diff --git a/Cargo.toml b/Cargo.toml index d6e5ac7..d25d8b1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -67,6 +67,7 @@ ctor = "0.2.8" better_default = "1.0.5" prometheus-client = "0.22.3" sysinfo = "0.31.4" +async-trait = "0.1" # optional dependencies openssl = { version = "0.10.64", optional = true } diff --git a/src/core.rs b/src/core.rs index fc44210..d78fc75 100644 --- a/src/core.rs +++ b/src/core.rs @@ -408,7 +408,7 @@ impl Core { Ok(()) } - pub fn handle_request(&self, req: &mut Request) -> Result, RvError> { + pub async fn handle_request(&self, req: &mut Request) -> Result, RvError> { let mut resp = None; let mut err: Option = None; let handlers = self.handlers.read()?; @@ -418,7 +418,7 @@ impl Core { } for handler in handlers.iter() { - match handler.pre_route(req) { + match handler.pre_route(req).await { Ok(res) => { if res.is_some() { resp = res; @@ -436,7 +436,7 @@ impl Core { if resp.is_none() && err.is_none() { for handler in handlers.iter() { - match handler.route(req) { + match handler.route(req).await { Ok(res) => { if res.is_some() { resp = res; @@ -454,7 +454,7 @@ impl Core { if err.is_none() { for handler in handlers.iter() { - match handler.post_route(req, &mut resp) { + match handler.post_route(req, &mut resp).await { Ok(_) => {} Err(error) => { if error != RvError::ErrHandlerDefault { @@ -468,7 +468,7 @@ impl Core { } for handler in handlers.iter() { - match handler.log(req, &resp) { + match handler.log(req, &resp).await { Ok(_) => {} Err(error) => { if error != RvError::ErrHandlerDefault { diff --git a/src/errors.rs b/src/errors.rs index d796136..d10193d 100644 --- a/src/errors.rs +++ b/src/errors.rs @@ -278,6 +278,12 @@ pub enum RvError { #[error("Some rustls_pemfile error happened")] RustlsPemFileError(rustls_pemfile::Error), + #[error("Some tokio task error happened")] + TokioTaskJoinError { + #[from] + source: tokio::task::JoinError, + }, + #[error("Some string utf8 error happened, {:?}", .source)] StringUtf8Error { #[from] diff --git a/src/handler.rs b/src/handler.rs index d3c69e0..63ab923 100644 --- a/src/handler.rs +++ b/src/handler.rs @@ -8,6 +8,8 @@ use std::sync::{Arc, RwLock}; +use async_trait::async_trait; + use crate::{ core::Core, cli::config::Config, @@ -15,6 +17,7 @@ use crate::{ logical::{request::Request, response::Response, Auth}, }; +#[async_trait] pub trait Handler: Send + Sync { fn name(&self) -> String; @@ -22,31 +25,32 @@ pub trait Handler: Send + Sync { Err(RvError::ErrHandlerDefault) } - fn pre_route(&self, _req: &mut Request) -> Result, RvError> { + async fn pre_route(&self, _req: &mut Request) -> Result, RvError> { Err(RvError::ErrHandlerDefault) } - fn route(&self, _req: &mut Request) -> Result, RvError> { + async fn route(&self, _req: &mut Request) -> Result, RvError> { Err(RvError::ErrHandlerDefault) } - fn post_route(&self, _req: &mut Request, _resp: &mut Option) -> Result<(), RvError> { + async fn post_route(&self, _req: &mut Request, _resp: &mut Option) -> Result<(), RvError> { Err(RvError::ErrHandlerDefault) } - fn log(&self, _req: &Request, _resp: &Option) -> Result<(), RvError> { + async fn log(&self, _req: &Request, _resp: &Option) -> Result<(), RvError> { Err(RvError::ErrHandlerDefault) } } +#[async_trait] pub trait AuthHandler: Send + Sync { fn name(&self) -> String; - fn pre_auth(&self, _req: &mut Request) -> Result, RvError> { + async fn pre_auth(&self, _req: &mut Request) -> Result, RvError> { Err(RvError::ErrHandlerDefault) } - fn post_auth(&self, _req: &mut Request) -> Result<(), RvError> { + async fn post_auth(&self, _req: &mut Request) -> Result<(), RvError> { Err(RvError::ErrHandlerDefault) } } diff --git a/src/http/logical.rs b/src/http/logical.rs index 14e4727..a0ac17c 100644 --- a/src/http/logical.rs +++ b/src/http/logical.rs @@ -82,7 +82,7 @@ async fn logical_request_handler( } } - match core.read()?.handle_request(&mut r)? { + match core.read()?.handle_request(&mut r).await? { Some(resp) => response_logical(&resp, &r.path), None => { if matches!(r.operation, Operation::Read | Operation::List) { diff --git a/src/http/mod.rs b/src/http/mod.rs index 9f1a600..cff6c0d 100644 --- a/src/http/mod.rs +++ b/src/http/mod.rs @@ -194,9 +194,9 @@ pub fn response_json_ok(cookie: Option, body: T) -> HttpRe response_json(StatusCode::OK, cookie, body) } -pub fn handle_request(core: web::Data>>, req: &mut Request) -> Result { +pub async fn handle_request(core: web::Data>>, req: &mut Request) -> Result { let core = core.read()?; - let resp = core.handle_request(req)?; + let resp = core.handle_request(req).await?; if resp.is_none() { Ok(response_ok(None, None)) } else { diff --git a/src/http/sys.rs b/src/http/sys.rs index 57dd0c5..5afd94c 100644 --- a/src/http/sys.rs +++ b/src/http/sys.rs @@ -150,7 +150,7 @@ async fn sys_list_mounts_request_handler( r.path = "sys/mounts".to_string(); r.operation = Operation::Read; - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_mount_request_handler( @@ -172,7 +172,7 @@ async fn sys_mount_request_handler( r.operation = Operation::Write; r.body = Some(payload); - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_unmount_request_handler( @@ -189,7 +189,7 @@ async fn sys_unmount_request_handler( r.path = "sys/mounts/".to_owned() + mount_path.as_str(); r.operation = Operation::Delete; - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_remount_request_handler( @@ -205,7 +205,7 @@ async fn sys_remount_request_handler( r.operation = Operation::Write; r.body = Some(payload); - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_list_auth_mounts_request_handler( @@ -216,7 +216,7 @@ async fn sys_list_auth_mounts_request_handler( r.path = "sys/auth".to_string(); r.operation = Operation::Read; - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_auth_enable_request_handler( @@ -238,7 +238,7 @@ async fn sys_auth_enable_request_handler( r.operation = Operation::Write; r.body = Some(payload); - handle_request(core, &mut r) + handle_request(core, &mut r).await } async fn sys_auth_disable_request_handler( @@ -255,7 +255,7 @@ async fn sys_auth_disable_request_handler( r.path = "sys/auth/".to_owned() + mount_path.as_str(); r.operation = Operation::Delete; - handle_request(core, &mut r) + handle_request(core, &mut r).await } pub fn init_sys_service(cfg: &mut web::ServiceConfig) { diff --git a/src/logical/request.rs b/src/logical/request.rs index 330086d..bfac130 100644 --- a/src/logical/request.rs +++ b/src/logical/request.rs @@ -201,4 +201,16 @@ impl Request { pub fn add_task(&mut self, task: JoinHandle<()>) { self.tasks.push(task); } + + pub fn clear_task(&mut self) { + self.tasks.clear(); + } + + pub async fn wait_task_finish(&mut self) -> Result<(), RvError> { + for task in &mut self.tasks { + task.await?; + } + + Ok(()) + } } diff --git a/src/modules/auth/expiration.rs b/src/modules/auth/expiration.rs index c7076d8..dd1f59b 100644 --- a/src/modules/auth/expiration.rs +++ b/src/modules/auth/expiration.rs @@ -535,7 +535,7 @@ impl ExpirationManagerInner { } let mut req = Request::new_revoke_request(&le.path, secret, data); - let ret = self.router.as_ref().unwrap().as_handler().route(&mut req); + let ret = self.router.as_ref().unwrap().handle_request(&mut req); if ret.is_err() { log::error!("failed to revoke entry: {:?}, err: {}", le, ret.unwrap_err()); } @@ -563,7 +563,7 @@ impl ExpirationManagerInner { } let mut req = Request::new_renew_request(&le.path, secret, data); - let ret = self.router.as_ref().unwrap().as_handler().route(&mut req); + let ret = self.router.as_ref().unwrap().handle_request(&mut req); if ret.is_err() { log::error!("failed to renew entry: {}", ret.as_ref().unwrap_err()); } @@ -586,7 +586,7 @@ impl ExpirationManagerInner { } let mut req = Request::new_renew_auth_request(&le.path, auth, None); - let ret = self.router.as_ref().unwrap().as_handler().route(&mut req); + let ret = self.router.as_ref().unwrap().handle_request(&mut req); if ret.is_err() { log::error!("failed to renew_auth entry: {}", ret.as_ref().unwrap_err()); } diff --git a/src/modules/auth/token_store.rs b/src/modules/auth/token_store.rs index 95f1370..15845ad 100644 --- a/src/modules/auth/token_store.rs +++ b/src/modules/auth/token_store.rs @@ -4,6 +4,7 @@ use std::{ time::Duration, }; +use async_trait::async_trait; use derive_more::Deref; use humantime::parse_duration; use lazy_static::lazy_static; @@ -592,12 +593,13 @@ impl TokenStoreInner { } } +#[async_trait] impl Handler for TokenStore { fn name(&self) -> String { "auth_token".to_string() } - fn pre_route(&self, req: &mut Request) -> Result, RvError> { + async fn pre_route(&self, req: &mut Request) -> Result, RvError> { let is_unauth_path = self.router.is_unauth_path(&req.path)?; if is_unauth_path { return Ok(None); @@ -605,9 +607,13 @@ impl Handler for TokenStore { let mut auth: Option = None; - let auth_handlers = self.auth_handlers.read()?; + let auth_handlers: Vec<_> = { + let handlers = self.auth_handlers.read()?; + handlers.iter().cloned().collect::>() + }; + for auth_handler in auth_handlers.iter() { - if let Some(ret) = auth_handler.pre_auth(req)? { + if let Some(ret) = auth_handler.pre_auth(req).await? { auth = Some(ret); break; } @@ -625,13 +631,13 @@ impl Handler for TokenStore { req.auth = auth; for auth_handler in auth_handlers.iter() { - auth_handler.post_auth(req)?; + auth_handler.post_auth(req).await?; } Ok(None) } - fn post_route(&self, req: &mut Request, resp: &mut Option) -> Result<(), RvError> { + async fn post_route(&self, req: &mut Request, resp: &mut Option) -> Result<(), RvError> { if resp.is_none() { return Ok(()); } diff --git a/src/modules/credential/approle/mod.rs b/src/modules/credential/approle/mod.rs index 9e795ec..cb6a3e3 100644 --- a/src/modules/credential/approle/mod.rs +++ b/src/modules/credential/approle/mod.rs @@ -220,13 +220,13 @@ mod test { test_utils::{test_delete_api, test_mount_auth_api, test_read_api, test_rusty_vault_init, test_write_api}, }; - pub fn test_read_role(core: &Core, token: &str, path: &str, role_name: &str) -> Result, RvError> { - let resp = test_read_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true); + pub async fn test_read_role(core: &Core, token: &str, path: &str, role_name: &str) -> Result, RvError> { + let resp = test_read_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true).await; assert!(resp.is_ok()); resp } - pub fn test_write_role( + pub async fn test_write_role( core: &Core, token: &str, path: &str, @@ -252,16 +252,16 @@ mod test { } let _ = - test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), expect, Some(role_data)); + test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), expect, Some(role_data)).await; } - pub fn test_delete_role(core: &Core, token: &str, path: &str, role_name: &str) { - assert!(test_delete_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, None).is_ok()); + pub async fn test_delete_role(core: &Core, token: &str, path: &str, role_name: &str) { + assert!(test_delete_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, None).await.is_ok()); } - pub fn generate_secret_id(core: &Core, token: &str, path: &str, role_name: &str) -> (String, String) { + pub async fn generate_secret_id(core: &Core, token: &str, path: &str, role_name: &str) -> (String, String) { let resp = - test_write_api(core, token, format!("auth/{}/role/{}/secret-id", path, role_name).as_str(), true, None); + test_write_api(core, token, format!("auth/{}/role/{}/secret-id", path, role_name).as_str(), true, None).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); @@ -270,7 +270,7 @@ mod test { (secret_id.to_string(), secret_id_accessor.to_string()) } - pub fn test_login( + pub async fn test_login( core: &Core, path: &str, role_id: &str, @@ -289,7 +289,7 @@ mod test { req.operation = Operation::Write; req.body = Some(data); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; if is_ok { assert!(resp.is_ok()); let resp = resp.as_ref().unwrap(); @@ -303,23 +303,23 @@ mod test { resp } - fn test_approle(core: &Core, token: &str, path: &str, role_name: &str) { + async fn test_approle(core: &Core, token: &str, path: &str, role_name: &str) { // Create a role - let resp = test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, None); + let resp = test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, None).await; assert!(resp.is_ok()); // Get the role-id - let resp = test_read_api(core, token, format!("auth/{}/role/{}/role-id", path, role_name).as_str(), true); + let resp = test_read_api(core, token, format!("auth/{}/role/{}/role-id", path, role_name).as_str(), true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data; let role_id = resp_data.unwrap()["role_id"].clone(); let role_id = role_id.as_str().unwrap(); // Create a secret-id - let (secret_id, secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Destroy secret ID accessor let data = json!({ @@ -334,17 +334,17 @@ mod test { format!("auth/{}/role/{}/secret-id-accessor/destroy", path, role_name).as_str(), true, Some(data), - ); + ).await; assert!(resp.is_ok()); // Login again using the accessor's corresponding secret ID should fail - let _ = test_login(core, path, role_id, &secret_id, false); + let _ = test_login(core, path, role_id, &secret_id, false).await; // Generate another secret ID - let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Destroy secret ID let data = json!({ @@ -359,17 +359,17 @@ mod test { format!("auth/{}/role/{}/secret-id/destroy", path, role_name).as_str(), true, Some(data), - ); + ).await; assert!(resp.is_ok()); // Login again using the same secret ID should fail - let _ = test_login(core, path, role_id, &secret_id, false); + let _ = test_login(core, path, role_id, &secret_id, false).await; // Generate another secret ID - let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Destroy the secret ID using lower cased role name let data = json!({ @@ -384,17 +384,17 @@ mod test { format!("auth/{}/role/{}/secret-id/destroy", path, role_name.to_lowercase()).as_str(), true, Some(data), - ); + ).await; assert!(resp.is_ok()); // Login again using the same secret ID should fail - let _ = test_login(core, path, role_id, &secret_id, false); + let _ = test_login(core, path, role_id, &secret_id, false).await; // Generate another secret ID - let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Destroy the secret ID using upper cased role name let data = json!({ @@ -409,17 +409,17 @@ mod test { format!("auth/{}/role/{}/secret-id/destroy", path, role_name.to_uppercase()).as_str(), true, Some(data), - ); + ).await; assert!(resp.is_ok()); // Login again using the same secret ID should fail - let _ = test_login(core, path, role_id, &secret_id, false); + let _ = test_login(core, path, role_id, &secret_id, false).await; // Generate another secret ID - let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Destroy the secret ID using mixed case name let data = json!