mirror of https://github.com/poanetwork/quorum.git
gofmt
This commit is contained in:
parent
19d634c0fd
commit
d0cd4e231a
|
@ -9,18 +9,18 @@ func getMinimumValidConfig() HashicorpWalletConfig {
|
||||||
},
|
},
|
||||||
Secrets: []HashicorpSecretConfig{
|
Secrets: []HashicorpSecretConfig{
|
||||||
{
|
{
|
||||||
AddressSecret: "addr",
|
AddressSecret: "addr",
|
||||||
PrivateKeySecret: "key",
|
PrivateKeySecret: "key",
|
||||||
AddressSecretVersion: 1,
|
AddressSecretVersion: 1,
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
AddressSecret: "otherAddr",
|
AddressSecret: "otherAddr",
|
||||||
PrivateKeySecret: "otherKey",
|
PrivateKeySecret: "otherKey",
|
||||||
AddressSecretVersion: 1,
|
AddressSecretVersion: 1,
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -51,15 +51,15 @@ type hashicorpKeyHandler struct {
|
||||||
|
|
||||||
// Status for a hashicorpService
|
// Status for a hashicorpService
|
||||||
const (
|
const (
|
||||||
open = "open"
|
open = "open"
|
||||||
closed = "closed"
|
closed = "closed"
|
||||||
hashicorpHealthcheckFailed = "Hashicorp Vault healthcheck failed"
|
hashicorpHealthcheckFailed = "Hashicorp Vault healthcheck failed"
|
||||||
hashicorpUninitialized = "Hashicorp Vault uninitialized"
|
hashicorpUninitialized = "Hashicorp Vault uninitialized"
|
||||||
hashicorpSealed = "Hashicorp Vault sealed"
|
hashicorpSealed = "Hashicorp Vault sealed"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
hashicorpSealedErr = errors.New(hashicorpSealed)
|
hashicorpSealedErr = errors.New(hashicorpSealed)
|
||||||
hashicorpUninitializedErr = errors.New(hashicorpUninitialized)
|
hashicorpUninitializedErr = errors.New(hashicorpUninitialized)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
noHashicorpEnvSetErr = fmt.Errorf("environment variables must be set when creating the Hashicorp client. Set %v and %v if the Vault is configured to use Approle authentication. Else set %v", RoleIDEnv, SecretIDEnv, api.EnvVaultToken)
|
noHashicorpEnvSetErr = fmt.Errorf("environment variables must be set when creating the Hashicorp client. Set %v and %v if the Vault is configured to use Approle authentication. Else set %v", RoleIDEnv, SecretIDEnv, api.EnvVaultToken)
|
||||||
invalidApproleAuthErr = fmt.Errorf("both %v and %v must be set if using Approle authentication", RoleIDEnv, SecretIDEnv)
|
invalidApproleAuthErr = fmt.Errorf("both %v and %v must be set if using Approle authentication", RoleIDEnv, SecretIDEnv)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -143,9 +143,9 @@ func (h *hashicorpService) open() error {
|
||||||
conf.Address = h.config.Url
|
conf.Address = h.config.Url
|
||||||
|
|
||||||
tlsConfig := &api.TLSConfig{
|
tlsConfig := &api.TLSConfig{
|
||||||
CACert: h.config.CaCert,
|
CACert: h.config.CaCert,
|
||||||
ClientCert: h.config.ClientCert,
|
ClientCert: h.config.ClientCert,
|
||||||
ClientKey: h.config.ClientKey,
|
ClientKey: h.config.ClientKey,
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := conf.ConfigureTLS(tlsConfig); err != nil {
|
if err := conf.ConfigureTLS(tlsConfig); err != nil {
|
||||||
|
@ -171,7 +171,7 @@ func (h *hashicorpService) open() error {
|
||||||
|
|
||||||
if usingApproleAuth(roleID, secretID) {
|
if usingApproleAuth(roleID, secretID) {
|
||||||
//authenticate the client using approle
|
//authenticate the client using approle
|
||||||
body := map[string]interface{} {"role_id": roleID, "secret_id": secretID}
|
body := map[string]interface{}{"role_id": roleID, "secret_id": secretID}
|
||||||
|
|
||||||
approle := h.config.Approle
|
approle := h.config.Approle
|
||||||
|
|
||||||
|
@ -247,7 +247,7 @@ func (h *hashicorpService) accountRetrievalLoop(ticker *time.Ticker) {
|
||||||
|
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: address,
|
Address: address,
|
||||||
URL: parsedUrl,
|
URL: parsedUrl,
|
||||||
}
|
}
|
||||||
|
|
||||||
// update state
|
// update state
|
||||||
|
@ -428,21 +428,21 @@ func (h *hashicorpService) getKey(acct accounts.Account) (*ecdsa.PrivateKey, fun
|
||||||
h.mutex.RUnlock()
|
h.mutex.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, func(){}, err
|
return nil, func() {}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
key, zeroFn, err := h.getKeyFromHandler(*keyHandler)
|
key, zeroFn, err := h.getKeyFromHandler(*keyHandler)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
zeroFn()
|
zeroFn()
|
||||||
return nil, func(){}, err
|
return nil, func() {}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate that the retrieved key is correct for the provided account
|
// validate that the retrieved key is correct for the provided account
|
||||||
address := crypto.PubkeyToAddress(key.PublicKey)
|
address := crypto.PubkeyToAddress(key.PublicKey)
|
||||||
if !bytes.Equal(address.Bytes(), acct.Address.Bytes()) {
|
if !bytes.Equal(address.Bytes(), acct.Address.Bytes()) {
|
||||||
zeroFn()
|
zeroFn()
|
||||||
return nil, func(){}, incorrectKeyForAddrErr
|
return nil, func() {}, incorrectKeyForAddrErr
|
||||||
}
|
}
|
||||||
|
|
||||||
return key, zeroFn, nil
|
return key, zeroFn, nil
|
||||||
|
@ -466,7 +466,7 @@ func (h *hashicorpService) getKeyHandler(acct accounts.Account) (*hashicorpKeyHa
|
||||||
sort.Sort(accountsByURL(ambiguousAccounts))
|
sort.Sort(accountsByURL(ambiguousAccounts))
|
||||||
|
|
||||||
err := &keystore.AmbiguousAddrError{
|
err := &keystore.AmbiguousAddrError{
|
||||||
Addr: acct.Address,
|
Addr: acct.Address,
|
||||||
Matches: ambiguousAccounts,
|
Matches: ambiguousAccounts,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -500,7 +500,7 @@ func (h *hashicorpService) getKeyHandler(acct accounts.Account) (*hashicorpKeyHa
|
||||||
func (h *hashicorpService) getKeyFromHandler(handler hashicorpKeyHandler) (*ecdsa.PrivateKey, func(), error) {
|
func (h *hashicorpService) getKeyFromHandler(handler hashicorpKeyHandler) (*ecdsa.PrivateKey, func(), error) {
|
||||||
if key := handler.key; key != nil {
|
if key := handler.key; key != nil {
|
||||||
// the account has been unlocked so we return an empty zero function to prevent the caller from being able to lock it
|
// the account has been unlocked so we return an empty zero function to prevent the caller from being able to lock it
|
||||||
return key, func(){}, nil
|
return key, func() {}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
h.mutex.RLock()
|
h.mutex.RLock()
|
||||||
|
@ -508,11 +508,11 @@ func (h *hashicorpService) getKeyFromHandler(handler hashicorpKeyHandler) (*ecds
|
||||||
h.mutex.RUnlock()
|
h.mutex.RUnlock()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, func(){}, err
|
return nil, func() {}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// zeroFn zeroes the retrieved private key
|
// zeroFn zeroes the retrieved private key
|
||||||
zeroFn := func () {
|
zeroFn := func() {
|
||||||
b := key.D.Bits()
|
b := key.D.Bits()
|
||||||
for i := range b {
|
for i := range b {
|
||||||
b[i] = 0
|
b[i] = 0
|
||||||
|
|
|
@ -13,9 +13,9 @@ var BackendType = reflect.TypeOf(&VaultBackend{})
|
||||||
|
|
||||||
// VaultBackend implements accounts.Backend to manage all wallets for a particular vendor's vault
|
// VaultBackend implements accounts.Backend to manage all wallets for a particular vendor's vault
|
||||||
type VaultBackend struct {
|
type VaultBackend struct {
|
||||||
wallets []accounts.Wallet
|
wallets []accounts.Wallet
|
||||||
updateScope event.SubscriptionScope
|
updateScope event.SubscriptionScope
|
||||||
updateFeed *event.Feed
|
updateFeed *event.Feed
|
||||||
// Other backend impls require mutexes for safety as their wallets can change at any time (e.g. if a file/usb is added/removed). vaultWallets can only be created at startup so there is no danger of concurrent reads and writes.
