v1.14.6/http/sys_metrics_test.go - hashicorp/vault - Git at Google

 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0

 package http

 import (
 	"testing"
 	"time"

 	"github.com/hashicorp/vault/helper/testhelpers/corehelpers"

 	"github.com/armon/go-metrics"
 	"github.com/hashicorp/vault/helper/metricsutil"
 	"github.com/hashicorp/vault/internalshared/configutil"
 	"github.com/hashicorp/vault/vault"
 )

 func TestSysMetricsUnauthenticated(t *testing.T) {
 	inm := metrics.NewInmemSink(10*time.Second, time.Minute)
 	metrics.DefaultInmemSignal(inm)
 	conf := &vault.CoreConfig{
 		BuiltinRegistry: corehelpers.NewMockBuiltinRegistry(),
 		MetricsHelper:   metricsutil.NewMetricsHelper(inm, true),
 	}
 	core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
 	ln, addr := TestServer(t, core)
 	TestServerAuth(t, addr, token)

 	// Default: Only authenticated access
 	resp := testHttpGet(t, "", addr+"/v1/sys/metrics")
 	testResponseStatus(t, resp, 403)
 	resp = testHttpGet(t, token, addr+"/v1/sys/metrics")
 	testResponseStatus(t, resp, 200)

 	// Close listener
 	ln.Close()

 	// Setup new custom listener with unauthenticated metrics access
 	ln, addr = TestListener(t)
 	props := &vault.HandlerProperties{
 		Core: core,
 		ListenerConfig: &configutil.Listener{
 			Telemetry: configutil.ListenerTelemetry{
 				UnauthenticatedMetricsAccess: true,
 			},
 		},
 	}
 	TestServerWithListenerAndProperties(t, ln, addr, core, props)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	// Test without token
 	resp = testHttpGet(t, "", addr+"/v1/sys/metrics")
 	testResponseStatus(t, resp, 200)

 	// Should also work with token
 	resp = testHttpGet(t, token, addr+"/v1/sys/metrics")
 	testResponseStatus(t, resp, 200)

 	// Test if prometheus response is correct
 	resp = testHttpGet(t, "", addr+"/v1/sys/metrics?format=prometheus")
 	testResponseStatus(t, resp, 200)
 }

 func TestSysPProfUnauthenticated(t *testing.T) {
 	conf := &vault.CoreConfig{}
 	core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
 	ln, addr := TestServer(t, core)
 	TestServerAuth(t, addr, token)

 	// Default: Only authenticated access
 	resp := testHttpGet(t, "", addr+"/v1/sys/pprof/cmdline")
 	testResponseStatus(t, resp, 403)
 	resp = testHttpGet(t, token, addr+"/v1/sys/pprof/cmdline")
 	testResponseStatus(t, resp, 200)

 	// Close listener
 	ln.Close()

 	// Setup new custom listener with unauthenticated metrics access
 	ln, addr = TestListener(t)
 	props := &vault.HandlerProperties{
 		Core: core,
 		ListenerConfig: &configutil.Listener{
 			Profiling: configutil.ListenerProfiling{
 				UnauthenticatedPProfAccess: true,
 			},
 		},
 	}
 	TestServerWithListenerAndProperties(t, ln, addr, core, props)
 	defer ln.Close()
 	TestServerAuth(t, addr, token)

 	// Test without token
 	resp = testHttpGet(t, "", addr+"/v1/sys/pprof/cmdline")
 	testResponseStatus(t, resp, 200)

 	// Should also work with token
 	resp = testHttpGet(t, token, addr+"/v1/sys/pprof/cmdline")
 	testResponseStatus(t, resp, 200)
 }
	// Copyright (c) HashiCorp, Inc.
	// SPDX-License-Identifier: MPL-2.0

	package http

	import (
	"testing"
	"time"

	"github.com/hashicorp/vault/helper/testhelpers/corehelpers"

	"github.com/armon/go-metrics"
	"github.com/hashicorp/vault/helper/metricsutil"
	"github.com/hashicorp/vault/internalshared/configutil"
	"github.com/hashicorp/vault/vault"
	)

	func TestSysMetricsUnauthenticated(t *testing.T) {
	inm := metrics.NewInmemSink(10*time.Second, time.Minute)
	metrics.DefaultInmemSignal(inm)
	conf := &vault.CoreConfig{
	BuiltinRegistry: corehelpers.NewMockBuiltinRegistry(),
	MetricsHelper: metricsutil.NewMetricsHelper(inm, true),
	}
	core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
	ln, addr := TestServer(t, core)
	TestServerAuth(t, addr, token)

	// Default: Only authenticated access
	resp := testHttpGet(t, "", addr+"/v1/sys/metrics")
	testResponseStatus(t, resp, 403)
	resp = testHttpGet(t, token, addr+"/v1/sys/metrics")
	testResponseStatus(t, resp, 200)

	// Close listener
	ln.Close()

	// Setup new custom listener with unauthenticated metrics access
	ln, addr = TestListener(t)
	props := &vault.HandlerProperties{
	Core: core,
	ListenerConfig: &configutil.Listener{
	Telemetry: configutil.ListenerTelemetry{
	UnauthenticatedMetricsAccess: true,
	},
	},
	}
	TestServerWithListenerAndProperties(t, ln, addr, core, props)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	// Test without token
	resp = testHttpGet(t, "", addr+"/v1/sys/metrics")
	testResponseStatus(t, resp, 200)

	// Should also work with token
	resp = testHttpGet(t, token, addr+"/v1/sys/metrics")
	testResponseStatus(t, resp, 200)

	// Test if prometheus response is correct
	resp = testHttpGet(t, "", addr+"/v1/sys/metrics?format=prometheus")
	testResponseStatus(t, resp, 200)
	}

	func TestSysPProfUnauthenticated(t *testing.T) {
	conf := &vault.CoreConfig{}
	core, _, token := vault.TestCoreUnsealedWithConfig(t, conf)
	ln, addr := TestServer(t, core)
	TestServerAuth(t, addr, token)

	// Default: Only authenticated access
	resp := testHttpGet(t, "", addr+"/v1/sys/pprof/cmdline")
	testResponseStatus(t, resp, 403)
	resp = testHttpGet(t, token, addr+"/v1/sys/pprof/cmdline")
	testResponseStatus(t, resp, 200)

	// Close listener
	ln.Close()

	// Setup new custom listener with unauthenticated metrics access
	ln, addr = TestListener(t)
	props := &vault.HandlerProperties{
	Core: core,
	ListenerConfig: &configutil.Listener{
	Profiling: configutil.ListenerProfiling{
	UnauthenticatedPProfAccess: true,
	},
	},
	}
	TestServerWithListenerAndProperties(t, ln, addr, core, props)
	defer ln.Close()
	TestServerAuth(t, addr, token)

	// Test without token
	resp = testHttpGet(t, "", addr+"/v1/sys/pprof/cmdline")
	testResponseStatus(t, resp, 200)

	// Should also work with token
	resp = testHttpGet(t, token, addr+"/v1/sys/pprof/cmdline")
	testResponseStatus(t, resp, 200)
	}