({ @@ -443,14 +443,14 @@ mod test { format!("auth/{}/role/{}/secret-id/destroy", path, mixed_case_name).as_str(), true, Some(data), - ); + ).await; assert!(resp.is_ok()); // Login again using the same secret ID should fail - let _ = test_login(core, path, role_id, &secret_id, false); + let _ = test_login(core, path, role_id, &secret_id, false).await; } - fn test_approle_role_service(core: &Core, token: &str, path: &str, role_name: &str) { + async fn test_approle_role_service(core: &Core, token: &str, path: &str, role_name: &str) { // Create a role let mut data = json!({ "bind_secret_id": true, @@ -466,11 +466,11 @@ mod test { .unwrap() .clone(); let resp = - test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, Some(data.clone())); + test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, Some(data.clone())).await; assert!(resp.is_ok()); // Get the role field - let resp = test_read_role(core, token, path, role_name); + let resp = test_read_role(core, token, path, role_name).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["bind_secret_id"].as_bool().unwrap(), data["bind_secret_id"].as_bool().unwrap()); assert_eq!(resp_data["secret_id_num_uses"].as_i64().unwrap(), data["secret_id_num_uses"].as_i64().unwrap()); @@ -494,11 +494,11 @@ mod test { data["token_num_uses"] = Value::from(0); data["token_type"] = Value::from("batch"); let resp = - test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, Some(data.clone())); + test_write_api(core, token, format!("auth/{}/role/{}", path, role_name).as_str(), true, Some(data.clone())).await; assert!(resp.is_ok()); // Get the role field - let resp = test_read_role(core, token, path, role_name); + let resp = test_read_role(core, token, path, role_name).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["bind_secret_id"].as_bool().unwrap(), data["bind_secret_id"].as_bool().unwrap()); assert_eq!(resp_data["secret_id_num_uses"].as_i64().unwrap(), data["secret_id_num_uses"].as_i64().unwrap()); @@ -519,36 +519,36 @@ mod test { assert_eq!(resp_data["token_type"].as_str().unwrap(), data["token_type"].as_str().unwrap()); // Get the role-id - let resp = test_read_api(core, token, format!("auth/{}/role/{}/role-id", path, role_name).as_str(), true); + let resp = test_read_api(core, token, format!("auth/{}/role/{}/role-id", path, role_name).as_str(), true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data; let role_id = resp_data.unwrap()["role_id"].clone(); let role_id = role_id.as_str().unwrap(); // Create a secret-id - let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name); + let (secret_id, _secret_id_accessor) = generate_secret_id(core, token, path, role_name).await; // Ensure login works - let _ = test_login(core, path, role_id, &secret_id, true); + let _ = test_login(core, path, role_id, &secret_id, true).await; // Get the role field - let resp = test_read_role(core, token, path, role_name); + let resp = test_read_role(core, token, path, role_name).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); println!("resp_data: {:?}", resp_data); } - #[test] - fn test_credential_approle_module() { + #[tokio::test] + async fn test_credential_approle_module() { let (root_token, core) = test_rusty_vault_init("test_approle_module"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle/"); + test_mount_auth_api(&core, &root_token, "approle", "approle/").await; - test_approle(&core, &root_token, "approle", "samplerolename"); - test_approle(&core, &root_token, "approle", "SAMPLEROLENAME"); - test_approle(&core, &root_token, "approle", "SampleRoleName"); + test_approle(&core, &root_token, "approle", "samplerolename").await; + test_approle(&core, &root_token, "approle", "SAMPLEROLENAME").await; + test_approle(&core, &root_token, "approle", "SampleRoleName").await; - test_approle_role_service(&core, &root_token, "approle", "testrole"); + test_approle_role_service(&core, &root_token, "approle", "testrole").await; } } diff --git a/src/modules/credential/approle/path_role.rs b/src/modules/credential/approle/path_role.rs index e427c74..d495298 100644 --- a/src/modules/credential/approle/path_role.rs +++ b/src/modules/credential/approle/path_role.rs @@ -2210,13 +2210,13 @@ mod test { }, }; - #[test] - fn test_approle_read_local_secret_ids() { + #[tokio::test] + async fn test_approle_read_local_secret_ids() { let (root_token, core) = test_rusty_vault_init("test_approle_read_local_secret_ids"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Create a role let data = json!({ @@ -2227,22 +2227,22 @@ mod test { .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())).await; assert!(resp.is_ok()); // Get the role field - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole/local-secret-ids", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole/local-secret-ids", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["local_secret_ids"].as_bool().unwrap(), data["local_secret_ids"].as_bool().unwrap()); } - #[test] - fn test_approle_local_non_secret_ids() { + #[tokio::test] + async fn test_approle_local_non_secret_ids() { let (root_token, core) = test_rusty_vault_init("test_approle_local_non_secret_ids"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Create a role with local_secret_ids set let data = json!({ @@ -2253,7 +2253,7 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(data.clone())).await; assert!(resp.is_ok()); // Create another role without setting local_secret_ids @@ -2264,40 +2264,40 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole2", true, Some(data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole2", true, Some(data.clone())).await; assert!(resp.is_ok()); // Create secret IDs on testrole1 let len = 10; for _i in 0..len { - assert!(test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, None).is_ok()); + assert!(test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, None).await.is_ok()); } // Check the number of secret IDs generated - let resp = test_list_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); assert!(resp_data["keys"].is_array()); assert_eq!(resp_data["keys"].as_array().unwrap().len(), len); // Create secret IDs on testrole2 for _i in 0..len { - assert!(test_write_api(&core, &root_token, "auth/approle/role/testrole2/secret-id", true, None).is_ok()); + assert!(test_write_api(&core, &root_token, "auth/approle/role/testrole2/secret-id", true, None).await.is_ok()); } // Check the number of secret IDs generated - let resp = test_list_api(&core, &root_token, "auth/approle/role/testrole2/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/testrole2/secret-id", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); assert!(resp_data["keys"].is_array()); assert_eq!(resp_data["keys"].as_array().unwrap().len(), len); } - #[test] - fn test_approle_upgrade_secret_id_prefix() { + #[tokio::test] + async fn test_approle_upgrade_secret_id_prefix() { let (root_token, core) = test_rusty_vault_init("test_approle_upgrade_secret_id_prefix"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let module = core.module_manager.get_module("approle").unwrap(); let approle_mod = module.read().unwrap(); @@ -2327,7 +2327,7 @@ mod test { req.operation = Operation::Read; req.path = "auth/approle/role/testrole".to_string(); req.client_token = root_token.to_string(); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let mock_backend = approle_module.new_backend(); @@ -2337,13 +2337,13 @@ mod test { assert!(!resp_data["local_secret_ids"].as_bool().unwrap()); } - #[test] - fn test_approle_local_secret_id_immutablility() { + #[tokio::test] + async fn test_approle_local_secret_id_immutablility() { let (root_token, core) = test_rusty_vault_init("test_approle_local_secret_id_immutablility"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Create a role with local_secret_ids set let data = json!({ @@ -2355,20 +2355,20 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())).await; assert!(resp.is_ok()); // Attempt to modify local_secret_ids should fail - let _ = test_write_api(&core, &root_token, "auth/approle/role/testrole", false, Some(data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/testrole", false, Some(data.clone())).await; } - #[test] - fn test_approle_upgrade_bound_cidr_list() { + #[tokio::test] + async fn test_approle_upgrade_bound_cidr_list() { let (root_token, core) = test_rusty_vault_init("test_approle_upgrade_bound_cidr_list"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Create a role with bound_cidr_list set let data = json!({ @@ -2379,11 +2379,11 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data.clone())).await; assert!(resp.is_ok()); // Read the role and check that the bound_cidr_list is set properly - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected: Vec = @@ -2426,20 +2426,20 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole/secret-id", true, Some(data)); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole/secret-id", true, Some(data)).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); assert_ne!(secret_id, ""); } - #[test] - fn test_approle_role_name_lower_casing() { + #[tokio::test] + async fn test_approle_role_name_lower_casing() { let (root_token, core) = test_rusty_vault_init("test_approle_role_name_lower_casing"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let module = core.module_manager.get_module("approle").unwrap(); let approle_mod = module.read().unwrap(); @@ -2464,7 +2464,7 @@ mod test { req.operation = Operation::Write; req.path = "auth/approle/role/testRoleName/secret-id".to_string(); req.client_token = root_token.to_string(); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let mock_backend = approle_module.new_backend(); @@ -2485,7 +2485,7 @@ mod test { req.path = "auth/approle/login".to_string(); req.operation = Operation::Write; req.body = Some(data); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.login(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -2494,7 +2494,7 @@ mod test { req.path = "auth/approle/role/testrolename/secret-id".to_string(); req.operation = Operation::Write; req.body = None; - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.write_role_secret_id(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -2512,7 +2512,7 @@ mod test { req.path = "auth/approle/login".to_string(); req.operation = Operation::Write; req.body = Some(data); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.login(&mock_backend, &mut req); assert!(resp.is_err()); @@ -2523,7 +2523,7 @@ mod test { req.path = "auth/approle/role/testRoleName".to_string(); req.operation = Operation::Delete; req.body = None; - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.delete_role(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -2535,22 +2535,22 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testRoleName", true, Some(data)); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testRoleName", true, Some(data)).await; assert!(resp.is_ok()); // Create secret id with lower cased role name - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrolename/secret-id", true, None); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrolename/secret-id", true, None).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrolename/role-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrolename/role-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let role_id = resp_data["role_id"].as_str().unwrap(); // Login should pass - let _ = test_login(&core, "approle", &role_id, &secret_id, true); + let _ = test_login(&core, "approle", &role_id, &secret_id, true).await; // Lookup of secret ID should work in case-insensitive manner let data = json!({ @@ -2560,24 +2560,24 @@ mod test { .unwrap() .clone(); let resp = - test_write_api(&core, &root_token, "auth/approle/role/testrolename/secret-id/lookup", true, Some(data)); + test_write_api(&core, &root_token, "auth/approle/role/testrolename/secret-id/lookup", true, Some(data)).await; assert!(resp.is_ok()); // Listing of secret IDs should work in case-insensitive manner - let resp = test_list_api(&core, &root_token, "auth/approle/role/testrolename/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/testrolename/secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let keys = resp_data["keys"].as_array().unwrap(); assert_eq!(keys.len(), 1); } - #[test] - fn test_approle_role_read_set_index() { + #[tokio::test] + async fn test_approle_role_read_set_index() { let (root_token, core) = test_rusty_vault_init("test_approle_role_read_set_index"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let module = core.module_manager.get_module("approle").unwrap(); let approle_mod = module.read().unwrap(); @@ -2602,7 +2602,7 @@ mod test { req.operation = Operation::Read; req.path = "auth/approle/role/testrole/role-id".to_string(); req.client_token = root_token.to_string(); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.read_role_role_id(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -2613,7 +2613,7 @@ mod test { req.operation = Operation::Write; req.path = "auth/approle/role/testrole/role-id".to_string(); req.client_token = root_token.to_string(); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.delete_role_id(&mut req, &role_id); assert!(resp.is_ok()); @@ -2622,7 +2622,7 @@ mod test { req.operation = Operation::Read; req.path = "auth/approle/role/testrole".to_string(); req.client_token = root_token.to_string(); - let _resp = core.handle_request(&mut req); + let _resp = core.handle_request(&mut req).await; req.storage = core.get_system_view().map(|arc| arc as Arc); let resp = approle_module.read_role(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -2645,19 +2645,19 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data)); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole", true, Some(data)).await; assert!(resp.is_ok()); - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true).await; assert!(resp.is_ok()); } - #[test] - fn test_approle_cidr_subset() { + #[tokio::test] + async fn test_approle_cidr_subset() { let (root_token, core) = test_rusty_vault_init("test_approle_cidr_subset"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let mut role_data = json!({ "role_id": "role-id-123", @@ -2667,10 +2667,10 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())).await; assert!(resp.is_ok()); - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true).await; assert!(resp.is_ok()); let mut secret_data = json!({ @@ -2685,25 +2685,25 @@ mod test { "auth/approle/role/testrole1/secret-id", false, Some(secret_data.clone()), - ); + ).await; assert!(resp.is_err()); role_data["bound_cidr_list"] = Value::from("192.168.27.29/16,172.245.30.40/24,10.20.30.40/30"); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data)); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data)).await; assert!