vault: Testing mount table setup

2026-06-11 01:42:06 -04:00 · 2015-03-11 15:33:25 -07:00 · 2015-03-11 15:33:25 -07:00 · 0c25e5cdff
commit 0c25e5cdff
parent e585bfcd40
4 changed files with 93 additions and 0 deletions
--- a/vault/core_test.go
+++ b/vault/core_test.go
@ -17,6 +17,28 @@ func testCore(t *testing.T) *Core {
 	return c
 }

+func testUnsealedCore(t *testing.T) (*Core, []byte) {
+	c := testCore(t)
+	sealConf := &SealConfig{
+		SecretShares:    1,
+		SecretThreshold: 1,
+	}
+	res, err := c.Initialize(sealConf)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	master := make([]byte, len(res.SecretShares[0]))
+	copy(master, res.SecretShares[0])
+	unseal, err := c.Unseal(res.SecretShares[0])
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if !unseal {
+		t.Fatalf("should be unsealed")
+	}
+	return c, master
+}
+
 func TestCore_Init(t *testing.T) {
 	inm := physical.NewInmem()
 	conf := &CoreConfig{physical: inm}
--- a/vault/logical_backend.go
+++ b/vault/logical_backend.go
@ -10,6 +10,10 @@ var (
 	// ErrUnsupportedOperation is returned if the operation is not supported
 	// by the logical backend.
 	ErrUnsupportedOperation = errors.New("unsupported operation")
+
+	// ErrUnsupportedPath is returned if the path is not supported
+	// by the logical backend.
+	ErrUnsupportedPath = errors.New("unsupported path")
 )

 // LogicalBackend interface must be implemented to be "mountable" at
--- a/vault/mount.go
+++ b/vault/mount.go
@ -34,6 +34,7 @@ func (c *Core) loadMounts() error {
 		return errors.New("failed to setup mount table")
 	}
 	if raw != nil {
+		c.mounts = &MountTable{}
 		if err := json.Unmarshal(raw.Value, c.mounts); err != nil {
 			c.logger.Printf("[ERR] core: failed to decode mount table: %v", err)
 			return errors.New("failed to setup mount table")
--- a/vault/mount_test.go
+++ b/vault/mount_test.go
@ -0,0 +1,66 @@
+package vault
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestCore_DefaultMountTable(t *testing.T) {
+	c, key := testUnsealedCore(t)
+	verifyDefaultTable(t, c.mounts)
+
+	// Start a second core with same physical
+	conf := &CoreConfig{physical: c.physical}
+	c2, err := NewCore(conf)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	unseal, err := c2.Unseal(key)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if !unseal {
+		t.Fatalf("should be unsealed")
+	}
+
+	// Verify matching mount tables
+	if !reflect.DeepEqual(c.mounts, c2.mounts) {
+		t.Fatalf("mismatch: %v %v", c.mounts, c2.mounts)
+	}
+}
+
+func TestDefaultMountTable(t *testing.T) {
+	table := defaultMountTable()
+	verifyDefaultTable(t, table)
+}
+
+func verifyDefaultTable(t *testing.T, table *MountTable) {
+	if len(table.Entries) != 2 {
+		t.Fatalf("bad: %v", table.Entries)
+	}
+	for idx, entry := range table.Entries {
+		switch idx {
+		case 0:
+			if entry.Path != "secret/" {
+				t.Fatalf("bad: %v", entry)
+			}
+			if entry.Type != "generic" {
+				t.Fatalf("bad: %v", entry)
+			}
+		case 1:
+			if entry.Path != "sys/" {
+				t.Fatalf("bad: %v", entry)
+			}
+			if entry.Type != "system" {
+				t.Fatalf("bad: %v", entry)
+			}
+		}
+		if entry.Description == "" {
+			t.Fatalf("bad: %v", entry)
+		}
+		if entry.UUID == "" {
+			t.Fatalf("bad: %v", entry)
+		}
+	}
+
+}