github.com/hashicorp/vault/sdk@v0.13.0/plugin/pb/translation_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package pb 5 6 import ( 7 "crypto/tls" 8 "crypto/x509" 9 "encoding/pem" 10 "errors" 11 "reflect" 12 "testing" 13 "time" 14 15 "github.com/hashicorp/vault/sdk/helper/errutil" 16 "github.com/hashicorp/vault/sdk/helper/wrapping" 17 "github.com/hashicorp/vault/sdk/logical" 18 ) 19 20 func TestTranslation_Errors(t *testing.T) { 21 errs := []error{ 22 nil, 23 errors.New("test"), 24 errutil.UserError{Err: "test"}, 25 errutil.InternalError{Err: "test"}, 26 logical.CodedError(403, "test"), 27 &logical.StatusBadRequest{Err: "test"}, 28 logical.ErrUnsupportedOperation, 29 logical.ErrUnsupportedPath, 30 logical.ErrInvalidRequest, 31 logical.ErrPermissionDenied, 32 logical.ErrMultiAuthzPending, 33 } 34 35 for _, err := range errs { 36 pe := ErrToProtoErr(err) 37 e := ProtoErrToErr(pe) 38 39 if !reflect.DeepEqual(e, err) { 40 t.Fatalf("Errs did not match: %#v, %#v", e, err) 41 } 42 } 43 } 44 45 func TestTranslation_StorageEntry(t *testing.T) { 46 tCases := []*logical.StorageEntry{ 47 nil, 48 {Key: "key", Value: []byte("value")}, 49 {Key: "key1", Value: []byte("value1"), SealWrap: true}, 50 {Key: "key1", SealWrap: true}, 51 } 52 53 for _, c := range tCases { 54 p := LogicalStorageEntryToProtoStorageEntry(c) 55 e := ProtoStorageEntryToLogicalStorageEntry(p) 56 57 if !reflect.DeepEqual(c, e) { 58 t.Fatalf("Entries did not match: %#v, %#v", e, c) 59 } 60 } 61 } 62 63 func TestTranslation_Request(t *testing.T) { 64 certs, err := peerCertificates() 65 if err != nil { 66 t.Logf("No test certificates were generated: %v", err) 67 } 68 69 tCases := []*logical.Request{ 70 nil, 71 { 72 ID: "ID", 73 ReplicationCluster: "RID", 74 Operation: logical.CreateOperation, 75 Path: "test/foo", 76 ClientToken: "token", 77 ClientTokenAccessor: "accessor", 78 DisplayName: "display", 79 MountPoint: "test", 80 MountType: "secret", 81 MountAccessor: "test-231234", 82 ClientTokenRemainingUses: 1, 83 EntityID: "tester", 84 PolicyOverride: true, 85 Unauthenticated: true, 86 Connection: &logical.Connection{ 87 RemoteAddr: "localhost", 88 ConnState: &tls.ConnectionState{ 89 Version: tls.VersionTLS12, 90 HandshakeComplete: true, 91 PeerCertificates: certs, 92 }, 93 }, 94 }, 95 { 96 ID: "ID", 97 ReplicationCluster: "RID", 98 Operation: logical.CreateOperation, 99 Path: "test/foo", 100 Data: map[string]interface{}{ 101 "string": "string", 102 "bool": true, 103 "array": []interface{}{"1", "2"}, 104 "map": map[string]interface{}{ 105 "key": "value", 106 }, 107 }, 108 Secret: &logical.Secret{ 109 LeaseOptions: logical.LeaseOptions{ 110 TTL: time.Second, 111 MaxTTL: time.Second, 112 Renewable: true, 113 Increment: time.Second, 114 IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), 115 }, 116 InternalData: map[string]interface{}{ 117 "role": "test", 118 }, 119 LeaseID: "LeaseID", 120 }, 121 Auth: &logical.Auth{ 122 LeaseOptions: logical.LeaseOptions{ 123 TTL: time.Second, 124 MaxTTL: time.Second, 125 Renewable: true, 126 Increment: time.Second, 127 IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), 128 }, 129 InternalData: map[string]interface{}{ 130 "role": "test", 131 }, 132 DisplayName: "test", 133 Policies: []string{"test", "Test"}, 134 Metadata: map[string]string{ 135 "test": "test", 136 }, 137 ClientToken: "token", 138 Accessor: "accessor", 139 Period: 5 * time.Second, 140 NumUses: 1, 141 EntityID: "id", 142 Alias: &logical.Alias{ 143 MountType: "type", 144 MountAccessor: "accessor", 145 Name: "name", 146 }, 147 GroupAliases: []*logical.Alias{ 148 { 149 MountType: "type", 150 MountAccessor: "accessor", 151 Name: "name", 152 }, 153 }, 154 }, 155 Headers: map[string][]string{ 156 "X-Vault-Test": {"test"}, 157 }, 158 ClientToken: "token", 159 ClientTokenAccessor: "accessor", 160 DisplayName: "display", 161 MountPoint: "test", 162 MountType: "secret", 163 MountAccessor: "test-231234", 164 WrapInfo: &logical.RequestWrapInfo{ 165 