(resp.is_ok()); secret_data["cidr_list"] = Value::from("192.168.27.29/20,172.245.30.40/25,10.20.30.40/32"); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, Some(secret_data)); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, Some(secret_data)).await; assert!(resp.is_ok()); } - #[test] - fn test_approle_token_bound_cidr_subset_32_mask() { + #[tokio::test] + async fn test_approle_token_bound_cidr_subset_32_mask() { let (root_token, core) = test_rusty_vault_init("test_approle_token_bound_cidr_subset_32_mask"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let role_data = json!({ "role_id": "role-id-123", @@ -2713,10 +2713,10 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())).await; assert!(resp.is_ok()); - let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/testrole", true).await; assert!(resp.is_ok()); let mut secret_data = json!({ @@ -2731,22 +2731,22 @@ mod test { "auth/approle/role/testrole1/secret-id", true, Some(secret_data.clone()), - ); + ).await; assert!(resp.is_ok()); secret_data["token_bound_cidrs"] = Value::from("127.0.0.1/24"); let resp = - test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", false, Some(secret_data)); + test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", false, Some(secret_data)).await; assert!(resp.is_err()); } - #[test] - fn test_approle_role_constraints() { + #[tokio::test] + async fn test_approle_role_constraints() { let (root_token, core) = test_rusty_vault_init("test_approle_role_constraints"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Set bind_secret_id, which is enabled by default let mut role_data = json!({ @@ -2756,31 +2756,31 @@ mod test { .as_object() .unwrap() .clone(); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())).await; assert!(resp.is_ok()); // Set bound_cidr_list alone by explicitly disabling bind_secret_id role_data.insert("bind_secret_id".to_string(), Value::from(false)); role_data.insert("token_bound_cidrs".to_string(), Value::from("0.0.0.0/0")); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", true, Some(role_data.clone())).await; assert!(resp.is_ok()); // Remove both constraints role_data["bind_secret_id"] = Value::from(false); role_data["token_bound_cidrs"] = Value::from(""); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", false, Some(role_data.clone())); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1", false, Some(role_data.clone())).await; assert!(resp.is_err()); } - #[test] - fn test_approle_update_role_id() { + #[tokio::test] + async fn test_approle_update_role_id() { let (root_token, core) = test_rusty_vault_init("test_approle_update_role_id"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "testrole1", "role-id-123", "a,b", true); + test_write_role(&core, &root_token, "approle", "testrole1", "role-id-123", "a,b", true).await; let role_id_data = json!({ "role_id": "customroleid", @@ -2789,38 +2789,38 @@ mod test { .unwrap() .clone(); let resp = - test_write_api(&core, &root_token, "auth/approle/role/testrole1/role-id", true, Some(role_id_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/testrole1/role-id", true, Some(role_id_data.clone())).await; assert!(resp.is_ok()); - let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, None); + let resp = test_write_api(&core, &root_token, "auth/approle/role/testrole1/secret-id", true, None).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); // Login should fail - let _ = test_login(&core, "approle", "role-id-123", &secret_id, false); + let _ = test_login(&core, "approle", "role-id-123", &secret_id, false).await; // Login should pass - let _ = test_login(&core, "approle", "customroleid", &secret_id, true); + let _ = test_login(&core, "approle", "customroleid", &secret_id, true).await; } - #[test] - fn test_approle_role_id_uniqueness() { + #[tokio::test] + async fn test_approle_role_id_uniqueness() { let (root_token, core) = test_rusty_vault_init("test_approle_role_id_uniqueness"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "testrole1", "role-id-123", "a,b", true); + test_write_role(&core, &root_token, "approle", "testrole1", "role-id-123", "a,b", true).await; - test_write_role(&core, &root_token, "approle", "testrole2", "role-id-123", "a,b", false); + test_write_role(&core, &root_token, "approle", "testrole2", "role-id-123", "a,b", false).await; - test_write_role(&core, &root_token, "approle", "testrole2", "role-id-456", "a,b", true); + test_write_role(&core, &root_token, "approle", "testrole2", "role-id-456", "a,b", true).await; - test_write_role(&core, &root_token, "approle", "testrole2", "role-id-123", "a,b", false); + test_write_role(&core, &root_token, "approle", "testrole2", "role-id-123", "a,b", false).await; - test_write_role(&core, &root_token, "approle", "testrole1", "role-id-456", "a,b", false); + test_write_role(&core, &root_token, "approle", "testrole1", "role-id-456", "a,b", false).await; let mut role_id_data = json!({ "role_id": "role-id-456", @@ -2834,7 +2834,7 @@ mod test { "auth/approle/role/testrole1/role-id", false, Some(role_id_data.clone()), - ); + ).await; assert!(resp.is_err()); role_id_data["role_id"] = Value::from("role-id-123"); @@ -2844,55 +2844,55 @@ mod test { "auth/approle/role/testrole2/role-id", false, Some(role_id_data.clone()), - ); + ).await; assert!(resp.is_err()); role_id_data["role_id"] = Value::from("role-id-2000"); let resp = - test_write_api(&core, &root_token, "auth/approle/role/testrole2/role-id", true, Some(role_id_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/testrole2/role-id", true, Some(role_id_data.clone())).await; assert!(resp.is_ok()); role_id_data["role_id"] = Value::from("role-id-1000"); let resp = - test_write_api(&core, &root_token, "auth/approle/role/testrole1/role-id", true, Some(role_id_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/testrole1/role-id", true, Some(role_id_data.clone())).await; assert!(resp.is_ok()); } - #[test] - fn test_approle_role_delete_secret_id() { + #[tokio::test] + async fn test_approle_role_delete_secret_id() { let (root_token, core) = test_rusty_vault_init("test_approle_role_delete_secret_id"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; - let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let keys = resp_data["keys"].as_array().unwrap(); assert_eq!(keys.len(), 3); - test_delete_role(&core, &root_token, "approle", "role1"); - let _ = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", false); + test_delete_role(&core, &root_token, "approle", "role1").await; + let _ = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", false).await; } - #[test] - fn test_approle_lookup_and_destroy_role_secret_id() { + #[tokio::test] + async fn test_approle_lookup_and_destroy_role_secret_id() { let (root_token, core) = test_rusty_vault_init("test_approle_lookup_and_destroy_role_secret_id"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; - let (secret_id, _) = generate_secret_id(&core, &root_token, "approle", "role1"); + let (secret_id, _) = generate_secret_id(&core, &root_token, "approle", "role1").await; let secret_id_data = json!({ "secret_id": secret_id, @@ -2906,7 +2906,7 @@ mod test { "auth/approle/role/role1/secret-id/lookup", true, Some(secret_id_data.clone()), - ); + ).await; assert!(resp.unwrap().unwrap().data.is_some()); let _ = test_delete_api( @@ -2915,30 +2915,30 @@ mod test { "auth/approle/role/role1/secret-id/destroy", true, Some(secret_id_data.clone()), - ); + ).await; let resp = test_write_api( &core, &root_token, "auth/approle/role/role1/secret-id/lookup", true, Some(secret_id_data.clone()), - ); + ).await; assert!(resp.unwrap().is_none()); } - #[test] - fn test_approle_lookup_and_destroy_role_secret_id_accessor() { + #[tokio::test] + async fn test_approle_lookup_and_destroy_role_secret_id_accessor() { let (root_token, core) = test_rusty_vault_init("test_approle_lookup_and_destroy_role_secret_id_accessor"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; - let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let keys = resp_data["keys"].as_array().unwrap(); @@ -2957,7 +2957,7 @@ mod test { "auth/approle/role/role1/secret-id-accessor/lookup", true, Some(hmac_data.clone()), - ); + ).await; assert!(resp.unwrap().unwrap().data.is_some()); let _ = test_delete_api( @@ -2966,25 +2966,25 @@ mod test { "auth/approle/role/role1/secret-id-accessor/destroy", true, Some(hmac_data.clone()), - ); + ).await; let _ = test_write_api( &core, &root_token, "auth/approle/role/role1/secret-id-accessor/lookup", false, Some(hmac_data.clone()), - ); + ).await; } - #[test] - fn test_approle_lookup_role_secret_id_accessor() { + #[tokio::test] + async fn test_approle_lookup_role_secret_id_accessor() { let (root_token, core) = test_rusty_vault_init("test_approle_lookup_role_secret_id_accessor"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; let hmac_data = json!({ "secret_id_accessor": "invalid", @@ -2998,49 +2998,49 @@ mod test { "auth/approle/role/role1/secret-id-accessor/lookup", false, Some(hmac_data.clone()), - ); + ).await; // TODO: resp should ok } - #[test] - fn test_approle_list_role_secret_id() { + #[tokio::test] + async fn test_approle_list_role_secret_id() { let (root_token, core) = test_rusty_vault_init("test_approle_list_role_secret_id"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; // Create 5 'secret_id's - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; - let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id/", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/role1/secret-id/", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let keys = resp_data["keys"].as_array().unwrap(); assert_eq!(keys.len(), 5); } - #[test] - fn test_approle_list_role() { + #[tokio::test] + async fn test_approle_list_role() { let (root_token, core) = test_rusty_vault_init("test_approle_list_role"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); - test_write_role(&core, &root_token, "approle", "role2", "", "c,d", true); - test_write_role(&core, &root_token, "approle", "role3", "", "e,f", true); - test_write_role(&core, &root_token, "approle", "role4", "", "g,h", true); - test_write_role(&core, &root_token, "approle", "role5", "", "i,j", true); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; + test_write_role(&core, &root_token, "approle", "role2", "", "c,d", true).await; + test_write_role(&core, &root_token, "approle", "role3", "", "e,f", true).await; + test_write_role(&core, &root_token, "approle", "role4", "", "g,h", true).await; + test_write_role(&core, &root_token, "approle", "role5", "", "i,j", true).await; - let resp = test_list_api(&core, &root_token, "auth/approle/role", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let mut keys = resp_data["keys"].as_array().unwrap().clone(); @@ -3050,13 +3050,13 @@ mod test { assert_eq!(expect.as_array().unwrap().clone(), keys); } - #[test] - fn test_approle_role_secret_id_without_fields() { + #[tokio::test] + async fn test_approle_role_secret_id_without_fields() { let (root_token, core) = test_rusty_vault_init("test_approle_role_secret_id_without_fields"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let role_data = json!({ "policies": "p,q,r,s", @@ -3068,9 +3068,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(role_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(role_data.clone())).await; - let resp = test_write_api(&core, &root_token, "auth/approle/role/role1/secret-id", true, None); + let resp = test_write_api(&core, &root_token, "auth/approle/role/role1/secret-id", true, None).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); @@ -3092,7 +3092,7 @@ mod test { "auth/approle/role/role1/custom-secret-id", true, Some(secret_id_data.clone()), - ); + ).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); @@ -3103,13 +3103,13 @@ mod test { assert_eq!(secret_id_num_uses, role_data["secret_id_num_uses"].as_int().unwrap()); } - #[test] - fn test_approle_role_secret_id_with_valid_fields() { + #[tokio::test] + async fn test_approle_role_secret_id_with_valid_fields() { let (root_token, core) = test_rusty_vault_init("test_approle_role_secret_id_with_valid_fields"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let role_data = json!({ "policies": "p,q,r,s", @@ -3121,7 +3121,7 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(role_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(role_data.clone())).await; let cases = vec![ json!({"name": "finite num_uses and ttl", "payload": {"secret_id": "finite", "ttl": 5, "num_uses": 5}}), @@ -3138,7 +3138,7 @@ mod test { "auth/approle/role/role1/secret-id", true, Some(secret_id_data.clone()), - ); + ).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); @@ -3154,7 +3154,7 @@ mod test { "auth/approle/role/role1/custom-secret-id", true, Some(secret_id_data.clone()), - ); + ).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id = resp_data["secret_id"].as_str().unwrap(); @@ -3166,13 +3166,13 @@ mod test { } } - #[test] - fn test_approle_role_secret_id_with_invalid_fields() { + #[tokio::test] + async fn test_approle_role_secret_id_with_invalid_fields() { let (root_token, core) = test_rusty_vault_init("test_approle_role_secret_id_with_invalid_fields"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let cases = vec![ json!({ @@ -3249,7 +3249,7 @@ mod test { format!("auth/approle/role/role{}", i).as_str(), true, Some(role_data.clone()), - ); + ).await; for tc in case["cases"].as_array().unwrap().iter() { let secret_id_data = tc["payload"].as_object().unwrap().clone(); @@ -3259,7 +3259,7 @@ mod test { format!("auth/approle/role/role{}/secret-id", i).as_str(), false, Some(secret_id_data.clone()), - ); + ).await; if let Err(RvError::ErrResponse(err_text)) = resp { assert_eq!(err_text, tc["expected"].as_str().unwrap()); } @@ -3269,7 +3269,7 @@ mod test { format!("auth/approle/role/role{}/custom-secret-id", i).as_str(), false, Some(secret_id_data.clone()), - ); + ).await; if let Err(RvError::ErrResponse(err_text)) = resp { assert_eq!(err_text, tc["expected"].as_str().unwrap()); } @@ -3277,13 +3277,13 @@ mod test { } } - #[test] - fn test_approle_role_crud() { + #[tokio::test] + async fn test_approle_role_crud() { let (root_token, core) = test_rusty_vault_init("test_approle_role_crud"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let req_data = json!({ "policies": "p,q,r,s", @@ -3297,9 +3297,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3333,9 +3333,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3359,7 +3359,7 @@ mod test { assert_eq!