path delete

vaku2/main_test.go

@@ -17,6 +17,10 @@ var (
 	errInject = errors.New("injected error")
 )
 
+// When tests are looping over kvMountVersions and the path is noMountPrefix they will not prefix
+// the path with the mount version to allow testing on a nonexistent mount.
+var noMountPrefix = "nomount"
+
 // kvMountVersions lists the types of kv mounts for vault. There are currently two k/v mount types
 // and vaku supports both. Tests should run against each version and return the same results.
 var kvMountVersions = []string{"1", "2"}

vaku2/path_delete.go

@@ -0,0 +1,20 @@
+package vaku2
+
+import (
+	"errors"
+	"fmt"
+)
+
+var (
+	ErrVaultDelete = errors.New("vault delete")
+)
+
+// PathDelete deletes data at a path
+func (c *Client) PathDelete(p string) error {
+	_, err := c.sourceL.Delete(p)
+	if err != nil {
+		return fmt.Errorf("%q: %w", p, ErrVaultDelete)
+	}
+
+	return nil
+}

vaku2/path_delete_test.go

@@ -0,0 +1,83 @@
+package vaku2
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPathDelete(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name        string
+		give        string
+		giveLogical logical
+		giveOptions []Option
+		wantErr     error
+	}{
+		{
+			name:    "delete path",
+			give:    "test/foo",
+			wantErr: nil,
+		},
+		{
+			name:    "nonexistent path",
+			give:    "doesnotexist",
+			wantErr: nil,
+		},
+		{
+			name:    "no mount",
+			give:    noMountPrefix,
+			wantErr: ErrVaultDelete,
+		},
+		{
+			name: "error",
+			give: "delete/foo",
+			giveLogical: &errLogical{
+				err: errInject,
+			},
+			wantErr: ErrVaultDelete,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			ln, apiClient := testServer(t)
+			defer ln.Close()
+
+			client, err := NewClient(append(tt.giveOptions, WithVaultClient(apiClient))...)
+			assert.NoError(t, err)
+
+			backupL := client.sourceL
+			if tt.giveLogical != nil {
+				client.sourceL = tt.giveLogical
+			}
+
+			for _, ver := range kvMountVersions {
+				path := tt.give
+				if tt.give != noMountPrefix {
+					path = PathJoin(ver, tt.give)
+				}
+
+				err := client.PathDelete(path)
+				assert.True(t, errors.Is(err, tt.wantErr))
+
+				if tt.give == noMountPrefix {
+					client.sourceL = backupL
+					readBack, err := client.PathRead(PathJoin(ver, tt.give))
+					if tt.giveLogical != nil {
+						client.sourceL = tt.giveLogical
+					}
+
+					assert.NoError(t, err)
+					assert.Nil(t, readBack)
+				}
+			}
+		})
+	}
+}

vaku2/path_list_test.go

@@ -18,6 +18,7 @@ func TestPathList(t *testing.T) {
 		giveOptions []Option
 		want        []string
 		wantErr     error
+		skipMount   bool
 	}{
 		{
 			name:    "list test",
@@ -26,18 +27,30 @@ func TestPathList(t *testing.T) {
 			wantErr: nil,
 		},
 		{
-			name:        "full path",
+			name:        "full path prefix",
 			give:        "test/inner/again/",
 			giveOptions: []Option{WithFullPath(true)},
 			want:        []string{"test/inner/again/inner/"},
 			wantErr:     nil,
 		},
+		{
+			name:    "single secret",
+			give:    "test/foo",
+			want:    nil,
+			wantErr: nil,
+		},
 		{
 			name:    "list bad path",
 			give:    "doesnotexist",
 			want:    nil,
 			wantErr: nil,
 		},
+		{
+			name:    "no mount",
+			give:    noMountPrefix,
+			want:    nil,
+			wantErr: nil,
+		},
 		{
 			name: "list error",
 			give: "test",
@@ -126,7 +139,12 @@ func TestPathList(t *testing.T) {
 			}
 
