Refactoring test directory structure

Venafi · Feb 8, 2019 · 3657bea · 3657bea
1 parent c75b991
commit 3657bea
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM vault:0.11.5
+FROM vault:1.0.2
 
 # /vault/logs is made available to use as a location to store audit logs, if
 # desired; /vault/file is made available to use as a location with the file

diff --git a/plugin/pki/backend_test.go b/plugin/pki/backend_test.go
@@ -104,7 +104,7 @@ func TestPKI_Fake_BaseEnroll(t *testing.T) {
 	wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email}
 	haveDNSNames := parsedCertificate.DNSNames
 
-	if sameStringSlice(haveDNSNames, wantDNSNames) {
+	if !sameStringSlice(haveDNSNames, wantDNSNames) {
 		t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames)
 	}
 }
@@ -113,6 +113,9 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) {
 	rand := randSeq(9)
 	domain := "venafi.example.com"
 	randCN := rand + "." + domain
+	dns_ns := "alt-" + randCN
+	dns_ip := "192.168.1.1"
+	dns_email := "venafi@example.com"
 
 	coreConfig := &vault.CoreConfig{
 		LogicalBackends: map[string]logical.Factory{
@@ -152,6 +155,7 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) {
 
 	resp, err := client.Logical().Write("pki/issue/example", map[string]interface{}{
 		"common_name": randCN,
+		"alt_names":   fmt.Sprintf("%s,%s,%s", dns_ns, dns_ip, dns_email),
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -162,6 +166,7 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) {
 	}
 
 	cert := resp.Data["certificate"].(string)
+	log.Println("Testing certificate:", cert)
 	pemBlock, _ := pem.Decode([]byte(cert))
 	parsedCertificate, err := x509.ParseCertificate(pemBlock.Bytes)
 	if err != nil {
@@ -170,6 +175,86 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) {
 	if parsedCertificate.Subject.CommonName != randCN {
 		t.Fatalf("Certificate common name expected to be %s but actualy it is %s", parsedCertificate.Subject.CommonName, randCN)
 	}
+	wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email}
+	haveDNSNames := parsedCertificate.DNSNames
+
+	if !sameStringSlice(haveDNSNames, wantDNSNames) {
+		t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames)
+	}
+}
+
+func TestPKI_Cloud_BaseEnroll(t *testing.T) {
+	rand := randSeq(9)
+	domain := "venafi.example.com"
+	randCN := rand + "." + domain
+	//dns_ns := "alt-" + randCN
+	//dns_ip := "192.168.1.1"
+	//dns_email := "venafi@example.com"
+
+	coreConfig := &vault.CoreConfig{
+		LogicalBackends: map[string]logical.Factory{
+			"pki": Factory,
+		},
+	}
+	cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
+		HandlerFunc: vaulthttp.Handler,
+	})
+	cluster.Start()
+	defer cluster.Cleanup()
+
+	client := cluster.Cores[0].Client
+	var err error
+	err = client.Sys().Mount("pki", &api.MountInput{
+		Type: "pki",
+		Config: api.MountConfigInput{
+			DefaultLeaseTTL: "16h",
+			MaxLeaseTTL:     "32h",
+		},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = client.Logical().Write("pki/roles/example", map[string]interface{}{
+		"generate_lease": true,
+		"cloud_url":      os.Getenv("CLOUDURL"),
+		"zone":           os.Getenv("CLOUDZONE"),
+		"apikey":         os.Getenv("CLOUDAPIKEY"),
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	resp, err := client.Logical().Write("pki/issue/example", map[string]interface{}{
+		"common_name": randCN,
+		//"alt_names":   fmt.Sprintf("%s,%s,%s", dns_ns, dns_ip, dns_email),
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if resp.Data["certificate"] == "" {
+		t.Fatalf("expected a cert to be generated")
+	}
+
+	cert := resp.Data["certificate"].(string)
+	log.Println("Testing certificate:", cert)
+	pemBlock, _ := pem.Decode([]byte(cert))
+	parsedCertificate, err := x509.ParseCertificate(pemBlock.Bytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if parsedCertificate.Subject.CommonName != randCN {
+		t.Fatalf("Certificate common name expected to be %s but actualy it is %s", parsedCertificate.Subject.CommonName, randCN)
+	}
+
+	//Cloud doesn't support alt names still
+	//wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email}
+	//haveDNSNames := parsedCertificate.DNSNames
+	//
+	//if !sameStringSlice(haveDNSNames, wantDNSNames) {
+	//	t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames)
+	//}
 }
 
 func TestBackend_CSRValues(t *testing.T) {