(expected.as_object().unwrap().clone(), resp_data); // RU for role_id field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/role-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/role-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let role_id = resp_data["role_id"].as_str().unwrap(); @@ -3371,15 +3371,15 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/role-id", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/role-id", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/role-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/role-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["role_id"].as_str().unwrap(), req_data["role_id"].as_str().unwrap()); // RUD for bind_secret_id field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true).await; assert!(resp.is_ok()); let req_data = json!({ @@ -3389,22 +3389,22 @@ mod test { .unwrap() .clone(); let _ = - test_write_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true, Some(req_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["bind_secret_id"].as_bool().unwrap(), req_data["bind_secret_id"].as_bool().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/bind-secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["bind_secret_id"].as_bool().unwrap(), true); // RUD for policies field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true).await; assert!(resp.is_ok()); let req_data = json!({ @@ -3413,9 +3413,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/policies", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/policies", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!( @@ -3427,15 +3427,15 @@ mod test { req_data["policies"].as_comma_string_slice().unwrap() ); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/policies", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/policies", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/policies", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_policies"].as_comma_string_slice().unwrap().len(), 0); // RUD for secret-id-num-uses field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true).await; assert!(resp.is_ok()); let req_data = json!({ @@ -3450,22 +3450,22 @@ mod test { "auth/approle/role/role1/secret-id-num-uses", true, Some(req_data.clone()), - ); + ).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["secret_id_num_uses"].as_int().unwrap(), req_data["secret_id_num_uses"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-num-uses", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["secret_id_num_uses"].as_int().unwrap(), 0); // RUD for secret_id_ttl field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true).await; assert!(resp.is_ok()); let req_data = json!({ @@ -3475,22 +3475,22 @@ mod test { .unwrap() .clone(); let _ = - test_write_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true, Some(req_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["secret_id_ttl"].as_int().unwrap(), req_data["secret_id_ttl"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["secret_id_ttl"].as_int().unwrap(), 0); // RUD for token-num-uses field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_num_uses"].as_int().unwrap(), 600); @@ -3502,22 +3502,22 @@ mod test { .unwrap() .clone(); let _ = - test_write_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true, Some(req_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_num_uses"].as_int().unwrap(), req_data["token_num_uses"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-num-uses", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_num_uses"].as_int().unwrap(), 0); // RUD for period field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true).await; assert!(resp.is_ok()); let req_data = json!({ @@ -3526,22 +3526,22 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/period", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/period", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["period"].as_int().unwrap(), req_data["period"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/period", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/period", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/period", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_period"].as_int().unwrap(), 0); // RUD for token_ttl field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_ttl"].as_int().unwrap(), 4000); @@ -3552,22 +3552,22 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_ttl"].as_int().unwrap(), req_data["token_ttl"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_ttl"].as_int().unwrap(), 0); // RUD for token_max_ttl field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_max_ttl"].as_int().unwrap(), 5000); @@ -3579,33 +3579,33 @@ mod test { .unwrap() .clone(); let _ = - test_write_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true, Some(req_data.clone())); + test_write_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_max_ttl"].as_int().unwrap(), req_data["token_max_ttl"].as_int().unwrap()); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-max-ttl", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_max_ttl"].as_int().unwrap(), 0); // Delete test for role - test_delete_role(&core, &root_token, "approle", "role1"); - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + test_delete_role(&core, &root_token, "approle", "role1").await; + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; assert!(resp.unwrap().is_none()); } - #[test] - fn test_approle_role_token_bound_cidrs_crud() { + #[tokio::test] + async fn test_approle_role_token_bound_cidrs_crud() { let (root_token, core) = test_rusty_vault_init("test_approle_role_token_bound_cidrs_crud"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let req_data = json!({ "policies": "p,q,r,s", @@ -3620,9 +3620,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3655,9 +3655,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3680,7 +3680,7 @@ mod test { assert_eq!(expected.as_object().unwrap().clone(), resp_data); // RUD for secret-id-bound-cidrs field - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!( @@ -3700,9 +3700,9 @@ mod test { "auth/approle/role/role1/secret-id-bound-cidrs", true, Some(req_data.clone()), - ); + ).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!( @@ -3710,9 +3710,9 @@ mod test { req_data["secret_id_bound_cidrs"].as_comma_string_slice().unwrap() ); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/secret-id-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["secret_id_bound_cidrs"].as_comma_string_slice().unwrap().len(), 0); @@ -3721,7 +3721,7 @@ mod test { let expected = json!({ "token_bound_cidrs": ["127.0.0.1", "127.0.0.1/16"], }); - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!( @@ -3741,9 +3741,9 @@ mod test { "auth/approle/role/role1/token-bound-cidrs", true, Some(req_data.clone()), - ); + ).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!( @@ -3751,26 +3751,26 @@ mod test { req_data["token_bound_cidrs"].as_comma_string_slice().unwrap() ); - let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true, None); + let _ = test_delete_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true, None).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1/token-bound-cidrs", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); assert_eq!(resp_data["token_bound_cidrs"].as_comma_string_slice().unwrap().len(), 0); // Delete test for role - test_delete_role(&core, &root_token, "approle", "role1"); - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + test_delete_role(&core, &root_token, "approle", "role1").await; + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; assert!(resp.unwrap().is_none()); } - #[test] - fn test_approle_role_token_type_crud() { + #[tokio::test] + async fn test_approle_role_token_type_crud() { let (root_token, core) = test_rusty_vault_init("test_approle_role_token_type_crud"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let req_data = json!({ "policies": "p,q,r,s", @@ -3784,9 +3784,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3820,9 +3820,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3845,18 +3845,18 @@ mod test { assert_eq!(expected.as_object().unwrap().clone(), resp_data); // Delete test for role - test_delete_role(&core, &root_token, "approle", "role1"); - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + test_delete_role(&core, &root_token, "approle", "role1").await; + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; assert!(resp.unwrap().is_none()); } - #[test] - fn test_approle_role_token_util_upgrade() { + #[tokio::test] + async fn test_approle_role_token_util_upgrade() { let (root_token, core) = test_rusty_vault_init("test_approle_role_token_util_upgrade"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // token_type missing let req_data = json!({ @@ -3870,9 +3870,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3907,9 +3907,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3944,9 +3944,9 @@ mod test { .as_object() .unwrap() .clone(); - let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())); + let _ = test_write_api(&core, &root_token, "auth/approle/role/role1", true, Some(req_data.clone())).await; - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; let resp_data = resp.unwrap().unwrap().data.unwrap(); let expected = json!({ @@ -3969,18 +3969,18 @@ mod test { assert_eq!(expected.as_object().unwrap().clone(), resp_data); // Delete test for role - test_delete_role(&core, &root_token, "approle", "role1"); - let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true); + test_delete_role(&core, &root_token, "approle", "role1").await; + let resp = test_read_api(&core, &root_token, "auth/approle/role/role1", true).await; assert!(resp.unwrap().is_none()); } - #[test] - fn test_approle_role_secret_id_with_ttl() { + #[tokio::test] + async fn test_approle_role_secret_id_with_ttl() { let (root_token, core) = test_rusty_vault_init("test_approle_role_secret_id_with_ttl"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; let mut role_data = json!({ "policies": "default", @@ -4005,7 +4005,7 @@ mod test { format!("auth/approle/role/{}", role_name).as_str(), true, Some(role_data.clone()), - ); + ).await; let resp = test_write_api( &core, @@ -4013,7 +4013,7 @@ mod test { format!("auth/approle/role/{}/secret-id", role_name).as_str(), true, None, - ); + ).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let secret_id_ttl = resp_data["secret_id_ttl"].as_duration().unwrap(); @@ -4025,24 +4025,24 @@ mod test { } } - #[test] - fn test_approle_role_secret_id_accessor_cross_delete() { + #[tokio::test] + async fn test_approle_role_secret_id_accessor_cross_delete() { let (root_token, core) = test_rusty_vault_init("test_approle_role_secret_id_accessor_cross_delete"); let core = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&core, &root_token, "approle", "approle"); + test_mount_auth_api(&core, &root_token, "approle", "approle").await; // Create First Role - test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true); - let _ = generate_secret_id(&core, &root_token, "approle", "role1"); + test_write_role(&core, &root_token, "approle", "role1", "", "a,b", true).await; + let _ = generate_secret_id(&core, &root_token, "approle", "role1").await; // Create Second Role - test_write_role(&core, &root_token, "approle", "role2", "", "a,b", true); - let _ = generate_secret_id(&core, &root_token, "approle", "role2"); + test_write_role(&core, &root_token, "approle", "role2", "", "a,b", true).await; + let _ = generate_secret_id(&core, &root_token, "approle", "role2").await; // Get role2 secretID Accessor - let resp = test_list_api(&core, &root_token, "auth/approle/role/role2/secret-id", true); + let resp = test_list_api(&core, &root_token, "auth/approle/role/role2/secret-id", true).await; assert!(resp.is_ok()); let resp_data = resp.unwrap().unwrap().data.unwrap(); let keys = resp_data["keys"].as_array().unwrap(); @@ -4063,6 +4063,6 @@ mod test { "auth/approle/role/role1/secret-id-accessor/destroy", false, Some(hmac_data.clone()), - ); + ).await; } } diff --git a/src/modules/credential/approle/path_tidy_secret_id.rs b/src/modules/credential/approle/path_tidy_secret_id.rs index 10a2e89..186cda6 100644 --- a/src/modules/credential/approle/path_tidy_secret_id.rs +++ b/src/modules/credential/approle/path_tidy_secret_id.rs @@ -251,9 +251,7 @@ mod test { time::{Duration, Instant}, }; - use actix_rt::System; use as_any::Downcast; - use tokio::runtime::Builder; use super::{ super::{path_role::RoleEntry, AppRoleModule}, @@ -265,13 +263,13 @@ mod test { test_utils::{test_mount_auth_api, test_rusty_vault_init}, }; - #[test] - fn test_approle_tidy_dangling_accessors_normal() { + #[actix_rt::test] + async fn test_approle_tidy_dangling_accessors_normal() { let (root_token, core) = test_rusty_vault_init("test_approle_tidy_dangling_accessors_normal"); let c = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&c, &root_token, "approle", "approle/"); + test_mount_auth_api(&c, &root_token, "approle", "approle/").await; let module = c.module_manager.get_module("approle").unwrap(); let approle_mod = module.read().unwrap(); @@ -297,7 +295,7 @@ mod test { req.operation = Operation::Write; req.path = "auth/approle/role/role1/secret-id".to_string(); req.client_token = root_token.to_string(); - let _resp = c.handle_request(&mut req); + let _resp = c.handle_request(&mut req).await; req.storage = c.get_system_view().map(|arc| arc as Arc); let mut mock_backend = approle_module.new_backend(); @@ -333,18 +331,11 @@ mod test { let accessor = accessor.unwrap(); assert_eq!(accessor.len(), 3); - let rt = - System::with_tokio_rt(|| Builder::new_multi_thread().worker_threads(128).enable_all().build().unwrap()); - rt.block_on(async { - req.operation = Operation::Write; - req.path = "tidy/secret-id".to_string(); - let _resp = mock_backend.handle_request(&mut req); - actix_rt::System::current().stop(); - }); - - let _ = rt.run().unwrap(); + req.operation = Operation::Write; + req.path = "tidy/secret-id".to_string(); + let _resp = mock_backend.handle_request(&mut req); - std::thread::sleep(Duration::from_secs(5)); + assert!(req.wait_task_finish().await.is_ok()); let accessor = req.storage_list("accessor/"); assert!(accessor.is_ok()); @@ -352,13 +343,13 @@ mod test { assert_eq!(accessor.len(), 1); } - #[test] - fn test_approle_tidy_dangling_accessors_race() { + #[actix_rt::test] + async fn test_approle_tidy_dangling_accessors_race() { let (root_token, core) = test_rusty_vault_init("test_approle_tidy_dangling_accessors_race"); let c = core.read().unwrap(); // Mount approle auth to path: auth/approle - test_mount_auth_api(&c, &root_token, "approle", "approle/"); + test_mount_auth_api(&c, &root_token, "approle", "approle/").await; let module = c.module_manager.get_module("approle").unwrap(); let approle_mod = module.read().unwrap(); @@ -387,7 +378,7 @@ mod test { req.operation = Operation::Write; req.path = "auth/approle/role/role1/secret-id".to_string(); req.client_token = root_token.to_string(); - let _resp = c.handle_request(&mut req); + let _resp = c.handle_request(&mut req).await; req.storage = c.get_system_view().map(|arc| arc as Arc); let resp = approle_module.write_role_secret_id(&mock_backend, &mut req); assert!