func TestUnseal(t *testing.T) {
master, err := secrets.Initialise()
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
r := new(http.Request)
authSetup(testDb, r, master.Key.Display())
testDb.On("GetRootSecret", &secrets.Secret{Name: "master"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = "master"
args.Get(0).(*secrets.Secret).Nonce = master.Nonce
args.Get(0).(*secrets.Secret).Message = master.Message
}).Return(nil)
database = testDb
w := httptest.NewRecorder()
assert.Nil(t, err, "Should not return error")
Unseal(w, r)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "response", "Result should contain response")
assert.Equal(t, "OK", res["response"], "Should unseal vault")
}
// Initialise should be run on first use of a new vault.
func Initialise(w http.ResponseWriter, r *http.Request) {
api := newAPI(w, r)
defer api.req.Body.Close()
// Check for an existing master secret
master := new(secrets.Secret)
master.Name = secrets.MasterKeyName
err := database.GetRootSecret(master)
switch err {
case gorm.ErrRecordNotFound:
break
case nil:
api.error("Vault already initialised", 409)
return
default:
api.error("Database error", 500)
return
}
key, err := secrets.Initialise()
if err != nil {
api.error("Error intialising master secret", 500)
return
}
err = database.AddSecret(key)
if err != nil {
api.error("Database error", 500)
return
}
log.Info("Vault initialised")
api.reply(secrets.Key{
Name: key.Name,
Key: key.Key.Display()},
201)
}