|
// Other backend impls require mutexes for safety as their wallets can change at any time (e.g. if a file/usb is added/removed). vaultWallets can only be created at startup so there is no danger of concurrent reads and writes.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ func NewHashicorpBackend(walletConfigs []HashicorpWalletConfig) VaultBackend {
|
||||||
sort.Sort(walletsByUrl(wallets))
|
sort.Sort(walletsByUrl(wallets))
|
||||||
|
|
||||||
return VaultBackend{
|
return VaultBackend{
|
||||||
wallets: wallets,
|
wallets: wallets,
|
||||||
updateFeed: &updateFeed,
|
updateFeed: &updateFeed,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestNewHashicorpBackend_CreatesWalletsWithUrlsFromConfig(t *testing.T) {
|
func TestNewHashicorpBackend_CreatesWalletsWithUrlsFromConfig(t *testing.T) {
|
||||||
makeConfs := func (url string, urls... string) []HashicorpWalletConfig {
|
makeConfs := func(url string, urls ...string) []HashicorpWalletConfig {
|
||||||
var confs []HashicorpWalletConfig
|
var confs []HashicorpWalletConfig
|
||||||
|
|
||||||
confs = append(confs, HashicorpWalletConfig{Client: HashicorpClientConfig{Url: url}})
|
confs = append(confs, HashicorpWalletConfig{Client: HashicorpClientConfig{Url: url}})
|
||||||
|
@ -21,7 +21,7 @@ func TestNewHashicorpBackend_CreatesWalletsWithUrlsFromConfig(t *testing.T) {
|
||||||
return confs
|
return confs
|
||||||
}
|
}
|
||||||
|
|
||||||
makeUrls := func(strUrl string, strUrls... string) []accounts.URL {
|
makeUrls := func(strUrl string, strUrls ...string) []accounts.URL {
|
||||||
var urls []accounts.URL
|
var urls []accounts.URL
|
||||||
|
|
||||||
s := strings.Split(strUrl, "://")
|
s := strings.Split(strUrl, "://")
|
||||||
|
@ -39,15 +39,15 @@ func TestNewHashicorpBackend_CreatesWalletsWithUrlsFromConfig(t *testing.T) {
|
||||||
return urls
|
return urls
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
in []HashicorpWalletConfig
|
in []HashicorpWalletConfig
|
||||||
wantUrls []accounts.URL
|
wantUrls []accounts.URL
|
||||||
}{
|
}{
|
||||||
"no config": {in: []HashicorpWalletConfig{}, wantUrls: []accounts.URL(nil)},
|
"no config": {in: []HashicorpWalletConfig{}, wantUrls: []accounts.URL(nil)},
|
||||||
"single": {in: makeConfs("http://url:1"), wantUrls: makeUrls("http://url:1")},
|
"single": {in: makeConfs("http://url:1"), wantUrls: makeUrls("http://url:1")},
|
||||||
"multiple": {in: makeConfs("http://url:1", "http://url:2"), wantUrls: makeUrls("http://url:1", "http://url:2")},
|
"multiple": {in: makeConfs("http://url:1", "http://url:2"), wantUrls: makeUrls("http://url:1", "http://url:2")},
|
||||||
"orders by url": {
|
"orders by url": {
|
||||||
in: makeConfs("https://url:1", "https://a:9", "http://url:2", "http://url:1"),
|
in: makeConfs("https://url:1", "https://a:9", "http://url:2", "http://url:1"),
|
||||||
wantUrls: makeUrls("http://url:1", "http://url:2", "https://a:9", "https://url:1")},
|
wantUrls: makeUrls("http://url:1", "http://url:2", "https://a:9", "https://url:1")},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -74,11 +74,11 @@ func TestNewHashicorpBackend_CreatesWalletsWithUrlsFromConfig(t *testing.T) {
|
||||||
|
|
||||||
func TestVaultBackend_Wallets_ReturnsWallets(t *testing.T) {
|
func TestVaultBackend_Wallets_ReturnsWallets(t *testing.T) {
|
||||||
tests := map[string]struct {
|
tests := map[string]struct {
|
||||||
in []accounts.Wallet
|
in []accounts.Wallet
|
||||||
want []accounts.Wallet
|
want []accounts.Wallet
|
||||||
}{
|
}{
|
||||||
"empty": {in: []accounts.Wallet{}, want: []accounts.Wallet{}},
|
"empty": {in: []accounts.Wallet{}, want: []accounts.Wallet{}},
|
||||||
"single": {in: []accounts.Wallet{VaultWallet{}}, want: []accounts.Wallet{VaultWallet{}}},
|
"single": {in: []accounts.Wallet{VaultWallet{}}, want: []accounts.Wallet{VaultWallet{}}},
|
||||||
"multiple": {in: []accounts.Wallet{VaultWallet{}, VaultWallet{}}, want: []accounts.Wallet{VaultWallet{}, VaultWallet{}}},
|
"multiple": {in: []accounts.Wallet{VaultWallet{}, VaultWallet{}}, want: []accounts.Wallet{VaultWallet{}, VaultWallet{}}},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,8 +19,8 @@ import (
|
||||||
|
|
||||||
// VaultWallet implements accounts.Wallet and represents the common functionality shared by all wallets that manage accounts stored in vaults
|
// VaultWallet implements accounts.Wallet and represents the common functionality shared by all wallets that manage accounts stored in vaults
|
||||||
type VaultWallet struct {
|
type VaultWallet struct {
|
||||||
url accounts.URL
|
url accounts.URL
|
||||||
vault vaultService
|
vault vaultService
|
||||||
updateFeed *event.Feed
|
