From 76c18762aa046ff4fd126d69f4dd3bef4c8efdad Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 3 Sep 2015 10:20:44 -0400 Subject: [PATCH] Add more unit tests against backend TTLs, and fix two bugs found by them (yay unit tests!) --- http/sys_mount_test.go | 80 +++++++++++++++++++++++++++++++++++++++++- vault/mount.go | 10 ++++-- 2 files changed, 87 insertions(+), 3 deletions(-) diff --git a/http/sys_mount_test.go b/http/sys_mount_test.go index a60ee49ef7..59cb9312e8 100644 --- a/http/sys_mount_test.go +++ b/http/sys_mount_test.go @@ -5,6 +5,7 @@ import ( "testing" "time" + "github.com/fatih/structs" "github.com/hashicorp/vault/vault" ) @@ -282,6 +283,14 @@ func TestSysTuneMount(t *testing.T) { }) testResponseStatus(t, resp, 400) + // Shorter than backend default + resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{ + "config": map[string]interface{}{ + "max_lease_ttl": time.Duration(time.Hour * 1), + }, + }) + testResponseStatus(t, resp, 400) + // Shorter than backend max, longer than system max resp = testHttpPost(t, token, addr+"/v1/sys/mounts/foo/tune", map[string]interface{}{ "config": map[string]interface{}{ @@ -325,6 +334,7 @@ func TestSysTuneMount(t *testing.T) { t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual) } + // Check simple configuration endpoint resp = testHttpGet(t, token, addr+"/v1/sys/mounts/foo/tune") actual = map[string]interface{}{} expected = map[string]interface{}{ @@ -336,8 +346,76 @@ func TestSysTuneMount(t *testing.T) { testResponseStatus(t, resp, 200) testResponseBody(t, resp, &actual) - if !reflect.DeepEqual(actual, expected) { t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual) } + + // Set a low max + resp = testHttpPost(t, token, addr+"/v1/sys/mounts/secret/tune", map[string]interface{}{ + "config": map[string]interface{}{ + "default_lease_ttl": time.Duration(time.Second * 40), + "max_lease_ttl": time.Duration(time.Second * 80), + }, + }) + testResponseStatus(t, resp, 204) + + resp = testHttpGet(t, token, addr+"/v1/sys/mounts/secret/tune") + actual = map[string]interface{}{} + expected = map[string]interface{}{ + "config": map[string]interface{}{ + "default_lease_ttl": float64(time.Duration(time.Second * 40)), + "max_lease_ttl": float64(time.Duration(time.Second * 80)), + }, + } + + testResponseStatus(t, resp, 200) + testResponseBody(t, resp, &actual) + if !reflect.DeepEqual(actual, expected) { + t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, actual) + } + + // First try with lease above backend max + resp = testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{ + "data": "bar", + "ttl": "28347h", + }) + testResponseStatus(t, resp, 204) + + // read secret + resp = testHttpGet(t, token, addr+"/v1/secret/foo") + var result struct { + LeaseID string `json:"lease_id" structs:"lease_id"` + LeaseDuration int `json:"lease_duration" structs:"lease_duration"` + } + + testResponseBody(t, resp, &result) + + expected = map[string]interface{}{ + "lease_duration": int(time.Duration(time.Second * 80).Seconds()), + "lease_id": result.LeaseID, + } + + if !reflect.DeepEqual(structs.Map(result), expected) { + t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, structs.Map(result)) + } + + // Now with lease TTL unspecified + resp = testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{ + "data": "bar", + }) + testResponseStatus(t, resp, 204) + + // read secret + resp = testHttpGet(t, token, addr+"/v1/secret/foo") + + testResponseBody(t, resp, &result) + + expected = map[string]interface{}{ + "lease_duration": int(time.Duration(time.Second * 40).Seconds()), + "lease_id": result.LeaseID, + } + + if !reflect.DeepEqual(structs.Map(result), expected) { + t.Fatalf("bad:\nExpected: %#v\nActual:%#v", expected, structs.Map(result)) + } } diff --git a/vault/mount.go b/vault/mount.go index 493c6647b7..35ed7c897c 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -54,11 +54,11 @@ func (d dynamicSystemView) DefaultLeaseTTL() (time.Duration, error) { } func (d dynamicSystemView) MaxLeaseTTL() (time.Duration, error) { - def, _, err := d.core.TTLsByPath(d.path) + _, max, err := d.core.TTLsByPath(d.path) if err != nil { return 0, err } - return def, nil + return max, nil } // MountTable is used to represent the internal mount table @@ -408,6 +408,12 @@ func (c *Core) tuneMount(path string, config MountConfig) error { for _, ent := range c.mounts.Entries { if ent.Path == path { if config.MaxLeaseTTL != nil { + if *ent.Config.DefaultLeaseTTL != 0 { + if *config.MaxLeaseTTL < *ent.Config.DefaultLeaseTTL { + return fmt.Errorf("Given backend max lease TTL of %d less than backend default lease TTL of %d", + *config.MaxLeaseTTL, *ent.Config.DefaultLeaseTTL) + } + } if *config.MaxLeaseTTL == 0 { *ent.Config.MaxLeaseTTL = 0 } else {