Google Git
Sign in
third-party-mirror / hashicorp / vault / 582d46ed083b261003e36565a870f396144c4826 / . / v1.14.5 / command / operator_unseal_test.go
blob: cb4d19603ba4f9fa9a4105e936f53f75db98846b [file] [log] [blame]
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package command
import (
"bytes"
"encoding/json"
"io/ioutil"
"os"
"strings"
"testing"
"github.com/mitchellh/cli"
)
func testOperatorUnsealCommand(tb testing.TB) (*cli.MockUi, *OperatorUnsealCommand) {
tb.Helper()
ui := cli.NewMockUi()
return ui, &OperatorUnsealCommand{
BaseCommand: &BaseCommand{
UI: ui,
},
}
}
func TestOperatorUnsealCommand_Run(t *testing.T) {
t.Parallel()
t.Run("error_non_terminal", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServer(t)
defer closer()
ui, cmd := testOperatorUnsealCommand(t)
cmd.client = client
cmd.testOutput = ioutil.Discard
code := cmd.Run(nil)
if exp := 1; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "is not a terminal"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("reset", func(t *testing.T) {
t.Parallel()
client, keys, closer := testVaultServerUnseal(t)
defer closer()
// Seal so we can unseal
if err := client.Sys().Seal(); err != nil {
t.Fatal(err)
}
// Enter an unseal key
if _, err := client.Sys().Unseal(keys[0]); err != nil {
t.Fatal(err)
}
ui, cmd := testOperatorUnsealCommand(t)
cmd.client = client
cmd.testOutput = ioutil.Discard
// Reset and check output
code := cmd.Run([]string{
"-reset",
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "0/3"
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("full", func(t *testing.T) {
t.Parallel()
client, keys, closer := testVaultServerUnseal(t)
defer closer()
// Seal so we can unseal
if err := client.Sys().Seal(); err != nil {
t.Fatal(err)
}
for _, key := range keys {
ui, cmd := testOperatorUnsealCommand(t)
cmd.client = client
cmd.testOutput = ioutil.Discard
// Reset and check output
code := cmd.Run([]string{
key,
})
if exp := 0; code != exp {
t.Errorf("expected %d to be %d: %s", code, exp, ui.ErrorWriter.String())
}
}
status, err := client.Sys().SealStatus()
if err != nil {
t.Fatal(err)
}
if status.Sealed {
t.Error("expected unsealed")
}
})
t.Run("communication_failure", func(t *testing.T) {
t.Parallel()
client, closer := testVaultServerBad(t)
defer closer()
ui, cmd := testOperatorUnsealCommand(t)
cmd.client = client
code := cmd.Run([]string{
"abcd",
})
if exp := 2; code != exp {
t.Errorf("expected %d to be %d", code, exp)
}
expected := "Error unsealing: "
combined := ui.OutputWriter.String() + ui.ErrorWriter.String()
if !strings.Contains(combined, expected) {
t.Errorf("expected %q to contain %q", combined, expected)
}
})
t.Run("no_tabs", func(t *testing.T) {
t.Parallel()
_, cmd := testOperatorUnsealCommand(t)
assertNoTabs(t, cmd)
})
}
func TestOperatorUnsealCommand_Format(t *testing.T) {
defer func() {
os.Setenv(EnvVaultCLINoColor, "")
}()
client, keys, closer := testVaultServerUnseal(t)
defer closer()
// Seal so we can unseal
if err := client.Sys().Seal(); err != nil {
t.Fatal(err)
}
stdout := bytes.NewBuffer(nil)
stderr := bytes.NewBuffer(nil)
runOpts := &RunOptions{
Stdout: stdout,
Stderr: stderr,
Client: client,
}
args, format, _, _, _ := setupEnv([]string{"operator", "unseal", "-format", "json"})
if format != "json" {
t.Fatalf("expected %q, got %q", "json", format)
}
// Unseal with one key
code := RunCustom(append(args, []string{
keys[0],
}...), runOpts)
if exp := 0; code != exp {
t.Errorf("expected %d to be %d: %s", code, exp, stderr.String())
}
if !json.Valid(stdout.Bytes()) {
t.Error("expected output to be valid JSON")
}
}