func SetupStore() {
log.Printf("Setting up datastore...")
mainStore = store.Setup()
}
func TestSweepSecrets(t *testing.T) {
s := store.Setup()
defer s.Teardown()
makeFile(s.Root, "not_old1", "234 567 abcd\n", 0, 0600)
makeFile(s.Root, "not_old2", "234 567 abcd\nsecret", 9, 0600)
makeFile(s.Root, "old1", "234 567 abcd\n", 10, 0600)
makeFile(s.Root, "old2", "234 567 abcd\nsecret", 11, 0600)
err := s.SweepSecrets(10 * time.Minute)
if err != nil {
t.Error("Sweep secrets errored:", err)
}
// Removes secrets...
files, err := ioutil.ReadDir(s.Root)
if err != nil {
t.Error("Error reading the secret store folder:", err)
return
}
not_old1Found := false
for _, fileInfo := range files {
if "not_old1" == fileInfo.Name() {
not_old1Found = true
}
}
not_old2Found := false
for _, fileInfo := range files {
if "not_old2" == fileInfo.Name() {
not_old2Found = true
}
}
old1Found := false
for _, fileInfo := range files {
if "old1" == fileInfo.Name() {
old1Found = true
}
}
old2Found := false
for _, fileInfo := range files {
if "old2" == fileInfo.Name() {
old2Found = true
}
}
if !not_old1Found {
t.Error("Expected to find secret not_old1 but did not!")
}
if !not_old2Found {
t.Error("Expected to find secret not_old2 but did not!")
}
if old1Found {
t.Error("Expected not to find secret old1 but did!")
}
if old2Found {
t.Error("Expected not to find secret old2 but did!")
}
// Logs secrets as expired
savedBytes, err := ioutil.ReadFile(path.Join(s.ExpiredPath, "old1"))
if os.IsNotExist(err) {
t.Errorf("Expected old1 to be logged as expired but was not")
} else if !bytes.Equal(savedBytes, []byte("234 567 abcd")) {
t.Error("Expected old1 expired record to contain the secret code \"234 567 abcd\", but contained", savedBytes)
}
savedBytes, err = ioutil.ReadFile(path.Join(s.ExpiredPath, "old2"))
if os.IsNotExist(err) {
t.Errorf("Expected old2 to be logged as expired but was not")
} else if !bytes.Equal(savedBytes, []byte("234 567 abcd")) {
t.Error("Expected old2 expired record to contain the secret code \"234 567 abcd\", but contained", savedBytes)
}
}
func TestSweepExpired(t *testing.T) {
s := store.Setup()
defer s.Teardown()
ioutil.WriteFile(path.Join(s.ExpiredPath, "not_old1"), nil, 0400)
ioutil.WriteFile(path.Join(s.ExpiredPath, "not_old2"), nil, 0400)
ioutil.WriteFile(path.Join(s.ExpiredPath, "old1"), nil, 0400)
ioutil.WriteFile(path.Join(s.ExpiredPath, "old2"), nil, 0400)
os.Chtimes(path.Join(s.ExpiredPath, "not_old1"), time.Now(), time.Now().Add(-0*time.Hour))
os.Chtimes(path.Join(s.ExpiredPath, "not_old2"), time.Now(), time.Now().Add(-23*time.Hour))
os.Chtimes(path.Join(s.ExpiredPath, "old1"), time.Now(), time.Now().Add(-24*time.Hour))
os.Chtimes(path.Join(s.ExpiredPath, "old2"), time.Now(), time.Now().Add(-25*time.Hour))
err := s.SweepExpired()
if err != nil {
t.Error("Sweep expired errored:", err)
}
// Remove records of expired secrets after 24 hours
files, err := ioutil.ReadDir(s.ExpiredPath)
if err != nil {
t.Error("Error reading the expired folder:", err)
return
}
not_old1Found := false
for _, fileInfo := range files {
if "not_old1" == fileInfo.Name() {
not_old1Found = true
}
}
not_old2Found := false
for _, fileInfo := range files {
if "not_old2" == fileInfo.Name() {
not_old2Found = true
}
}
old1Found := false
for _, fileInfo := range files {
if "old1" == fileInfo.Name() {
old1Found = true
}
}
old2Found := false
for _, fileInfo := range files {
if "old2" == fileInfo.Name() {
old2Found = true
}
}
if !not_old1Found {
t.Error("Expected to find secret not_old1 but did not!")