updateFeed *event.Feed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -73,8 +73,8 @@ func newHashicorpWallet(config HashicorpWalletConfig, updateFeed *event.Feed) (V
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
url: url,
|
url: url,
|
||||||
vault: newHashicorpService(config),
|
vault: newHashicorpService(config),
|
||||||
updateFeed: updateFeed,
|
updateFeed: updateFeed,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -77,8 +77,8 @@ func TestVaultWallet_Status_Hashicorp_ClosedWhenServiceHasNoClient(t *testing.T)
|
||||||
func TestVaultWallet_Status_Hashicorp_HealthcheckSuccessful(t *testing.T) {
|
func TestVaultWallet_Status_Hashicorp_HealthcheckSuccessful(t *testing.T) {
|
||||||
const (
|
const (
|
||||||
uninitialised = "uninitialized"
|
uninitialised = "uninitialized"
|
||||||
sealed = "sealed"
|
sealed = "sealed"
|
||||||
open = "open"
|
open = "open"
|
||||||
)
|
)
|
||||||
|
|
||||||
makeMockHashicorpResponse := func(t *testing.T, vaultStatus string) []byte {
|
makeMockHashicorpResponse := func(t *testing.T, vaultStatus string) []byte {
|
||||||
|
@ -104,10 +104,10 @@ func TestVaultWallet_Status_Hashicorp_HealthcheckSuccessful(t *testing.T) {
|
||||||
return b
|
return b
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := []struct{
|
tests := []struct {
|
||||||
vaultStatus string
|
vaultStatus string
|
||||||
want string
|
want string
|
||||||
wantErr error
|
wantErr error
|
||||||
}{
|
}{
|
||||||
{vaultStatus: uninitialised, want: hashicorpUninitialized, wantErr: hashicorpUninitializedErr},
|
{vaultStatus: uninitialised, want: hashicorpUninitialized, wantErr: hashicorpUninitializedErr},
|
||||||
{vaultStatus: sealed, want: hashicorpSealed, wantErr: hashicorpSealedErr},
|
{vaultStatus: sealed, want: hashicorpSealed, wantErr: hashicorpSealedErr},
|
||||||
|
@ -269,8 +269,8 @@ func TestVaultWallet_Open_Hashicorp_CreatesTLSClientUsingConfig(t *testing.T) {
|
||||||
|
|
||||||
serverTlsConfig := &tls.Config{
|
serverTlsConfig := &tls.Config{
|
||||||
Certificates: []tls.Certificate{keypair},
|
Certificates: []tls.Certificate{keypair},
|
||||||
ClientAuth: tls.RequireAndVerifyClientCert,
|
ClientAuth: tls.RequireAndVerifyClientCert,
|
||||||
ClientCAs: certPool,
|
ClientCAs: certPool,
|
||||||
}
|
}
|
||||||
|
|
||||||
// add TLS config to server and start
|
// add TLS config to server and start
|
||||||
|
@ -281,10 +281,10 @@ func TestVaultWallet_Open_Hashicorp_CreatesTLSClientUsingConfig(t *testing.T) {
|
||||||
|
|
||||||
// create wallet with config and open
|
// create wallet with config and open
|
||||||
config := HashicorpClientConfig{
|
config := HashicorpClientConfig{
|
||||||
Url: vaultServer.URL,
|
Url: vaultServer.URL,
|
||||||
CaCert: "testdata/caRoot.pem",
|
CaCert: "testdata/caRoot.pem",
|
||||||
ClientCert: "testdata/quorum-client-chain.pem",
|
ClientCert: "testdata/quorum-client-chain.pem",
|
||||||
ClientKey: "testdata/quorum-client.key",
|
ClientKey: "testdata/quorum-client.key",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{vault: &hashicorpService{config: config}, updateFeed: &event.Feed{}}
|
w := VaultWallet{vault: &hashicorpService{config: config}, updateFeed: &event.Feed{}}
|
||||||
|
@ -318,9 +318,9 @@ func TestVaultWallet_Open_Hashicorp_CreatesTLSClientUsingConfig(t *testing.T) {
|
||||||
|
|
||||||
func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T) {
|
func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T) {
|
||||||
const (
|
const (
|
||||||
myToken = "myToken"
|
myToken = "myToken"
|
||||||
myRoleId = "myRoleId"
|
myRoleId = "myRoleId"
|
||||||
mySecretId = "mySecretId"
|
mySecretId = "mySecretId"
|
||||||
myApproleToken = "myApproleToken"
|
myApproleToken = "myApproleToken"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -344,7 +344,7 @@ func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T
|
||||||
// makeMockApproleVaultServer creates an httptest.Server for handling approle auth requests. The server and its Close function are returned. Close must be called to ensure the server is stopped (best to defer the function as soon as it is returned).
|
// makeMockApproleVaultServer creates an httptest.Server for handling approle auth requests. The server and its Close function are returned. Close must be called to ensure the server is stopped (best to defer the function as soon as it is returned).
|
||||||
//
|
//
|
||||||
// The server will expose only the path /v1/auth/{approlePath}/login. If approlePath = "" then the default value of "approle" will be used. The server will respond with an api.Secret containing the provided token.
|
// The server will expose only the path /v1/auth/{approlePath}/login. If approlePath = "" then the default value of "approle" will be used. The server will respond with an api.Secret containing the provided token.
