v1.14.5/http/sys_policy_test.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package http

 import (
 	"encoding/json"
 	"reflect"
 	"testing"

 	"github.com/hashicorp/vault/vault"
 )

 func TestSysPolicies(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	resp := testHttpGet(t, token, addr+"/v1/sys/policy")

 	var actual map[string]interface{}
 	expected := map[string]interface{}{
 		"lease_id":       "",
 		"renewable":      false,
 		"lease_duration": json.Number("0"),
 		"wrap_info":      nil,
 		"warnings":       nil,
 		"auth":           nil,
 		"data": map[string]interface{}{
 			"policies": []interface{}{"default", "root"},
 			"keys":     []interface{}{"default", "root"},
 		},
 		"policies": []interface{}{"default", "root"},
 		"keys":     []interface{}{"default", "root"},
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
 	expected["request_id"] = actual["request_id"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
 	}
 }

 func TestSysReadPolicy(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")

 	var actual map[string]interface{}
 	expected := map[string]interface{}{
 		"lease_id":       "",
 		"renewable":      false,
 		"lease_duration": json.Number("0"),
 		"wrap_info":      nil,
 		"warnings":       nil,
 		"auth":           nil,
 		"data": map[string]interface{}{
 			"name":  "root",
 			"rules": "",
 		},
 		"name":  "root",
 		"rules": "",
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
 	expected["request_id"] = actual["request_id"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
 	}
 }

 func TestSysWritePolicy(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
 		"rules": `path "*" { capabilities = ["read"] }`,
 	})
 	testResponseStatus(t, resp, 200)

 	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

 	var actual map[string]interface{}
 	expected := map[string]interface{}{
 		"lease_id":       "",
 		"renewable":      false,
 		"lease_duration": json.Number("0"),
 		"wrap_info":      nil,
 		"warnings":       nil,
 		"auth":           nil,
 		"data": map[string]interface{}{
 			"policies": []interface{}{"default", "foo", "root"},
 			"keys":     []interface{}{"default", "foo", "root"},
 		},
 		"policies": []interface{}{"default", "foo", "root"},
 		"keys":     []interface{}{"default", "foo", "root"},
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
 	expected["request_id"] = actual["request_id"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
 	}

 	resp = testHttpPost(t, token, addr+"/v1/sys/policy/response-wrapping", map[string]interface{}{
 		"rules": ``,
 	})
 	testResponseStatus(t, resp, 400)
 }

 func TestSysDeletePolicy(t *testing.T) {
 	core, _, token := vault.TestCoreUnsealed(t)
 	ln, addr := TestServer(t, core)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
 		"rules": `path "*" { capabilities = ["read"] }`,
 	})
 	testResponseStatus(t, resp, 200)

 	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
 	testResponseStatus(t, resp, 204)

 	// Also attempt to delete these since they should not be allowed (ignore
 	// responses, if they exist later that's sufficient)
 	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")
 	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/response-wrapping")

 	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

 	var actual map[string]interface{}
 	expected := map[string]interface{}{
 		"lease_id":       "",
 		"renewable":      false,
 		"lease_duration": json.Number("0"),
 		"wrap_info":      nil,
 		"warnings":       nil,
 		"auth":           nil,
 		"data": map[string]interface{}{
 			"policies": []interface{}{"default", "root"},
 			"keys":     []interface{}{"default", "root"},
 		},
 		"policies": []interface{}{"default", "root"},
 		"keys":     []interface{}{"default", "root"},
 	}
 	testResponseStatus(t, resp, 200)
 	testResponseBody(t, resp, &actual)
 	expected["request_id"] = actual["request_id"]
 	if !reflect.DeepEqual(actual, expected) {
 		t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
 	}
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package http

	import (
	"encoding/json"
	"reflect"
	"testing"

	"github.com/hashicorp/vault/vault"
	)

	func TestSysPolicies(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
	"lease_id": "",
	"renewable": false,
	"lease_duration": json.Number("0"),
	"wrap_info": nil,
	"warnings": nil,
	"auth": nil,
	"data": map[string]interface{}{
	"policies": []interface{}{"default", "root"},
	"keys": []interface{}{"default", "root"},
	},
	"policies": []interface{}{"default", "root"},
	"keys": []interface{}{"default", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	expected["request_id"] = actual["request_id"]
	if !reflect.DeepEqual(actual, expected) {
	t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
	}

	func TestSysReadPolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpGet(t, token, addr+"/v1/sys/policy/root")

	var actual map[string]interface{}
	expected := map[string]interface{}{
	"lease_id": "",
	"renewable": false,
	"lease_duration": json.Number("0"),
	"wrap_info": nil,
	"warnings": nil,
	"auth": nil,
	"data": map[string]interface{}{
	"name": "root",
	"rules": "",
	},
	"name": "root",
	"rules": "",
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	expected["request_id"] = actual["request_id"]
	if !reflect.DeepEqual(actual, expected) {
	t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
	}

	func TestSysWritePolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
	"rules": `path "*" { capabilities = ["read"] }`,
	})
	testResponseStatus(t, resp, 200)

	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
	"lease_id": "",
	"renewable": false,
	"lease_duration": json.Number("0"),
	"wrap_info": nil,
	"warnings": nil,
	"auth": nil,
	"data": map[string]interface{}{
	"policies": []interface{}{"default", "foo", "root"},
	"keys": []interface{}{"default", "foo", "root"},
	},
	"policies": []interface{}{"default", "foo", "root"},
	"keys": []interface{}{"default", "foo", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	expected["request_id"] = actual["request_id"]
	if !reflect.DeepEqual(actual, expected) {
	t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}

	resp = testHttpPost(t, token, addr+"/v1/sys/policy/response-wrapping", map[string]interface{}{
	"rules": ``,
	})
	testResponseStatus(t, resp, 400)
	}

	func TestSysDeletePolicy(t *testing.T) {
	core, _, token := vault.TestCoreUnsealed(t)
	ln, addr := TestServer(t, core)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	resp := testHttpPost(t, token, addr+"/v1/sys/policy/foo", map[string]interface{}{
	"rules": `path "*" { capabilities = ["read"] }`,
	})
	testResponseStatus(t, resp, 200)

	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/foo")
	testResponseStatus(t, resp, 204)

	// Also attempt to delete these since they should not be allowed (ignore
	// responses, if they exist later that's sufficient)
	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/default")
	resp = testHttpDelete(t, token, addr+"/v1/sys/policy/response-wrapping")

	resp = testHttpGet(t, token, addr+"/v1/sys/policy")

	var actual map[string]interface{}
	expected := map[string]interface{}{
	"lease_id": "",
	"renewable": false,
	"lease_duration": json.Number("0"),
	"wrap_info": nil,
	"warnings": nil,
	"auth": nil,
	"data": map[string]interface{}{
	"policies": []interface{}{"default", "root"},
	"keys": []interface{}{"default", "root"},
	},
	"policies": []interface{}{"default", "root"},
	"keys": []interface{}{"default", "root"},
	}
	testResponseStatus(t, resp, 200)
	testResponseBody(t, resp, &actual)
	expected["request_id"] = actual["request_id"]
	if !reflect.DeepEqual(actual, expected) {
	t.Fatalf("bad: got\n%#v\nexpected\n%#v\n", actual, expected)
	}
	}