Skip to content

Commit

Permalink
Streamline some testing bits, add destroy_secret kv support
Browse files Browse the repository at this point in the history
  • Loading branch information
suprjinx committed Sep 18, 2024
1 parent f44d438 commit 88ce4b3
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 14 deletions.
2 changes: 1 addition & 1 deletion app/controllers/secrets_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def show
@secret = result.secret
end

def delete
def destroy
req = Requests::SecretRequest.new(path: params.require(:path))
if !req.valid?
raise BadRequestError.new req.errors.full_messages
Expand Down
4 changes: 1 addition & 3 deletions app/lib/services/vault_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,10 +32,8 @@ def client
end

def enable_engine(mount, type)
unless client.sys.mounts.key?(mount + "/")
unless client.sys.mounts.key?(mount.to_sym)
client.sys.mount(mount, type, "#{type} secrets engine")
else
puts "#{mount} already enabled."
end
rescue Vault::HTTPError => e
puts "Error enabling #{type} engine: #{e}"
Expand Down
1 change: 1 addition & 0 deletions config/routes.rb
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,5 @@
resources :certificates, only: %i[create]
resources :secrets, only: %i[create]
get "secrets/*path", to: "secrets#show", as: :secret
delete "secrets/*path", to: "secrets#destroy", as: :destroy_secret
end
Original file line number Diff line number Diff line change
@@ -1,20 +1,18 @@
require "test_helper"

class CertificatesControllerTest < ActionDispatch::IntegrationTest
class CertificatesTest < ActionDispatch::IntegrationTest
test "#create unauthorized" do
post certificates_path
assert_response :unauthorized
end

test "#create with faulty token (encoded with different signing key)" do
jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcHBsaWNhdGlvbl9uYW1lIiwiY29tbW9uX25hbWUiOiJleGFtcGxlLmNvbSIsImlwX3NhbnMiOiIxMC4wLjEuMTAwIn0.gEUyaZcARiBQNq2RUwZU0MdFXqthyo_oSQ8DAgKvxCs"
post certificates_path, headers: { "Authorization" => "Bearer #{jwt}" }
post certificates_path, headers: { "Authorization" => "Bearer #{jwt_unauthorized}" }
assert_response :unauthorized
end

test "#create authorized as owner" do
jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
post certificates_path, headers: { "Authorization" => "Bearer #{jwt}" },
post certificates_path, headers: { "Authorization" => "Bearer #{jwt_authorized}" },
params: { cert_issue_request: { common_name: "example.com" } }
assert_response :success
%w[ ca_chain
Expand All @@ -29,8 +27,7 @@ class CertificatesControllerTest < ActionDispatch::IntegrationTest
end

test "#create authorized by group" do
jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
post certificates_path, headers: { "Authorization" => "Bearer #{jwt}" },
post certificates_path, headers: { "Authorization" => "Bearer #{jwt_authorized}" },
params: { cert_issue_request: { common_name: "example2.com" } }
assert_response :success
%w[ ca_chain
Expand All @@ -45,8 +42,7 @@ class CertificatesControllerTest < ActionDispatch::IntegrationTest
end

test "#create not authorized by group" do
jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
post certificates_path, headers: { "Authorization" => "Bearer #{jwt}" },
post certificates_path, headers: { "Authorization" => "Bearer #{jwt_authorized}" },
params: { cert_issue_request: { common_name: "example3.com" } }
assert_response :unauthorized
end
Expand Down
44 changes: 44 additions & 0 deletions test/integration/secrets_test.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
require "test_helper"

class SecretsTest < ActionDispatch::IntegrationTest
test "#create unauthorized" do
post secrets_path
assert_response :unauthorized
end

test "#create with faulty token (encoded with different signing key)" do
post secrets_path, headers: { "Authorization" => "Bearer #{jwt_unauthorized}" }
assert_response :unauthorized
end

test "#create or update a secret" do
create_secret
end

test "#show" do
create_secret
# view the secret
get secret_path("top/secret/key"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
assert_response :success
%w[ data metadata lease_id ].each do |key|
assert_includes response.parsed_body["secret"].keys, key
end
end

test "#delete" do
create_secret
# delete the secret
delete destroy_secret_path("top/secret/key"), headers: { "Authorization" => "Bearer #{jwt_authorized}" }
assert_response :success
end

def create_secret
# create the secret
post secrets_path, headers: { "Authorization" => "Bearer #{jwt_authorized}" },
params: { secret: { path: "top/secret/key", data: { password: "sicr3t" } } }
assert_response :success
%w[ data metadata lease_id ].each do |key|
assert_includes response.parsed_body["secret"].keys, key
end
end
end
9 changes: 8 additions & 1 deletion test/test_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,13 @@ class TestCase
# Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
fixtures :all

# Add more helper methods to be used by all tests here...
# Helper methods
def jwt_authorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsIm5hbWUiOiJKb2huIERvZSIsImlhdCI6MTUxNjIzOTAyMiwiZ3JvdXBzIjpbImdyb3VwMSIsImdyb3VwMiJdLCJhdWQiOiJhc3RyYWwifQ.tfRLXmE_eq-piP88_clwPWrYfMAQbCJAeZQI6OFxZSI"
end

def jwt_unauthorized
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhcHBsaWNhdGlvbl9uYW1lIiwiY29tbW9uX25hbWUiOiJleGFtcGxlLmNvbSIsImlwX3NhbnMiOiIxMC4wLjEuMTAwIn0.gEUyaZcARiBQNq2RUwZU0MdFXqthyo_oSQ8DAgKvxCs"
end
end
end

0 comments on commit 88ce4b3

Please sign in to comment.