}
if !not_old2Found {
t.Error("Expected to find secret not_old2 but did not!")
}
if old1Found {
t.Error("Expected not to find secret old1 but did!")
}
if old2Found {
t.Error("Expected not to find secret old2 but did!")
}
}
func TestSweep(t *testing.T) {
s := store.Setup()
defer s.Teardown()
makeFile(s.Root, "secret_not_old", "234 567 abcd\n", 9, 0600)
makeFile(s.Root, "secret_old", "234 567 abcd\n", 10, 0600)
makeFile(s.BeingAccessedPath, "secret_being_accessed_not_old", "234 567 abcd\n", 10, 0600)
makeFile(s.BeingAccessedPath, "secret_being_accessed_old", "234 567 abcd\n", 11, 0600)
makeFile(s.AccessedPath, "accessed_record_not_old", "234 567 abcd", 23*60, 0400)
makeFile(s.AccessedPath, "accessed_record_old", "234 567 abcd", 24*60, 0400)
makeFile(s.ExpiringPath, "secret_expiring", "234 567 abcd\n", 0, 0600)
makeFile(s.ExpiredPath, "expired_record_not_old", "234 567 abcd", 23*60, 0400)
makeFile(s.ExpiredPath, "expired_record_old", "234 567 abcd", 24*60, 0400)
// Sweep!
err := s.Sweep()
if err != nil {
t.Error("Sweep errored:", err)
}
// Test results
if _, err = os.Stat(path.Join(s.Root, "secret_not_old")); os.IsNotExist(err) {
t.Error("Expected secret_not_old to exist but does not")
}
if _, err = os.Stat(path.Join(s.Root, "secret_old")); !os.IsNotExist(err) {
t.Error("Expected secret_old not to exist", err)
}
savedBytes, err := ioutil.ReadFile(path.Join(s.ExpiredPath, "secret_old"))
if os.IsNotExist(err) {
t.Errorf("Expected secret_old to be logged as expired but was not")
} else if !bytes.Equal(savedBytes, []byte("234 567 abcd")) {
t.Error("Expected secret_old expired record to contain the secret code \"234 567 abcd\", but contained", savedBytes)
}
if _, err = os.Stat(path.Join(s.BeingAccessedPath, "secret_being_accessed_not_old")); os.IsNotExist(err) {
t.Error("Expected secret_being_accessed_not_old to exist but does not")
}
if _, err = os.Stat(path.Join(s.BeingAccessedPath, "secret_being_accessed_old")); !os.IsNotExist(err) {
t.Error("Expected secret_being_accessed_old not to exist", err)
}
if _, err = os.Stat(path.Join(s.AccessedPath, "accessed_record_not_old")); os.IsNotExist(err) {
t.Error("Expected accessed_record_not_old to exist but does not")
}
if _, err = os.Stat(path.Join(s.AccessedPath, "accessed_record_old")); !os.IsNotExist(err) {
t.Error("Expected accessed_record_old not to exist but does", err)
}
if _, err = os.Stat(path.Join(s.ExpiringPath, "secret_expiring")); !os.IsNotExist(err) {
t.Error("Expected secret_expiring not to exist but does", err)
}
if _, err = os.Stat(path.Join(s.ExpiredPath, "expired_record_not_old")); os.IsNotExist(err) {
t.Error("Expected expired_record_not_old to exist but does not")
}
if _, err = os.Stat(path.Join(s.ExpiredPath, "expired_record_old")); !os.IsNotExist(err) {
t.Error("Expected expired_record_old not to exist but does", err)
}
}
func TestSweepExpiring(t *testing.T) {
s := store.Setup()
defer s.Teardown()
ioutil.WriteFile(path.Join(s.ExpiringPath, "not_old1"), nil, 0600)
ioutil.WriteFile(path.Join(s.ExpiringPath, "not_old2"), nil, 0600)
ioutil.WriteFile(path.Join(s.ExpiringPath, "old1"), nil, 0600)
ioutil.WriteFile(path.Join(s.ExpiringPath, "old2"), nil, 0600)
os.Chtimes(path.Join(s.ExpiringPath, "not_old1"), time.Now(), time.Now().Add(-0*time.Minute))
os.Chtimes(path.Join(s.ExpiringPath, "not_old2"), time.Now(), time.Now().Add(-10*time.Minute))
os.Chtimes(path.Join(s.ExpiringPath, "old1"), time.Now(), time.Now().Add(-11*time.Minute))
os.Chtimes(path.Join(s.ExpiringPath, "old2"), time.Now(), time.Now().Add(-12*time.Minute))
err := s.SweepExpiring()
if err != nil {
t.Error("Sweep expiring errored:", err)
}
// Removes expiring secrets...
