func TestSysDeletePolicy(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
"rules": ``,
})
testResponseStatus(t, resp, 204)
resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/policy")
var actual map[string]interface{}
expected := map[string]interface{}{
"policies": []interface{}{"root"},
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestLogical_RawHTTP(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPost(t, token, addr+"/v1/sys/mounts/foo", map[string]interface{}{
"type": "http",
})
testResponseStatus(t, resp, 204)
// Get the raw response
resp = testHttpGet(t, token, addr+"/v1/foo/raw")
testResponseStatus(t, resp, 200)
// Test the headers
if resp.Header.Get("Content-Type") != "plain/text" {
t.Fatalf("Bad: %#v", resp.Header)
}
// Get the body
body := new(bytes.Buffer)
io.Copy(body, resp.Body)
if string(body.Bytes()) != "hello world" {
t.Fatalf("Bad: %s", body.Bytes())
}
}
func TestSysRekey_ReInitUpdate(t *testing.T) {
core, master, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 204)
resp = testHttpDelete(t, token, addr+"/v1/sys/rekey/init")
testResponseStatus(t, resp, 204)
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 204)
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/update", map[string]interface{}{
"key": hex.EncodeToString(master),
})
testResponseStatus(t, resp, 400)
}
func TestSysRenew(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
// write secret
resp := testHttpPut(t, token, addr+"/v1/secret/foo", map[string]interface{}{
"data": "bar",
"lease": "1h",
})
testResponseStatus(t, resp, 204)
// read secret
resp = testHttpGet(t, token, addr+"/v1/secret/foo")
var result struct {
LeaseId string `json:"lease_id"`
}
dec := json.NewDecoder(resp.Body)
if err := dec.Decode(&result); err != nil {
t.Fatalf("bad: %s", err)
}
resp = testHttpPut(t, token, addr+"/v1/sys/renew/"+result.LeaseId, nil)
testResponseStatus(t, resp, 200)
}
func TestSysRekey_Update(t *testing.T) {
core, master, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 204)
resp = testHttpPut(t, token, addr+"/v1/sys/rekey/update", map[string]interface{}{
"key": hex.EncodeToString(master),
})
var actual map[string]interface{}
expected := map[string]interface{}{
"complete": true,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
keys := actual["keys"].([]interface{})
if len(keys) != 5 {
t.Fatalf("bad: %#v", keys)
}
delete(actual, "keys")
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestAuthTokenLookupSelf(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
config := DefaultConfig()
config.Address = addr
client, err := NewClient(config)
if err != nil {
t.Fatal(err)
}
client.SetToken(token)
// you should be able to lookup your own token
secret, err := client.Auth().Token().LookupSelf()
if err != nil {
t.Fatalf("should be allowed to lookup self, err = %v", err)
}
if secret.Data["id"] != token {
t.Errorf("Did not get back details about our own (self) token, id returned=%s", secret.Data["id"])
}
if secret.Data["display_name"] != "root" {
t.Errorf("Did not get back details about our own (self) token, display_name returned=%s", secret.Data["display_name"])
}
}
func TestSysAudit(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPost(t, token, addr+"/v1/sys/audit/noop", map[string]interface{}{
"type": "noop",
})
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/audit")
var actual map[string]interface{}
expected := map[string]interface{}{
"noop/": map[string]interface{}{
"type": "noop",
"description": "",
"options": map[string]interface{}{},
},
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestWrite_Output(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &WriteCommand{
Meta: meta.Meta{
ClientToken: token,
Ui: ui,
},
}
args := []string{
"-address", addr,
"auth/token/create",
"display_name=foo",
}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
if !strings.Contains(string(ui.OutputWriter.Bytes()), "Key") {
t.Fatalf("bad: %s", string(ui.OutputWriter.Bytes()))
}
}
func TestAuditDisable(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &AuditDisableCommand{
Meta: Meta{
ClientToken: token,
Ui: ui,
},
}
args := []string{
"-address", addr,
"noop",
}
// Run once to get the client
c.Run(args)
// Get the client
client, err := c.Client()
if err != nil {
t.Fatalf("err: %#v", err)
}
if err := client.Sys().EnableAudit("noop", "noop", "", nil); err != nil {
