-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvault_integration_test.go
120 lines (96 loc) · 2.63 KB
/
vault_integration_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main
import (
"fmt"
vault "github.com/hashicorp/vault/api"
"net/http"
"testing"
)
// An easy way to do integration testing of the
// of the setup using a vault instance
//
// You can easily setup an vault instance by running
// docker run --cap-add=IPC_LOCK -d -e VAULT_DEV_ROOT_TOKEN_ID=kubeflow-controller --name=dev-vault -p 8200:8200 vault
//
// TODO: Add a reduced policy for the token instead of root
// TODO: Use the vault-minio image and config it to use the minio plugin
const VAULT_ADDR = "http://localhost:8200"
const VAULT_TOKEN = "kubeflow-controller"
const kubernetesTestPath = "kubernetes"
var minioTestInstances = []string{"minio1", "minio2"}
func shouldRun(t *testing.T) {
response, err := http.Get(VAULT_ADDR)
if err != nil {
t.Fatal(err)
}
if response.StatusCode != 200 {
t.Skipf("Skipping test due to Vault status: %s", response.Status)
}
}
func setupClient(t *testing.T) (*vault.Client, error) {
shouldRun(t)
vc, err := vault.NewClient(&vault.Config{
Address: VAULT_ADDR,
})
if err != nil {
t.Fatal(err)
}
vc.SetToken(VAULT_TOKEN)
return vc, nil
}
func setupVault(t *testing.T, vaultClient *vault.Client) (string, error) {
authMounts, err := vaultClient.Sys().ListAuth()
if err != nil {
t.Fatal(err)
}
if authMounts[fmt.Sprintf("%s/", kubernetesTestPath)] == nil {
err = vaultClient.Sys().EnableAuthWithOptions(kubernetesTestPath, &vault.EnableAuthOptions{
Type: kubernetesTestPath,
})
if err != nil {
t.Fatal(err)
}
}
if authMounts["oidc/"] == nil {
err = vaultClient.Sys().EnableAuthWithOptions("oidc", &vault.EnableAuthOptions{
Type: "oidc",
})
if err != nil {
t.Fatal(err)
}
}
authMounts, err = vaultClient.Sys().ListAuth()
if err != nil {
t.Fatal(err)
}
return authMounts["oidc/"].Accessor, err
}
func TestDoEntity(t *testing.T) {
vaultClient, err := setupClient(t)
if err != nil {
t.Fatal(err)
}
vaultConfigurer := NewVaultConfigurer(vaultClient, "", "", minioTestInstances)
id, err := vaultConfigurer.doEntity("jane.doe@test.ca")
if err != nil {
t.Fatal(err)
}
if id == "" {
t.Fail()
}
}
// TODO: Currently has issues with the minio secret backend, requires it to be commented out. :(
func TestConfigureVaultForProfile(t *testing.T) {
vaultClient, err := setupClient(t)
if err != nil {
t.Fatal(err)
}
oidcAccessor, err := setupVault(t, vaultClient)
if err != nil {
t.Fatal(err)
}
vaultConfigurer := NewVaultConfigurer(vaultClient, kubernetesTestPath, oidcAccessor, minioTestInstances)
err = vaultConfigurer.ConfigVaultForProfile("random-test45", "jeremy.smith@test.ca", []string{"mandy.doe@test.ca"})
if err != nil {
t.Fatal(err)
}
}