forked from cleanshavenalex/pvc
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvault_integration_test.go
More file actions
117 lines (102 loc) · 2.59 KB
/
vault_integration_test.go
File metadata and controls
117 lines (102 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package pvc
import (
"bytes"
"crypto/rand"
"encoding/base64"
"log"
"os"
"testing"
)
const (
testSecretPath = "secret/development/test_value"
)
var testvb = vaultBackend{
host: os.Getenv("TEST_VAULT_ADDR"),
token: os.Getenv("VAULT_TEST_TOKEN"),
authRetries: 3,
authRetryDelaySecs: 1,
}
func testGetVaultClient(t *testing.T) vaultIO {
vc, err := newVaultClient(&testvb)
if err != nil {
log.Fatalf("error creating client: %v", err)
}
return vc
}
func TestVaultIntegrationTokenAuth(t *testing.T) {
if testvb.host == "" {
t.Skipf("TEST_VAULT_ADDR undefined, skipping")
return
}
vc := testGetVaultClient(t)
err := vc.TokenAuth(testvb.token)
if err != nil {
log.Fatalf("error authenticating: %v", err)
}
}
func TestVaultIntegrationAppRoleAuth(t *testing.T) {
if testvb.host == "" {
t.Skipf("TEST_VAULT_ADDR undefined, skipping")
return
}
vc := testGetVaultClient(t)
err := vc.AppRoleAuth("")
if err != nil {
log.Fatalf("error authenticating: %v", err)
}
}
func TestVaultIntegrationGetValue(t *testing.T) {
if testvb.host == "" {
t.Skipf("TEST_VAULT_ADDR undefined, skipping")
return
}
vc := testGetVaultClient(t)
err := vc.TokenAuth(testvb.token)
if err != nil {
t.Fatalf("error authenticating: %v", err)
}
s, err := vc.GetValue(testSecretPath)
if err != nil {
t.Fatalf("error getting value: %v", err)
}
if string(s) != "foo" {
t.Fatalf("bad value: %v (expected 'foo')", string(s))
}
}
// Write a random binary value to vault, then verify that when we read it back
// it's base64-encoded and equal to the input bytes
func TestVaultIntegrationGetBinaryValue(t *testing.T) {
// This sets up the Vault client
if testvb.host == "" {
t.Skipf("TEST_VAULT_ADDR undefined, skipping")
return
}
vc := testGetVaultClient(t)
err := vc.TokenAuth(testvb.token)
if err != nil {
t.Fatalf("error authenticating: %v", err)
}
// write a random binary value
path := "secret/binval"
key := DefaultVaultValueKey
bsrc := make([]byte, 32)
if n, err := rand.Read(bsrc); err != nil || n != len(bsrc) {
t.Fatalf("error reading random bytes: %v bytes read: %v", n, err)
}
_, err = vc.(*vaultClient).client.Logical().Write(path, map[string]interface{}{
key: bsrc,
})
if err != nil {
t.Fatalf("error writing binary value: %v", err)
}
// retrieve the value
got, err := vc.GetValue(path)
if err != nil {
t.Fatalf("error getting value: %v", err)
}
// base64 decode
s2, _ := base64.StdEncoding.DecodeString(string(got))
if !bytes.Equal(s2, bsrc) {
t.Fatalf("bad value: length %v (wanted 32), bytes not equal: %v", len(s2), string(s2))
}
}