t.Fatalf("err: %#v", err)
}
// Run again
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
}
func TestSysGenerateRootAttempt_Status(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp, err := http.Get(addr + "/v1/sys/generate-root/attempt")
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
"started": false,
"progress": float64(0),
"required": float64(1),
"complete": false,
"encoded_root_token": "",
"pgp_fingerprint": "",
"nonce": "",
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
}
func TestSysGenerateRoot_ReAttemptUpdate(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
otpBytes, err := vault.GenerateRandBytes(16)
if err != nil {
t.Fatal(err)
}
otp := base64.StdEncoding.EncodeToString(otpBytes)
resp := testHttpPut(t, token, addr+"/v1/sys/generate-root/attempt", map[string]interface{}{
"otp": otp,
})
testResponseStatus(t, resp, 200)
resp = testHttpDelete(t, token, addr+"/v1/sys/generate-root/attempt")
testResponseStatus(t, resp, 204)
resp = testHttpPut(t, token, addr+"/v1/sys/generate-root/attempt", map[string]interface{}{
"pgp_key": pgpkeys.TestPubKey1,
})
testResponseStatus(t, resp, 200)
}
func TestSysGenerateRootAttempt_Setup_PGP(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/generate-root/attempt", map[string]interface{}{
"pgp_key": pgpkeys.TestPubKey1,
})
testResponseStatus(t, resp, 200)
resp = testHttpGet(t, token, addr+"/v1/sys/generate-root/attempt")
var actual map[string]interface{}
expected := map[string]interface{}{
"started": true,
"progress": float64(0),
"required": float64(1),
"complete": false,
"encoded_root_token": "",
"pgp_fingerprint": "816938b8a29146fbe245dd29e7cbaf8e011db793",
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if actual["nonce"].(string) == "" {
t.Fatalf("nonce was empty")
}
expected["nonce"] = actual["nonce"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
}
func TestGenerateRoot_status(t *testing.T) {
core, key, _ := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &GenerateRootCommand{
Key: hex.EncodeToString(key),
Meta: Meta{
Ui: ui,
},
}
otpBytes, err := vault.GenerateRandBytes(16)
if err != nil {
t.Fatal(err)
}
otp := base64.StdEncoding.EncodeToString(otpBytes)
args := []string{"-address", addr, "-init", "-otp", otp}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
args = []string{"-address", addr, "-status"}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
if !strings.Contains(string(ui.OutputWriter.Bytes()), "Started: true") {
t.Fatalf("bad: %s", ui.OutputWriter.String())
}
}
func TestSysGenerateRootAttempt_Setup_OTP(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
otpBytes, err := vault.GenerateRandBytes(16)
if err != nil {
t.Fatal(err)
}
otp := base64.StdEncoding.EncodeToString(otpBytes)
resp := testHttpPut(t, token, addr+"/v1/sys/generate-root/attempt", map[string]interface{}{
"otp": otp,
})
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/generate-root/attempt")
var actual map[string]interface{}
expected := map[string]interface{}{
"started": true,
"progress": float64(0),
"required": float64(1),
"complete": false,
"encoded_root_token": "",
"pgp_fingerprint": "",
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
expected["nonce"] = actual["nonce"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
}
func TestAuthTokenCreate(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
config := DefaultConfig()
config.Address = addr
client, err := NewClient(config)
if err != nil {
t.Fatal(err)
}
client.SetToken(token)
secret, err := client.Auth().Token().Create(&TokenCreateRequest{
Lease: "1h",
})
if err != nil {
t.Fatal(err)
}
if secret.Auth.LeaseDuration != 3600 {
t.Errorf("expected 1h, got %q", secret.Auth.LeaseDuration)
}
}
func TestTokenCreate(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &TokenCreateCommand{
Meta: Meta{
ClientToken: token,
Ui: ui,
},
}
args := []string{
"-address", addr,
}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
// Ensure we get lease info
output := ui.OutputWriter.String()
if !strings.Contains(output, "token_duration") {
t.Fatalf("bad: %#v", output)
}
}
func TestAuthTokenLookup(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
config := DefaultConfig()
config.Address = addr
client, err := NewClient(config)
if err != nil {
t.Fatal(err)
}
client.SetToken(token)
// Create a new token ...
