2018-07-25 02:02:27 +00:00
|
|
|
package config
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/go-test/deep"
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
ctconfig "github.com/hashicorp/consul-template/config"
|
2020-05-14 13:19:27 +00:00
|
|
|
"github.com/hashicorp/vault/internalshared/configutil"
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/helper/pointerutil"
|
2018-07-25 02:02:27 +00:00
|
|
|
)
|
|
|
|
|
2019-02-15 01:10:36 +00:00
|
|
|
func TestLoadConfigFile_AgentCache(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache.hcl")
|
2019-02-15 01:10:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "unix",
|
|
|
|
Address: "/path/to/socket",
|
|
|
|
TLSDisable: true,
|
|
|
|
SocketMode: "configmode",
|
|
|
|
SocketUser: "configuser",
|
|
|
|
SocketGroup: "configgroup",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8400",
|
|
|
|
TLSKeyFile: "/path/to/cakey.pem",
|
|
|
|
TLSCertFile: "/path/to/cacert.pem",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2019-02-15 01:10:36 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Sinks: []*Sink{
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
2019-02-15 01:10:36 +00:00
|
|
|
Type: "file",
|
|
|
|
DHType: "curve25519",
|
|
|
|
DHPath: "/tmp/file-foo-dhpath",
|
|
|
|
AAD: "foobar",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Cache: &Cache{
|
2020-02-14 21:48:12 +00:00
|
|
|
UseAutoAuthToken: true,
|
|
|
|
UseAutoAuthTokenRaw: true,
|
|
|
|
ForceAutoAuthToken: false,
|
2019-03-15 18:58:53 +00:00
|
|
|
},
|
2019-02-28 22:29:28 +00:00
|
|
|
Vault: &Vault{
|
2019-04-13 07:44:06 +00:00
|
|
|
Address: "http://127.0.0.1:1111",
|
|
|
|
CACert: "config_ca_cert",
|
|
|
|
CAPath: "config_ca_path",
|
|
|
|
TLSSkipVerifyRaw: interface{}("true"),
|
|
|
|
TLSSkipVerify: true,
|
|
|
|
ClientCert: "config_client_cert",
|
|
|
|
ClientKey: "config_client_key",
|
2019-02-28 22:29:28 +00:00
|
|
|
},
|
2019-02-15 01:10:36 +00:00
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
|
|
|
config.Listeners[1].RawConfig = nil
|
|
|
|
config.Listeners[2].RawConfig = nil
|
2019-02-15 01:10:36 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err = LoadConfig("./test-fixtures/config-cache-embedded-type.hcl")
|
2019-02-15 01:10:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
2019-04-13 07:44:06 +00:00
|
|
|
expected.Vault.TLSSkipVerifyRaw = interface{}(true)
|
2019-02-15 01:10:36 +00:00
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
|
|
|
config.Listeners[1].RawConfig = nil
|
|
|
|
config.Listeners[2].RawConfig = nil
|
2019-02-15 01:10:36 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-25 02:02:27 +00:00
|
|
|
func TestLoadConfigFile(t *testing.T) {
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
if err := os.Setenv("TEST_AAD_ENV", "aad"); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
defer func() {
|
|
|
|
if err := os.Unsetenv("TEST_AAD_ENV"); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
}()
|
2018-07-25 02:02:27 +00:00
|
|
|
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err := LoadConfig("./test-fixtures/config.hcl")
|
2018-07-25 02:02:27 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2018-07-25 02:02:27 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
2019-07-03 07:33:20 +00:00
|
|
|
Namespace: "my-namespace/",
|
2018-07-25 02:02:27 +00:00
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Sinks: []*Sink{
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
2018-07-25 02:02:27 +00:00
|
|
|
Type: "file",
|
|
|
|
DHType: "curve25519",
|
|
|
|
DHPath: "/tmp/file-foo-dhpath",
|
|
|
|
AAD: "foobar",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-foo",
|
|
|
|
},
|
|
|
|
},
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
2018-07-25 02:02:27 +00:00
|
|
|
Type: "file",
|
|
|
|
WrapTTL: 5 * time.Minute,
|
|
|
|
DHType: "curve25519",
|
|
|
|
DHPath: "/tmp/file-foo-dhpath2",
|
|
|
|
AAD: "aad",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-bar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err = LoadConfig("./test-fixtures/config-embedded-type.hcl")
|
