Example 1 with SecretDetailResponseV2
use of keywhiz.api.automation.v2.SecretDetailResponseV2 in project keywhiz by square.
the class SecretResourceTest method secretInfo_success.
@Test
public void secretInfo_success() throws Exception {
// Sample secret
create(CreateSecretRequestV2.builder().name("secret6").content(encoder.encodeToString("supa secret6".getBytes(UTF_8))).description("desc").metadata(ImmutableMap.of("owner", "root", "mode", "0440")).type("password").build());
SecretDetailResponseV2 response = lookup("secret6");
assertThat(response.name()).isEqualTo("secret6");
assertThat(response.createdBy()).isEqualTo("client");
assertThat(response.description()).isEqualTo("desc");
assertThat(response.type()).isEqualTo("password");
assertThat(response.metadata()).isEqualTo(ImmutableMap.of("owner", "root", "mode", "0440"));
// These values are left out for a series lookup as they pertain to a specific secret.
assertThat(response.content()).isEmpty();
assertThat(response.size().longValue()).isZero();
}
Also used :
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 2 with SecretDetailResponseV2
use of keywhiz.api.automation.v2.SecretDetailResponseV2 in project keywhiz by square.
the class SecretResourceTest method backfillExpirationTest.
//---------------------------------------------------------------------------------------
// backfillExpiration
//---------------------------------------------------------------------------------------
@Test
public void backfillExpirationTest() throws Exception {
byte[] certs = Resources.toByteArray(Resources.getResource("fixtures/expiring-certificates.crt"));
byte[] pubring = Resources.toByteArray(Resources.getResource("fixtures/expiring-pubring.gpg"));
byte[] p12 = Resources.toByteArray(Resources.getResource("fixtures/expiring-keystore.p12"));
byte[] jceks = Resources.toByteArray(Resources.getResource("fixtures/expiring-keystore.jceks"));
create(CreateSecretRequestV2.builder().name("certificate-chain.crt").content(encoder.encodeToString(certs)).build());
create(CreateSecretRequestV2.builder().name("public-keyring.gpg").content(encoder.encodeToString(pubring)).build());
create(CreateSecretRequestV2.builder().name("keystore.p12").content(encoder.encodeToString(p12)).build());
create(CreateSecretRequestV2.builder().name("keystore.jceks").content(encoder.encodeToString(jceks)).build());
Response response = backfillExpiration("certificate-chain.crt", ImmutableList.of());
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("public-keyring.gpg", ImmutableList.of());
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("keystore.p12", ImmutableList.of("password"));
assertThat(response.isSuccessful()).isTrue();
response = backfillExpiration("keystore.jceks", ImmutableList.of("password"));
assertThat(response.isSuccessful()).isTrue();
SecretDetailResponseV2 details = lookup("certificate-chain.crt");
assertThat(details.expiry()).isEqualTo(1501533950);
details = lookup("public-keyring.gpg");
assertThat(details.expiry()).isEqualTo(1536442365);
details = lookup("keystore.p12");
assertThat(details.expiry()).isEqualTo(1681596851);
details = lookup("keystore.jceks");
assertThat(details.expiry()).isEqualTo(1681596851);
}
Also used :
Response(okhttp3.Response)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 3 with SecretDetailResponseV2
use of keywhiz.api.automation.v2.SecretDetailResponseV2 in project keywhiz by square.
the class SecretResourceTest method secretChangeVersion_success.
@Test
public void secretChangeVersion_success() throws Exception {
int totalVersions = 6;
String name = "secret21";
List<SecretDetailResponseV2> versions;
SecretDetailResponseV2 initialCurrentVersion;
SecretDetailResponseV2 finalCurrentVersion;
assertThat(listing()).doesNotContain(name);
// get current time to calculate timestamps off for expiry
long now = System.currentTimeMillis() / 1000L;
// Create secrets
for (int i = 0; i < totalVersions; i++) {
createOrUpdate(CreateOrUpdateSecretRequestV2.builder().content(encoder.encodeToString(format("supa secret21_v%d", i).getBytes(UTF_8))).description(format("%s, version %d", name, i)).expiry(now + 86400 * 2).metadata(ImmutableMap.of("version", Integer.toString(i))).build(), name);
sleep(2000 / totalVersions);
}
// Get the current version (the last version created)
initialCurrentVersion = lookup(name);
assertThat(initialCurrentVersion.name().equals(name));
assertThat(initialCurrentVersion.description().equals(format("%s, version %d", name, totalVersions)));
// Get the earliest version of this secret
versions = listVersions(name, totalVersions - 2, 1);
assertThat(!versions.get(0).equals(initialCurrentVersion));
// Reset the current version to this version
setCurrentVersion(SetSecretVersionRequestV2.builder().name(name).version(versions.get(0).version()).build());
// Get the current version
finalCurrentVersion = lookup(name);
assertThat(finalCurrentVersion.equals(versions.get(0)));
assertThat(!finalCurrentVersion.equals(initialCurrentVersion));
}
Also used :
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 4 with SecretDetailResponseV2
use of keywhiz.api.automation.v2.SecretDetailResponseV2 in project keywhiz by square.
the class SecretResourceTest method secretChangeVersion_invalidVersion.
