vault-java-driver/src/test-integration/java/com/bettercloud/vault/api/AuthBackendDatabaseTests.java at 1cb99601bc877f5aaff3fceb404839cb51c00e37 · BetterCloud/vault-java-driver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
package com.bettercloud.vault.api;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.api.database.DatabaseRoleOptions;
import com.bettercloud.vault.response.DatabaseResponse;
import com.bettercloud.vault.util.DbContainer;
import com.bettercloud.vault.util.VaultContainer;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import static junit.framework.TestCase.assertEquals;
import static junit.framework.TestCase.assertTrue;

public class AuthBackendDatabaseTests {
    @ClassRule
    public static final VaultContainer container = new VaultContainer();

    @ClassRule
    public static final DbContainer dbContainer = new DbContainer();


    @BeforeClass
    public static void setupClass() throws IOException, InterruptedException {
        container.initAndUnsealVault();
        container.setupBackendDatabase(dbContainer.getDbContainerIp());
    }

    @Test
    public void testRoleCreation() throws VaultException {
        final Vault vault = container.getRootVault();

        List<String> creationStatements = new ArrayList<>();
        creationStatements.add("CREATE USER \"{{name}}\" WITH PASSWORD '{{password}}'; GRANT ALL PRIVILEGES ON DATABASE \"postgres\" to \"{{name}}\";");

        DatabaseRoleOptions roleToCreate = new DatabaseRoleOptions().dbName("postgres").creationStatements(creationStatements);

        DatabaseResponse response = vault.database().createOrUpdateRole("test-role", roleToCreate);
        assertEquals(204, response.getRestResponse().getStatus());

        DatabaseResponse role = vault.database().getRole("test-role");
        assertEquals(200, role.getRestResponse().getStatus());

        assertTrue(compareRoleOptions(role.getRoleOptions(), roleToCreate));
    }

    @Test
    public void testDeleteRole() throws VaultException {
        final Vault vault = container.getRootVault();

        List<String> creationStatements = new ArrayList<>();
        creationStatements.add("CREATE USER \"{{name}}\" WITH PASSWORD '{{password}}'; GRANT ALL PRIVILEGES ON DATABASE \"postgres\" to \"{{name}}\";");

        DatabaseRoleOptions roleToCreate = new DatabaseRoleOptions().dbName("postgres").creationStatements(creationStatements);

        DatabaseResponse response = vault.database().createOrUpdateRole("delete-role", roleToCreate);
        assertEquals(204, response.getRestResponse().getStatus());

        DatabaseResponse deletedRole = vault.database().deleteRole("delete-role");
        assertEquals(204, deletedRole.getRestResponse().getStatus());

        try {
            DatabaseResponse role = vault.database().getRole("delete-role");
        } catch (VaultException e) {
            assertEquals("This should have failed", 404, e.getHttpStatusCode());
        }
    }

    @Test
    public void testRoleNotFound() throws VaultException {
        final Vault vault = container.getRootVault();

        try {
            DatabaseResponse role = vault.database().getRole("i-do-not-exist");
        } catch (VaultException e) {
            assertEquals("This should have failed", 404, e.getHttpStatusCode());
        }
    }

    @Test
    public void testGetCredentials() throws VaultException {
        final Vault vault = container.getRootVault();

        List<String> creationStatements = new ArrayList<>();
        creationStatements.add("CREATE USER \"{{name}}\" WITH PASSWORD '{{password}}'; GRANT ALL PRIVILEGES ON DATABASE \"postgres\" to \"{{name}}\";");

        DatabaseResponse response = vault.database().createOrUpdateRole("new-role", new DatabaseRoleOptions().dbName("postgres").creationStatements(creationStatements));
        assertEquals(204, response.getRestResponse().getStatus());

        DatabaseResponse credsResponse = vault.database().creds("new-role");
        assertEquals(200, credsResponse.getRestResponse().getStatus());

        assertTrue(credsResponse.getCredential().getUsername().contains("new-role"));
    }

    private boolean compareRoleOptions(DatabaseRoleOptions expected, DatabaseRoleOptions actual) {
        return expected.getCreationStatements().size() == actual.getCreationStatements().size() &&
               expected.getRenewStatements().size() == actual.getRenewStatements().size() &&
               expected.getRevocationStatements().size() == actual.getRevocationStatements().size() &&
               expected.getRollbackStatements().size() == actual.getRollbackStatements().size();
    }
}