Multi value test seal (hashicorp#2281)

README.md

@@ -58,7 +58,7 @@ Developing Vault
 
 If you wish to work on Vault itself or any of its built-in systems,
 you'll first need [Go](https://www.golang.org) installed on your
-machine (version 1.7+ is *required*).
+machine (version 1.8+ is *required*).
 
 For local dev first make sure Go is properly installed, including setting up a
 [GOPATH](https://golang.org/doc/code.html#GOPATH). Next, clone this repository

command/generate-root_test.go

@@ -18,13 +18,12 @@ import (
 )
 
 func TestGenerateRoot_Cancel(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, _, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &GenerateRootCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -56,13 +55,12 @@ func TestGenerateRoot_Cancel(t *testing.T) {
 }
 
 func TestGenerateRoot_status(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, _, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &GenerateRootCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -90,13 +88,12 @@ func TestGenerateRoot_status(t *testing.T) {
 }
 
 func TestGenerateRoot_OTP(t *testing.T) {
-	core, ts, key, _ := vault.TestCoreWithTokenStore(t)
+	core, ts, keys, _ := vault.TestCoreWithTokenStore(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &GenerateRootCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -124,14 +121,24 @@ func TestGenerateRoot_OTP(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	c.Nonce = config.Nonce
+	for _, key := range keys {
+		ui = new(cli.MockUi)
+		c = &GenerateRootCommand{
+			Key: hex.EncodeToString(key),
+			Meta: meta.Meta{
+				Ui: ui,
+			},
+		}
 
-	// Provide the key
-	args = []string{
-		"-address", addr,
-	}
-	if code := c.Run(args); code != 0 {
-		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		c.Nonce = config.Nonce
+
+		// Provide the key
+		args = []string{
+			"-address", addr,
+		}
+		if code := c.Run(args); code != 0 {
+			t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		}
 	}
 
 	beforeNAfter := strings.Split(ui.OutputWriter.String(), "Encoded root token: ")
@@ -195,13 +202,12 @@ func TestGenerateRoot_OTP(t *testing.T) {
 }
 
 func TestGenerateRoot_PGP(t *testing.T) {
-	core, ts, key, _ := vault.TestCoreWithTokenStore(t)
+	core, ts, keys, _ := vault.TestCoreWithTokenStore(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &GenerateRootCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -228,14 +234,23 @@ func TestGenerateRoot_PGP(t *testing.T) {
 		t.Fatalf("err: %v", err)
 	}
 
-	c.Nonce = config.Nonce
+	for _, key := range keys {
+		c = &GenerateRootCommand{
+			Key: hex.EncodeToString(key),
+			Meta: meta.Meta{
+				Ui: ui,
+			},
+		}
 
-	// Provide the key
-	args = []string{
-		"-address", addr,
-	}
-	if code := c.Run(args); code != 0 {
-		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		c.Nonce = config.Nonce
+
+		// Provide the key
+		args = []string{
+			"-address", addr,
+		}
+		if code := c.Run(args); code != 0 {
+			t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		}
 	}
 
 	beforeNAfter := strings.Split(ui.OutputWriter.String(), "Encoded root token: ")

command/rekey_test.go

@@ -16,22 +16,33 @@ import (
 )
 
 func TestRekey(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, keys, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
-	c := &RekeyCommand{
-		Key:         hex.EncodeToString(key),
-		RecoveryKey: false,
-		Meta: meta.Meta{
-			Ui: ui,
-		},
-	}
 
-	args := []string{"-address", addr}
-	if code := c.Run(args); code != 0 {
-		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	for i, key := range keys {
+		c := &RekeyCommand{
+			Key:         hex.EncodeToString(key),
+			RecoveryKey: false,
+			Meta: meta.Meta{
+				Ui: ui,
+			},
+		}
+
+		if i > 0 {
+			conf, err := core.RekeyConfig(false)
+			if err != nil {
+				t.Fatal(err)
+			}
+			c.Nonce = conf.Nonce
+		}
+
+		args := []string{"-address", addr}
+		if code := c.Run(args); code != 0 {
+			t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		}
 	}
 
 	config, err := core.SealAccess().BarrierConfig()
@@ -44,21 +55,32 @@ func TestRekey(t *testing.T) {
 }
 
 func TestRekey_arg(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, keys, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
-	c := &RekeyCommand{
-		RecoveryKey: false,
-		Meta: meta.Meta{
-			Ui: ui,
-		},
-	}
 
-	args := []string{"-address", addr, hex.EncodeToString(key)}
-	if code := c.Run(args); code != 0 {
-		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+	for i, key := range keys {
+		c := &RekeyCommand{
+			RecoveryKey: false,
+			Meta: meta.Meta{
+				Ui: ui,
+			},
+		}
+
+		if i > 0 {
+			conf, err := core.RekeyConfig(false)
+			if err != nil {
+				t.Fatal(err)
+			}
+			c.Nonce = conf.Nonce
+		}
+
+		args := []string{"-address", addr, hex.EncodeToString(key)}
+		if code := c.Run(args); code != 0 {
+			t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		}
 	}
 
 	config, err := core.SealAccess().BarrierConfig()
@@ -71,13 +93,13 @@ func TestRekey_arg(t *testing.T) {
 }
 
 func TestRekey_init(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, _, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
+
 	c := &RekeyCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -106,13 +128,13 @@ func TestRekey_init(t *testing.T) {
 }
 
 func TestRekey_cancel(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, keys, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &RekeyCommand{
-		Key: hex.EncodeToString(key),
+		Key: hex.EncodeToString(keys[0]),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -138,13 +160,13 @@ func TestRekey_cancel(t *testing.T) {
 }
 
 func TestRekey_status(t *testing.T) {
-	core, key, _ := vault.TestCoreUnsealed(t)
+	core, keys, _ := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
 	ui := new(cli.MockUi)
 	c := &RekeyCommand{
-		Key: hex.EncodeToString(key),
+		Key: hex.EncodeToString(keys[0]),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -166,7 +188,7 @@ func TestRekey_status(t *testing.T) {
 }
 
 func TestRekey_init_pgp(t *testing.T) {
-	core, key, token := vault.TestCoreUnsealed(t)
+	core, keys, token := vault.TestCoreUnsealed(t)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
@@ -184,7 +206,6 @@ func TestRekey_init_pgp(t *testing.T) {
 
 	ui := new(cli.MockUi)
 	c := &RekeyCommand{
-		Key: hex.EncodeToString(key),
 		Meta: meta.Meta{
 			Ui: ui,
 		},
@@ -220,13 +241,22 @@ func TestRekey_init_pgp(t *testing.T) {
 		t.Fatal("should rekey")
 	}
 
-	c.Nonce = config.Nonce
+	for _, key := range keys {
+		c = &RekeyCommand{
+			Key: hex.EncodeToString(key),
+			Meta: meta.Meta{
+				Ui: ui,
+			},
+		}
 
-	args = []string{
-		"-address", addr,
-	}
-	if code := c.Run(args); code != 0 {
-		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		c.Nonce = config.Nonce
+
+		args = []string{
+			"-address", addr,
+		}
+		if code := c.Run(args); code != 0 {
+			t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
+		}
 	}
 
 	type backupStruct struct {

command/status_test.go

@@ -18,7 +18,7 @@ func TestStatus(t *testing.T) {
 	}
 
 	core := vault.TestCore(t)
-	key, _ := vault.TestCoreInit(t, core)
+	keys, _ := vault.TestCoreInit(t, core)
 	ln, addr := http.TestServer(t, core)
 	defer ln.Close()
 
@@ -27,8 +27,10 @@ func TestStatus(t *testing.T) {
 		t.Fatalf("bad: %d\n\n%s", code, ui.ErrorWriter.String())
 	}
 
-	if _, err := core.Unseal(key); err != nil {
-		t.Fatalf("err: %s", err)
+	for _, key := range keys {
+		if _, err := core.Unseal(key); err != nil {
+			t.Fatalf("err: %s", err)
+		}
 	}
 
 	if code := c.Run(args); code != 0 {