1package http 2 3import ( 4 "encoding/json" 5 "reflect" 6 "testing" 7 8 "github.com/hashicorp/vault/vault" 9) 10 11func TestSysAudit(t *testing.T) { 12 core, _, token := vault.TestCoreUnsealed(t) 13 ln, addr := TestServer(t, core) 14 defer ln.Close() 15 TestServerAuth(t, addr, token) 16 17 resp := testHttpPost(t, token, addr+"/v1/sys/audit/noop", map[string]interface{}{ 18 "type": "noop", 19 }) 20 testResponseStatus(t, resp, 204) 21 22 resp = testHttpGet(t, token, addr+"/v1/sys/audit") 23 24 var actual map[string]interface{} 25 expected := map[string]interface{}{ 26 "lease_id": "", 27 "renewable": false, 28 "lease_duration": json.Number("0"), 29 "wrap_info": nil, 30 "warnings": nil, 31 "auth": nil, 32 "data": map[string]interface{}{ 33 "noop/": map[string]interface{}{ 34 "path": "noop/", 35 "type": "noop", 36 "description": "", 37 "options": map[string]interface{}{}, 38 "local": false, 39 }, 40 }, 41 "noop/": map[string]interface{}{ 42 "path": "noop/", 43 "type": "noop", 44 "description": "", 45 "options": map[string]interface{}{}, 46 "local": false, 47 }, 48 } 49 testResponseStatus(t, resp, 200) 50 testResponseBody(t, resp, &actual) 51 52 expected["request_id"] = actual["request_id"] 53 54 if !reflect.DeepEqual(actual, expected) { 55 t.Fatalf("bad: expected:\n%#v actual:\n%#v\n", expected, actual) 56 } 57} 58 59func TestSysDisableAudit(t *testing.T) { 60 core, _, token := vault.TestCoreUnsealed(t) 61 ln, addr := TestServer(t, core) 62 defer ln.Close() 63 TestServerAuth(t, addr, token) 64 65 resp := testHttpPost(t, token, addr+"/v1/sys/audit/foo", map[string]interface{}{ 66 "type": "noop", 67 }) 68 testResponseStatus(t, resp, 204) 69 70 resp = testHttpDelete(t, token, addr+"/v1/sys/audit/foo") 71 testResponseStatus(t, resp, 204) 72 73 resp = testHttpGet(t, token, addr+"/v1/sys/audit") 74 75 var actual map[string]interface{} 76 expected := map[string]interface{}{ 77 "lease_id": "", 78 "renewable": false, 79 "lease_duration": json.Number("0"), 80 "wrap_info": nil, 81 "warnings": nil, 82 "auth": nil, 83 "data": map[string]interface{}{}, 84 } 85 86 testResponseStatus(t, resp, 200) 87 testResponseBody(t, resp, &actual) 88 89 expected["request_id"] = actual["request_id"] 90 91 if !reflect.DeepEqual(actual, expected) { 92 t.Fatalf("bad:\nactual: %#v\nexpected: %#v\n", actual, expected) 93 } 94} 95 96func TestSysAuditHash(t *testing.T) { 97 core, _, token := vault.TestCoreUnsealed(t) 98 ln, addr := TestServer(t, core) 99 defer ln.Close() 100 TestServerAuth(t, addr, token) 101 102 resp := testHttpPost(t, token, addr+"/v1/sys/audit/noop", map[string]interface{}{ 103 "type": "noop", 104 }) 105 testResponseStatus(t, resp, 204) 106 107 resp = testHttpPost(t, token, addr+"/v1/sys/audit-hash/noop", map[string]interface{}{ 108 "input": "bar", 109 }) 110 111 var actual map[string]interface{} 112 expected := map[string]interface{}{ 113 "lease_id": "", 114 "renewable": false, 115 "lease_duration": json.Number("0"), 116 "wrap_info": nil, 117 "warnings": nil, 118 "auth": nil, 119 "data": map[string]interface{}{ 120 "hash": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317", 121 }, 122 "hash": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317", 123 } 124 testResponseStatus(t, resp, 200) 125 testResponseBody(t, resp, &actual) 126 127 expected["request_id"] = actual["request_id"] 128 129 if !reflect.DeepEqual(actual, expected) { 130 t.Fatalf("bad: expected:\n%#v\n, got:\n%#v\n", expected, actual) 131 } 132} 133