diff --git a/test/integration/datasources_vault.bats b/test/integration/datasources_vault.bats index ba799cef9..08c5b61eb 100644 --- a/test/integration/datasources_vault.bats +++ b/test/integration/datasources_vault.bats @@ -3,6 +3,7 @@ load helper function setup () { + unset VAULT_TOKEN cat <& /dev/null path "*" { policy = "write" @@ -14,12 +15,11 @@ path "*" { } EOF tmpdir=$(mktemp -d) - orig_vault_token=$VAULT_TOKEN } function teardown () { rm -rf $tmpdir - VAULT_TOKEN=$orig_vault_token + unset VAULT_TOKEN vault delete secret/foo vault auth-disable userpass vault auth-disable userpass2 @@ -27,22 +27,23 @@ function teardown () { vault auth-disable approle2 vault auth-disable app-id vault auth-disable app-id2 + vault policy-delete writepol + vault policy-delete readpol } @test "Testing token vault auth" { vault write secret/foo value="$BATS_TEST_DESCRIPTION" - VAULT_TOKEN=$(vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -r .auth.client_token) - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_TOKEN=$(vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -j .auth.client_token) + VAULT_TOKEN=$VAULT_TOKEN gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @test "Testing token vault auth using file" { vault write secret/foo value="$BATS_TEST_DESCRIPTION" - vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -r .auth.client_token > $tmpdir/token - VAULT_TOKEN_FILE=$tmpdir/token + vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -j .auth.client_token > $tmpdir/token unset VAULT_TOKEN - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_TOKEN_FILE=$tmpdir/token gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -51,9 +52,7 @@ function teardown () { vault write secret/foo value="$BATS_TEST_DESCRIPTION" vault auth-enable userpass vault write auth/userpass/users/dave password=foo ttl=30s policies=readpol - VAULT_AUTH_USERNAME=dave - VAULT_AUTH_PASSWORD=foo - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_AUTH_USERNAME=dave VAULT_AUTH_PASSWORD=foo gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -64,9 +63,7 @@ function teardown () { vault write auth/userpass/users/dave password=foo ttl=30s policies=readpol echo -n "dave" > $tmpdir/username echo -n "foo" > $tmpdir/password - VAULT_AUTH_USERNAME_FILE=$tmpdir/username - VAULT_AUTH_PASSWORD_FILE=$tmpdir/password - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_AUTH_USERNAME_FILE=$tmpdir/username VAULT_AUTH_PASSWORD_FILE=$tmpdir/password gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -75,10 +72,7 @@ function teardown () { vault write secret/foo value="$BATS_TEST_DESCRIPTION" vault auth-enable -path=userpass2 userpass vault write auth/userpass2/users/dave password=foo ttl=30s policies=readpol - VAULT_AUTH_USERPASS_MOUNT=userpass2 - VAULT_AUTH_USERNAME=dave - VAULT_AUTH_PASSWORD=foo - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_AUTH_USERPASS_MOUNT=userpass2 VAULT_AUTH_USERNAME=dave VAULT_AUTH_PASSWORD=foo gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -89,7 +83,7 @@ function teardown () { vault write auth/approle/role/testrole secret_id_ttl=30s token_ttl=35s token_max_ttl=3m secret_id_num_uses=1 policies=readpol VAULT_ROLE_ID=$(vault read -field role_id auth/approle/role/testrole/role-id) VAULT_SECRET_ID=$(vault write -f -field=secret_id auth/approle/role/testrole/secret-id) - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_ROLE_ID=$VAULT_ROLE_ID VAULT_SECRET_ID=$VAULT_SECRET_ID gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -100,8 +94,7 @@ function teardown () { vault write auth/approle2/role/testrole secret_id_ttl=30s token_ttl=35s token_max_ttl=3m secret_id_num_uses=1 policies=readpol VAULT_ROLE_ID=$(vault read -field role_id auth/approle2/role/testrole/role-id) VAULT_SECRET_ID=$(vault write -f -field=secret_id auth/approle2/role/testrole/secret-id) - VAULT_AUTH_APPROLE_MOUNT=approle2 - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_AUTH_APPROLE_MOUNT=approle2 VAULT_ROLE_ID=$VAULT_ROLE_ID VAULT_SECRET_ID=$VAULT_SECRET_ID gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -109,11 +102,9 @@ function teardown () { @test "Testing app-id vault auth" { vault write secret/foo value="$BATS_TEST_DESCRIPTION" vault auth-enable app-id - vault write auth/app-id/map/app-id/testappid value=pol display_name=test_app_id + vault write auth/app-id/map/app-id/testappid value=readpol display_name=test_app_id vault write auth/app-id/map/user-id/testuserid value=testappid - VAULT_APP_ID=testappid - VAULT_USER_ID=testuserid - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_APP_ID=testappid VAULT_USER_ID=testuserid gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } @@ -122,13 +113,10 @@ function teardown () { vault write secret/foo value="$BATS_TEST_DESCRIPTION" vault auth-enable -path=app-id2 app-id - vault write auth/app-id2/map/app-id/testappid value=pol display_name=test_app_id + vault write auth/app-id2/map/app-id/testappid value=readpol display_name=test_app_id vault write auth/app-id2/map/user-id/testuserid value=testappid - VAULT_APP_ID=testappid - VAULT_USER_ID=testuserid - VAULT_AUTH_APPID_MOUNT=approle2 - gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' + VAULT_APP_ID=testappid VAULT_USER_ID=testuserid VAULT_AUTH_APP_ID_MOUNT=app-id2 gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}' [ "$status" -eq 0 ] [[ "${output}" == "$BATS_TEST_DESCRIPTION" ]] } diff --git a/test/integration/test.sh b/test/integration/test.sh index 443179d1c..270c1cdac 100755 --- a/test/integration/test.sh +++ b/test/integration/test.sh @@ -8,9 +8,9 @@ set -euo pipefail # TODO: export these in a bats helper, as well as only launch vault in a vault helper export VAULT_ADDR=http://127.0.0.1:8200 -export VAULT_TOKEN=00000000-1111-2222-3333-444455556666 +export VAULT_ROOT_TOKEN=00000000-1111-2222-3333-444455556666 # fire up vault in dev mode for the vault tests -vault server -dev -dev-root-token-id=${VAULT_TOKEN} -log-level=err >&/dev/null & +vault server -dev -dev-root-token-id=${VAULT_ROOT_TOKEN} -log-level=err >&/dev/null & bats $(dirname $0)