diff --git a/macaroons/store_test.go b/macaroons/store_test.go index a9a49edda..83692b627 100644 --- a/macaroons/store_test.go +++ b/macaroons/store_test.go @@ -16,6 +16,10 @@ var ( defaultRootKeyIDContext = macaroons.ContextWithRootKeyID( context.Background(), macaroons.DefaultRootKeyID, ) + + nonDefaultRootKeyIDContext = macaroons.ContextWithRootKeyID( + context.Background(), []byte{1}, + ) ) // newTestStore creates a new bolt DB in a temporary directory and then @@ -132,7 +136,9 @@ func TestStore(t *testing.T) { } // TestStoreGenerateNewRootKey tests that a root key can be replaced with a new -// one in the store without changing the password. +// one in the store without changing the password. Also demonstrate that at the +// moment, only the default root key will be replaced. This is a bug that will +// be fixed in an upcoming commit. func TestStoreGenerateNewRootKey(t *testing.T) { _, store := newTestStore(t) @@ -140,23 +146,35 @@ func TestStoreGenerateNewRootKey(t *testing.T) { err := store.GenerateNewRootKey() require.Equal(t, macaroons.ErrStoreLocked, err) - // Unlock the store and read the current key. + // Unlock the store. pw := []byte("weks") err = store.CreateUnlock(&pw) require.NoError(t, err) - oldRootKey, _, err := store.RootKey(defaultRootKeyIDContext) + + // Read the default root key. + oldRootKey1, _, err := store.RootKey(defaultRootKeyIDContext) require.NoError(t, err) - // Replace the root key with a new random key. + // Read the non-default root-key. + oldRootKey2, _, err := store.RootKey(nonDefaultRootKeyIDContext) + require.NoError(t, err) + + // Attempt to replace the root keys with new random keys. err = store.GenerateNewRootKey() require.NoError(t, err) - // Finally, read the root key from the DB and compare it to the one + // Finally, read both root keys from the DB and compare them to the ones // we got returned earlier. This makes sure that the encryption/ // decryption of the key in the DB worked as expected too. - newRootKey, _, err := store.RootKey(defaultRootKeyIDContext) + // Currently, this is only successful for the default root key and not + // for non-default key. This will be fixed in an upcoming commit. + newRootKey1, _, err := store.RootKey(defaultRootKeyIDContext) require.NoError(t, err) - require.NotEqual(t, oldRootKey, newRootKey) + require.NotEqual(t, oldRootKey1, newRootKey1) + + newRootKey2, _, err := store.RootKey(nonDefaultRootKeyIDContext) + require.NoError(t, err) + require.Equal(t, oldRootKey2, newRootKey2) } // TestStoreSetRootKey tests that a root key can be set to a specified value.