github.com/iotexproject/iotex-core@v1.14.1-rc1/blockchain/config_privatekey_test.go (about) 1 // Copyright (c) 2022 IoTeX Foundation 2 // This source code is provided 'as is' and no warranties are given as to title or non-infringement, merchantability 3 // or fitness for purpose and, to the extent permitted by law, all liability for your use of the code is disclaimed. 4 // This source code is governed by Apache License 2.0 that can be found in the LICENSE file. 5 6 package blockchain 7 8 import ( 9 "os" 10 "testing" 11 12 "github.com/golang/mock/gomock" 13 "github.com/hashicorp/vault/api" 14 "github.com/stretchr/testify/require" 15 16 "github.com/iotexproject/iotex-core/test/mock/mock_privatekey" 17 ) 18 19 const ( 20 hashiCorpVaultTestCfg = ` 21 address: http://127.0.0.1:8200 22 token: secret/data/test 23 path: secret/data/test 24 key: my key 25 ` 26 27 vaultTestKey = "my key" 28 vaultTestValue = "my value" 29 ) 30 31 func TestVault(t *testing.T) { 32 r := require.New(t) 33 ctrl := gomock.NewController(t) 34 defer ctrl.Finish() 35 reader := mock_privatekey.NewMockvaultSecretReader(ctrl) 36 cfg := &hashiCorpVault{ 37 Address: "http://127.0.0.1:8200", 38 Token: "hello iotex", 39 Path: "secret/data/test", 40 Key: vaultTestKey, 41 } 42 loader := &vaultPrivKeyLoader{ 43 cfg: cfg, 44 vaultClient: &vaultClient{reader}, 45 } 46 47 t.Run("NewVaultPrivKeyLoaderSuccess", func(t *testing.T) { 48 _, err := newVaultPrivKeyLoader(cfg) 49 r.NoError(err) 50 }) 51 t.Run("VaultSuccess", func(t *testing.T) { 52 reader.EXPECT().Read(gomock.Any()).Return(&api.Secret{ 53 Data: map[string]interface{}{ 54 vaultTestKey: vaultTestValue, 55 }, 56 }, nil) 57 res, err := loader.load() 58 r.NoError(err) 59 r.Equal(vaultTestValue, res) 60 }) 61 t.Run("VaultNoSecret", func(t *testing.T) { 62 reader.EXPECT().Read(gomock.Any()).Return(nil, nil) 63 _, err := loader.load() 64 r.Contains(err.Error(), "secret does not exist") 65 }) 66 t.Run("VaultNoValue", func(t *testing.T) { 67 reader.EXPECT().Read(gomock.Any()).Return(&api.Secret{ 68 Data: map[string]interface{}{}, 69 }, nil) 70 _, err := loader.load() 71 r.Contains(err.Error(), "secret value does not exist") 72 }) 73 t.Run("VaultInvalidSecretValueType", func(t *testing.T) { 74 reader.EXPECT().Read(gomock.Any()).Return(&api.Secret{ 75 Data: map[string]interface{}{ 76 vaultTestKey: 123, 77 }, 78 }, nil) 79 _, err := loader.load() 80 r.Contains(err.Error(), "invalid secret value type") 81 }) 82 } 83 84 func TestSetProducerPrivKey(t *testing.T) { 85 r := require.New(t) 86 testfile := "private_key.*.yaml" 87 t.Run("PrivateConfigFileDoesNotExist", func(t *testing.T) { 88 cfg := DefaultConfig 89 key := DefaultConfig.ProducerPrivKey 90 err := cfg.SetProducerPrivKey() 91 r.NoError(err) 92 r.Equal(key, cfg.ProducerPrivKey) 93 }) 94 t.Run("PrivateConfigUnknownSchema", func(t *testing.T) { 95 cfg := DefaultConfig 96 tmp, err := os.CreateTemp("", testfile) 97 r.NoError(err) 98 defer os.Remove(tmp.Name()) 99 cfg.ProducerPrivKey = tmp.Name() 100 cfg.ProducerPrivKeySchema = "unknown" 101 err = cfg.SetProducerPrivKey() 102 r.Contains(err.Error(), "invalid private key schema") 103 }) 104 t.Run("PrivateConfigFileHasHashiCorpVault", func(t *testing.T) { 105 cfg := DefaultConfig 106 tmp, err := os.CreateTemp("", testfile) 107 r.NoError(err) 108 defer os.Remove(tmp.Name()) 109 110 _, err = tmp.WriteString(hashiCorpVaultTestCfg) 111 r.NoError(err) 112 err = tmp.Close() 113 r.NoError(err) 114 cfg.ProducerPrivKey = tmp.Name() 115 cfg.ProducerPrivKeySchema = "hashiCorpVault" 116 err = cfg.SetProducerPrivKey() 117 r.Contains(err.Error(), "dial tcp 127.0.0.1:8200: connect: connection refused") 118 }) 119 }