TTL: time.Second, 166 Format: "token", 167 SealWrap: true, 168 }, 169 ClientTokenRemainingUses: 1, 170 EntityID: "tester", 171 PolicyOverride: true, 172 Unauthenticated: true, 173 }, 174 } 175 176 for _, c := range tCases { 177 p, err := LogicalRequestToProtoRequest(c) 178 if err != nil { 179 t.Fatal(err) 180 } 181 r, err := ProtoRequestToLogicalRequest(p) 182 if err != nil { 183 t.Fatal(err) 184 } 185 186 if !reflect.DeepEqual(c, r) { 187 t.Fatalf("Requests did not match: \n%#v, \n%#v", c, r) 188 } 189 } 190 } 191 192 func TestTranslation_Response(t *testing.T) { 193 tCases := []*logical.Response{ 194 nil, 195 { 196 Data: map[string]interface{}{ 197 "data": "blah", 198 }, 199 Warnings: []string{"warning"}, 200 }, 201 { 202 Data: map[string]interface{}{ 203 "string": "string", 204 "bool": true, 205 "array": []interface{}{"1", "2"}, 206 "map": map[string]interface{}{ 207 "key": "value", 208 }, 209 }, 210 Secret: &logical.Secret{ 211 LeaseOptions: logical.LeaseOptions{ 212 TTL: time.Second, 213 MaxTTL: time.Second, 214 Renewable: true, 215 Increment: time.Second, 216 IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), 217 }, 218 InternalData: map[string]interface{}{ 219 "role": "test", 220 }, 221 LeaseID: "LeaseID", 222 }, 223 Auth: &logical.Auth{ 224 LeaseOptions: logical.LeaseOptions{ 225 TTL: time.Second, 226 MaxTTL: time.Second, 227 Renewable: true, 228 Increment: time.Second, 229 IssueTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), 230 }, 231 InternalData: map[string]interface{}{ 232 "role": "test", 233 }, 234 DisplayName: "test", 235 Policies: []string{"test", "Test"}, 236 Metadata: map[string]string{ 237 "test": "test", 238 }, 239 ClientToken: "token", 240 Accessor: "accessor", 241 Period: 5 * time.Second, 242 NumUses: 1, 243 EntityID: "id", 244 Alias: &logical.Alias{ 245 MountType: "type", 246 MountAccessor: "accessor", 247 Name: "name", 248 }, 249 GroupAliases: []*logical.Alias{ 250 { 251 MountType: "type", 252 MountAccessor: "accessor", 253 Name: "name", 254 }, 255 }, 256 }, 257 WrapInfo: &wrapping.ResponseWrapInfo{ 258 TTL: time.Second, 259 Token: "token", 260 Accessor: "accessor", 261 CreationTime: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC), 262 WrappedAccessor: "wrapped-accessor", 263 WrappedEntityID: "id", 264 Format: "token", 265 CreationPath: "test/foo", 266 SealWrap: true, 267 }, 268 MountType: "mountType", 269 }, 270 } 271 272 for _, c := range tCases { 273 p, err := LogicalResponseToProtoResponse(c) 274 if err != nil { 275 t.Fatal(err) 276 } 277 r, err := ProtoResponseToLogicalResponse(p) 278 if err != nil { 279 t.Fatal(err) 280 } 281 282 if !reflect.DeepEqual(c, r) { 283 t.Fatalf("Requests did not match: \n%#v, \n%#v", c, r) 284 } 285 } 286 } 287 288 // This is the contents of $GOROOT/src/crypto/tls/testdata/example-cert.pem 289 // If it's good enough for testing the crypto/tls package it's good enough 290 // for Vault. 291 const exampleCert = ` 292 -----BEGIN CERTIFICATE----- 293 MIIBhTCCASugAwIBAgIQIRi6zePL6mKjOipn+dNuaTAKBggqhkjOPQQDAjASMRAw 294 DgYDVQQKEwdBY21lIENvMB4XDTE3MTAyMDE5NDMwNloXDTE4MTAyMDE5NDMwNlow 295 EjEQMA4GA1UEChMHQWNtZSBDbzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD0d 296 7VNhbWvZLWPuj/RtHFjvtJBEwOkhbN/BnnE8rnZR8+sbwnc/KhCk3FhnpHZnQz7B 297 5aETbbIgmuvewdjvSBSjYzBhMA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggr 298 BgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdEQQiMCCCDmxvY2FsaG9zdDo1 299 NDUzgg4xMjcuMC4wLjE6NTQ1MzAKBggqhkjOPQQDAgNIADBFAiEA2zpJEPQyz6/l 300 Wf86aX6PepsntZv2GYlA5UpabfT2EZICICpJ5h/iI+i341gBmLiAFQOyTDT+/wQc 301 6MF9+Yw1Yy0t 302 -----END CERTIFICATE-----` 303 304 func peerCertificates() ([]*x509.Certificate, error) { 305 blk, _ := pem.Decode([]byte(exampleCert)) 306 if blk == nil { 307 return nil, errors.New("cannot decode example certificate") 308 } 309 310 cert, err := x509.ParseCertificate(blk.Bytes) 311 if err != nil { 312 return nil, err 313 } 314 315 return []*x509.Certificate{cert}, nil 316 }