Skip to content

Commit

Permalink
Fixing up some poorly-written (and incorrect) integration tests
Browse files Browse the repository at this point in the history
Signed-off-by: Dave Henderson <[email protected]>
  • Loading branch information
hairyhenderson committed May 1, 2017
1 parent 9c9d105 commit 51eaed6
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 31 deletions.
46 changes: 17 additions & 29 deletions test/integration/datasources_vault.bats
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
load helper

function setup () {
unset VAULT_TOKEN
cat <<EOF | vault policy-write writepol - >& /dev/null
path "*" {
policy = "write"
Expand All @@ -14,35 +15,35 @@ path "*" {
}
EOF
tmpdir=$(mktemp -d)
orig_vault_token=$VAULT_TOKEN
}

function teardown () {
rm -rf $tmpdir
VAULT_TOKEN=$orig_vault_token
unset VAULT_TOKEN
vault delete secret/foo
vault auth-disable userpass
vault auth-disable userpass2
vault auth-disable approle
vault auth-disable approle2
vault auth-disable app-id
vault auth-disable app-id2
vault policy-delete writepol
vault policy-delete readpol
}

@test "Testing token vault auth" {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
VAULT_TOKEN=$(vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -r .auth.client_token)
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_TOKEN=$(vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -j .auth.client_token)
VAULT_TOKEN=$VAULT_TOKEN gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}

@test "Testing token vault auth using file" {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -r .auth.client_token > $tmpdir/token
VAULT_TOKEN_FILE=$tmpdir/token
vault token-create -format=json -policy=readpol -use-limit=1 -ttl=1m | jq -j .auth.client_token > $tmpdir/token
unset VAULT_TOKEN
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_TOKEN_FILE=$tmpdir/token gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -51,9 +52,7 @@ function teardown () {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
vault auth-enable userpass
vault write auth/userpass/users/dave password=foo ttl=30s policies=readpol
VAULT_AUTH_USERNAME=dave
VAULT_AUTH_PASSWORD=foo
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_AUTH_USERNAME=dave VAULT_AUTH_PASSWORD=foo gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -64,9 +63,7 @@ function teardown () {
vault write auth/userpass/users/dave password=foo ttl=30s policies=readpol
echo -n "dave" > $tmpdir/username
echo -n "foo" > $tmpdir/password
VAULT_AUTH_USERNAME_FILE=$tmpdir/username
VAULT_AUTH_PASSWORD_FILE=$tmpdir/password
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_AUTH_USERNAME_FILE=$tmpdir/username VAULT_AUTH_PASSWORD_FILE=$tmpdir/password gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -75,10 +72,7 @@ function teardown () {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
vault auth-enable -path=userpass2 userpass
vault write auth/userpass2/users/dave password=foo ttl=30s policies=readpol
VAULT_AUTH_USERPASS_MOUNT=userpass2
VAULT_AUTH_USERNAME=dave
VAULT_AUTH_PASSWORD=foo
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_AUTH_USERPASS_MOUNT=userpass2 VAULT_AUTH_USERNAME=dave VAULT_AUTH_PASSWORD=foo gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -89,7 +83,7 @@ function teardown () {
vault write auth/approle/role/testrole secret_id_ttl=30s token_ttl=35s token_max_ttl=3m secret_id_num_uses=1 policies=readpol
VAULT_ROLE_ID=$(vault read -field role_id auth/approle/role/testrole/role-id)
VAULT_SECRET_ID=$(vault write -f -field=secret_id auth/approle/role/testrole/secret-id)
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_ROLE_ID=$VAULT_ROLE_ID VAULT_SECRET_ID=$VAULT_SECRET_ID gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -100,20 +94,17 @@ function teardown () {
vault write auth/approle2/role/testrole secret_id_ttl=30s token_ttl=35s token_max_ttl=3m secret_id_num_uses=1 policies=readpol
VAULT_ROLE_ID=$(vault read -field role_id auth/approle2/role/testrole/role-id)
VAULT_SECRET_ID=$(vault write -f -field=secret_id auth/approle2/role/testrole/secret-id)
VAULT_AUTH_APPROLE_MOUNT=approle2
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_AUTH_APPROLE_MOUNT=approle2 VAULT_ROLE_ID=$VAULT_ROLE_ID VAULT_SECRET_ID=$VAULT_SECRET_ID gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}

@test "Testing app-id vault auth" {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
vault auth-enable app-id
vault write auth/app-id/map/app-id/testappid value=pol display_name=test_app_id
vault write auth/app-id/map/app-id/testappid value=readpol display_name=test_app_id
vault write auth/app-id/map/user-id/testuserid value=testappid
VAULT_APP_ID=testappid
VAULT_USER_ID=testuserid
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_APP_ID=testappid VAULT_USER_ID=testuserid gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand All @@ -122,13 +113,10 @@ function teardown () {
vault write secret/foo value="$BATS_TEST_DESCRIPTION"
vault auth-enable -path=app-id2 app-id

vault write auth/app-id2/map/app-id/testappid value=pol display_name=test_app_id
vault write auth/app-id2/map/app-id/testappid value=readpol display_name=test_app_id
vault write auth/app-id2/map/user-id/testuserid value=testappid

VAULT_APP_ID=testappid
VAULT_USER_ID=testuserid
VAULT_AUTH_APPID_MOUNT=approle2
gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
VAULT_APP_ID=testappid VAULT_USER_ID=testuserid VAULT_AUTH_APP_ID_MOUNT=app-id2 gomplate -d vault=vault:///secret -i '{{(datasource "vault" "foo").value}}'
[ "$status" -eq 0 ]
[[ "${output}" == "$BATS_TEST_DESCRIPTION" ]]
}
Expand Down
4 changes: 2 additions & 2 deletions test/integration/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ set -euo pipefail

# TODO: export these in a bats helper, as well as only launch vault in a vault helper
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=00000000-1111-2222-3333-444455556666
export VAULT_ROOT_TOKEN=00000000-1111-2222-3333-444455556666

# fire up vault in dev mode for the vault tests
vault server -dev -dev-root-token-id=${VAULT_TOKEN} -log-level=err >&/dev/null &
vault server -dev -dev-root-token-id=${VAULT_ROOT_TOKEN} -log-level=err >&/dev/null &

bats $(dirname $0)

0 comments on commit 51eaed6

Please sign in to comment.