|
||||||
makeMockApproleVaultServer := func (t *testing.T, approlePath string) (*httptest.Server, func()) {
|
makeMockApproleVaultServer := func(t *testing.T, approlePath string) (*httptest.Server, func()) {
|
||||||
|
|
||||||
vaultResponse := &api.Secret{Auth: &api.SecretAuth{ClientToken: myApproleToken}}
|
vaultResponse := &api.Secret{Auth: &api.SecretAuth{ClientToken: myApproleToken}}
|
||||||
b, err := json.Marshal(vaultResponse)
|
b, err := json.Marshal(vaultResponse)
|
||||||
|
@ -367,14 +367,14 @@ func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T
|
||||||
return vaultServer, vaultServer.Close
|
return vaultServer, vaultServer.Close
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
envVars []string
|
envVars []string
|
||||||
approle string
|
approle string
|
||||||
wantToken string
|
wantToken string
|
||||||
}{
|
}{
|
||||||
"token auth": {envVars: []string{api.EnvVaultToken}, wantToken: myToken},
|
"token auth": {envVars: []string{api.EnvVaultToken}, wantToken: myToken},
|
||||||
"default approle auth": {envVars: []string{RoleIDEnv, SecretIDEnv}, wantToken: myApproleToken},
|
"default approle auth": {envVars: []string{RoleIDEnv, SecretIDEnv}, wantToken: myApproleToken},
|
||||||
"custom approle auth": {envVars: []string{RoleIDEnv, SecretIDEnv}, approle: "nondefault", wantToken: myApproleToken},
|
"custom approle auth": {envVars: []string{RoleIDEnv, SecretIDEnv}, approle: "nondefault", wantToken: myApproleToken},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, tt := range tests {
|
for name, tt := range tests {
|
||||||
|
@ -390,7 +390,7 @@ func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
config := HashicorpClientConfig{
|
config := HashicorpClientConfig{
|
||||||
Url: vaultServer.URL,
|
Url: vaultServer.URL,
|
||||||
Approle: tt.approle,
|
Approle: tt.approle,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -422,8 +422,8 @@ func TestVaultWallet_Open_Hashicorp_ClientAuthenticatesUsingEnvVars(t *testing.T
|
||||||
|
|
||||||
func TestVaultWallet_Open_Hashicorp_ErrAuthenticatingClient(t *testing.T) {
|
func TestVaultWallet_Open_Hashicorp_ErrAuthenticatingClient(t *testing.T) {
|
||||||
const (
|
const (
|
||||||
myToken = "myToken"
|
myToken = "myToken"
|
||||||
myRoleId = "myRoleId"
|
myRoleId = "myRoleId"
|
||||||
mySecretId = "mySecretId"
|
mySecretId = "mySecretId"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -444,14 +444,14 @@ func TestVaultWallet_Open_Hashicorp_ErrAuthenticatingClient(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
envVars []string
|
envVars []string
|
||||||
want error
|
want error
|
||||||
}{
|
}{
|
||||||
"no auth provided": {envVars: []string{}, want: noHashicorpEnvSetErr},
|
"no auth provided": {envVars: []string{}, want: noHashicorpEnvSetErr},
|
||||||
"only role id": {envVars: []string{RoleIDEnv}, want: invalidApproleAuthErr},
|
"only role id": {envVars: []string{RoleIDEnv}, want: invalidApproleAuthErr},
|
||||||
"only secret id": {envVars: []string{SecretIDEnv}, want: invalidApproleAuthErr},
|
"only secret id": {envVars: []string{SecretIDEnv}, want: invalidApproleAuthErr},
|
||||||
"role id and token": {envVars: []string{api.EnvVaultToken, RoleIDEnv}, want: invalidApproleAuthErr},
|
"role id and token": {envVars: []string{api.EnvVaultToken, RoleIDEnv}, want: invalidApproleAuthErr},
|
||||||
"secret id and token": {envVars: []string{api.EnvVaultToken, SecretIDEnv}, want: invalidApproleAuthErr},
|
"secret id and token": {envVars: []string{api.EnvVaultToken, SecretIDEnv}, want: invalidApproleAuthErr},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -580,9 +580,9 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrieved(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
secretEngine = "kv"
|
secretEngine = "kv"
|
||||||
secret1 = "sec1"
|
secret1 = "sec1"
|
||||||
secret2 = "sec2"
|
secret2 = "sec2"
|
||||||
multiValSecret = "multiValSec"
|
multiValSecret = "multiValSec"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -606,7 +606,7 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrieved(t *testing.T) {
|
||||||
|
|
||||||
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, multiValSecret), func(w http.ResponseWriter, r *http.Request) {
|
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, multiValSecret), func(w http.ResponseWriter, r *http.Request) {
|
||||||
body := makeVaultResponse(map[string]string{
|
body := makeVaultResponse(map[string]string{
|
||||||
"address": "ed9d02e382b34818e88b88a309c7fe71e65f419d",
|
"address": "ed9d02e382b34818e88b88a309c7fe71e65f419d",
|
||||||
"otherAddress": "ca843569e3427144cead5e4d5999a3d0ccf92b8e",
|
"otherAddress": "ca843569e3427144cead5e4d5999a3d0ccf92b8e",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -616,12 +616,12 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrieved(t *testing.T) {
|
||||||
vaultServer := httptest.NewServer(mux)
|
vaultServer := httptest.NewServer(mux)
|
||||||
defer vaultServer.Close()
|
defer vaultServer.Close()
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
secrets []HashicorpSecretConfig
|
secrets []HashicorpSecretConfig
|
||||||
wantAccts []accounts.Account
|
wantAccts []accounts.Account
|
||||||
}{
|
}{
|
||||||
"account retrieved": {
|
"account retrieved": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(secret1)},
|
secrets: []HashicorpSecretConfig{makeSecret(secret1)},
|
||||||
wantAccts: []accounts.Account{
|
wantAccts: []accounts.Account{
|
||||||
{Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d")},
|
{Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d")},
|
||||||
},
|
},
|
||||||
|
@ -631,7 +631,7 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrieved(t *testing.T) {
|
||||||
wantAccts: []accounts.Account{},
|
wantAccts: []accounts.Account{},
|
||||||
},
|
},
|
||||||
"unretrievable accounts are ignored": {
|
"unretrievable accounts are ignored": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(multiValSecret), makeSecret(secret1)},
|
secrets: []HashicorpSecretConfig{makeSecret(multiValSecret), makeSecret(secret1)},
|
||||||
wantAccts: []accounts.Account{
|
wantAccts: []accounts.Account{
|
||||||
{Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d")},
|
{Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d")},
|
||||||
},
|
},
|
||||||
|