files, err := ioutil.ReadDir(s.ExpiringPath)
if err != nil {
t.Error("Error reading the expiring folder:", err)
return
}
not_old1Found := false
for _, fileInfo := range files {
if "not_old1" == fileInfo.Name() {
not_old1Found = true
}
}
not_old2Found := false
for _, fileInfo := range files {
if "not_old2" == fileInfo.Name() {
not_old2Found = true
}
}
old1Found := false
for _, fileInfo := range files {
if "old1" == fileInfo.Name() {
old1Found = true
}
}
old2Found := false
for _, fileInfo := range files {
if "old2" == fileInfo.Name() {
old2Found = true
}
}
// Remove everything that ends up in the expiring folder, old or not.
// (We move them to a folder because zeroing them in the main secrets
// folder will change their modification time to be current, making
// the the zeroed file available to the store's retreive functionality
// for a fraction of a second before the file is removed.)
if not_old1Found {
t.Error("Expected not to find secret not_old1 but did!")
}
if not_old2Found {
t.Error("Expected not to find secret not_old2 but did!")
}
if old1Found {
t.Error("Expected not to find secret old1 but did!")
}
if old2Found {
t.Error("Expected not to find secret old2 but did!")
}
}
func TestSweepBeingAccessed(t *testing.T) {
s := store.Setup()
defer s.Teardown()
ioutil.WriteFile(path.Join(s.BeingAccessedPath, "not_old1"), nil, 0600)
ioutil.WriteFile(path.Join(s.BeingAccessedPath, "not_old2"), nil, 0600)
ioutil.WriteFile(path.Join(s.BeingAccessedPath, "old1"), nil, 0600)
ioutil.WriteFile(path.Join(s.BeingAccessedPath, "old2"), nil, 0600)
os.Chtimes(path.Join(s.BeingAccessedPath, "not_old1"), time.Now(), time.Now().Add(-0*time.Minute))
os.Chtimes(path.Join(s.BeingAccessedPath, "not_old2"), time.Now(), time.Now().Add(-10*time.Minute))
os.Chtimes(path.Join(s.BeingAccessedPath, "old1"), time.Now(), time.Now().Add(-11*time.Minute))
os.Chtimes(path.Join(s.BeingAccessedPath, "old2"), time.Now(), time.Now().Add(-12*time.Minute))
err := s.SweepBeingAccessed(11 * time.Minute)
if err != nil {
t.Error("Sweep being accessed errored:", err)
}
// Removes unlikely accidental leftovers in the being_accessed folder.
// Assumes the accessed records have already been created.
files, err := ioutil.ReadDir(s.BeingAccessedPath)
if err != nil {
t.Error("Error reading the being_accessed folder:", err)
return
}
not_old1Found := false
for _, fileInfo := range files {
if "not_old1" == fileInfo.Name() {
not_old1Found = true
}
}
not_old2Found := false
for _, fileInfo := range files {
if "not_old2" == fileInfo.Name() {
not_old2Found = true
}
}
old1Found := false
for _, fileInfo := range files {
if "old1" == fileInfo.Name() {
old1Found = true
}
}
old2Found := false
for _, fileInfo := range files {
if "old2" == fileInfo.Name() {
old2Found = true
}
}
if !not_old1Found {
t.Error("Expected to find secret not_old1 but did not!")
}
if !not_old2Found {
t.Error("Expected to find secret not_old2 but did not!")
}
if old1Found {
t.Error("Expected not to find secret old1 but did!")
}
if old2Found {
t.Error("Expected not to find secret old2 but did!")
}
}