WIP: reproduce panic if 403 from vault

* adds testcase for termission denied error in config and restrouter

config.go

@@ -141,7 +141,6 @@ func GetResticConfig(config *vault.Config, token string, path string) (*ResticCo
 	data, err := getDataFromSecret(config, token, "restic/data/"+path)
 	if err != nil {
 		return nil, err
-
 	}
 
 	var conf ResticConfig

config_test.go

@@ -106,7 +106,11 @@ func TestConfigGetResticConfig(t *testing.T) {
 	require.NoError(t, err)
 	assert.False(t, seal, ERROR_VAULT_SEALED)
 
-	conf, err := GetResticConfig(testconfig.config, testconfig.token, testconfig.resticpath)
+	conf, err := GetResticConfig(testconfig.config, testconfig.token, "forbidden")
+	assert.Error(t, err)
+	assert.Nil(t, conf)
+
+	conf, err = GetResticConfig(testconfig.config, testconfig.token, testconfig.resticpath)
 	assert.NoError(t, err)
 	assert.NotNil(t, conf.Path)
 	assert.NotNil(t, conf.Password)

restrouter.go

@@ -260,6 +260,8 @@ func postBackup(c *gin.Context) {
 		return
 	}
 
+	log.Println("config:", config)
+
 	var cmd *exec.Cmd
 	switch msg.Mode {
 	case "init":

restrouter_test.go

@@ -179,8 +179,32 @@ func TestRestPostBackup(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+func TestRestForbidden(t *testing.T) {
+	fmt.Println("running: TestRestPostBackup")
+	t.Cleanup(clear)
+	setupRestrouterTest(t)
+	server, fun := RunRestServer(MAIN_TEST_ADDRESS)
+
+	go fun()
+	time.Sleep(1 * time.Millisecond)
+
+	msg := BackupMessage{
+		Mode:        "backup",
+		Test:        true,
+		Run:         true,
+		Debug:       true,
+		PrintOutput: true,
+		Token:       "randomtoken",
+	}
+	sendingPost(t, REST_TEST_BACKUP, http.StatusOK, msg)
+
+	err := server.Shutdown(context.Background())
+	assert.NoError(t, err)
+}
+
 func TestRestPostMount(t *testing.T) {
 	fmt.Println("running: TestRestPostMount")
+	t.Cleanup(clear)
 	setupRestrouterTest(t)
 	server, fun := RunRestServer(MAIN_TEST_ADDRESS)
 	mountMsg := MountMessage{

vault.go

@@ -82,7 +82,7 @@ func getDataFromSecret(config *vault.Config, token string, path string) (map[str
 		return nil, err
 	}
 
-	if secret == nil {
+	if secret == nil || secret.Data == nil {
 		return nil, errors.New(ERROR_VAULT_NO_SECRET)
 	}
 

vault_gin_test.go

@@ -21,6 +21,7 @@ var multipleKey bool = false
 
 var Progress = 0
 var Hostname string
+var ResticPath = "resticpath"
 
 func StartServer(t *testing.T, address string) {
 	if running {
@@ -63,23 +64,8 @@ func createHandler() http.Handler {
 		sealStatus = true
 		c.JSON(http.StatusOK, nil)
 	})
-	r.GET("/v1/restic/data/resticpath", func(c *gin.Context) {
-		log.Println("MOCK-Server: called resticpath")
-		var msg vault.Secret
-		data := make(map[string]interface{})
-		secret := make(map[string]string)
-		secret["path"] = "~/"
-		secret["repo"] = VAULT_TEST_BACKUP_PATH
-		secret["pw"] = VAULT_TEST_PASSWORD
-		secret["exclude"] = VAULT_TEST_BACKUP_EXCLUDE_FILE
-		secret["access_key"] = VAULT_TEST_BACKUP_ACCESS_KEY
-		secret["secret_key"] = VAULT_TEST_BACKUP_SECRET_KEY
-		data["data"] = secret
-		msg.Data = data
-		c.JSON(http.StatusOK, msg)
-	})
-	//r.GET("/v1/config/"+Hostname, config)
-	//r.GET("/v1/config/configpath", config)
+	r.GET("/v1/restic/data/resticpath", test_restic)
+	r.GET("/v1/restic/data/forbidden", test_forbidden)
 	r.GET("/v1/config/:name", func(c *gin.Context) {
 		name := c.Param("name")
 
@@ -124,7 +110,7 @@ func test_config(c *gin.Context) {
 		log.Println(err)
 	}
 
-	data["restic"] = "resticpath"
+	data["restic"] = ResticPath
 	data["gocryptfs"] = VAULT_TEST_CONFIGPATH
 	data["git"] = "gitpath,vimrc"
 	data["home"] = pwd
@@ -195,3 +181,29 @@ func test_unseal(c *gin.Context) {
 
 	c.JSON(http.StatusOK, msg)
 }
+
+func test_forbidden(c *gin.Context) {
+	log.Println("MOCK-Server: called forbidden")
+	var msg vault.Secret
+	data := make(map[string]interface{})
+	secret := make(map[string]string)
+	data["data"] = secret
+	msg.Data = data
+	c.JSON(http.StatusForbidden, msg)
+}
+
+func test_restic(c *gin.Context) {
+	log.Println("MOCK-Server: called resticpath")
+	var msg vault.Secret
+	data := make(map[string]interface{})
+	secret := make(map[string]string)
+	secret["path"] = "~/"
+	secret["repo"] = VAULT_TEST_BACKUP_PATH
+	secret["pw"] = VAULT_TEST_PASSWORD
+	secret["exclude"] = VAULT_TEST_BACKUP_EXCLUDE_FILE
+	secret["access_key"] = VAULT_TEST_BACKUP_ACCESS_KEY
+	secret["secret_key"] = VAULT_TEST_BACKUP_SECRET_KEY
+	data["data"] = secret
+	msg.Data = data
+	c.JSON(http.StatusOK, msg)
+}