From 4875fe73fa8cd941683cde10d39c6db5b0db6f51 Mon Sep 17 00:00:00 2001 From: Robison Jacka Date: Sun, 18 Feb 2018 13:09:49 -0800 Subject: [PATCH] Adding path roles test coverage for storing PKIX fields --- builtin/logical/pki/path_roles_test.go | 92 ++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) diff --git a/builtin/logical/pki/path_roles_test.go b/builtin/logical/pki/path_roles_test.go index 3f7e9cb2713c..ed101fd0cac2 100644 --- a/builtin/logical/pki/path_roles_test.go +++ b/builtin/logical/pki/path_roles_test.go @@ -4,6 +4,7 @@ import ( "context" "testing" + "github.com/hashicorp/vault/helper/strutil" "github.com/hashicorp/vault/logical" "github.com/mitchellh/mapstructure" ) @@ -404,6 +405,97 @@ func TestPki_RoleAllowedDomains(t *testing.T) { } } +func TestPki_RolePkixFields(t *testing.T) { + var resp *logical.Response + var err error + b, storage := createBackendWithStorage(t) + + roleData := map[string]interface{}{ + "ttl": "5h", + "country": []string{"c1", "c2"}, + "ou": []string{"abc", "123"}, + "organization": []string{"org1", "org2"}, + "locality": []string{"foocity", "bartown"}, + "province": []string{"bar", "foo"}, + "street_address": []string{"123 foo street", "789 bar avenue"}, + "postal_code": []string{"f00", "b4r"}, + } + + roleReq := &logical.Request{ + Operation: logical.UpdateOperation, + Path: "roles/testrole_pkixfields", + Storage: storage, + Data: roleData, + } + + resp, err = b.HandleRequest(context.Background(), roleReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: err: %v resp: %#v", err, resp) + } + + roleReq.Operation = logical.ReadOperation + resp, err = b.HandleRequest(context.Background(), roleReq) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: err: %v resp: %#v", err, resp) + } + + origCountry := roleData["country"].([]string) + respCountry := resp.Data["country"].([]string) + if !strutil.StrListSubset(origCountry, respCountry) { + t.Fatalf("country did not match values set in role") + } else if len(origCountry) != len(respCountry) { + t.Fatalf("country did not have same number of values set in role") + } + + origOU := roleData["ou"].([]string) + respOU := resp.Data["ou"].([]string) + if !strutil.StrListSubset(origOU, respOU) { + t.Fatalf("ou did not match values set in role") + } else if len(origOU) != len(respOU) { + t.Fatalf("ou did not have same number of values set in role") + } + + origOrganization := roleData["organization"].([]string) + respOrganization := resp.Data["organization"].([]string) + if !strutil.StrListSubset(origOrganization, respOrganization) { + t.Fatalf("organization did not match values set in role") + } else if len(origOrganization) != len(respOrganization) { + t.Fatalf("organization did not have same number of values set in role") + } + + origLocality := roleData["locality"].([]string) + respLocality := resp.Data["locality"].([]string) + if !strutil.StrListSubset(origLocality, respLocality) { + t.Fatalf("locality did not match values set in role") + } else if len(origLocality) != len(respLocality) { + t.Fatalf("locality did not have same number of values set in role: ") + } + + origProvince := roleData["province"].([]string) + respProvince := resp.Data["province"].([]string) + if !strutil.StrListSubset(origProvince, respProvince) { + t.Fatalf("province did not match values set in role") + } else if len(origProvince) != len(respProvince) { + t.Fatalf("province did not have same number of values set in role") + } + + origStreetAddress := roleData["street_address"].([]string) + respStreetAddress := resp.Data["street_address"].([]string) + if !strutil.StrListSubset(origStreetAddress, respStreetAddress) { + t.Fatalf("street_address did not match values set in role") + } else if len(origStreetAddress) != len(respStreetAddress) { + t.Fatalf("street_address did not have same number of values set in role") + } + + origPostalCode := roleData["postal_code"].([]string) + respPostalCode := resp.Data["postal_code"].([]string) + if !strutil.StrListSubset(origPostalCode, respPostalCode) { + t.Fatalf("postal_code did not match values set in role") + } else if len(origPostalCode) != len(respPostalCode) { + t.Fatalf("postal_code did not have same number of values set in role") + } +} + func TestPki_RoleNoStore(t *testing.T) { var resp *logical.Response var err error