(resp.is_ok()); @@ -396,62 +387,49 @@ mod test { let start = Instant::now(); let core_cloned = core.clone(); - //let invalid_accessors = Arc::new(Mutex::new()); - - let rt = - System::with_tokio_rt(|| Builder::new_multi_thread().worker_threads(128).enable_all().build().unwrap()); - - rt.block_on(async { - while start.elapsed() < Duration::new(5, 0) { - if start.elapsed() > Duration::from_millis(100) - && approle_module.tidy_secret_id_cas_guard.load(Ordering::SeqCst) == 0 + while start.elapsed() < Duration::new(5, 0) { + if start.elapsed() > Duration::from_millis(100) + && approle_module.tidy_secret_id_cas_guard.load(Ordering::SeqCst) == 0 { req.operation = Operation::Write; req.path = "tidy/secret-id".to_string(); let _ = mock_backend.handle_request(&mut req); } - let core_cloned2 = core_cloned.clone(); - let token = root_token.clone(); - let mb = mock_backend.clone(); - - actix_rt::spawn(async move { - let c = core_cloned2.read().unwrap(); - let module = c.module_manager.get_module("approle").unwrap(); - let approle_mod = module.read().unwrap(); - let approle_module = approle_mod.as_ref().downcast_ref::().unwrap(); - let mut req = Request::new("auth/approle/role/role1/secret-id"); - req.operation = Operation::Write; - req.client_token = token.clone(); - let _resp = c.handle_request(&mut req); - req.storage = c.get_system_view().map(|arc| arc as Arc); - let resp = approle_module.write_role_secret_id(&mb, &mut req); - assert!(resp.is_ok()); - }); - - let mut num = count.lock().unwrap(); - - let entry = StorageEntry::new( - format!("accessor/invalid{}", *num).as_str(), - &SecretIdAccessorStorageEntry { secret_id_hmac: "samplesecretidhmac".to_string() }, + let core_cloned2 = core_cloned.clone(); + let token = root_token.clone(); + let mb = mock_backend.clone(); + + actix_rt::spawn(async move { + let c = core_cloned2.read().unwrap(); + let module = c.module_manager.get_module("approle").unwrap(); + let approle_mod = module.read().unwrap(); + let approle_module = approle_mod.as_ref().downcast_ref::().unwrap(); + let mut req = Request::new("auth/approle/role/role1/secret-id"); + req.operation = Operation::Write; + req.client_token = token.clone(); + let _resp = c.handle_request(&mut req).await; + req.storage = c.get_system_view().map(|arc| arc as Arc); + let resp = approle_module.write_role_secret_id(&mb, &mut req); + assert!(resp.is_ok()); + }); + + let mut num = count.lock().unwrap(); + + let entry = StorageEntry::new( + format!("accessor/invalid{}", *num).as_str(), + &SecretIdAccessorStorageEntry { secret_id_hmac: "samplesecretidhmac".to_string() }, ) .unwrap(); - assert!(req.storage_put(&entry).is_ok()); - - *num += 1; - - thread::sleep(Duration::from_micros(10)); - } + assert!(req.storage_put(&entry).is_ok()); - for task in &mut req.tasks { - task.await.unwrap(); - } + *num += 1; - actix_rt::System::current().stop(); - }); + thread::sleep(Duration::from_micros(10)); + } - let _ = rt.run().unwrap(); + assert!(req.wait_task_finish().await.is_ok()); // Wait for tidy to finish while approle_module.tidy_secret_id_cas_guard.load(Ordering::SeqCst) != 0 { @@ -459,24 +437,15 @@ mod test { } // Run tidy again - req.tasks.clear(); - - let rt = - System::with_tokio_rt(|| Builder::new_multi_thread().worker_threads(128).enable_all().build().unwrap()); - rt.block_on(async { - req.operation = Operation::Write; - req.path = "tidy/secret-id".to_string(); - let resp = mock_backend.handle_request(&mut req); - assert!(resp.is_ok()); - - for task in &mut req.tasks { - task.await.unwrap(); - } + req.clear_task(); - actix_rt::System::current().stop(); - }); + req.operation = Operation::Write; + req.path = "tidy/secret-id".to_string(); + let resp = mock_backend.handle_request(&mut req); + assert!(resp.is_ok()); + + assert!(req.wait_task_finish().await.is_ok()); - let _ = rt.run().unwrap(); let num = count.lock().unwrap(); diff --git a/src/modules/credential/userpass/mod.rs b/src/modules/credential/userpass/mod.rs index ac1ddaf..d1e9cc4 100644 --- a/src/modules/credential/userpass/mod.rs +++ b/src/modules/credential/userpass/mod.rs @@ -132,7 +132,7 @@ mod test { test_utils::{test_delete_api, test_mount_auth_api, test_read_api, test_rusty_vault_init, test_write_api}, }; - fn test_write_user(core: &Core, token: &str, path: &str, username: &str, password: &str, ttl: i32) { + async fn test_write_user(core: &Core, token: &str, path: &str, username: &str, password: &str, ttl: i32) { let user_data = json!({ "password": password, "ttl": ttl, @@ -142,21 +142,21 @@ mod test { .clone(); let resp = - test_write_api(core, token, format!("auth/{}/users/{}", path, username).as_str(), true, Some(user_data)); + test_write_api(core, token, format!("auth/{}/users/{}", path, username).as_str(), true, Some(user_data)).await; assert!(resp.is_ok()); } - fn test_read_user(core: &Core, token: &str, username: &str) -> Result, RvError> { - let resp = test_read_api(core, token, format!("auth/pass/users/{}", username).as_str(), true); + async fn test_read_user(core: &Core, token: &str, username: &str) -> Result, RvError> { + let resp = test_read_api(core, token, format!("auth/pass/users/{}", username).as_str(), true).await; assert!(resp.is_ok()); resp } - fn test_delete_user(core: &Core, token: &str, username: &str) { - assert!(test_delete_api(core, token, format!("auth/pass/users/{}", username).as_str(), true, None).is_ok()); + async fn test_delete_user(core: &Core, token: &str, username: &str) { + assert!(test_delete_api(core, token, format!("auth/pass/users/{}", username).as_str(), true, None).await.is_ok()); } - fn test_login( + async fn test_login( core: &Core, path: &str, username: &str, @@ -174,7 +174,7 @@ mod test { req.operation = Operation::Write; req.body = Some(login_data); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert!(resp.is_ok()); if is_ok { let resp = resp.as_ref().unwrap(); @@ -183,42 +183,42 @@ mod test { resp } - #[test] - fn test_userpass_module() { + #[tokio::test] + async fn test_userpass_module() { let (root_token, core) = test_rusty_vault_init("test_userpass_module"); let core = core.read().unwrap(); // mount userpass auth to path: auth/pass - test_mount_auth_api(&core, &root_token, "userpass", "pass"); + test_mount_auth_api(&core, &root_token, "userpass", "pass").await; - test_write_user(&core, &root_token, "pass", "test", "123qwe!@#", 0); - let resp = test_read_user(&core, &root_token, "test").unwrap(); + test_write_user(&core, &root_token, "pass", "test", "123qwe!@#", 0).await; + let resp = test_read_user(&core, &root_token, "test").await.unwrap(); assert!(resp.is_some()); - test_delete_user(&core, &root_token, "test"); - let resp = test_read_user(&core, &root_token, "test").unwrap(); + test_delete_user(&core, &root_token, "test").await; + let resp = test_read_user(&core, &root_token, "test").await.unwrap(); assert!(resp.is_none()); - test_write_user(&core, &root_token, "pass", "test", "123qwe!@#", 0); - let _ = test_login(&core, "pass", "test", "123qwe!@#", true); - let _ = test_login(&core, "pass", "test", "xxxxxxx", false); - let _ = test_login(&core, "pass", "xxxx", "123qwe!@#", false); - let resp = test_login(&core, "pass", "test", "123qwe!@#", true); + test_write_user(&core, &root_token, "pass", "test", "123qwe!@#", 0).await; + let _ = test_login(&core, "pass", "test", "123qwe!@#", true).await; + let _ = test_login(&core, "pass", "test", "xxxxxxx", false).await; + let _ = test_login(&core, "pass", "xxxx", "123qwe!@#", false).await; + let resp = test_login(&core, "pass", "test", "123qwe!@#", true).await; let login_auth = resp.unwrap().unwrap().auth.unwrap(); let test_client_token = login_auth.client_token.clone(); - let resp = test_read_api(&core, &test_client_token, "sys/mounts", true); + let resp = test_read_api(&core, &test_client_token, "sys/mounts", true).await; println!("test mounts resp: {:?}", resp); assert!(resp.unwrap().is_some()); - test_delete_user(&core, &root_token, "test"); - let resp = test_login(&core, "pass", "test", "123qwe!@#", false); + test_delete_user(&core, &root_token, "test").await; + let resp = test_login(&core, "pass", "test", "123qwe!@#", false).await; let login_resp = resp.unwrap().unwrap(); assert!(login_resp.auth.is_none()); - test_write_user(&core, &root_token, "pass", "test2", "123qwe", 5); - let resp = test_read_user(&core, &root_token, "test").unwrap(); + test_write_user(&core, &root_token, "pass", "test2", "123qwe", 5).await; + let resp = test_read_user(&core, &root_token, "test").await.unwrap(); assert!(resp.is_none()); - let resp = test_login(&core, "pass", "test2", "123qwe", true); + let resp = test_login(&core, "pass", "test2", "123qwe", true).await; let login_auth = resp.unwrap().unwrap().auth.unwrap(); println!("user login_auth: {:?}", login_auth); assert_eq!(login_auth.lease.ttl.as_secs(), 5); @@ -226,17 +226,17 @@ mod test { println!("wait 7s"); std::thread::sleep(Duration::from_secs(7)); let test_client_token = login_auth.client_token.clone(); - let resp = test_read_api(&core, &test_client_token, "sys/mounts", false); + let resp = test_read_api(&core, &test_client_token, "sys/mounts", false).await; println!("test mounts resp: {:?}", resp); // mount userpass auth to path: auth/testpass - test_mount_auth_api(&core, &root_token, "userpass", "testpass"); - test_write_user(&core, &root_token, "testpass", "testuser", "123qwe!@#", 0); - let resp = test_login(&core, "testpass", "testuser", "123qwe!@#", true); + test_mount_auth_api(&core, &root_token, "userpass", "testpass").await; + test_write_user(&core, &root_token, "testpass", "testuser", "123qwe!@#", 0).await; + let resp = test_login(&core, "testpass", "testuser", "123qwe!@#", true).await; let login_auth = resp.unwrap().unwrap().auth.unwrap(); let test_client_token = login_auth.client_token.clone(); println!("test_client_token: {}", test_client_token); - let resp = test_read_api(&core, &test_client_token, "sys/mounts", true); + let resp = test_read_api(&core, &test_client_token, "sys/mounts", true).await; println!("test mounts resp: {:?}", resp); assert!(resp.unwrap().is_some()); } diff --git a/src/modules/pki/mod.rs b/src/modules/pki/mod.rs index f21ca70..402ab11 100644 --- a/src/modules/pki/mod.rs +++ b/src/modules/pki/mod.rs @@ -151,7 +151,7 @@ mod test { test_utils::{test_delete_api, test_mount_api, test_read_api, test_rusty_vault_init, test_write_api}, }; - fn config_ca(core: &Core, token: &str, path: &str) { + async fn config_ca(core: &Core, token: &str, path: &str) { let ca_pem_bundle = format!("{}{}", CA_CERT_PEM, CA_KEY_PEM); let ca_data = json!({ @@ -162,11 +162,11 @@ mod test { .clone(); // config ca - let resp = test_write_api(&core, token, format!("{}config/ca", path).as_str(), true, Some(ca_data)); + let resp = test_write_api(&core, token, format!("{}config/ca", path).as_str(), true, Some(ca_data)).await; assert!(resp.is_ok()); } - fn config_role(core: &Core, token: &str, path: &str, role_name: &str, key_type: &str, key_bits: u32) { + async fn config_role(core: &Core, token: &str, path: &str, role_name: &str, key_type: &str, key_bits: u32) { let role_data = json!({ "ttl": "60d", "max_ttl": "365d", @@ -183,11 +183,11 @@ mod test { .clone(); // config role - assert!(test_write_api(&core, token, format!("{}roles/{}", path, role_name).as_str(), true, Some(role_data)) + assert!(test_write_api(&core, token, format!("{}roles/{}", path, role_name).as_str(), true, Some(role_data)).await .is_ok()); } - fn generate_root(core: &Core, token: &str, path: &str, exported: bool, key_type: &str, key_bits: u32, is_ok: bool) { + async fn generate_root(core: &Core, token: &str, path: &str, exported: bool, key_type: &str, key_bits: u32, is_ok: bool) { let common_name = "test-ca"; let req_data = json!({ "common_name": common_name, @@ -206,7 +206,7 @@ mod test { format!("{}root/generate/{}", path, if exported { "exported" } else { "internal" }).as_str(), is_ok, Some(req_data), - ); + ).await; if !is_ok { return; } @@ -217,7 +217,7 @@ mod test { let key_data = data.unwrap(); println!("generate root result: {:?}", key_data); - let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), true); + let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), true).await; let resp_ca_pem_cert_data = resp_ca_pem.unwrap().unwrap().data.unwrap(); let ca_cert = X509::from_pem(resp_ca_pem_cert_data["certificate"].as_str().unwrap().as_bytes()).unwrap(); @@ -254,18 +254,18 @@ mod test { } } - fn delete_root(core: &Core, token: &str, path: &str, is_ok: bool) { - let resp = test_delete_api(core, token, format!("{}root", path).as_str(), is_ok, None); + async fn delete_root(core: &Core, token: &str, path: &str, is_ok: bool) { + let resp = test_delete_api(core, token, format!("{}root", path).as_str(), is_ok, None).await; if !is_ok { return; } assert!(resp.is_ok()); - let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), false); + let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), false).await; assert_eq!(resp_ca_pem.unwrap_err(), RvError::ErrPkiCaNotConfig); } - fn issue_cert_by_generate_root(core: &Core, token: &str, path: &str, role_name: &str, key_type: &str, key_bits: u32) { + async fn issue_cert_by_generate_root(core: &Core, token: &str, path: &str, role_name: &str, key_type: &str, key_bits: u32) { let dns_sans = vec!["test.com", "a.test.com", "b.test.com"]; let issue_data = json!({ "ttl": "10d", @@ -277,7 +277,7 @@ mod test { .clone(); // issue cert - let resp = test_write_api(core, token, format!("{}issue/{}", path, role_name).as_str(), true, Some(issue_data)); + let resp = test_write_api(core, token, format!("{}issue/{}", path, role_name).as_str(), true, Some(issue_data)).await; assert!(resp.is_ok()); let resp_body = resp.unwrap(); assert!(resp_body.is_some()); @@ -318,7 +318,7 @@ mod test { println!("authority_key_id: {:?}", authority_key_id.unwrap().as_slice()); - let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), true); + let resp_ca_pem = test_read_api(core, token, format!("{}ca/pem", path).as_str(), true).await; let resp_ca_pem_cert_data = resp_ca_pem.unwrap().unwrap().data.unwrap(); let ca_cert = X509::from_pem(resp_ca_pem_cert_data["certificate"].as_str().unwrap().as_bytes()).unwrap(); @@ -378,21 +378,21 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L 2k24wuH7oUtLlvf05p4cqfEx -----END PRIVATE KEY-----"#; - #[test] - fn test_pki_config_ca() { + #[tokio::test] + async fn test_pki_config_ca() { let (root_token, c) = test_rusty_vault_init("test_pki_config_ca"); let token = &root_token; let core = c.read().unwrap(); let path = "pki/"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; // config ca - config_ca(&core, token, path); + config_ca(&core, token, path).await; - let resp_ca = test_read_api(&core, token, format!