@Test
public void secretChangeVersion_invalidVersion() throws Exception {
int totalVersions = 3;
String name = "secret22";
List<SecretDetailResponseV2> versions;
SecretDetailResponseV2 initialCurrentVersion;
SecretDetailResponseV2 finalCurrentVersion;
assertThat(listing()).doesNotContain(name);
// get current time to calculate timestamps off for expiry
long now = System.currentTimeMillis() / 1000L;
// Create secrets
for (int i = 0; i < totalVersions; i++) {
createOrUpdate(CreateOrUpdateSecretRequestV2.builder().content(encoder.encodeToString(format("supa secret22_v%d", i).getBytes(UTF_8))).description(format("%s, version %d", name, i)).expiry(now + 86400 * 2).metadata(ImmutableMap.of("version", Integer.toString(i))).build(), name);
}
// Get the current version (the last version created)
initialCurrentVersion = lookup(name);
assertThat(initialCurrentVersion.name().equals(name));
assertThat(initialCurrentVersion.description().equals(format("%s, version %d", name, totalVersions)));
// Get an invalid version of this secret
versions = listVersions(name, 0, totalVersions);
Optional<Long> maxValidVersion = versions.stream().map(SecretDetailResponseV2::version).max(Long::compare);
if (maxValidVersion.isPresent()) {
// Reset the current version to this version
Request post = clientRequest(String.format("/automation/v2/secrets/%s/setversion", name)).post(RequestBody.create(JSON, mapper.writeValueAsString(SetSecretVersionRequestV2.builder().name(name).version(maxValidVersion.get() + 1).build()))).build();
Response httpResponse = mutualSslClient.newCall(post).execute();
assertThat(httpResponse.code()).isEqualTo(400);
// Get the current version, which should not have changed
finalCurrentVersion = lookup(name);
assertThat(finalCurrentVersion.equals(initialCurrentVersion));
}
}
Also used :
Response(okhttp3.Response)
Request(okhttp3.Request)
TestClients.clientRequest(keywhiz.TestClients.clientRequest)
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Test(org.junit.Test)
Example 5 with SecretDetailResponseV2
use of keywhiz.api.automation.v2.SecretDetailResponseV2 in project keywhiz by square.
the class SecretResourceTest method checkSecretVersions.
/**
* Iterates over the given list of secret versions to verify that they are sorted from most
* recent creation date to least recent, that they have the expected version numbers,
* and that they have the correct secret name.
*
* @param versions a list of information on versions of secrets
* @param name of the secret series
* @param totalVersions the number of versions created
* @param versionIdx the index in the overall version list of the newest version taken
* @param numVersions the maximum number of versions taken
*/
private void checkSecretVersions(List<SecretDetailResponseV2> versions, String name, int totalVersions, int versionIdx, int numVersions) {
long creationTime = System.currentTimeMillis() / 1000L;
int startIdx = totalVersions - versionIdx - 1;
int expectedVersions = Math.min(numVersions, totalVersions - versionIdx);
// Check that we retrieved as many secrets as possible
assertThat(versions.size()).isEqualTo(expectedVersions);
for (SecretDetailResponseV2 version : versions) {
// Check creation ordering
assertThat(version.createdAtSeconds() < creationTime);
creationTime = version.createdAtSeconds();
// Check version number
assertThat(version.metadata()).isEqualTo(ImmutableMap.of("version", Integer.toString(startIdx--)));
// Check secret name
assertThat(version.name()).isEqualTo(name);
}
}
Also used :
SecretDetailResponseV2(keywhiz.api.automation.v2.SecretDetailResponseV2)
Aggregations
SecretDetailResponseV2 (keywhiz.api.automation.v2.SecretDetailResponseV2)5
Test (org.junit.Test)4
Response (okhttp3.Response)2
TestClients.clientRequest (keywhiz.TestClients.clientRequest)1
Request (okhttp3.Request)1