2018-07-25 02:02:27 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
2019-03-15 18:58:53 +00:00
|
|
|
|
2019-04-05 20:12:54 +00:00
|
|
|
func TestLoadConfigFile_Method_Wrapping(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err := LoadConfig("./test-fixtures/config-method-wrapping.hcl")
|
2019-04-05 20:12:54 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2019-04-05 20:12:54 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
WrapTTL: 5 * time.Minute,
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Sinks: []*Sink{
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
2019-04-05 20:12:54 +00:00
|
|
|
Type: "file",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-03-15 18:58:53 +00:00
|
|
|
func TestLoadConfigFile_AgentCache_NoAutoAuth(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache-no-auto_auth.hcl")
|
2019-03-15 18:58:53 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
|
|
|
Cache: &Cache{},
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
2019-03-15 18:58:53 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
2019-03-15 18:58:53 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_Bad_AgentCache_InconsisentAutoAuth(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-cache-inconsistent-auto_auth.hcl")
|
2019-03-15 18:58:53 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when use_auto_auth_token=true and no auto_auth section present")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-02-14 21:48:12 +00:00
|
|
|
func TestLoadConfigFile_Bad_AgentCache_ForceAutoAuthNoMethod(t *testing.T) {
|
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-cache-inconsistent-auto_auth.hcl")
|
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when use_auto_auth_token=true and no auto_auth section present")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-03-15 18:58:53 +00:00
|
|
|
func TestLoadConfigFile_Bad_AgentCache_NoListeners(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-cache-no-listeners.hcl")
|
2019-03-15 18:58:53 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when cache section present and no listeners present")
|
|
|
|
}
|
|
|
|
}
|
2019-04-01 20:26:41 +00:00
|
|
|
|
2019-04-05 20:12:54 +00:00
|
|
|
func TestLoadConfigFile_Bad_AutoAuth_Wrapped_Multiple_Sinks(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-auto_auth-wrapped-multiple-sinks")
|
2019-04-05 20:12:54 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when auth_auth.method.wrap_ttl nonzero and multiple sinks defined")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_Bad_AutoAuth_Both_Wrapping_Types(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-method-wrapping-and-sink-wrapping.hcl")
|
2019-04-05 20:12:54 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when auth_auth.method.wrap_ttl nonzero and sinks.wrap_ttl nonzero")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_Bad_AgentCache_AutoAuth_Method_wrapping(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
_, err := LoadConfig("./test-fixtures/bad-config-cache-auto_auth-method-wrapping.hcl")
|
2019-04-05 20:12:54 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatal("LoadConfig should return an error when auth_auth.method.wrap_ttl nonzero and cache.use_auto_auth_token=true")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-04-01 20:26:41 +00:00
|
|
|
func TestLoadConfigFile_AgentCache_AutoAuth_NoSink(t *testing.T) {
|
2019-09-19 20:03:30 +00:00
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache-auto_auth-no-sink.hcl")
|
2019-04-01 20:26:41 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2019-04-01 20:26:41 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Cache: &Cache{
|
2020-02-14 21:48:12 +00:00
|
|
|
UseAutoAuthToken: true,
|
|
|
|
UseAutoAuthTokenRaw: true,
|
|
|
|
ForceAutoAuthToken: false,
|
2020-01-30 15:08:42 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
2020-01-30 15:08:42 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_AgentCache_AutoAuth_Force(t *testing.T) {
|