@ -649,7 +649,7 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrieved(t *testing.T) {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
wltConfig := HashicorpWalletConfig{
|
wltConfig := HashicorpWalletConfig{
|
||||||
Client: HashicorpClientConfig{
|
Client: HashicorpClientConfig{
|
||||||
Url: vaultServer.URL,
|
Url: vaultServer.URL,
|
||||||
VaultPollingIntervalMillis: 1,
|
VaultPollingIntervalMillis: 1,
|
||||||
},
|
},
|
||||||
Secrets: tt.secrets,
|
Secrets: tt.secrets,
|
||||||
|
@ -707,7 +707,7 @@ func TestVaultWallet_Open_Hashicorp_AccountsRetrievedWhenVaultAvailable(t *testi
|
||||||
// use an incorrect vault url to simulate an inaccessible vault
|
// use an incorrect vault url to simulate an inaccessible vault
|
||||||
wltConfig := HashicorpWalletConfig{
|
wltConfig := HashicorpWalletConfig{
|
||||||
Client: HashicorpClientConfig{
|
Client: HashicorpClientConfig{
|
||||||
Url: "http://incorrecturl:1",
|
Url: "http://incorrecturl:1",
|
||||||
VaultPollingIntervalMillis: 1,
|
VaultPollingIntervalMillis: 1,
|
||||||
},
|
},
|
||||||
Secrets: []HashicorpSecretConfig{
|
Secrets: []HashicorpSecretConfig{
|
||||||
|
@ -826,11 +826,11 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedIndefinitelyWhenEnabled(
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
secretEngine = "kv"
|
secretEngine = "kv"
|
||||||
key1 = "key1"
|
key1 = "key1"
|
||||||
key2 = "key2"
|
key2 = "key2"
|
||||||
addr1 = "addr1"
|
addr1 = "addr1"
|
||||||
addr2 = "addr2"
|
addr2 = "addr2"
|
||||||
multiValSecret = "multiValSec"
|
multiValSecret = "multiValSec"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -870,7 +870,7 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedIndefinitelyWhenEnabled(
|
||||||
|
|
||||||
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, multiValSecret), func(w http.ResponseWriter, r *http.Request) {
|
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, multiValSecret), func(w http.ResponseWriter, r *http.Request) {
|
||||||
body := makeVaultResponse(map[string]string{
|
body := makeVaultResponse(map[string]string{
|
||||||
"key": "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1",
|
"key": "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1",
|
||||||
"otherKey": "4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9",
|
"otherKey": "4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9",
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -880,22 +880,22 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedIndefinitelyWhenEnabled(
|
||||||
vaultServer := httptest.NewServer(mux)
|
vaultServer := httptest.NewServer(mux)
|
||||||
defer vaultServer.Close()
|
defer vaultServer.Close()
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
secrets []HashicorpSecretConfig
|
secrets []HashicorpSecretConfig
|
||||||
wantKeys []*ecdsa.PrivateKey
|
wantKeys []*ecdsa.PrivateKey
|
||||||
}{
|
}{
|
||||||
"key retrieved": {
|
"key retrieved": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(addr1, key1)},
|
secrets: []HashicorpSecretConfig{makeSecret(addr1, key1)},
|
||||||
wantKeys: []*ecdsa.PrivateKey{
|
wantKeys: []*ecdsa.PrivateKey{
|
||||||
makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"),
|
makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"key not retrieved when vault secret has multiple values": {
|
"key not retrieved when vault secret has multiple values": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(addr1, multiValSecret)},
|
secrets: []HashicorpSecretConfig{makeSecret(addr1, multiValSecret)},
|
||||||
wantKeys: []*ecdsa.PrivateKey{},
|
wantKeys: []*ecdsa.PrivateKey{},
|
||||||
},
|
},
|
||||||
"unretrievable keys are ignored": {
|
"unretrievable keys are ignored": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(addr1, multiValSecret), makeSecret(addr2, key2)},
|
secrets: []HashicorpSecretConfig{makeSecret(addr1, multiValSecret), makeSecret(addr2, key2)},
|
||||||
wantKeys: []*ecdsa.PrivateKey{
|
wantKeys: []*ecdsa.PrivateKey{
|
||||||
makeKey("4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9"),
|
makeKey("4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9"),
|
||||||
},
|
},
|
||||||
|
@ -903,7 +903,7 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedIndefinitelyWhenEnabled(
|
||||||
"keys retrieved regardless of vault secrets keyvalue key": {
|
"keys retrieved regardless of vault secrets keyvalue key": {
|
||||||
secrets: []HashicorpSecretConfig{makeSecret(addr1, key1), makeSecret(addr2, key2)},
|
secrets: []HashicorpSecretConfig{makeSecret(addr1, key1), makeSecret(addr2, key2)},
|
||||||
wantKeys: []*ecdsa.PrivateKey{
|
wantKeys: []*ecdsa.PrivateKey{
|
||||||
makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"), makeKey("4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9"),
|
makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"), makeKey("4762e04d10832808a0aebdaa79c12de54afbe006bfffd228b3abcc494fe986f9"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -934,7 +934,6 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedIndefinitelyWhenEnabled(
|
||||||
|
|
||||||
keyHandlersMap := w.vault.(*hashicorpService).keyHandlers
|
keyHandlersMap := w.vault.(*hashicorpService).keyHandlers
|
||||||
|
|
||||||
|
|
||||||
gotKeys := getRetrievedKeys(keyHandlersMap)
|
gotKeys := getRetrievedKeys(keyHandlersMap)
|
||||||
|
|
||||||
if !keysEqual(tt.wantKeys, gotKeys) {
|
if !keysEqual(tt.wantKeys, gotKeys) {
|
||||||
|
@ -1016,12 +1015,12 @@ func TestVaultWallet_Open_Hashicorp_PrivateKeysRetrievedWhenEnabledAndVaultAvail
|
||||||
}))
|
}))
|
||||||
defer vaultServer.Close()
|
defer vaultServer.Close()
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
storePrivateKeys bool
|
storePrivateKeys bool
|
||||||
wantKeys []*ecdsa.PrivateKey
|
wantKeys []*ecdsa.PrivateKey
|
||||||
}{
|
}{
|
||||||
"disabled": {storePrivateKeys: false, wantKeys: []*ecdsa.PrivateKey{}},
|
"disabled": {storePrivateKeys: false, wantKeys: []*ecdsa.PrivateKey{}},
|
||||||
"enabled": {storePrivateKeys: true, wantKeys: []*ecdsa.PrivateKey{makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")}},
|
"enabled": {storePrivateKeys: true, wantKeys: []*ecdsa.PrivateKey{makeKey("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")}},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, tt := range tests {
|
for name, tt := range tests {
|
||||||
|
@ -1107,8 +1106,8 @@ func TestVaultWallet_Open_Hashicorp_RetrievalLoopsStopWhenAllSecretsRetrieved(t
|
||||||
|
|
||||||
const (
|
const (
|
||||||
secretEngine = "kv"
|
secretEngine = "kv"
|
||||||
addrName = "addr1"
|
addrName = "addr1"
|
||||||
keyName = "key1"
|
keyName = "key1"
|
||||||
)
|
)
|
||||||
|
|
||||||
var getAddrCount, getKeyCount int
|
var getAddrCount, getKeyCount int
|
||||||
|
@ -1250,19 +1249,19 @@ func TestVaultWallet_Contains(t *testing.T) {
|
||||||
return accounts.Account{Address: common.StringToAddress(addr), URL: u}
|
return accounts.Account{Address: common.StringToAddress(addr), URL: u}
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
accts []accounts.Account
|
accts []accounts.Account
|
||||||
toFind accounts.Account
|
toFind accounts.Account
|
||||||
want bool
|
want bool
|
||||||
}{
|
}{
|
||||||
"same addr and url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", "http://url:1"), want: true},
|
"same addr and url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", "http://url:1"), want: true},
|
||||||
"same addr no url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", ""), want: true},
|
"same addr no url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", ""), want: true},
|
||||||
"multiple": {accts: []accounts.Account{makeAcct("addr1", "http://url:1"), makeAcct("addr2", "http://url:2")}, toFind: makeAcct("addr2", "http://url:2"), want: true},
|
"multiple": {accts: []accounts.Account{makeAcct("addr1", "http://url:1"), makeAcct("addr2", "http://url:2")}, toFind: makeAcct("addr2", "http://url:2"), want: true},
|
||||||
"same addr diff url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", "http://url:2"), want: false},
|
"same addr diff url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr1", "http://url:2"), want: false},
|
||||||
"diff addr same url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", "http://url:1"), want: false},
|
"diff addr same url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", "http://url:1"), want: false},
|
||||||
"diff addr no url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", ""), want: false},
|
"diff addr no url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", ""), want: false},
|
||||||
"diff addr diff url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", "http://url:2"), want: false},
|
"diff addr diff url": {accts: []accounts.Account{makeAcct("addr1", "http://url:1")}, toFind: makeAcct("addr2", "http://url:2"), want: false},
|
||||||
"no accts": {toFind: makeAcct("addr1", "http://url:1"), want: false},
|
"no accts": {toFind: makeAcct("addr1", "http://url:1"), want: false},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, tt := range tests {
|
for name, tt := range tests {
|
||||||
|
@ -1301,7 +1300,7 @@ func TestVaultWallet_SignHash_Hashicorp_SignsWithInMemoryKeyIfAvailableAndDoesNo
|
||||||
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: addr,
|
Address: addr,
|
||||||
URL: url,
|
URL: url,
|
||||||
}
|
}
|
||||||
|
|
||||||
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
||||||
|
@ -1498,7 +1497,7 @@ func TestVaultWallet_SignHash_Hashicorp_SignsWithKeyFromVaultAndDoesNotStoreInMe
|
||||||
|
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d"),
|
Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d"),
|
||||||
URL: accounts.URL{Scheme: "http", Path: "url:1"},
|
URL: accounts.URL{Scheme: "http", Path: "url:1"},
|
||||||
}
|
}
|
||||||
|
|
||||||
hexKey := "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"
|
hexKey := "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"
|
||||||
|
@ -1512,15 +1511,15 @@ func TestVaultWallet_SignHash_Hashicorp_SignsWithKeyFromVaultAndDoesNotStoreInMe
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -1561,7 +1560,7 @@ func TestVaultWallet_SignTx_Hashicorp_UsesDifferentSigners(t *testing.T) {
|
||||||
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: addr,
|
Address: addr,
|
||||||
URL: url,
|
URL: url,
|
||||||
}
|
}
|
||||||
|
|
||||||
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
||||||
|
@ -1591,15 +1590,15 @@ func TestVaultWallet_SignTx_Hashicorp_UsesDifferentSigners(t *testing.T) {
|
||||||
return tx
|
return tx
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := map[string]struct{
|
tests := map[string]struct {
|
||||||
toSign *types.Transaction
|
toSign *types.Transaction
|
||||||
signer types.Signer
|
signer types.Signer
|
||||||
chainID *big.Int
|
chainID *big.Int
|
||||||
}{
|
}{
|
||||||
"private tx no chainID uses QuorumPrivateTxSigner": {toSign: makePrivateTx(), signer: types.QuorumPrivateTxSigner{}},
|
"private tx no chainID uses QuorumPrivateTxSigner": {toSign: makePrivateTx(), signer: types.QuorumPrivateTxSigner{}},
|
||||||
"private tx and chainID uses QuorumPrivateTxSigner": {toSign: makePrivateTx(), signer: types.QuorumPrivateTxSigner{}, chainID: big.NewInt(1)},
|
"private tx and chainID uses QuorumPrivateTxSigner": {toSign: makePrivateTx(), signer: types.QuorumPrivateTxSigner{}, chainID: big.NewInt(1)},
|
||||||
"public tx no chainID uses HomesteadSigner": {toSign: makePublicTx(), signer: types.HomesteadSigner{}},
|
"public tx no chainID uses HomesteadSigner": {toSign: makePublicTx(), signer: types.HomesteadSigner{}},
|
||||||
"public tx and chainID uses EIP155Signer": {toSign: makePublicTx(), signer: types.NewEIP155Signer(big.NewInt(1)), chainID: big.NewInt(1)},
|
"public tx and chainID uses EIP155Signer": {toSign: makePublicTx(), signer: types.NewEIP155Signer(big.NewInt(1)), chainID: big.NewInt(1)},
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, tt := range tests {
|
for name, tt := range tests {
|
||||||
|
@ -1653,7 +1652,7 @@ func TestVaultWallet_SignTx_Hashicorp_SignsWithInMemoryKeyIfAvailableAndDoesNotZ
|
||||||
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
url := accounts.URL{Scheme: "http", Path: "url:1"}
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: addr,
|
Address: addr,
|
||||||
URL: url,
|
URL: url,
|
||||||
}
|
}
|
||||||
|
|
||||||
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
key, err := crypto.HexToECDSA("e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1")
|
||||||
|
@ -1870,7 +1869,7 @@ func TestVaultWallet_SignTx_Hashicorp_SignsWithKeyFromVaultAndDoesNotStoreInMemo
|
||||||
|
|
||||||
acct := accounts.Account{
|
acct := accounts.Account{
|
||||||
Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d"),
|
Address: common.HexToAddress("ed9d02e382b34818e88b88a309c7fe71e65f419d"),
|
||||||
URL: accounts.URL{Scheme: "http", Path: "url:1"},
|
URL: accounts.URL{Scheme: "http", Path: "url:1"},
|
||||||
}
|
}
|
||||||
|
|
||||||
hexKey := "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"
|
hexKey := "e6181caaffff94a09d7e332fc8da9884d99902c7874eb74354bdcadf411929f1"
|
||||||
|
@ -1884,15 +1883,15 @@ func TestVaultWallet_SignTx_Hashicorp_SignsWithKeyFromVaultAndDoesNotStoreInMemo
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -1967,15 +1966,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_StoresKeyInMemoryThenZeroesAfterSpeci
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2004,7 +2003,7 @@ func TestVaultWallet_TimedUnlock_Hashicorp_StoresKeyInMemoryThenZeroesAfterSpeci
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep to allow the unlock to time out
|
// sleep to allow the unlock to time out
|
||||||
time.Sleep(2*d)
|
time.Sleep(2 * d)
|
||||||
|
|
||||||
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
||||||
|
|
||||||
|
@ -2042,15 +2041,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_IfAlreadyUnlockedThenOverridesExistin
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2065,7 +2064,7 @@ func TestVaultWallet_TimedUnlock_Hashicorp_IfAlreadyUnlockedThenOverridesExistin
|
||||||
|
|
||||||
d := 50 * time.Millisecond
|
d := 50 * time.Millisecond
|
||||||
|
|
||||||
if err := w.TimedUnlock(a, 10 * d); err != nil {
|
if err := w.TimedUnlock(a, 10*d); err != nil {
|
||||||
t.Fatalf("error unlocking: %v", err)
|
t.Fatalf("error unlocking: %v", err)
|
||||||
}
|
}
|
||||||
time.Sleep(d) // sleep for a short period to apply the first timed unlock
|
time.Sleep(d) // sleep for a short period to apply the first timed unlock
|
||||||
|
@ -2085,8 +2084,8 @@ func TestVaultWallet_TimedUnlock_Hashicorp_IfAlreadyUnlockedThenOverridesExistin
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep to allow the unlock to time out
|
// sleep to allow the unlock to time out
|
||||||
time.Sleep(2*d)
|
time.Sleep(2 * d)
|
||||||
time.Sleep(2*d)
|
time.Sleep(2 * d)
|
||||||
|
|
||||||
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
||||||
|
|
||||||
|
@ -2124,15 +2123,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_IfAlreadyUnlockedThenOverridesExistin
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2165,14 +2164,14 @@ func TestVaultWallet_TimedUnlock_Hashicorp_IfAlreadyUnlockedThenOverridesExistin
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep for longer than initial unlock duration then make sure we can sign indicating the initial unlock was overriden
|
// sleep for longer than initial unlock duration then make sure we can sign indicating the initial unlock was overriden
|
||||||
time.Sleep(3*d)
|
time.Sleep(3 * d)
|
||||||
|
|
||||||
if _, err := w.SignHash(acct, toSign); err != nil {
|
if _, err := w.SignHash(acct, toSign); err != nil {
|
||||||
t.Fatalf("error signing hash: %v", err)
|
t.Fatalf("error signing hash: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep enough time to let the second unlock timeout
|
// sleep enough time to let the second unlock timeout
|
||||||
time.Sleep(6*d)
|
time.Sleep(6 * d)
|
||||||
|
|
||||||
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
||||||
|
|
||||||
|
@ -2210,15 +2209,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_SigningAfterUnlockTimedOutGetsKeyFrom
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2236,7 +2235,7 @@ func TestVaultWallet_TimedUnlock_Hashicorp_SigningAfterUnlockTimedOutGetsKeyFrom
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep to allow the unlock to time out
|
// sleep to allow the unlock to time out
|
||||||
time.Sleep(2*d)
|
time.Sleep(2 * d)
|
||||||
|
|
||||||
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
vaultServiceKey := w.vault.(*hashicorpService).keyHandlers[acct.Address][acct.URL].key
|
||||||
|
|
||||||
|
@ -2288,15 +2287,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_DurationZeroUnlocksIndefinitely(t *te
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2361,15 +2360,15 @@ func TestVaultWallet_TimedUnlock_Hashicorp_TryingToTimedUnlockAnIndefinitelyUnlo
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2392,7 +2391,7 @@ func TestVaultWallet_TimedUnlock_Hashicorp_TryingToTimedUnlockAnIndefinitelyUnlo
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep to make sure that the time out was not applied to the indefinitely unlocked key
|
// sleep to make sure that the time out was not applied to the indefinitely unlocked key
|
||||||
time.Sleep(2*d)
|
time.Sleep(2 * d)
|
||||||
|
|
||||||
toSign := crypto.Keccak256([]byte("to_sign"))
|
toSign := crypto.Keccak256([]byte("to_sign"))
|
||||||
_, err := w.SignHash(acct, toSign)
|
_, err := w.SignHash(acct, toSign)
|
||||||
|
@ -2437,15 +2436,15 @@ func TestVaultWallet_Lock_Hashicorp_LockIndefinitelyUnlockedKey(t *testing.T) {
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2519,15 +2518,15 @@ func TestVaultWallet_Lock_Hashicorp_LockTimedUnlockedKey(t *testing.T) {
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2572,7 +2571,7 @@ func TestVaultWallet_Lock_Hashicorp_LockTimedUnlockedKey(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// sleep for initial timed unlock duration to make sure timed lock was cancelled
|
// sleep for initial timed unlock duration to make sure timed lock was cancelled
|
||||||
time.Sleep(15*d)
|
time.Sleep(15 * d)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestVaultWallet_Lock_Hashicorp_LockAlreadyLockedKeyDoesNothing(t *testing.T) {
|
func TestVaultWallet_Lock_Hashicorp_LockAlreadyLockedKeyDoesNothing(t *testing.T) {
|
||||||
|
@ -2604,15 +2603,15 @@ func TestVaultWallet_Lock_Hashicorp_LockAlreadyLockedKeyDoesNothing(t *testing.T
|
||||||
defer cleanup()
|
defer cleanup()
|
||||||
|
|
||||||
secret := HashicorpSecretConfig{
|
secret := HashicorpSecretConfig{
|
||||||
PrivateKeySecret: "mykey",
|
PrivateKeySecret: "mykey",
|
||||||
PrivateKeySecretVersion: 1,
|
PrivateKeySecretVersion: 1,
|
||||||
SecretEngine: "kv",
|
SecretEngine: "kv",
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
