mirror of
https://github.com/hashicorp/vault.git
synced 2026-06-09 00:33:28 -04:00
add min_encryption_version to the transit key response (#2838)
This commit is contained in:
Matthew Irish
GitHub
parent
703874ed95
commit
5190b87714
2 changed files with 28 additions and 3 deletions
|
|
@ -129,7 +129,9 @@ func TestBackend_rotation(t *testing.T) {
|
|||
testAccStepLoadVX(t, "test", decryptData, 4, encryptHistory),
|
||||
testAccStepDecrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepDeleteNotDisabledPolicy(t, "test"),
|
||||
testAccStepAdjustPolicy(t, "test", 3),
|
||||
testAccStepAdjustPolicyMinDecryption(t, "test", 3),
|
||||
testAccStepAdjustPolicyMinEncryption(t, "test", 4),
|
||||
testAccStepReadPolicyWithVersions(t, "test", false, false, 3, 4),
|
||||
testAccStepLoadVX(t, "test", decryptData, 0, encryptHistory),
|
||||
testAccStepDecryptExpectFailure(t, "test", testPlaintext, decryptData),
|
||||
testAccStepLoadVX(t, "test", decryptData, 1, encryptHistory),
|
||||
|
|
@ -140,7 +142,8 @@ func TestBackend_rotation(t *testing.T) {
|
|||
testAccStepDecrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepLoadVX(t, "test", decryptData, 4, encryptHistory),
|
||||
testAccStepDecrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepAdjustPolicy(t, "test", 1),
|
||||
testAccStepAdjustPolicyMinDecryption(t, "test", 1),
|
||||
testAccStepReadPolicyWithVersions(t, "test", false, false, 1, 4),
|
||||
testAccStepLoadVX(t, "test", decryptData, 0, encryptHistory),
|
||||
testAccStepDecrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepLoadVX(t, "test", decryptData, 1, encryptHistory),
|
||||
|
|
@ -221,7 +224,7 @@ func testAccStepListPolicy(t *testing.T, name string, expectNone bool) logicalte
|
|||
}
|
||||
}
|
||||
|
||||
func testAccStepAdjustPolicy(t *testing.T, name string, minVer int) logicaltest.TestStep {
|
||||
func testAccStepAdjustPolicyMinDecryption(t *testing.T, name string, minVer int) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "keys/" + name + "/config",
|
||||
|
|
@ -230,6 +233,15 @@ func testAccStepAdjustPolicy(t *testing.T, name string, minVer int) logicaltest.
|
|||
},
|
||||
}
|
||||
}
|
||||
func testAccStepAdjustPolicyMinEncryption(t *testing.T, name string, minVer int) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.UpdateOperation,
|
||||
Path: "keys/" + name + "/config",
|
||||
Data: map[string]interface{}{
|
||||
"min_encryption_version": minVer,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testAccStepDisableDeletion(t *testing.T, name string) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
|
|
@ -276,6 +288,10 @@ func testAccStepDeleteNotDisabledPolicy(t *testing.T, name string) logicaltest.T
|
|||
}
|
||||
|
||||
func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool) logicaltest.TestStep {
|
||||
return testAccStepReadPolicyWithVersions(t, name, expectNone, derived, 1, 0)
|
||||
}
|
||||
|
||||
func testAccStepReadPolicyWithVersions(t *testing.T, name string, expectNone, derived bool, minDecryptionVersion int, minEncryptionVersion int) logicaltest.TestStep {
|
||||
return logicaltest.TestStep{
|
||||
Operation: logical.ReadOperation,
|
||||
Path: "keys/" + name,
|
||||
|
|
@ -297,6 +313,8 @@ func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool)
|
|||
KDF string `mapstructure:"kdf"`
|
||||
DeletionAllowed bool `mapstructure:"deletion_allowed"`
|
||||
ConvergentEncryption bool `mapstructure:"convergent_encryption"`
|
||||
MinDecryptionVersion int `mapstructure:"min_decryption_version"`
|
||||
MinEncryptionVersion int `mapstructure:"min_encryption_version"`
|
||||
}
|
||||
if err := mapstructure.Decode(resp.Data, &d); err != nil {
|
||||
return err
|
||||
|
|
@ -315,6 +333,12 @@ func testAccStepReadPolicy(t *testing.T, name string, expectNone, derived bool)
|
|||
if d.Keys == nil {
|
||||
return fmt.Errorf("bad: %#v", d)
|
||||
}
|
||||
if d.MinDecryptionVersion != minDecryptionVersion {
|
||||
return fmt.Errorf("bad: %#v", d)
|
||||
}
|
||||
if d.MinEncryptionVersion != minEncryptionVersion {
|
||||
return fmt.Errorf("bad: %#v", d)
|
||||
}
|
||||
if d.DeletionAllowed == true {
|
||||
return fmt.Errorf("bad: %#v", d)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -183,6 +183,7 @@ func (b *backend) pathPolicyRead(
|
|||
"derived": p.Derived,
|
||||
"deletion_allowed": p.DeletionAllowed,
|
||||
"min_decryption_version": p.MinDecryptionVersion,
|
||||
"min_encryption_version": p.MinEncryptionVersion,
|
||||
"latest_version": p.LatestVersion,
|
||||
"exportable": p.Exportable,
|
||||
"supports_encryption": p.Type.EncryptionSupported(),
|
||||
|
|
|
|||
Loading…
Reference in a new issue