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache-auto_auth-force.hcl")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2020-01-30 15:08:42 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Cache: &Cache{
|
2020-02-14 21:48:12 +00:00
|
|
|
UseAutoAuthToken: true,
|
|
|
|
UseAutoAuthTokenRaw: "force",
|
|
|
|
ForceAutoAuthToken: true,
|
2020-01-30 15:08:42 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
2020-01-30 15:08:42 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_AgentCache_AutoAuth_True(t *testing.T) {
|
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache-auto_auth-true.hcl")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2020-01-30 15:08:42 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Cache: &Cache{
|
2020-02-14 21:48:12 +00:00
|
|
|
UseAutoAuthToken: true,
|
|
|
|
UseAutoAuthTokenRaw: "true",
|
|
|
|
ForceAutoAuthToken: false,
|
2020-01-30 15:08:42 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
2020-01-30 15:08:42 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestLoadConfigFile_AgentCache_AutoAuth_False(t *testing.T) {
|
|
|
|
config, err := LoadConfig("./test-fixtures/config-cache-auto_auth-false.hcl")
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
Listeners: []*configutil.Listener{
|
|
|
|
{
|
|
|
|
Type: "tcp",
|
|
|
|
Address: "127.0.0.1:8300",
|
|
|
|
TLSDisable: true,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
2020-01-30 15:08:42 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Sinks: []*Sink{
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
2020-01-30 15:08:42 +00:00
|
|
|
Type: "file",
|
|
|
|
DHType: "curve25519",
|
|
|
|
DHPath: "/tmp/file-foo-dhpath",
|
|
|
|
AAD: "foobar",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Cache: &Cache{
|
2020-02-14 21:48:12 +00:00
|
|
|
UseAutoAuthToken: false,
|
|
|
|
UseAutoAuthTokenRaw: "false",
|
|
|
|
ForceAutoAuthToken: false,
|
2019-04-01 20:26:41 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2020-05-14 13:19:27 +00:00
|
|
|
config.Listeners[0].RawConfig = nil
|
2019-04-01 20:26:41 +00:00
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
}
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
|
|
|
|
// TestLoadConfigFile_Template tests template definitions in Vault Agent
|
|
|
|
func TestLoadConfigFile_Template(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
|
|
|
fixturePath string
|
|
|
|
expectedTemplates []*ctconfig.TemplateConfig
|
|
|
|
}{
|
|
|
|
"min": {
|
|
|
|
fixturePath: "./test-fixtures/config-template-min.hcl",
|
|
|
|
expectedTemplates: []*ctconfig.TemplateConfig{
|
|
|
|
&ctconfig.TemplateConfig{
|
|
|
|
Source: pointerutil.StringPtr("/path/on/disk/to/template.ctmpl"),
|
|
|
|
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"full": {
|
|
|
|
fixturePath: "./test-fixtures/config-template-full.hcl",
|
|
|
|
expectedTemplates: []*ctconfig.TemplateConfig{
|
|
|
|
&ctconfig.TemplateConfig{
|
|
|
|
Backup: pointerutil.BoolPtr(true),
|
|
|
|
Command: pointerutil.StringPtr("restart service foo"),
|
|
|
|
CommandTimeout: pointerutil.TimeDurationPtr("60s"),
|
|
|
|
Contents: pointerutil.StringPtr("{{ keyOrDefault \"service/redis/maxconns@east-aws\" \"5\" }}"),
|
|
|
|
CreateDestDirs: pointerutil.BoolPtr(true),
|
|
|
|
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"),
|
|
|
|
ErrMissingKey: pointerutil.BoolPtr(true),
|
|
|
|
LeftDelim: pointerutil.StringPtr("<<"),
|
|
|
|
Perms: pointerutil.FileModePtr(0655),
|
|
|
|
RightDelim: pointerutil.StringPtr(">>"),
|
|
|
|
SandboxPath: pointerutil.StringPtr("/path/on/disk/where"),
|
|
|
|
|
|
|
|
Wait: &ctconfig.WaitConfig{
|
|
|
|
Min: pointerutil.TimeDurationPtr("10s"),
|
|
|
|
Max: pointerutil.TimeDurationPtr("40s"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"many": {
|
|
|
|
fixturePath: "./test-fixtures/config-template-many.hcl",
|
|
|
|
expectedTemplates: []*ctconfig.TemplateConfig{
|
|
|
|
&ctconfig.TemplateConfig{
|
|
|
|
Source: pointerutil.StringPtr("/path/on/disk/to/template.ctmpl"),
|
|
|
|
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render.txt"),
|
|
|
|
ErrMissingKey: pointerutil.BoolPtr(false),
|
|
|
|
CreateDestDirs: pointerutil.BoolPtr(true),
