vault

package

v0.30.0 Latest Latest Go to latest Published: Aug 26, 2023 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/orlangure/gnomock

Links

Open Source Insights

README ¶

Gnomock Vault

Gnomock vault is a Gnomock preset for running tests against a real vault container, without mocks.

The test below starts a vault server with:

with a policy policy1 configured
with root-token set as root token
with an additional token written in a temporary file that has only the default policy
with an additional kubernetes secrets engine mounted on k8s_cluster1

package vault_test

import (
	"fmt"
	"os"
	"testing"

	"github.com/hashicorp/vault/api"
	"github.com/orlangure/gnomock"
	"github.com/orlangure/gnomock/preset/vault"
	"github.com/stretchr/testify/require"
)

func TestVault(t *testing.T) {
	const policy = `
path "sys/mounts" {
  capabilities = ["list", "read"]
}

path "secret/*" {
  capabilities = ["list", "create"]
}

path "secret/data/*" {
  capabilities = ["create", "read"]
}

path "secret/metadata/*" {
  capabilities = ["list"]
}
`

	tmpFile, err := os.CreateTemp("", "token")
	require.NoError(t, err)

	defer func() {
		_ = os.Remove(tmpFile.Name())
	}()

	p := vault.Preset(
		vault.WithVersion("latest"),
		vault.WithAuthToken("root-token"),
		vault.WithAuth([]vault.Auth{
			{
				Path: "k8s_cluster1",
				Type: "kubernetes",
			},
		}),
		vault.WithPolicies([]vault.Policy{
			{
				Name: "policy1",
				Data: policy,
			},
		}),
	)

	container, err := gnomock.Start(p)
	require.NoError(t, err)

	defer func() { require.NoError(t, gnomock.Stop(container)) }()

	vaultConfig := api.DefaultConfig()
	vaultConfig.Address = fmt.Sprintf("http://%s", container.DefaultAddress())

	cli, err := api.NewClient(vaultConfig)
	require.NoError(t, err)
	cli.SetToken("root-token")

	_, err = cli.Sys().Health()
	require.NoError(t, err)
}

Documentation ¶

Overview ¶

Package vault includes vault implementation of Gnomock Preset interface. This Preset can be passed to gnomock.Start() function to create a configured vault container to use in tests.

Index ¶

func Client(c *gnomock.Container, token string) (*api.Client, error)
func CreateToken(c *gnomock.Container, rootToken string, policies ...string) (string, error)
func Preset(opts ...Option) gnomock.Preset
type Auth
type Option
type P
type Policy

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Client ¶

func Client(c *gnomock.Container, token string) (*api.Client, error)

Client creates a configured vault client for the provided container and token.

func CreateToken ¶

func CreateToken(c *gnomock.Container, rootToken string, policies ...string) (string, error)

CreateToken creates an additional access token with the provided policies. Use the same password you provided with the WithAuthToken option.

func Preset ¶

func Preset(opts ...Option) gnomock.Preset

Preset creates a new Gmomock Vault preset. This preset includes a vault specific healthcheck function and default vault image and port.

Types ¶

type Auth ¶

type Auth struct {
	Path string `json:"path"`
	Type string `json:"type"`
}

Auth represents a vault authorization.

type Option ¶

type Option func(*P)

Option is an optional configuration of this Gnomock preset. Use available Options to configure the container.

func WithAuth ¶

func WithAuth(auth []Auth) Option

WithAuth enables new vault authorizations endpoints.

func WithAuthToken ¶

func WithAuthToken(token string) Option

WithAuthToken sets authentication (root) token to be used to connect to this container.

func WithPolicies ¶

func WithPolicies(policies []Policy) Option

WithPolicies configures vault with the provided policies.

func WithVersion ¶

func WithVersion(version string) Option

WithVersion sets image version.

type P ¶

type P struct {
	Version   string   `json:"version"`
	AuthToken string   `json:"auth_token"`
	Auth      []Auth   `json:"auth"`
	Policies  []Policy `json:"policies"`
}

P is a Gnomock Preset implementation for vault.

func (*P) Image ¶

func (p *P) Image() string

Image returns an image that should be pulled to create this container.

func (*P) Options ¶

func (p *P) Options() []gnomock.Option

Options returns a list of options to configure this container.

func (*P) Ports ¶

func (p *P) Ports() gnomock.NamedPorts

Ports returns ports that should be used to access this container.

type Policy ¶

type Policy struct {
	Name string `json:"name"`
	Data string `json:"data"`
}

Policy is a vault policy.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL