yd+GqlHp2WXnW0aWQKchWwArkTHRxR1722tkbXmr8E72aRz+5eyHapnWXnKhppznQPkGaOY2y9nxhoOM04FVqHA=="}
{"Value":"AAAAAQKh97jibnzLjYI1Er2PQ1+U2voHGqTowY24utgPth4i3fCwUbJ15i8JY/4DiqjjyNTfDni4deNiUNIsn2PzWsPsEoiDS83rVPDibov4TKjHFomxew1oEqXOTmqYlKZcaeR5FiDWMLA8jPwkkP/6mknRp3AnjUUGNvw5EJVFREBJh+qw52CCRztcPJ7lYyUuOfBn0OHLowTV9QlQ6zmyBSu+HY2xrFtucboe1l3VNUdAbq3qk139CGzn9chzUi6xBtUf2JLiuuyFYOcPMMtFu+tzq09WH07T4OuUp5l7ytI+9dTnyCtciHDZNlflZyaIssNoBFThiJ0GeeZK3wYSspb+wG86xS7MoGJZhAnlvXjvCebKY4hekX9O"}