github.com/hernad/nomad@v1.6.112/command/agent/keyring_endpoint_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package agent 5 6 import ( 7 "net/http" 8 "net/http/httptest" 9 "testing" 10 11 "github.com/stretchr/testify/require" 12 13 "github.com/hernad/nomad/ci" 14 "github.com/hernad/nomad/nomad/structs" 15 ) 16 17 func TestHTTP_Keyring_CRUD(t *testing.T) { 18 ci.Parallel(t) 19 20 httpTest(t, nil, func(s *TestAgent) { 21 22 respW := httptest.NewRecorder() 23 24 // List (get bootstrap key) 25 26 req, err := http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil) 27 require.NoError(t, err) 28 obj, err := s.Server.KeyringRequest(respW, req) 29 require.NoError(t, err) 30 listResp := obj.([]*structs.RootKeyMeta) 31 require.Len(t, listResp, 1) 32 oldKeyID := listResp[0].KeyID 33 34 // Rotate 35 36 req, err = http.NewRequest(http.MethodPut, "/v1/operator/keyring/rotate", nil) 37 require.NoError(t, err) 38 obj, err = s.Server.KeyringRequest(respW, req) 39 require.NoError(t, err) 40 require.NotZero(t, respW.HeaderMap.Get("X-Nomad-Index")) 41 rotateResp := obj.(structs.KeyringRotateRootKeyResponse) 42 require.NotNil(t, rotateResp.Key) 43 require.True(t, rotateResp.Key.Active()) 44 newID1 := rotateResp.Key.KeyID 45 46 // List 47 48 req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil) 49 require.NoError(t, err) 50 obj, err = s.Server.KeyringRequest(respW, req) 51 require.NoError(t, err) 52 listResp = obj.([]*structs.RootKeyMeta) 53 require.Len(t, listResp, 2) 54 for _, key := range listResp { 55 if key.KeyID == newID1 { 56 require.True(t, key.Active(), "new key should be active") 57 } else { 58 require.False(t, key.Active(), "initial key should be inactive") 59 } 60 } 61 62 // Delete the old key and verify its gone 63 64 req, err = http.NewRequest(http.MethodDelete, "/v1/operator/keyring/key/"+oldKeyID, nil) 65 require.NoError(t, err) 66 obj, err = s.Server.KeyringRequest(respW, req) 67 require.NoError(t, err) 68 69 req, err = http.NewRequest(http.MethodGet, "/v1/operator/keyring/keys", nil) 70 require.NoError(t, err) 71 obj, err = s.Server.KeyringRequest(respW, req) 72 require.NoError(t, err) 73 listResp = obj.([]*structs.RootKeyMeta) 74 require.Len(t, listResp, 1) 75 require.Equal(t, newID1, listResp[0].KeyID) 76 require.True(t, listResp[0].Active()) 77 require.Len(t, listResp, 1) 78 }) 79 }