("{}ca", path).as_str(), true); - let resp_ca_pem = test_read_api(&core, token, format!("{}ca/pem", path).as_str(), true); + let resp_ca = test_read_api(&core, token, format!("{}ca", path).as_str(), true).await; + let resp_ca_pem = test_read_api(&core, token, format!("{}ca/pem", path).as_str(), true).await; let resp_ca_cert_data = resp_ca.unwrap().unwrap().data.unwrap(); let resp_ca_pem_cert_data = resp_ca_pem.unwrap().unwrap().data.unwrap(); assert!(resp_ca_cert_data.get("private_key").is_none()); @@ -408,8 +408,8 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L assert_eq!(resp_ca_cert_data["certificate"].as_str().unwrap().trim(), CA_CERT_PEM.trim()); } - #[test] - fn test_pki_config_role() { + #[tokio::test] + async fn test_pki_config_role() { let (root_token, c) = test_rusty_vault_init("test_pki_config_role"); let token = &root_token; let core = c.read().unwrap(); @@ -417,15 +417,15 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L let role_name = "test"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; // config ca - config_ca(&core, token, path); + config_ca(&core, token, path).await; // config role - config_role(&core, token, path, role_name, "rsa", 4096); + config_role(&core, token, path, role_name, "rsa", 4096).await; - let resp = test_read_api(&core, token, &format!("{}roles/{}", path, role_name), true); + let resp = test_read_api(&core, token, &format!("{}roles/{}", path, role_name), true).await; assert!(resp.as_ref().unwrap().is_some()); let resp = resp.unwrap(); assert!(resp.is_some()); @@ -446,8 +446,8 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L assert_eq!(role_data["no_store"].as_bool().unwrap(), false); } - #[test] - fn test_pki_issue_cert() { + #[tokio::test] + async fn test_pki_issue_cert() { let (root_token, c) = test_rusty_vault_init("test_pki_issue_cert"); let token = &root_token; let core = c.read().unwrap(); @@ -455,13 +455,13 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L let role_name = "test"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; // config ca - config_ca(&core, token, path); + config_ca(&core, token, path).await; // config role - config_role(&core, token, path, role_name, "rsa", 4096); + config_role(&core, token, path, role_name, "rsa", 4096).await; let dns_sans = vec!["test.com", "a.test.com", "b.test.com"]; let issue_data = json!({ @@ -474,7 +474,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .clone(); // issue cert - let resp = test_write_api(&core, token, &format!("{}issue/{}", path, role_name), true, Some(issue_data)); + let resp = test_write_api(&core, token, &format!("{}issue/{}", path, role_name), true, Some(issue_data)).await; assert!(resp.is_ok()); let resp_body = resp.unwrap(); assert!(resp_body.is_some()); @@ -517,13 +517,13 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L token, format!("{}cert/{}", path, serial_number_hex.to_lowercase().as_str()).as_str(), true, - ); + ).await; let resp_uppercase = test_read_api( &core, token, format!("{}cert/{}", path, serial_number_hex.to_uppercase().as_str()).as_str(), true, - ); + ).await; println!("resp_uppercase: {:?}", resp_uppercase); let resp_lowercase_cert_data = resp_lowercase.unwrap().unwrap().data.unwrap(); let resp_uppercase_cert_data = resp_uppercase.unwrap().unwrap().data.unwrap(); @@ -543,8 +543,8 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L ); } - #[test] - fn test_pki_generate_root() { + #[tokio::test] + async fn test_pki_generate_root() { let (root_token, c) = test_rusty_vault_init("test_pki_generate_root"); let token = &root_token; let core = c.read().unwrap(); @@ -552,25 +552,25 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L let role_name = "test"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; // config ca - config_ca(&core, token, path); + config_ca(&core, token, path).await; // config role - config_role(&core, token, path, role_name, "rsa", 4096); + config_role(&core, token, path, role_name, "rsa", 4096).await; - generate_root(&core, token, path, true, "rsa", 4096, true); - generate_root(&core, token, path, false, "rsa", 4096, true); + generate_root(&core, token, path, true, "rsa", 4096, true).await; + generate_root(&core, token, path, false, "rsa", 4096, true).await; - issue_cert_by_generate_root(&core, token, path, role_name, "rsa", 4096); + issue_cert_by_generate_root(&core, token, path, role_name, "rsa", 4096).await; - delete_root(&core, token, path, true); + delete_root(&core, token, path, true).await; } #[cfg(feature = "crypto_adaptor_tongsuo")] - #[test] - fn test_pki_sm2_generate_root() { + #[tokio::test] + async fn test_pki_sm2_generate_root() { let (root_token, c) = test_rusty_vault_init("test_pki_generate_root"); let token = &root_token; let core = c.read().unwrap(); @@ -578,23 +578,23 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L let role_name = "test"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; // config ca - config_ca(&core, token, path); + config_ca(&core, token, path).await; // config role - config_role(&core, token, path, role_name, "sm2", 256); + config_role(&core, token, path, role_name, "sm2", 256).await; - generate_root(&core, token, path, true, "sm2", 256, true); - generate_root(&core, token, path, false, "sm2", 256, true); + generate_root(&core, token, path, true, "sm2", 256, true).await; + generate_root(&core, token, path, false, "sm2", 256, true).await; - issue_cert_by_generate_root(&core, token, path, role_name, "sm2", 256); + issue_cert_by_generate_root(&core, token, path, role_name, "sm2", 256).await; - delete_root(&core, token, path, true); + delete_root(&core, token, path, true).await; } - fn test_pki_generate_key_case( + async fn test_pki_generate_key_case( core: &Core, token: &str, path: &str, @@ -619,7 +619,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L &format!("{}/keys/generate/{}", path, if exported { "exported" } else { "internal" }), is_ok, Some(req_data), - ); + ).await; if !is_ok { return; } @@ -658,7 +658,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L } } - fn test_pki_import_key_case( + async fn test_pki_import_key_case( core: &Core, token: &str, path: &str, @@ -689,7 +689,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L } println!("import req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/import", path), is_ok, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/import", path), is_ok, Some(req_data)).await; if !is_ok { return; } @@ -704,7 +704,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L assert_eq!(key_data["key_bits"].as_u64().unwrap(), key_bits as u64); } - fn test_pki_sign_verify(core: &Core, token: &str, path: &str, key_name: &str, data: &[u8], is_ok: bool) { + async fn test_pki_sign_verify(core: &Core, token: &str, path: &str, key_name: &str, data: &[u8], is_ok: bool) { let req_data = json!({ "key_name": key_name.to_string(), "data": hex::encode(data), @@ -713,7 +713,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("sign req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/sign", path), is_ok, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/sign", path), is_ok, Some(req_data)).await; if !is_ok { return; } @@ -735,7 +735,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("verify req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/verify", path), is_ok, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/verify", path), is_ok, Some(req_data)).await; let resp_body = resp.unwrap(); assert!(resp_body.is_some()); let resp_raw_data = resp_body.unwrap().data; @@ -754,7 +754,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("verify bad req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/verify", path), true, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/verify", path), true, Some(req_data)).await; let resp_body = resp.unwrap(); assert!(resp_body.is_some()); let resp_raw_data = resp_body.unwrap().data; @@ -772,7 +772,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("verify bad signatue req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/verify", path), true, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/verify", path), true, Some(req_data)).await; let resp_body = resp.unwrap(); assert!(resp_body.is_some()); let resp_raw_data = resp_body.unwrap().data; @@ -789,10 +789,10 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .as_object() .unwrap() .clone(); - assert!(test_write_api(core, token, &format!("{}/keys/verify", path), false, Some(req_data)).is_err()); + assert!(test_write_api(core, token, &format!("{}/keys/verify", path), false, Some(req_data)).await.is_err()); } - fn test_pki_encrypt_decrypt(core: &Core, token: &str, path: &str, key_name: &str, data: &[u8], is_ok: bool) { + async fn test_pki_encrypt_decrypt(core: &Core, token: &str, path: &str, key_name: &str, data: &[u8], is_ok: bool) { let origin_data = hex::encode(data); let req_data = json!({ "key_name": key_name.to_string(), @@ -802,7 +802,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("encrypt req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/encrypt", path), is_ok, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/encrypt", path), is_ok, Some(req_data)).await; if !is_ok { return; } @@ -823,7 +823,7 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .unwrap() .clone(); println!("decrypt req_data: {:?}, is_ok: {}", req_data, is_ok); - let resp = test_write_api(core, token, &format!("{}/keys/decrypt", path), is_ok, Some(req_data)); + let resp = test_write_api(core, token, &format!("{}/keys/decrypt", path), is_ok, Some(req_data)).await; let resp_body = resp.unwrap(); assert!(resp_body.is_some()); let resp_raw_data = resp_body.unwrap().data; @@ -840,117 +840,117 @@ x/+V28hUf8m8P2NxP5ALaDZagdaMfzjGZo3O3wDv33Cds0P5GMGQYnRXDxcZN/2L .as_object() .unwrap() .clone(); - assert!(test_write_api(core, token, &format!("{}/keys/decrypt", path), false, Some(req_data)).is_err()); + assert!(test_write_api(core, token, &format!("{}/keys/decrypt", path), false, Some(req_data)).await.is_err()); } - #[test] - fn test_pki_generate_key() { + #[tokio::test] + async fn test_pki_generate_key() { let (root_token, c) = test_rusty_vault_init("test_pki_generate_key"); let token = &root_token; let core = c.read().unwrap(); let path = "pki"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; //test generate rsa key - test_pki_generate_key_case(&core, token, path, "rsa-2048", "rsa", 2048, true, true); - test_pki_generate_key_case(&core, token, path, "rsa-3072", "rsa", 3072, true, true); - test_pki_generate_key_case(&core, token, path, "rsa-4096", "rsa", 4096, true, true); - test_pki_generate_key_case(&core, token, path, "rsa-2048-internal", "rsa", 2048, false, true); - test_pki_generate_key_case(&core, token, path, "rsa-3072-internal", "rsa", 3072, false, true); - test_pki_generate_key_case(&core, token, path, "rsa-4096-internal", "rsa", 4096, false, true); - test_pki_generate_key_case(&core, token, path, "rsa-2048", "rsa", 2048, true, false); - test_pki_generate_key_case(&core, token, path, "rsa-2048-bad-type", "rsaa", 2048, true, false); - test_pki_generate_key_case(&core, token, path, "rsa-2048-bad-bits", "rsa", 2049, true, false); + test_pki_generate_key_case(&core, token, path, "rsa-2048", "rsa", 2048, true, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-3072", "rsa", 3072, true, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-4096", "rsa", 4096, true, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-2048-internal", "rsa", 2048, false, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-3072-internal", "rsa", 3072, false, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-4096-internal", "rsa", 4096, false, true).await; + test_pki_generate_key_case(&core, token, path, "rsa-2048", "rsa", 2048, true, false).await; + test_pki_generate_key_case(&core, token, path, "rsa-2048-bad-type", "rsaa", 2048, true, false).await; + test_pki_generate_key_case(&core, token, path, "rsa-2048-bad-bits", "rsa", 2049, true, false).await; //test rsa sign and verify - test_pki_sign_verify(&core, token, path, "rsa-2048", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "rsa-3072", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "rsa-4096", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "rsa-4096-bad-key-name", "rusty_vault test".as_bytes(), false); + test_pki_sign_verify(&core, token, path, "rsa-2048", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "rsa-3072", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "rsa-4096", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "rsa-4096-bad-key-name", "rusty_vault test".as_bytes(), false).await; //test generate ec key - test_pki_generate_key_case(&core, token, path, "ec-224", "ec", 224, true, true); - test_pki_generate_key_case(&core, token, path, "ec-256", "ec", 256, true, true); - test_pki_generate_key_case(&core, token, path, "ec-384", "ec", 384, true, true); - test_pki_generate_key_case(&core, token, path, "ec-521", "ec", 521, true, true); - test_pki_generate_key_case(&core, token, path, "ec-224-internal", "ec", 224, false, true); - test_pki_generate_key_case(&core, token, path, "ec-256-internal", "ec", 256, false, true); - test_pki_generate_key_case(&core, token, path, "ec-384-internal", "ec", 384, false, true); - test_pki_generate_key_case(&core, token, path, "ec-521-internal", "ec", 521, false, true); - test_pki_generate_key_case(&core, token, path, "ec-224", "ec", 224, true, false); - test_pki_generate_key_case(&core, token, path, "ec-224-bad_type", "ecc", 224, true, false); - test_pki_generate_key_case(&core, token, path, "ec-224-bad_bits", "ec", 250, true, false); + test_pki_generate_key_case(&core, token, path, "ec-224", "ec", 224, true, true).await; + test_pki_generate_key_case(&core, token, path, "ec-256", "ec", 256, true, true).await; + test_pki_generate_key_case(&core, token, path, "ec-384", "ec", 384, true, true).await; + test_pki_generate_key_case(&core, token, path, "ec-521", "ec", 521, true, true).await; + test_pki_generate_key_case(&core, token, path, "ec-224-internal", "ec", 224, false, true).await; + test_pki_generate_key_case(&core, token, path, "ec-256-internal", "ec", 256, false, true).await; + test_pki_generate_key_case(&core, token, path, "ec-384-internal", "ec", 384, false, true).await; + test_pki_generate_key_case(&core, token, path, "ec-521-internal", "ec", 521, false, true).await; + test_pki_generate_key_case(&core, token, path, "ec-224", "ec", 224, true, false).await; + test_pki_generate_key_case(&core, token, path, "ec-224-bad_type", "ecc", 224, true, false).await; + test_pki_generate_key_case(&core, token, path, "ec-224-bad_bits", "ec", 250, true, false).await; //test ec sign and verify - test_pki_sign_verify(&core, token, path, "ec-224", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-256", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-384", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-521", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-224-bad-key-name", "rusty_vault test".as_bytes(), false); + test_pki_sign_verify(&core, token, path, "ec-224", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-256", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-384", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-521", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-224-bad-key-name", "rusty_vault test".as_bytes(), false).await; //test generate aes-gcm key - test_pki_generate_key_case(&core, token, path, "aes-gcm-128", "aes-gcm", 128, true, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-192", "aes-gcm", 192, true, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-256", "aes-gcm", 256, true, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-128-internal", "aes-gcm", 128, false, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-192-internal", "aes-gcm", 192, false, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-256-internal", "aes-gcm", 256, false, true); - test_pki_generate_key_case(&core, token, path, "aes-gcm-128", "aes-gcm", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-gcm-128-bad-type", "aes-gcmm", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-gcm-128-bad-bits", "aes-gcm", 129, true, false); + test_pki_generate_key_case(&core, token, path, "aes-gcm-128", "aes-gcm", 128, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-192", "aes-gcm", 192, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-256", "aes-gcm", 256, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-128-internal", "aes-gcm", 128, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-192-internal", "aes-gcm", 192, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-256-internal", "aes-gcm", 256, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-128", "aes-gcm", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-128-bad-type", "aes-gcmm", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-gcm-128-bad-bits", "aes-gcm", 129, true, false).await; //test aes-gcm encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-128", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-192", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256-bad-key-name", "rusty_vault test".as_bytes(), false); + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-128", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-192", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256-bad-key-name", "rusty_vault test".as_bytes(), false).await; //test generate aes-cbc key - test_pki_generate_key_case(&core, token, path, "aes-cbc-128", "aes-cbc", 128, true, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-192", "aes-cbc", 192, true, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-256", "aes-cbc", 256, true, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-128-internal", "aes-cbc", 128, false, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-192-internal", "aes-cbc", 192, false, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-256-internal", "aes-cbc", 256, false, true); - test_pki_generate_key_case(&core, token, path, "aes-cbc-128", "aes-cbc", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-cbc-128-bad-type", "aes-cbcc", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-cbc-128-bad-bits", "aes-cbc", 129, true, false); + test_pki_generate_key_case(&core, token, path, "aes-cbc-128", "aes-cbc", 128, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-192", "aes-cbc", 192, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-256", "aes-cbc", 256, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-128-internal", "aes-cbc", 128, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-192-internal", "aes-cbc", 192, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-256-internal", "aes-cbc", 256, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-128", "aes-cbc", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-128-bad-type", "aes-cbcc", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-cbc-128-bad-bits", "aes-cbc", 129, true, false).await; //test aes-cbc encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-128", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-192", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256-bad-key-name", "rusty_vault test".as_bytes(), false); + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-128", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-192", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256-bad-key-name", "rusty_vault test".as_bytes(), false).await; //test generate aes-ecb key - test_pki_generate_key_case(&core, token, path, "aes-ecb-128", "aes-ecb", 128, true, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-192", "aes-ecb", 192, true, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-256", "aes-ecb", 256, true, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-128-internal", "aes-ecb", 128, false, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-192-internal", "aes-ecb", 192, false, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-256-internal", "aes-ecb", 256, false, true); - test_pki_generate_key_case(&core, token, path, "aes-ecb-128", "aes-ecb", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-ecb-128-bad-type", "aes-ecbb", 128, true, false); - test_pki_generate_key_case(&core, token, path, "aes-ecb-128-bad-bits", "aes-ecb", 129, true, false); + test_pki_generate_key_case(&core, token, path, "aes-ecb-128", "aes-ecb", 128, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-192", "aes-ecb", 192, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-256", "aes-ecb", 256, true, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-128-internal", "aes-ecb", 128, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-192-internal", "aes-ecb", 192, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-256-internal", "aes-ecb", 256, false, true).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-128", "aes-ecb", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-128-bad-type", "aes-ecbb", 128, true, false).await; + test_pki_generate_key_case(&core, token, path, "aes-ecb-128-bad-bits", "aes-ecb", 129, true, false).await; //test aes-ecb encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-128", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-192", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256-bad-key-name", "rusty_vault test".as_bytes(), false); + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-128", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-192", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256-bad-key-name", "rusty_vault test".as_bytes(), false).await; } - #[test] - fn test_pki_import_key() { + #[tokio::test] + async fn test_pki_import_key() { let (root_token, c) = test_rusty_vault_init("test_pki_import_key"); let token = &root_token; let core = c.read().unwrap(); let path = "pki"; // mount pki backend to path: pki/ - test_mount_api(&core, token, "pki", path); + test_mount_api(&core, token, "pki", path).await; //test import rsa key test_pki_import_key_case( @@ -992,7 +992,7 @@ bwtnhIcuKu7aG0qI2abuLtNI -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1044,7 +1044,7 @@ Do5o32GEcxbLo+woXez/9og= -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1108,7 +1108,7 @@ srlAra2xKovU8At81EhC3oarMYLbY9w= -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1172,7 +1172,7 @@ srlAra2xKovU8At81EhC3oarMYLbY9w= -----END PRIVATE KEY----- "#, false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1236,7 +1236,7 @@ srlAra2xKovU8At81EhC3oarMYLbY9w= -----END PRIVATE KEY----- "#, false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1301,12 +1301,12 @@ srlAra2xKovU8At81EhC3oarMYLbY9w= -----END PRIVATE KEY----- "#, false, - ); + ).await; //test rsa sign and verify - test_pki_sign_verify(&core, token, path, "rsa-2048-import", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "rsa-3072-import", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "rsa-4096-import", "rusty_vault test".as_bytes(), true); + test_pki_sign_verify(&core, token, path, "rsa-2048-import", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "rsa-3072-import", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "rsa-4096-import", "rusty_vault test".as_bytes(), true).await; //test import ec key test_pki_import_key_case( @@ -1325,7 +1325,7 @@ K9bNL/xrK2WENeATjX1eZE9JZtjDwnAqlJM= -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1342,7 +1342,7 @@ AAOYNTNA2jpy34lQ2zlBLIoaTuxXtg6mWvfITYPGrpWorcPTYzG+ -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1360,7 +1360,7 @@ TKSYqB3QPPoSWhfvlq1iSdarRYfH+6S9dRpeaf+xnnVVMD8iqmUBOdl0UZZHOOt6 -----END PRIVATE KEY----- "#, true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1380,8 +1380,8 @@ Fw== -----END PRIVATE KEY----- "#, true, - ); - test_pki_import_key_case(&core, token, path, "ec-521-import", "ec", 521, "", "same key name", false); + ).await; + test_pki_import_key_case(&core, token, path, "ec-521-import", "ec", 521, "", "same key name", false).await; test_pki_import_key_case( &core, token, @@ -1401,7 +1401,7 @@ Fw== -----END PRIVATE KEY----- "#, false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1422,13 +1422,13 @@ xxxxxxxxxxxxxx -----END PRIVATE KEY----- "#, false, - ); + ).await; //test ec sign and verify - test_pki_sign_verify(&core, token, path, "ec-224-import", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-256-import", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-384-import", "rusty_vault test".as_bytes(), true); - test_pki_sign_verify(&core, token, path, "ec-521-import", "rusty_vault test".as_bytes(), true); + test_pki_sign_verify(&core, token, path, "ec-224-import", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-256-import", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-384-import", "rusty_vault test".as_bytes(), true).await; + test_pki_sign_verify(&core, token, path, "ec-521-import", "rusty_vault test".as_bytes(), true).await; //test import aes-gcm key test_pki_import_key_case( @@ -1441,7 +1441,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "cfe0f571fe695c6a4c5e34339d32eb3c", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1452,7 +1452,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "3077fdca16350c85c354a700bbc127972dafe2138874cdea", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1463,7 +1463,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "6349e3032b690f2fe61a824746ac3ab05c1829a4147f4891f595dfb19cddfd06", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1474,7 +1474,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "same key name", false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1485,7 +1485,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "6349e3032b690f2fe61a824746ac3ab05c1829a4147f4891f595dfb19cddfd06", false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1496,12 +1496,12 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "aa6349e3032b690f2fe61a824746ac3ab05c1829a4147f4891f595dfb19cddfd06", false, - ); + ).await; //test aes-gcm encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-128-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-192-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256-import", "rusty_vault test".as_bytes(), true); + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-128-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-192-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-gcm-256-import", "rusty_vault test".as_bytes(), true).await; //test import aes-cbc key test_pki_import_key_case( @@ -1514,7 +1514,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "77628ff2c35adc7efdecfb0e86a4576f", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1525,7 +1525,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "807f5f15d2924f104700f058030298c8591d0f6b5163b333", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1536,7 +1536,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "521fc4bb8ee6015ac5a6e3e611854aa7608a17413f72ee007e799dac303853e1", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1547,7 +1547,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "same key name", false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1558,7 +1558,7 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "521fc4bb8ee6015ac5a6e3e611854aa7608a17413f72ee007e799dac303853e1", false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1569,12 +1569,12 @@ xxxxxxxxxxxxxx "1c499088cddd0382918bd5650718533d", "21521fc4bb8ee6015ac5a6e3e611854aa7608a17413f72ee007e799dac303853e1", false, - ); + ).await; //test aes-cbc encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-128-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-192-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256-import", "rusty_vault test".as_bytes(), true); + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-128-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-192-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-cbc-256-import", "rusty_vault test".as_bytes(), true).await; //test import aes-ecb key test_pki_import_key_case( @@ -1587,7 +1587,7 @@ xxxxxxxxxxxxxx "", "38a1f9ad74562db696872cbfa10cc46e", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1598,7 +1598,7 @@ xxxxxxxxxxxxxx "", "b80f65a5a334e583bafd18d2e86667384ae16cb0467982de", true, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1609,8 +1609,8 @@ xxxxxxxxxxxxxx "", "95b622ebf838b0b8b4cc60635333f87f9b10bcbe340b710020a6e9789156c052", true, - ); - test_pki_import_key_case(&core, token, path, "aes-ecb-256-import", "aes-ecb", 256, "", "same key name", false); + ).await; + test_pki_import_key_case(&core, token, path, "aes-ecb-256-import", "aes-ecb", 256, "", "same key name", false).await; test_pki_import_key_case( &core, token, @@ -1621,7 +1621,7 @@ xxxxxxxxxxxxxx "", "95b622ebf838b0b8b4cc60635333f87f9b10bcbe340b710020a6e9789156c052", false, - ); + ).await; test_pki_import_key_case( &core, token, @@ -1632,11 +1632,11 @@ xxxxxxxxxxxxxx "", "2295b622ebf838b0b8b4cc60635333f87f9b10bcbe340b710020a6e9789156c052", false, - ); + ).await; //test aes-gcm encrypt and decrypt - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-128-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-192-import", "rusty_vault test".as_bytes(), true); - test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256-import", "rusty_vault test".as_bytes(), true); + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-128-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-192-import", "rusty_vault test".as_bytes(), true).await; + test_pki_encrypt_decrypt(&core, token, path, "aes-ecb-256-import", "rusty_vault test".as_bytes(), true).await; } } diff --git a/src/router.rs b/src/router.rs index b5e3467..3adc1bd 100644 --- a/src/router.rs +++ b/src/router.rs @@ -4,6 +4,7 @@ use std::sync::{Arc, RwLock}; +use async_trait::async_trait; use radix_trie::{Trie, TrieCommon}; use crate::{ @@ -192,14 +193,8 @@ impl Router { pub fn as_handler(&self) -> &dyn Handler { self } -} -impl Handler for Router { - fn name(&self) -> String { - "core_router".to_string() - } - - fn route(&self, req: &mut Request) -> Result, RvError> { + pub fn handle_request(&self, req: &mut Request) -> Result, RvError> { if !req.path.contains('/') { req.path.push('/'); } @@ -254,6 +249,17 @@ impl Handler for Router { } } +#[async_trait] +impl Handler for Router { + fn name(&self) -> String { + "core_router".to_string() + } + + async fn route(&self, req: &mut Request) -> Result, RvError> { + self.handle_request(req) + } +} + fn new_radix_from_paths(paths: &[String]) -> Trie { let mut radix_paths = Trie::new(); for path in paths { diff --git a/src/test_utils.rs b/src/test_utils.rs index ecacca1..50f3578 100644 --- a/src/test_utils.rs +++ b/src/test_utils.rs @@ -1027,27 +1027,27 @@ pub fn start_test_http_server_with_prometheus( server_thread } -pub fn test_list_api(core: &Core, token: &str, path: &str, is_ok: bool) -> Result, RvError> { +pub async fn test_list_api(core: &Core, token: &str, path: &str, is_ok: bool) -> Result, RvError> { let mut req = Request::new(path); req.operation = Operation::List; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; println!