|
|
|
|
Command: pointerutil.StringPtr("restart service foo"),
|
|
|
|
Perms: pointerutil.FileModePtr(0600),
|
|
|
|
},
|
|
|
|
&ctconfig.TemplateConfig{
|
|
|
|
Source: pointerutil.StringPtr("/path/on/disk/to/template2.ctmpl"),
|
|
|
|
Destination: pointerutil.StringPtr("/path/on/disk/where/template/will/render2.txt"),
|
|
|
|
Backup: pointerutil.BoolPtr(true),
|
|
|
|
Perms: pointerutil.FileModePtr(0755),
|
|
|
|
Wait: &ctconfig.WaitConfig{
|
|
|
|
Min: pointerutil.TimeDurationPtr("2s"),
|
|
|
|
Max: pointerutil.TimeDurationPtr("10s"),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
config, err := LoadConfig(tc.fixturePath)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
expected := &Config{
|
2020-05-14 13:19:27 +00:00
|
|
|
SharedConfig: &configutil.SharedConfig{
|
|
|
|
PidFile: "./pidfile",
|
|
|
|
},
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
AutoAuth: &AutoAuth{
|
|
|
|
Method: &Method{
|
|
|
|
Type: "aws",
|
|
|
|
MountPath: "auth/aws",
|
|
|
|
Namespace: "my-namespace/",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"role": "foobar",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Sinks: []*Sink{
|
2020-05-14 13:19:27 +00:00
|
|
|
{
|
Vault Agent Template (#7652)
* Vault Agent Template: parse templates (#7540)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* Update command/agent/config/config.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* return the decode error instead of swallowing it
* Update command/agent/config/config_test.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* go mod tidy
* change error checking style
* Add agent template doc
* TemplateServer: render secrets with Consul Template (#7621)
* add template config parsing, but it's wrong b/c it's not using mapstructure
* parsing consul templates in agent config
* add additional test to configuration parsing, to cover basics
* another test fixture, rework simple test into table
* refactor into table test
* rename test
* remove flattenKeys and add other test fixture
* add template package
* WIP: add runner
* fix panic, actually copy templates, etc
* rework how the config.Vault is created and enable reading from the environment
* this was supposed to be a part of the prior commit
* move/add methods to testhelpers for converting some values to pointers
* use new methods in testhelpers
* add an unblock channel to block agent until a template has been rendered
* add note
* unblock if there are no templates
* cleanups
* go mod tidy
* remove dead code
* simple test to starT
* add simple, empty templates test
* Update package doc, error logs, and add missing close() on channel
* update code comment to be clear what I'm referring to
* have template.NewServer return a (<- chan) type, even though it's a normal chan, as a better practice to enforce reading only
* Update command/agent.go
Co-Authored-By: Jim Kalafut <jkalafut@hashicorp.com>
* update with test
* Add README and doc.go to the command/agent directory (#7503)
* Add README and doc.go to the command/agent directory
* Add link to website
* address feedback for agent.go
* updated with feedback from Calvin
* Rework template.Server to export the unblock channel, and remove it from the NewServer function
* apply feedback from Nick
* fix/restructure rendering test
* Add pointerutil package for converting types to their pointers
* Remove pointer helper methods; use sdk/helper/pointerutil instead
* update newRunnerConfig to use pointerutil and empty strings
* only wait for unblock if template server is initialized
* drain the token channel in this test
* conditionally send on channel
2019-10-18 21:21:46 +00:00
|
|
|
Type: "file",
|
|
|
|
DHType: "curve25519",
|
|
|
|
DHPath: "/tmp/file-foo-dhpath",
|
|
|
|
AAD: "foobar",
|
|
|
|
Config: map[string]interface{}{
|
|
|
|
"path": "/tmp/file-foo",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Templates: tc.expectedTemplates,
|
|
|
|
}
|
|
|
|
|
|
|
|
if diff := deep.Equal(config, expected); diff != nil {
|
|
|
|
t.Fatal(diff)
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|