From 3657bea57b061ba1aca37cf41e0338a51ff6c1aa Mon Sep 17 00:00:00 2001 From: Aleksandr Rykalin Date: Fri, 8 Feb 2019 16:15:23 +0300 Subject: [PATCH] Refactoring test directory structure --- Dockerfile | 2 +- plugin/pki/backend_test.go | 87 +++++++++++++++++++++++++++++++++++++- 2 files changed, 87 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4266dfc4..dbf8e9a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM vault:0.11.5 +FROM vault:1.0.2 # /vault/logs is made available to use as a location to store audit logs, if # desired; /vault/file is made available to use as a location with the file diff --git a/plugin/pki/backend_test.go b/plugin/pki/backend_test.go index 139cd063..753ad06a 100644 --- a/plugin/pki/backend_test.go +++ b/plugin/pki/backend_test.go @@ -104,7 +104,7 @@ func TestPKI_Fake_BaseEnroll(t *testing.T) { wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email} haveDNSNames := parsedCertificate.DNSNames - if sameStringSlice(haveDNSNames, wantDNSNames) { + if !sameStringSlice(haveDNSNames, wantDNSNames) { t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames) } } @@ -113,6 +113,9 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) { rand := randSeq(9) domain := "venafi.example.com" randCN := rand + "." + domain + dns_ns := "alt-" + randCN + dns_ip := "192.168.1.1" + dns_email := "venafi@example.com" coreConfig := &vault.CoreConfig{ LogicalBackends: map[string]logical.Factory{ @@ -152,6 +155,7 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) { resp, err := client.Logical().Write("pki/issue/example", map[string]interface{}{ "common_name": randCN, + "alt_names": fmt.Sprintf("%s,%s,%s", dns_ns, dns_ip, dns_email), }) if err != nil { t.Fatal(err) @@ -162,6 +166,7 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) { } cert := resp.Data["certificate"].(string) + log.Println("Testing certificate:", cert) pemBlock, _ := pem.Decode([]byte(cert)) parsedCertificate, err := x509.ParseCertificate(pemBlock.Bytes) if err != nil { @@ -170,6 +175,86 @@ func TestPKI_TPP_BaseEnroll(t *testing.T) { if parsedCertificate.Subject.CommonName != randCN { t.Fatalf("Certificate common name expected to be %s but actualy it is %s", parsedCertificate.Subject.CommonName, randCN) } + wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email} + haveDNSNames := parsedCertificate.DNSNames + + if !sameStringSlice(haveDNSNames, wantDNSNames) { + t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames) + } +} + +func TestPKI_Cloud_BaseEnroll(t *testing.T) { + rand := randSeq(9) + domain := "venafi.example.com" + randCN := rand + "." + domain + //dns_ns := "alt-" + randCN + //dns_ip := "192.168.1.1" + //dns_email := "venafi@example.com" + + coreConfig := &vault.CoreConfig{ + LogicalBackends: map[string]logical.Factory{ + "pki": Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + + client := cluster.Cores[0].Client + var err error + err = client.Sys().Mount("pki", &api.MountInput{ + Type: "pki", + Config: api.MountConfigInput{ + DefaultLeaseTTL: "16h", + MaxLeaseTTL: "32h", + }, + }) + if err != nil { + t.Fatal(err) + } + + _, err = client.Logical().Write("pki/roles/example", map[string]interface{}{ + "generate_lease": true, + "cloud_url": os.Getenv("CLOUDURL"), + "zone": os.Getenv("CLOUDZONE"), + "apikey": os.Getenv("CLOUDAPIKEY"), + }) + if err != nil { + t.Fatal(err) + } + + resp, err := client.Logical().Write("pki/issue/example", map[string]interface{}{ + "common_name": randCN, + //"alt_names": fmt.Sprintf("%s,%s,%s", dns_ns, dns_ip, dns_email), + }) + if err != nil { + t.Fatal(err) + } + + if resp.Data["certificate"] == "" { + t.Fatalf("expected a cert to be generated") + } + + cert := resp.Data["certificate"].(string) + log.Println("Testing certificate:", cert) + pemBlock, _ := pem.Decode([]byte(cert)) + parsedCertificate, err := x509.ParseCertificate(pemBlock.Bytes) + if err != nil { + t.Fatal(err) + } + if parsedCertificate.Subject.CommonName != randCN { + t.Fatalf("Certificate common name expected to be %s but actualy it is %s", parsedCertificate.Subject.CommonName, randCN) + } + + //Cloud doesn't support alt names still + //wantDNSNames := []string{randCN, dns_ns, dns_ip, dns_email} + //haveDNSNames := parsedCertificate.DNSNames + // + //if !sameStringSlice(haveDNSNames, wantDNSNames) { + // t.Fatalf("Certificate Subject Alternative Names %s doesn't match to requested %s", haveDNSNames, wantDNSNames) + //} } func TestBackend_CSRValues(t *testing.T) {