("list resp: {:?}", resp); assert_eq!(resp.is_ok(), is_ok); resp } -pub fn test_read_api(core: &Core, token: &str, path: &str, is_ok: bool) -> Result, RvError> { +pub async fn test_read_api(core: &Core, token: &str, path: &str, is_ok: bool) -> Result, RvError> { let mut req = Request::new(path); req.operation = Operation::Read; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; println!("read resp: {:?}", resp); assert_eq!(resp.is_ok(), is_ok); resp } -pub fn test_write_api( +pub async fn test_write_api( core: &Core, token: &str, path: &str, @@ -1059,13 +1059,13 @@ pub fn test_write_api( req.client_token = token.to_string(); req.body = data; - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; println!("write resp: {:?}", resp); assert_eq!(resp.is_ok(), is_ok); resp } -pub fn test_delete_api( +pub async fn test_delete_api( core: &Core, token: &str, path: &str, @@ -1076,13 +1076,13 @@ pub fn test_delete_api( req.operation = Operation::Delete; req.client_token = token.to_string(); req.body = data; - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; println!("delete resp: {:?}", resp); assert_eq!(resp.is_ok(), is_ok); resp } -pub fn test_mount_api(core: &Core, token: &str, mtype: &str, path: &str) { +pub async fn test_mount_api(core: &Core, token: &str, mtype: &str, path: &str) { let data = json!({ "type": mtype, }) @@ -1090,11 +1090,11 @@ pub fn test_mount_api(core: &Core, token: &str, mtype: &str, path: &str) { .unwrap() .clone(); - let resp = test_write_api(core, token, format!("sys/mounts/{}", path).as_str(), true, Some(data)); + let resp = test_write_api(core, token, format!("sys/mounts/{}", path).as_str(), true, Some(data)).await; assert!(resp.is_ok()); } -pub fn test_mount_auth_api(core: &Core, token: &str, atype: &str, path: &str) { +pub async fn test_mount_auth_api(core: &Core, token: &str, atype: &str, path: &str) { let auth_data = json!({ "type": atype, }) @@ -1102,6 +1102,6 @@ pub fn test_mount_auth_api(core: &Core, token: &str, atype: &str, path: &str) { .unwrap() .clone(); - let resp = test_write_api(core, token, format!("sys/auth/{}", path).as_str(), true, Some(auth_data)); + let resp = test_write_api(core, token, format!("sys/auth/{}", path).as_str(), true, Some(auth_data)).await; assert!(resp.is_ok()); } diff --git a/tests/test_default_logical.rs b/tests/test_default_logical.rs index efe06c6..59490dd 100644 --- a/tests/test_default_logical.rs +++ b/tests/test_default_logical.rs @@ -13,11 +13,11 @@ use rusty_vault::{ }; use serde_json::{json, Map, Value}; -fn test_read_api(core: &Core, token: &str, path: &str, is_ok: bool, expect: Option>) { +async fn test_read_api(core: &Core, token: &str, path: &str, is_ok: bool, expect: Option>) { let mut req = Request::new(path); req.operation = Operation::Read; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert_eq!(resp.is_ok(), is_ok); if expect.is_some() { let resp = resp.unwrap(); @@ -31,27 +31,27 @@ fn test_read_api(core: &Core, token: &str, path: &str, is_ok: bool, expect: Opti } } -fn test_write_api(core: &Core, token: &str, path: &str, is_ok: bool, data: Option>) { +async fn test_write_api(core: &Core, token: &str, path: &str, is_ok: bool, data: Option>) { let mut req = Request::new(path); req.operation = Operation::Write; req.client_token = token.to_string(); req.body = data; - assert_eq!(core.handle_request(&mut req).is_ok(), is_ok); + assert_eq!(core.handle_request(&mut req).await.is_ok(), is_ok); } -fn test_delete_api(core: &Core, token: &str, path: &str, is_ok: bool) { +async fn test_delete_api(core: &Core, token: &str, path: &str, is_ok: bool) { let mut req = Request::new(path); req.operation = Operation::Delete; req.client_token = token.to_string(); - assert_eq!(core.handle_request(&mut req).is_ok(), is_ok); + assert_eq!(core.handle_request(&mut req).await.is_ok(), is_ok); } -fn test_list_api(core: &Core, token: &str, path: &str, is_ok: bool, keys_len: usize) { +async fn test_list_api(core: &Core, token: &str, path: &str, is_ok: bool, keys_len: usize) { let mut req = Request::new(path); req.operation = Operation::List; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert_eq!(resp.is_ok(), is_ok); if is_ok { let resp = resp.unwrap(); @@ -62,7 +62,7 @@ fn test_list_api(core: &Core, token: &str, path: &str, is_ok: bool, keys_len: us } } -fn test_default_secret(core: Arc>, token: &str) { +async fn test_default_secret(core: Arc>, token: &str) { let core = core.read().unwrap(); // create secret @@ -73,18 +73,18 @@ fn test_default_secret(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "secret/goo", true, Some(kv_data.clone())); + test_write_api(&core, token, "secret/goo", true, Some(kv_data.clone())).await; // get secret - test_read_api(&core, token, "secret/goo", true, Some(kv_data)); - test_read_api(&core, token, "secret/foo", true, None); - test_read_api(&core, token, "secret1/foo", false, None); + test_read_api(&core, token, "secret/goo", true, Some(kv_data)).await; + test_read_api(&core, token, "secret/foo", true, None).await; + test_read_api(&core, token, "secret1/foo", false, None).await; // list secret - test_list_api(&core, token, "secret/", true, 1); + test_list_api(&core, token, "secret/", true, 1).await; } -fn test_kv_logical_backend(core: Arc>, token: &str) { +async fn test_kv_logical_backend(core: Arc>, token: &str) { let core = core.read().unwrap(); // mount kv backend to path: kv/ @@ -94,7 +94,7 @@ fn test_kv_logical_backend(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/mounts/kv/", true, Some(mount_data)); + test_write_api(&core, token, "sys/mounts/kv/", true, Some(mount_data)).await; let kv_data = json!({ "foo": "bar", @@ -104,18 +104,18 @@ fn test_kv_logical_backend(core: Arc>, token: &str) { .unwrap() .clone(); - test_read_api(&core, token, "secret/foo", true, None); + test_read_api(&core, token, "secret/foo", true, None).await; // create secret - test_write_api(&core, token, "kv/secret", true, Some(kv_data.clone())); - test_write_api(&core, token, "kv1/secret", false, Some(kv_data.clone())); + test_write_api(&core, token, "kv/secret", true, Some(kv_data.clone())).await; + test_write_api(&core, token, "kv1/secret", false, Some(kv_data.clone())).await; // get secret - test_read_api(&core, token, "kv/secret", true, Some(kv_data)); - test_read_api(&core, token, "kv/secret1", true, None); + test_read_api(&core, token, "kv/secret", true, Some(kv_data)).await; + test_read_api(&core, token, "kv/secret1", true, None).await; // list secret - test_list_api(&core, token, "kv/", true, 1); + test_list_api(&core, token, "kv/", true, 1).await; // update secret let kv_data = json!({ @@ -124,10 +124,10 @@ fn test_kv_logical_backend(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "kv/secret", true, Some(kv_data.clone())); + test_write_api(&core, token, "kv/secret", true, Some(kv_data.clone())).await; // check whether the secret is updated successfully - test_read_api(&core, token, "kv/secret", true, Some(kv_data)); + test_read_api(&core, token, "kv/secret", true, Some(kv_data)).await; // add secret let kv_data = json!({ @@ -136,17 +136,17 @@ fn test_kv_logical_backend(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "kv/foo", true, Some(kv_data.clone())); + test_write_api(&core, token, "kv/foo", true, Some(kv_data.clone())).await; // list secret - test_list_api(&core, token, "kv/", true, 2); + test_list_api(&core, token, "kv/", true, 2).await; // delete secret - test_delete_api(&core, token, "kv/secret", true); - test_delete_api(&core, token, "kv/secret11", true); + test_delete_api(&core, token, "kv/secret", true).await; + test_delete_api(&core, token, "kv/secret11", true).await; // list secret again - test_list_api(&core, token, "kv/", true, 1); + test_list_api(&core, token, "kv/", true, 1).await; // remount kv backend to path: kv/ let remount_data = json!({ @@ -156,26 +156,26 @@ fn test_kv_logical_backend(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", true, Some(remount_data)); + test_write_api(&core, token, "sys/remount", true, Some(remount_data)).await; // get secret from new mount path - test_read_api(&core, token, "vk/foo", true, Some(kv_data)); + test_read_api(&core, token, "vk/foo", true, Some(kv_data)).await; // unmount - test_delete_api(&core, token, "sys/mounts/vk/", true); + test_delete_api(&core, token, "sys/mounts/vk/", true).await; // Getting the secret should fail - test_read_api(&core, token, "vk/foo", false, None); + test_read_api(&core, token, "vk/foo", false, None).await; } -fn test_sys_mount_feature(core: Arc>, token: &str) { +async fn test_sys_mount_feature(core: Arc>, token: &str) { let core = core.read().unwrap(); // test api: "mounts" let mut req = Request::new("sys/mounts"); req.operation = Operation::Read; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert!(resp.is_ok()); let resp = resp.unwrap(); assert!(resp.is_some()); @@ -190,10 +190,10 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/mounts/kv/", true, Some(mount_data.clone())); + test_write_api(&core, token, "sys/mounts/kv/", true, Some(mount_data.clone())).await; // test api: "mounts/kv" with path conflict - test_write_api(&core, token, "sys/mounts/kv/", false, Some(mount_data)); + test_write_api(&core, token, "sys/mounts/kv/", false, Some(mount_data)).await; // test api: "mounts/nope" with valid type let mount_data = json!({ @@ -202,7 +202,7 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/mounts/nope/", false, Some(mount_data)); + test_write_api(&core, token, "sys/mounts/nope/", false, Some(mount_data)).await; // test api: "remount" with valid path let remount_data = json!({ @@ -212,7 +212,7 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", true, Some(remount_data)); + test_write_api(&core, token, "sys/remount", true, Some(remount_data)).await; // test api: "remount" with invalid path let remount_data = json!({ @@ -222,7 +222,7 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", false, Some(remount_data)); + test_write_api(&core, token, "sys/remount", false, Some(remount_data)).await; // test api: "remount" with dis-path conflict let remount_data = json!({ @@ -232,7 +232,7 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", false, Some(remount_data)); + test_write_api(&core, token, "sys/remount", false, Some(remount_data)).await; // test api: "remount" with protect path let remount_data = json!({ @@ -242,7 +242,7 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", false, Some(remount_data)); + test_write_api(&core, token, "sys/remount", false, Some(remount_data)).await; // test api: "remount" with default src-path let remount_data = json!({ @@ -252,17 +252,17 @@ fn test_sys_mount_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/remount", true, Some(remount_data)); + test_write_api(&core, token, "sys/remount", true, Some(remount_data)).await; } -fn test_sys_raw_api_feature(core: Arc>, token: &str) { +async fn test_sys_raw_api_feature(core: Arc>, token: &str) { let core = core.read().unwrap(); // test raw read let mut req = Request::new("sys/raw/core/mounts"); req.operation = Operation::Read; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert!(resp.is_ok()); let resp = resp.unwrap(); let data = resp.unwrap().data; @@ -277,13 +277,13 @@ fn test_sys_raw_api_feature(core: Arc>, token: &str) { .as_object() .unwrap() .clone(); - test_write_api(&core, token, "sys/raw/test", true, Some(test_data.clone())); + test_write_api(&core, token, "sys/raw/test", true, Some(test_data.clone())).await; // test raw read again let mut req = Request::new("sys/raw/test"); req.operation = Operation::Read; req.client_token = token.to_string(); - let resp = core.handle_request(&mut req); + let resp = core.handle_request(&mut req).await; assert!(resp.is_ok()); let resp = resp.unwrap(); let data = resp.unwrap().data; @@ -291,19 +291,19 @@ fn test_sys_raw_api_feature(core: Arc>, token: &str) { assert_eq!(data.as_ref().unwrap()["value"].as_str().unwrap(), test_data["value"].as_str().unwrap()); // test raw delete - test_delete_api(&core, token, "sys/raw/test", true); + test_delete_api(&core, token, "sys/raw/test", true).await; // test raw read again - test_read_api(&core, token, "sys/raw/test", true, None); + test_read_api(&core, token, "sys/raw/test", true, None).await; } -fn test_sys_logical_backend(core: Arc>, token: &str) { - test_sys_mount_feature(Arc::clone(&core), token); - test_sys_raw_api_feature(core, token); +async fn test_sys_logical_backend(core: Arc>, token: &str) { + test_sys_mount_feature(Arc::clone(&core), token).await; + test_sys_raw_api_feature(core, token).await; } -#[test] -fn test_default_logical() { +#[tokio::test] +async fn test_default_logical() { let dir = env::temp_dir().join("rusty_vault_core_init"); assert!(fs::create_dir(&dir).is_ok()); defer! ( @@ -348,8 +348,8 @@ fn test_default_logical() { { println!("root_token: {:?}", root_token); - test_default_secret(Arc::clone(&c), &root_token); - test_kv_logical_backend(Arc::clone(&c), &root_token); - test_sys_logical_backend(Arc::clone(&c), &root_token); + test_default_secret(Arc::clone(&c), &root_token).await; + test_kv_logical_backend(Arc::clone(&c), &root_token).await; + test_sys_logical_backend(Arc::clone(&c), &root_token).await; } }