secret2, err := client.Auth().Token().Create(&TokenCreateRequest{
Lease: "1h",
})
if err != nil {
t.Fatal(err)
}
// lookup details of this token
secret, err := client.Auth().Token().Lookup(secret2.Auth.ClientToken)
if err != nil {
t.Fatalf("unable to lookup details of token, err = %v", err)
}
if secret.Data["id"] != secret2.Auth.ClientToken {
t.Errorf("Did not get back details about our provided token, id returned=%s", secret.Data["id"])
}
}
func TestAuth_methods(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
testAuthInit(t)
ui := new(cli.MockUi)
c := &AuthCommand{
Meta: Meta{
ClientToken: token,
Ui: ui,
},
}
args := []string{
"-address", addr,
"-methods",
}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
output := ui.OutputWriter.String()
if !strings.Contains(output, "token") {
t.Fatalf("bad: %#v", output)
}
}
func TestAuthTokenRenew(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
config := DefaultConfig()
config.Address = addr
client, err := NewClient(config)
if err != nil {
t.Fatal(err)
}
client.SetToken(token)
// The default root token is not renewable, so this should not work
_, err = client.Auth().Token().Renew(token, 0)
if err == nil {
t.Fatal("should not be allowed to renew root token")
}
if !strings.Contains(err.Error(), "lease is not renewable") {
t.Fatal("wrong error")
}
// Create a new token that should be renewable
secret, err := client.Auth().Token().Create(&TokenCreateRequest{
Lease: "1h",
})
if err != nil {
t.Fatal(err)
}
client.SetToken(secret.Auth.ClientToken)
// Now attempt a renew with the new token
secret, err = client.Auth().Token().Renew(secret.Auth.ClientToken, 3600)
if err != nil {
t.Fatal(err)
}
if secret.Auth.LeaseDuration != 3600 {
t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)
}
if secret.Auth.Renewable != true {
t.Error("expected lease to be renewable")
}
// Do the same thing with the self variant
secret, err = client.Auth().Token().RenewSelf(3600)
if err != nil {
t.Fatal(err)
}
if secret.Auth.LeaseDuration != 3600 {
t.Errorf("expected 1h, got %v", secret.Auth.LeaseDuration)
}
if secret.Auth.Renewable != true {
t.Error("expected lease to be renewable")
}
}
func TestAuth_stdin(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
testAuthInit(t)
stdinR, stdinW := io.Pipe()
ui := new(cli.MockUi)
c := &AuthCommand{
Meta: Meta{
Ui: ui,
},
testStdin: stdinR,
}
go func() {
stdinW.Write([]byte(token))
stdinW.Close()
}()
args := []string{
"-address", addr,
"-",
}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
}
func TestLogical_CreateToken(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
// WRITE
resp := testHttpPut(t, token, addr+"/v1/auth/token/create", map[string]interface{}{
"data": "bar",
})
var actual map[string]interface{}
var nilWarnings interface{}
expected := map[string]interface{}{
"lease_id": "",
"renewable": false,
"lease_duration": float64(0),
"data": nil,
"auth": map[string]interface{}{
"policies": []interface{}{"root"},
"metadata": nil,
"lease_duration": float64(0),
"renewable": false,
},
"warnings": nilWarnings,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
delete(actual["auth"].(map[string]interface{}), "client_token")
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad:\nexpected:\n%#v\nactual:\n%#v", expected, actual)
}
}
func TestRekey_status(t *testing.T) {
core, key, _ := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &RekeyCommand{
Key: hex.EncodeToString(key),
Meta: Meta{
Ui: ui,
},
}
args := []string{"-address", addr, "-init"}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
args = []string{"-address", addr, "-status"}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
if !strings.Contains(string(ui.OutputWriter.Bytes()), "Started: true") {
t.Fatalf("bad: %s", ui.OutputWriter.String())
}
}
// We use this test to verify header auth
func TestSysMounts_headerAuth(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
req, err := http.NewRequest("GET", addr+"/v1/sys/mounts", nil)
if err != nil {
t.Fatalf("err: %s", err)
}
req.Header.Set(AuthHeaderName, token)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