vault: &hashicorpService{
|
vault: &hashicorpService{
|
||||||
client: client,
|
client: client,
|
||||||
accts: []accounts.Account{acct},
|
accts: []accounts.Account{acct},
|
||||||
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
keyHandlers: map[common.Address]map[accounts.URL]*hashicorpKeyHandler{
|
||||||
acct.Address: {
|
acct.Address: {
|
||||||
acct.URL: {
|
acct.URL: {
|
||||||
|
@ -2633,8 +2632,8 @@ func TestVaultWallet_Store_Hashicorp_KeyAndAddressWrittenToVault(t *testing.T) {
|
||||||
|
|
||||||
const (
|
const (
|
||||||
secretEngine = "kv"
|
secretEngine = "kv"
|
||||||
addr1 = "addr1"
|
addr1 = "addr1"
|
||||||
key1 = "key1"
|
key1 = "key1"
|
||||||
)
|
)
|
||||||
|
|
||||||
makeVaultResponse := func(version int) []byte {
|
makeVaultResponse := func(version int) []byte {
|
||||||
|
@ -2659,7 +2658,7 @@ func TestVaultWallet_Store_Hashicorp_KeyAndAddressWrittenToVault(t *testing.T) {
|
||||||
|
|
||||||
const (
|
const (
|
||||||
addrVersion = 2
|
addrVersion = 2
|
||||||
keyVersion = 5
|
keyVersion = 5
|
||||||
)
|
)
|
||||||
|
|
||||||
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, addr1), func(w http.ResponseWriter, r *http.Request) {
|
mux.HandleFunc(fmt.Sprintf("/v1/%s/data/%s", secretEngine, addr1), func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
@ -2719,7 +2718,7 @@ func TestVaultWallet_Store_Hashicorp_KeyAndAddressWrittenToVault(t *testing.T) {
|
||||||
if len(parts) != 2 || parts[0] == "" {
|
if len(parts) != 2 || parts[0] == "" {
|
||||||
t.Fatal("protocol scheme missing")
|
t.Fatal("protocol scheme missing")
|
||||||
}
|
}
|
||||||
return accounts.URL{Scheme: parts[0], Path: parts[1]}
|
return accounts.URL{Scheme: parts[0], Path: parts[1]}
|
||||||
}
|
}
|
||||||
|
|
||||||
w := VaultWallet{
|
w := VaultWallet{
|
||||||
|
@ -2730,9 +2729,9 @@ func TestVaultWallet_Store_Hashicorp_KeyAndAddressWrittenToVault(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
location := HashicorpSecretConfig{
|
location := HashicorpSecretConfig{
|
||||||
AddressSecret: addr1,
|
AddressSecret: addr1,
|
||||||
PrivateKeySecret: key1,
|
PrivateKeySecret: key1,
|
||||||
SecretEngine: secretEngine,
|
SecretEngine: secretEngine,
|
||||||
}
|
}
|
||||||
|
|
||||||
toStore, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader)
|
toStore, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader)
|
||||||
|
|
|
@ -282,7 +282,7 @@ var AppHelpFlagGroups = []flagGroup{
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
var HashicorpVaultFlags = []cli.Flag {
|
var HashicorpVaultFlags = []cli.Flag{
|
||||||
utils.HashicorpFlag,
|
utils.HashicorpFlag,
|
||||||
utils.HashicorpUrlFlag,
|
utils.HashicorpUrlFlag,
|
||||||
utils.HashicorpApproleFlag,
|
utils.HashicorpApproleFlag,
|
||||||
|
@ -293,9 +293,9 @@ var HashicorpVaultFlags = []cli.Flag {
|
||||||
utils.HashicorpNamePrefixFlag,
|
utils.HashicorpNamePrefixFlag,
|
||||||
}
|
}
|
||||||
|
|
||||||
var VaultHelpFlagGroups = []flagGroup {
|
var VaultHelpFlagGroups = []flagGroup{
|
||||||
{
|
{
|
||||||
Name: "HASHICORP VAULT",
|
Name: "HASHICORP VAULT",
|
||||||
Flags: HashicorpVaultFlags,
|
Flags: HashicorpVaultFlags,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -130,7 +130,7 @@ var (
|
||||||
}
|
}
|
||||||
// start quorum
|
// start quorum
|
||||||
HashicorpFlag = cli.BoolFlag{
|
HashicorpFlag = cli.BoolFlag{
|
||||||
Name: "hashicorp",
|
Name: "hashicorp",
|
||||||
Usage: "Store the newly created account in a Hashicorp Vault",
|
Usage: "Store the newly created account in a Hashicorp Vault",
|
||||||
}
|
}
|
||||||
HashicorpUrlFlag = cli.StringFlag{
|
HashicorpUrlFlag = cli.StringFlag{
|
||||||
|
@ -160,7 +160,7 @@ var (
|
||||||
}
|
}
|
||||||
HashicorpNamePrefixFlag = cli.StringFlag{
|
HashicorpNamePrefixFlag = cli.StringFlag{
|
||||||
Name: "hashicorp.nameprefix",
|
Name: "hashicorp.nameprefix",
|
||||||
Usage: "The new address and key will be created with name <prefix>Addr and <prefix>Key respectively. Secrets with the same name in the Vault will be versioned and overwritten.",
|
Usage: "The new address and key will be created with name <prefix>Addr and <prefix>Key respectively. Secrets with the same name in the Vault will be versioned and overwritten.",
|
||||||
}
|
}
|
||||||
// end quorum
|
// end quorum
|
||||||
NetworkIdFlag = cli.Uint64Flag{
|
NetworkIdFlag = cli.Uint64Flag{
|
||||||
|
@ -1090,21 +1090,21 @@ func SetNodeConfig(ctx *cli.Context, cfg *node.Config) {
|
||||||
// setHashicorpVault uses CLI options to set the config for a single Vault with a single key (Quorum)
|
// setHashicorpVault uses CLI options to set the config for a single Vault with a single key (Quorum)
|
||||||
func setHashicorpVault(ctx *cli.Context, cfg *node.Config) {
|
func setHashicorpVault(ctx *cli.Context, cfg *node.Config) {
|
||||||
c := vault.HashicorpClientConfig{
|
c := vault.HashicorpClientConfig{
|
||||||
Url: ctx.String(HashicorpUrlFlag.Name),
|
Url: ctx.String(HashicorpUrlFlag.Name),
|
||||||
Approle: ctx.String(HashicorpApproleFlag.Name),
|
Approle: ctx.String(HashicorpApproleFlag.Name),
|
||||||
ClientCert: ctx.String(HashicorpClientCertFlag.Name),
|
ClientCert: ctx.String(HashicorpClientCertFlag.Name),
|
||||||
ClientKey: ctx.String(HashicorpClientKeyFlag.Name),
|
ClientKey: ctx.String(HashicorpClientKeyFlag.Name),
|
||||||
CaCert: ctx.String(HashicorpCaCertFlag.Name),
|
CaCert: ctx.String(HashicorpCaCertFlag.Name),
|
||||||
}
|
}
|
||||||
|
|
||||||
s := vault.HashicorpSecretConfig{
|
s := vault.HashicorpSecretConfig{
|
||||||
AddressSecret: fmt.Sprintf("%vAddr", ctx.String(HashicorpNamePrefixFlag.Name)),
|
AddressSecret: fmt.Sprintf("%vAddr", ctx.String(HashicorpNamePrefixFlag.Name)),
|
||||||
PrivateKeySecret: fmt.Sprintf("%vKey", ctx.String(HashicorpNamePrefixFlag.Name)),
|
PrivateKeySecret: fmt.Sprintf("%vKey", ctx.String(HashicorpNamePrefixFlag.Name)),
|
||||||
SecretEngine: ctx.String(HashicorpEngineFlag.Name),
|
SecretEngine: ctx.String(HashicorpEngineFlag.Name),
|
||||||
}
|
}
|
||||||
|
|
||||||
cfg.HashicorpVault = vault.HashicorpWalletConfig{
|
cfg.HashicorpVault = vault.HashicorpWalletConfig{
|
||||||
Client: c,
|
Client: c,
|
||||||
Secrets: []vault.HashicorpSecretConfig{s},
|
Secrets: []vault.HashicorpSecretConfig{s},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue