301 lines
9.1 KiB
Lua
301 lines
9.1 KiB
Lua
local helpers = require "spec.helpers"
|
|
local uuid = require "kong.tools.uuid"
|
|
local cjson = require "cjson"
|
|
|
|
|
|
local HEADERS = { ["Content-Type"] = "application/json" }
|
|
|
|
|
|
for _, strategy in helpers.each_strategy() do
|
|
describe("Admin API #" .. strategy, function()
|
|
local client
|
|
lazy_setup(function()
|
|
helpers.get_db_utils(strategy, {
|
|
"vaults",
|
|
})
|
|
|
|
assert(helpers.start_kong({
|
|
database = strategy,
|
|
vaults = "bundled",
|
|
}))
|
|
end)
|
|
|
|
lazy_teardown(function()
|
|
helpers.stop_kong()
|
|
end)
|
|
|
|
before_each(function()
|
|
client = helpers.admin_client()
|
|
end)
|
|
|
|
after_each(function()
|
|
if client then
|
|
client:close()
|
|
end
|
|
end)
|
|
|
|
describe("/vaults", function()
|
|
local vaults = {}
|
|
|
|
lazy_setup(function()
|
|
for i = 1, 3 do
|
|
local res = helpers.admin_client():put("/vaults/env-" .. i, {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
},
|
|
})
|
|
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
vaults[i] = json
|
|
end
|
|
end)
|
|
|
|
describe("GET", function()
|
|
it("retrieves all vaults configured", function()
|
|
local res = client:get("/vaults")
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
assert.equal(3, #json.data)
|
|
end)
|
|
end)
|
|
|
|
it("returns 405 on invalid method", function()
|
|
local methods = { "delete", "patch" }
|
|
for i = 1, #methods do
|
|
local res = client[methods[i]](client, "/vaults", {
|
|
headers = HEADERS,
|
|
body = {}, -- tmp: body to allow POST/PUT to work
|
|
})
|
|
local body = assert.response(res).has.status(405)
|
|
local json = cjson.decode(body)
|
|
assert.same({ message = "Method not allowed" }, json)
|
|
end
|
|
end)
|
|
|
|
describe("/vaults/{vault}", function()
|
|
describe("GET", function()
|
|
it("retrieves a vault by id", function()
|
|
local res = client:get("/vaults/" .. vaults[1].id)
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
assert.same(vaults[1], json)
|
|
end)
|
|
|
|
it("retrieves a vault by prefix", function()
|
|
local res = client:get("/vaults/" .. vaults[1].prefix)
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
assert.same(vaults[1], json)
|
|
end)
|
|
|
|
it("returns 404 if not found by id", function()
|
|
local res = client:get("/vaults/f4aecadc-05c7-11e6-8d41-1f3b3d5fa15c")
|
|
assert.res_status(404, res)
|
|
end)
|
|
|
|
it("returns 404 if not found by prefix", function()
|
|
local res = client:get("/vaults/not-found")
|
|
assert.res_status(404, res)
|
|
end)
|
|
end)
|
|
|
|
describe("PUT", function()
|
|
it("can create a vault by id", function()
|
|
local res = client:put("/vaults/" .. uuid.uuid(), {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
prefix = "put-env-id"
|
|
},
|
|
})
|
|
assert.res_status(200, res)
|
|
end)
|
|
|
|
it("can create a vault by prefix", function()
|
|
local res = client:put("/vaults/put-env-prefix", {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
},
|
|
})
|
|
assert.res_status(200, res)
|
|
end)
|
|
|
|
it("can create a vault by prefix with config (underscore)", function()
|
|
local res = client:put("/vaults/put-env-prefix", {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
config = {
|
|
prefix = "secrets_"
|
|
},
|
|
},
|
|
})
|
|
assert.res_status(200, res)
|
|
end)
|
|
|
|
it("can create a vault by prefix with config (dash)", function()
|
|
local res = client:put("/vaults/put-env-prefix", {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
config = {
|
|
prefix = "secrets-"
|
|
},
|
|
},
|
|
})
|
|
assert.res_status(200, res)
|
|
end)
|
|
|
|
describe("errors", function()
|