"secret/": map[string]interface{}{
"description": "generic secret storage",
"type": "generic",
},
"sys/": map[string]interface{}{
"description": "system endpoints used for control, policy and debugging",
"type": "system",
},
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestRekey_cancel(t *testing.T) {
core, key, _ := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &RekeyCommand{
Key: hex.EncodeToString(key),
Meta: Meta{
Ui: ui,
},
}
args := []string{"-address", addr, "-init"}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
args = []string{"-address", addr, "-cancel"}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
config, err := core.RekeyConfig()
if err != nil {
t.Fatalf("err: %s", err)
}
if config != nil {
t.Fatal("should not rekey")
}
}
func TestSysRekeyInit_Cancel(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 204)
resp = testHttpDelete(t, token, addr+"/v1/sys/rekey/init")
testResponseStatus(t, resp, 204)
resp, err := http.Get(addr + "/v1/sys/rekey/init")
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
"started": false,
"t": float64(0),
"n": float64(0),
"progress": float64(0),
"required": float64(1),
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestSeal(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &SealCommand{
Meta: Meta{
ClientToken: token,
Ui: ui,
},
}
args := []string{"-address", addr}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
sealed, err := core.Sealed()
if err != nil {
t.Fatalf("err: %s", err)
}
if !sealed {
t.Fatal("should be sealed")
}
}
func TestSysRekeyInit_Status(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp, err := http.Get(addr + "/v1/sys/rekey/init")
if err != nil {
t.Fatalf("err: %s", err)
}
var actual map[string]interface{}
expected := map[string]interface{}{
"started": false,
"t": float64(0),
"n": float64(0),
"progress": float64(0),
"required": float64(1),
"pgp_fingerprints": interface{}(nil),
"backup": false,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
expected["nonce"] = actual["nonce"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
}
func TestRevoke(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := http.TestServer(t, core)
defer ln.Close()
ui := new(cli.MockUi)
c := &RevokeCommand{
Meta: Meta{
ClientToken: token,
Ui: ui,
},
}
client := testClient(t, addr, token)
_, err := client.Logical().Write("secret/foo", map[string]interface{}{
"key": "value",
"lease": "1m",
})
if err != nil {
t.Fatalf("err: %s", err)
}
secret, err := client.Logical().Read("secret/foo")
if err != nil {
t.Fatalf("err: %s", err)
}
args := []string{
"-address", addr,
secret.LeaseID,
}
if code := c.Run(args); code != 0 {
t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
}
}
func TestSysRekeyInit_Setup(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpPut(t, token, addr+"/v1/sys/rekey/init", map[string]interface{}{
"secret_shares": 5,
"secret_threshold": 3,
})
testResponseStatus(t, resp, 204)
resp = testHttpGet(t, token, addr+"/v1/sys/rekey/init")
var actual map[string]interface{}
expected := map[string]interface{}{
"started": true,
"t": float64(3),
"n": float64(5),
"progress": float64(0),
"required": float64(1),
"pgp_fingerprints": interface{}(nil),
"backup": false,
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
expected["nonce"] = actual["nonce"]
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("\nexpected: %#v\nactual: %#v", expected, actual)
}
}
func TestSysAuth(t *testing.T) {
core, _, token := vault.TestCoreUnsealed(t)
ln, addr := TestServer(t, core)
defer ln.Close()
TestServerAuth(t, addr, token)
resp := testHttpGet(t, token, addr+"/v1/sys/auth")
var actual map[string]interface{}
expected := map[string]interface{}{
"token/": map[string]interface{}{
"description": "token based credentials",
"type": "token",
"config": map[string]interface{}{
"default_lease_ttl": float64(0),
"max_lease_ttl": float64(0),
},
},
}
testResponseStatus(t, resp, 200)
testResponseBody(t, resp, &actual)
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: expected:%#v\nactual:%#v", expected, actual)
}
}
