github.com/hernad/nomad@v1.6.112/command/agent/keyring_endpoint_test.go

github.com/hernad/nomad@v1.6.112/command/agent/keyring_endpoint_test.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: MPL-2.0
     3  
     4  package agent
     5  
     6  import (
     7  	"net/http"
     8  	"net/http/httptest"
     9  	"testing"
    10  
    11  	"github.com/stretchr/testify/require"
    12  
    13  	"github.com/hernad/nomad/ci"
    14  	"github.com/hernad/nomad/nomad/structs"
    15  )
    16  
    17  func TestHTTP_Keyring_CRUD(t *testing.T) {
    18  	ci.Parallel(t)
    19  
    20  	httpTest(t, nil, func(s *TestAgent) {
    21  
    22  		respW := httptest.NewRecorder()
    23  
    24  		// List (get bootstrap key)
    25  
    26  		req, err := http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
    27  		require.NoError(t, err)
    28  		obj, err := s.Server.KeyringRequest(respW, req)
    29  		require.NoError(t, err)
    30  		listResp := obj.([]*structs.RootKeyMeta)
    31  		require.Len(t, listResp, 1)
    32  		oldKeyID := listResp[0].KeyID
    33  
    34  		// Rotate
    35  
    36  		req, err = http.NewRequest(http.MethodPut, "/v1/operator/keyring/rotate", nil)
    37  		require.NoError(t, err)
    38  		obj, err = s.Server.KeyringRequest(respW, req)
    39  		require.NoError(t, err)
    40  		require.NotZero(t, respW.HeaderMap.Get("X-Nomad-Index"))
    41  		rotateResp := obj.(structs.KeyringRotateRootKeyResponse)
    42  		require.NotNil(t, rotateResp.Key)
    43  		require.True(t, rotateResp.Key.Active())
    44  		newID1 := rotateResp.Key.KeyID
    45  
    46  		// List
    47  
    48  		req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
    49  		require.NoError(t, err)
    50  		obj, err = s.Server.KeyringRequest(respW, req)
    51  		require.NoError(t, err)
    52  		listResp = obj.([]*structs.RootKeyMeta)
    53  		require.Len(t, listResp, 2)
    54  		for _, key := range listResp {
    55  			if key.KeyID == newID1 {
    56  				require.True(t, key.Active(), "new key should be active")
    57  			} else {
    58  				require.False(t, key.Active(), "initial key should be inactive")
    59  			}
    60  		}
    61  
    62  		// Delete the old key and verify its gone
    63  
    64  		req, err = http.NewRequest(http.MethodDelete, "/v1/operator/keyring/key/"+oldKeyID, nil)
    65  		require.NoError(t, err)
    66  		obj, err = s.Server.KeyringRequest(respW, req)
    67  		require.NoError(t, err)
    68  
    69  		req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil)
    70  		require.NoError(t, err)
    71  		obj, err = s.Server.KeyringRequest(respW, req)
    72  		require.NoError(t, err)
    73  		listResp = obj.([]*structs.RootKeyMeta)
    74  		require.Len(t, listResp, 1)
    75  		require.Equal(t, newID1, listResp[0].KeyID)
    76  		require.True(t, listResp[0].Active())
    77  		require.Len(t, listResp, 1)
    78  	})
    79  }