aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c2bc19c71f'
${ noResults }
boundary/testing/internal/e2e/vault/vault.go

117 lines
3.5 KiB
Raw Blame History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
// Package vault provides methods for commonly used vault actions that are used in end-to-end tests.
package vault
import (
"context"
"fmt"
"os"
"path/filepath"
"testing"
"github.com/hashicorp/boundary/testing/internal/e2e"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/stretchr/testify/require"
)
// CreateTokenResponse parses the json response from running `vault token create`
type CreateTokenResponse struct {
Auth struct {
Client_Token string
}
}
// Setup verifies if appropriate credentials are set and adds the boundary controller
// policy to vault. Returns the vault address.
func Setup(t testing.TB, boundaryControllerFilePath string) (boundaryPolicyName string, kvPolicyFilePath string) {
// Set up boundary policy
boundaryPolicyFilePath, err := filepath.Abs(boundaryControllerFilePath)
require.NoError(t, err)
boundaryPolicyName = WritePolicy(t, context.Background(), boundaryPolicyFilePath)
// Create kv policy
kvPolicyFilePath = fmt.Sprintf("%s/%s", t.TempDir(), "kv-policy.hcl")
_, err = os.Create(kvPolicyFilePath)
require.NoError(t, err)
return
}
// CreateKvPrivateKeyCredential creates a private key credential in vault and creates a vault policy
// to be able to read that credential. Returns the name of the policy.
func CreateKvPrivateKeyCredential(t testing.TB, secretPath string, user string, keyPath string, kvPolicyFilePath string) string {
secretName, err := base62.Random(16)
require.NoError(t, err)
// Update policy file
f, err := os.OpenFile(kvPolicyFilePath, os.O_APPEND|os.O_WRONLY, 0o644)
require.NoError(t, err)
_, err = f.WriteString(fmt.Sprintf("path \"%s/data/%s\" { capabilities = [\"read\"] }\n",
secretPath,
secretName,
))
require.NoError(t, err)
// Create secret
output := e2e.RunCommand(context.Background(), "vault",
e2e.WithArgs(
"kv", "put",
"-mount", secretPath,
secretName,
"username="+user,
"private_key=@"+keyPath,
),
)
require.NoError(t, output.Err, string(output.Stderr))
return secretName
}
// CreateKvPasswordCredential creates a username/password credential in vault and creates a vault
// policy to be able to read that credential. Returns the name of the policy
func CreateKvPasswordCredential(t testing.TB, secretPath string, user string, kvPolicyFilePath string) (secretName string, password string) {
secretName, err := base62.Random(16)
require.NoError(t, err)
// Update policy file
f, err := os.OpenFile(kvPolicyFilePath, os.O_APPEND|os.O_WRONLY, 0o644)
require.NoError(t, err)
_, err = f.WriteString(fmt.Sprintf("path \"%s/data/%s\" { capabilities = [\"read\"] }\n",
secretPath,
secretName,
))
require.NoError(t, err)
// Create secret
password, err = base62.Random(16)
require.NoError(t, err)
output := e2e.RunCommand(context.Background(), "vault",
e2e.WithArgs(
"kv", "put",
"-mount", secretPath,
secretName,
"username="+user,
"password="+password,
),
)
require.NoError(t, output.Err, string(output.Stderr))
return
}
// WritePolicy adds a policy to vault. Provide a name for the policy that you want to create as well
// as the path to the file that contains the policy definition. Returns a policy name
func WritePolicy(t testing.TB, ctx context.Context, policyFilePath string) string {
policyName, err := base62.Random(16)
require.NoError(t, err)
output := e2e.RunCommand(ctx, "vault",
e2e.WithArgs("policy", "write", policyName, policyFilePath),
)
require.NoError(t, output.Err, string(output.Stderr))
return policyName
}
Reference in new issue View Git Blame Copy Permalink