ci: integrate k3s

Cargo.toml

@@ -21,4 +21,4 @@ predicates = "3.1.0"
 reqwest = { version = "0.12.5", features = ["json"] }
 serde_json = "1.0.120"
 testcontainers = { version = "0.20.0", features = ["blocking"] }
-testcontainers-modules = { version = "0.8.0", features = ["blocking", "hashicorp_vault", "postgres"] }
+testcontainers-modules = { version = "0.8.0", features = ["blocking", "hashicorp_vault", "k3s", "postgres"] }

tests/common/mod.rs

@@ -4,23 +4,33 @@ use std::io::Write;
 
 use testcontainers::{Container, ImageExt};
 use testcontainers_modules::hashicorp_vault::HashicorpVault;
+use testcontainers_modules::k3s::K3s;
 use testcontainers_modules::postgres::Postgres;
 use testcontainers_modules::testcontainers::runners::SyncRunner;
 
+pub(crate) fn k3s_container() -> Container<K3s> {
+    K3s::default()
+        .with_conf_mount(&temp_dir())
+        .with_privileged(true)
+        .with_userns_mode("host")
+        .start()
+        .expect("Failed to launch k3s")
+}
+
 pub(crate) fn postgres_container() -> Container<Postgres> {
     Postgres::default()
         .with_env_var("POSTGRES_DB", "demo")
         .with_env_var("POSTGRES_USER", "demo")
         .with_env_var("POSTGRES_PASSWORD", "demo_password")
         .start()
-        .expect("PostgreSQL database started")
+        .expect("Failed to launch PostgreSQL database")
 }
 
 pub(crate) fn vault_container() -> Container<HashicorpVault> {
     HashicorpVault::default()
         .with_env_var("VAULT_DEV_ROOT_TOKEN_ID", "root-token")
         .start()
-        .expect("Vault started")
+        .expect("Failed to launch Vault")
 }
 
 pub(crate) fn write_string_to_tempfile(content: &str) -> String {

tests/rotate.rs

@@ -34,10 +34,7 @@ struct VaultSecretDTO {
 
 #[test]
 fn rotate_secrets() {
-    let vault_container = common::vault_container();
-
-    let vault_host = vault_container.get_host().unwrap();
-    let vault_port = vault_container.get_host_port_ipv4(8200).unwrap();
+    let k3s_container = common::k3s_container();
 
     let postgres_container = common::postgres_container();
 
@@ -47,6 +44,11 @@ fn rotate_secrets() {
         .unwrap()
         .to_string();
 
+    let vault_container = common::vault_container();
+
+    let vault_host = vault_container.get_host().unwrap();
+    let vault_port = vault_container.get_host_port_ipv4(8200).unwrap();
+
     let http_client = Client::new();
     let url = format!("http://{vault_host}:{vault_port}/v1/secret/data/rotate/secrets");
 
@@ -141,11 +143,6 @@ vault:
 
 #[test]
 fn rotate_invalid_initialized_secret() {
-    let vault_container = common::vault_container();
-
-    let vault_host = vault_container.get_host().unwrap();
-    let vault_port = vault_container.get_host_port_ipv4(8200).unwrap();
-
     let postgres_container = common::postgres_container();
 
     let postgres_host = postgres_container.get_host().unwrap().to_string();
@@ -154,6 +151,11 @@ fn rotate_invalid_initialized_secret() {
         .unwrap()
         .to_string();
 
+    let vault_container = common::vault_container();
+
+    let vault_host = vault_container.get_host().unwrap();
+    let vault_port = vault_container.get_host_port_ipv4(8200).unwrap();
+
     let http_client = Client::new();
     let url = format!(
         "http://{vault_host}:{vault_port}/v1/secret/data/rotate/invalid/initialized/secret"