88 lines
2.9 KiB
YAML
88 lines
2.9 KiB
YAML
# Tests success paths for deleting all revisions:
|
|
#
|
|
# 1. Tests that deleting all revisions purges secret references from
|
|
# Barbican.
|
|
|
|
defaults:
|
|
verbose: true
|
|
|
|
tests:
|
|
- name: purge
|
|
desc: Begin testing from known state.
|
|
DELETE: /api/v1.0/revisions
|
|
status: 204
|
|
request_headers:
|
|
content-type: application/x-yaml
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers: null
|
|
|
|
- name: create_encrypted_passphrase
|
|
desc: Create passphrase with storagePolicy=encrypted
|
|
PUT: /api/v1.0/buckets/secret/documents
|
|
status: 200
|
|
request_headers:
|
|
content-type: application/x-yaml
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers:
|
|
content-type: application/x-yaml
|
|
data: |-
|
|
---
|
|
schema: deckhand/Passphrase/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: my-passphrase
|
|
layeringDefinition:
|
|
layer: fake
|
|
storagePolicy: encrypted
|
|
data: not-a-real-password
|
|
...
|
|
response_multidoc_jsonpaths:
|
|
$.`len`: 1
|
|
# NOTE(fmontei): jsonpath-rw-ext uses a 1 character separator (rather than allowing a string)
|
|
# leading to this nastiness:
|
|
$.[0].data.`split(:, 0, 1)` + "://" + $.[0].data.`split(/, 2, 3)`: $ENVIRON['TEST_BARBICAN_URL']
|
|
|
|
- name: validate_secret_exists_in_barbican
|
|
desc: Validate that the secret ref exists in Barbican
|
|
GET: $ENVIRON['TEST_BARBICAN_URL']/v1/secrets/$HISTORY['create_encrypted_passphrase'].$RESPONSE['$.[0].data.`split(/, 5, -1)`']
|
|
status: 200
|
|
request_headers:
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers:
|
|
content-type: application/json; charset=UTF-8
|
|
response_json_paths:
|
|
$.status: ACTIVE
|
|
|
|
- name: validate_secret_payload_matches_in_barbican
|
|
desc: Validate that the secret itself matches in Barbican
|
|
GET: $ENVIRON['TEST_BARBICAN_URL']/v1/secrets/$HISTORY['create_encrypted_passphrase'].$RESPONSE['$.[0].data.`split(/, 5, -1)`']/payload
|
|
status: 200
|
|
request_headers:
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers:
|
|
content-type: application/octet-stream; charset=UTF-8
|
|
response_strings:
|
|
- not-a-real-password
|
|
|
|
- name: delete_all_revisions
|
|
desc: Delete all revisions from Deckhand, which should delete all secrets.
|
|
DELETE: /api/v1.0/revisions
|
|
status: 204
|
|
request_headers:
|
|
content-type: application/x-yaml
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers: null
|
|
|
|
- name: validate_all_secrets_deleted_from_barbican
|
|
desc: |-
|
|
Validate that deleting all revisions deletes all secrets from Barbican.
|
|
GET: $ENVIRON['TEST_BARBICAN_URL']/v1/secrets
|
|
status: 200
|
|
request_headers:
|
|
X-Auth-Token: $ENVIRON['TEST_AUTH_TOKEN']
|
|
response_headers:
|
|
content-type: application/json; charset=UTF-8
|
|
response_json_paths:
|
|
$.secrets.`len`: 0
|
|
$.secrets: []
|