 			for _, ver := range kvMountVersions {
-				list, err := client.PathList(PathJoin(ver, tt.give))
+				path := tt.give
+				if tt.give != noMountPrefix {
+					path = PathJoin(ver, tt.give)
+				}
+
+				list, err := client.PathList(path)
 				TrimListPrefix(list, ver)
 
 				assert.True(t, errors.Is(err, tt.wantErr))

vaku2/path_read_test.go

@@ -37,11 +37,17 @@ func TestPathRead(t *testing.T) {
 			wantErr: nil,
 		},
 		{
-			name:    "doesnotexist",
+			name:    "no secret",
 			give:    "doesnotexist",
 			want:    nil,
 			wantErr: nil,
 		},
+		{
+			name:    "no mount",
+			give:    noMountPrefix,
+			want:    nil,
+			wantErr: nil,
+		},
 		{
 			name: "error",
 			give: "test/foo",
@@ -69,7 +75,12 @@ func TestPathRead(t *testing.T) {
 			}
 
 			for _, ver := range kvMountVersions {
-				read, err := client.PathRead(PathJoin(ver, tt.give))
+				path := tt.give
+				if tt.give != noMountPrefix {
+					path = PathJoin(ver, tt.give)
+				}
+
+				read, err := client.PathRead(path)
 
 				assert.True(t, errors.Is(err, tt.wantErr))
 				assert.Equal(t, tt.want, read)

vaku2/path_write.go

@@ -16,5 +16,5 @@ func (c *Client) PathWrite(p string, d map[string]interface{}) error {
 		return fmt.Errorf("%q: %w", p, ErrVaultWrite)
 	}
 
-	return err
+	return nil
 }

vaku2/path_write_test.go

@@ -19,26 +19,32 @@ func TestPathWrite(t *testing.T) {
 		wantErr     error
 	}{
 		{
-			name: "write/foo",
-			give: "write/foo",
+			name: "new path",
+			give: "write/bar",
 			giveData: map[string]interface{}{
-				"foo": "bar",
+				"Eg5ljS7t": "6F1B5nBg",
+				"quqr32S5": "81iY4HAN",
+				"r6R0JUzX": "rs1mCRB5",
 			},
 			wantErr: nil,
 		},
 		{
-			name: "write/bar",
-			give: "write/bar",
+			name: "overwrite",
+			give: "test/foo",
 			giveData: map[string]interface{}{
-				"Eg5ljS7t": "6F1B5nBg",
-				"quqr32S5": "81iY4HAN",
-				"r6R0JUzX": "rs1mCRB5",
+				"foo": "bar",
 			},
 			wantErr: nil,
 		},
 		{
-			name:     "bad mount",
-			give:     "mountdoesnotexist",
+			name:     "nil data",
+			give:     "write/foo",
+			giveData: nil,
+			wantErr:  ErrVaultWrite,
+		},
+		{
+			name:     "no mount",
+			give:     noMountPrefix,
 			giveData: nil,
 			wantErr:  ErrVaultWrite,
 		},
@@ -55,18 +61,30 @@ func TestPathWrite(t *testing.T) {
 			client, err := NewClient(append(tt.giveOptions, WithVaultClient(apiClient))...)
 			assert.NoError(t, err)
 
+			backupL := client.sourceL
 			if tt.giveLogical != nil {
 				client.sourceL = tt.giveLogical
 			}
 
 			for _, ver := range kvMountVersions {
-				err := client.PathWrite(PathJoin(ver, tt.give), tt.giveData)
+				path := tt.give
+				if tt.give != noMountPrefix {
+					path = PathJoin(ver, tt.give)
+				}
+
+				err := client.PathWrite(path, tt.giveData)
 				assert.True(t, errors.Is(err, tt.wantErr))
 
-				readBack, err := client.PathRead(PathJoin(ver, tt.give))
-				assert.NoError(t, err)
+				if tt.give == noMountPrefix {
+					client.sourceL = backupL
+					readBack, err := client.PathRead(PathJoin(ver, tt.give))
+					if tt.giveLogical != nil {
+						client.sourceL = tt.giveLogical
+					}
+					assert.NoError(t, err)
 
-				assert.Equal(t, tt.giveData, readBack)
+					assert.Equal(t, tt.giveData, readBack)
+				}
 			}
 		})
 	}