|
it("handles invalid input by id", function()
|
|
local res = client:put("/vaults/" .. uuid.uuid(), {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
prefix = "env",
|
|
},
|
|
})
|
|
local body = assert.res_status(400, res)
|
|
local json = cjson.decode(body)
|
|
assert.same({
|
|
name = "schema violation",
|
|
code = 2,
|
|
message = "schema violation (prefix: must not be one of: env)",
|
|
fields = {
|
|
prefix = "must not be one of: env",
|
|
},
|
|
}, json)
|
|
end)
|
|
|
|
it("handles invalid input by prefix", function()
|
|
local res = client:put("/vaults/env", {
|
|
headers = HEADERS,
|
|
body = {
|
|
name = "env",
|
|
},
|
|
})
|
|
local body = assert.res_status(400, res)
|
|
local json = cjson.decode(body)
|
|
assert.same({
|
|
name = "invalid unique prefix",
|
|
code = 10,
|
|
message = "must not be one of: env",
|
|
}, json)
|
|
end)
|
|
end)
|
|
end)
|
|
|
|
describe("PATCH", function()
|
|
it("updates a vault by id", function()
|
|
local res = client:patch("/vaults/" .. vaults[1].id, {
|
|
headers = HEADERS,
|
|
body = {
|
|
config = {
|
|
prefix = "SSL_",
|
|
}
|
|
},
|
|
})
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
assert.equal("SSL_", json.config.prefix)
|
|
|
|
vaults[1] = json
|
|
end)
|
|
|
|
it("updates a vault by prefix", function()
|
|
local res = client:patch("/vaults/env-1", {
|
|
headers = HEADERS,
|
|
body = {
|
|
config = {
|
|
prefix = "CERT_",
|
|
}
|
|
},
|
|
})
|
|
local body = assert.res_status(200, res)
|
|
local json = cjson.decode(body)
|
|
assert.equal("CERT_", json.config.prefix)
|
|
|
|
vaults[1] = json
|
|
end)
|
|
|
|
describe("errors", function()
|
|
it("handles invalid input by id", function()
|
|
local res = client:patch("/vaults/" .. vaults[1].id, {
|
|
headers = HEADERS,
|
|
body = { prefix = "env" },
|
|
})
|
|
local body = assert.res_status(400, res)
|
|
local json = cjson.decode(body)
|
|
assert.same({
|
|
name = "schema violation",
|
|
code = 2,
|
|
message = "schema violation (prefix: must not be one of: env)",
|
|
fields = {
|
|
prefix = "must not be one of: env",
|
|
},
|
|
}, json)
|
|
end)
|
|
|
|
it("handles invalid input by prefix", function()
|
|
local res = client:patch("/vaults/env-1", {
|
|
headers = HEADERS,
|
|
body = { prefix = "env" },
|
|
})
|
|
local body = assert.res_status(400, res)
|
|
local json = cjson.decode(body)
|
|
assert.same({
|
|
name = "schema violation",
|
|
code = 2,
|
|
message = "schema violation (prefix: must not be one of: env)",
|
|
fields = {
|
|
prefix = "must not be one of: env",
|
|
},
|
|
}, json)
|
|
end)
|
|
|
|
it("returns 404 if not found", function()
|
|
local res = client:patch("/vaults/f4aecadc-05c7-11e6-8d41-1f3b3d5fa15c", {
|
|
headers = HEADERS,
|
|
body = { prefix = "env" },
|
|
})
|
|
assert.res_status(404, res)
|
|
end)
|
|
end)
|
|
end)
|
|
|
|
describe("DELETE", function()
|
|
it("deletes by id", function()
|
|
local res = client:get("/vaults/" .. vaults[3].id)
|
|
assert.res_status(200, res)
|
|
|
|
res = client:delete("/vaults/" .. vaults[3].id)
|
|
assert.res_status(204, res)
|
|
|
|
res = client:get("/vaults/" .. vaults[3].id)
|
|
assert.res_status(404, res)
|
|
end)
|
|
|
|
it("deletes by prefix", function()
|
|
local res = client:get("/vaults/env-2")
|
|
assert.res_status(200, res)
|
|
|
|
res = client:delete("/vaults/env-2")
|
|
assert.res_status(204, res)
|
|
|
|
res = client:get("/vaults/env-2")
|
|
assert.res_status(404, res)
|
|
end)
|
|
|
|
it("returns 204 if not found", function()
|
|
local res = client:delete("/vaults/f4aecadc-05c7-11e6-8d41-1f3b3d5fa15c")
|
|
assert.res_status(204, res)
|
|
end)
|
|
end)
|
|
end)
|
|
end)
|
|
end)
|
|
end
|