open-vault/helper/testhelpers/consul/consulhelper.go

package consul

import (
	"context"
	"os"
	"strings"
	"testing"

	consulapi "github.com/hashicorp/consul/api"
	goversion "github.com/hashicorp/go-version"
	"github.com/hashicorp/vault/helper/testhelpers/docker"
)

type Config struct {
	docker.ServiceHostPort
	Token string
}

func (c *Config) APIConfig() *consulapi.Config {
	apiConfig := consulapi.DefaultConfig()
	apiConfig.Address = c.Address()
	apiConfig.Token = c.Token
	return apiConfig
}

// PrepareTestContainer creates a Consul docker container.  If version is empty,
// the Consul version used will be given by the environment variable
// CONSUL_DOCKER_VERSION, or if that's empty, whatever we've hardcoded as the
// the latest Consul version.
func PrepareTestContainer(t *testing.T, version string, isEnterprise bool, doBootstrapSetup bool) (func(), *Config) {
	t.Helper()

	if retAddress := os.Getenv("CONSUL_HTTP_ADDR"); retAddress != "" {
		shp, err := docker.NewServiceHostPortParse(retAddress)
		if err != nil {
			t.Fatal(err)
		}
		return func() {}, &Config{ServiceHostPort: *shp, Token: os.Getenv("CONSUL_HTTP_TOKEN")}
	}

	config := `acl { enabled = true default_policy = "deny" }`
	if version == "" {
		consulVersion := os.Getenv("CONSUL_DOCKER_VERSION")
		if consulVersion != "" {
			version = consulVersion
		} else {
			version = "1.11.3" // Latest Consul version, update as new releases come out
		}
	}
	if strings.HasPrefix(version, "1.3") {
		config = `datacenter = "test" acl_default_policy = "deny" acl_datacenter = "test" acl_master_token = "test"`
	}

	name := "consul"
	repo := "consul"
	var envVars []string
	// If running the enterprise container, set the appropriate values below.
	if isEnterprise {
		version += "-ent"
		name = "consul-enterprise"
		repo = "docker.mirror.hashicorp.services/hashicorp/consul-enterprise"
		license, hasLicense := os.LookupEnv("CONSUL_LICENSE")
		envVars = append(envVars, "CONSUL_LICENSE="+license)

		if !hasLicense {
			t.Fatalf("Failed to find enterprise license")
		}
	}

	if dockerRepo, hasEnvRepo := os.LookupEnv("CONSUL_DOCKER_REPO"); hasEnvRepo {
		repo = dockerRepo
	}

	runner, err := docker.NewServiceRunner(docker.RunOptions{
		ContainerName: name,
		ImageRepo:     repo,
		ImageTag:      version,
		Env:           envVars,
		Cmd:           []string{"agent", "-dev", "-client", "0.0.0.0", "-hcl", config},
		Ports:         []string{"8500/tcp"},
		AuthUsername:  os.Getenv("CONSUL_DOCKER_USERNAME"),
		AuthPassword:  os.Getenv("CONSUL_DOCKER_PASSWORD"),
	})
	if err != nil {
		t.Fatalf("Could not start docker Consul: %s", err)
	}

	svc, err := runner.StartService(context.Background(), func(ctx context.Context, host string, port int) (docker.ServiceConfig, error) {
		shp := docker.NewServiceHostPort(host, port)
		apiConfig := consulapi.DefaultNonPooledConfig()
		apiConfig.Address = shp.Address()
		consul, err := consulapi.NewClient(apiConfig)
		if err != nil {
			return nil, err
		}

		// Make sure Consul is up
		if _, err = consul.Status().Leader(); err != nil {
			return nil, err
		}

		// For version of Consul < 1.4
		if strings.HasPrefix(version, "1.3") {
			consulToken := "test"
			_, err = consul.KV().Put(&consulapi.KVPair{
				Key:   "setuptest",
				Value: []byte("setuptest"),
			}, &consulapi.WriteOptions{
				Token: consulToken,
			})
			if err != nil {
				return nil, err
			}
			return &Config{
				ServiceHostPort: *shp,
				Token:           consulToken,
			}, nil
		}

		// New default behavior
		var consulToken string
		if doBootstrapSetup {
			aclbootstrap, _, err := consul.ACL().Bootstrap()
			if err != nil {
				return nil, err
			}
			consulToken = aclbootstrap.SecretID
			policy := &consulapi.ACLPolicy{
				Name:        "test",
				Description: "test",
				Rules: `node_prefix "" {
					policy = "write"
				}

				service_prefix "" {
					policy = "read"
				}`,
			}
			q := &consulapi.WriteOptions{
				Token: consulToken,
			}
			_, _, err = consul.ACL().PolicyCreate(policy, q)
			if err != nil {
				return nil, err
			}

			// Create a Consul role that contains the test policy, for Consul 1.5 and newer
			currVersion, _ := goversion.NewVersion(version)
			roleVersion, _ := goversion.NewVersion("1.5")
			if currVersion.GreaterThanOrEqual(roleVersion) {
				ACLList := []*consulapi.ACLTokenRoleLink{{Name: "test"}}

				role := &consulapi.ACLRole{
					Name:        "role-test",
					Description: "consul roles test",
					Policies:    ACLList,
				}

				_, _, err = consul.ACL().RoleCreate(role, q)
				if err != nil {
					return nil, err
				}
			}

			// Configure a namespace and parition if testing enterprise Consul
			if isEnterprise {
				// Namespaces require Consul 1.7 or newer
				namespaceVersion, _ := goversion.NewVersion("1.7")
				if currVersion.GreaterThanOrEqual(namespaceVersion) {
					namespace := &consulapi.Namespace{
						Name:        "ns1",
						Description: "ns1 test",
					}

					_, _, err = consul.Namespaces().Create(namespace, q)
					if err != nil {
						return nil, err
					}

					nsPolicy := &consulapi.ACLPolicy{
						Name:        "ns-test",
						Description: "namespace test",
						Namespace:   "ns1",
						Rules: `service_prefix "" {
							policy = "read"
						}`,
					}
					_, _, err = consul.ACL().PolicyCreate(nsPolicy, q)
					if err != nil {
						return nil, err
					}
				}

				// Partitions require Consul 1.11 or newer
				partitionVersion, _ := goversion.NewVersion("1.11")
				if currVersion.GreaterThanOrEqual(partitionVersion) {
					partition := &consulapi.Partition{
						Name:        "part1",
						Description: "part1 test",
					}

					_, _, err = consul.Partitions().Create(ctx, partition, q)
					if err != nil {
						return nil, err
					}

					partPolicy := &consulapi.ACLPolicy{
						Name:        "part-test",
						Description: "partition test",
						Partition:   "part1",
						Rules: `service_prefix "" {
							policy = "read"
						}`,
					}
					_, _, err = consul.ACL().PolicyCreate(partPolicy, q)
					if err != nil {
						return nil, err
					}
				}
			}
		}

		return &Config{
			ServiceHostPort: *shp,
			Token:           consulToken,
		}, nil
	})
	if err != nil {
		t.Fatalf("Could not start docker Consul: %s", err)
	}

	return svc.Cleanup, svc.Config.(*Config)
}
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`package consul`

			`import (`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`"context"`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`"os"`
			`"strings"`
			`"testing"`

			`consulapi "github.com/hashicorp/consul/api"`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`goversion "github.com/hashicorp/go-version"`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`"github.com/hashicorp/vault/helper/testhelpers/docker"`
			`)`

Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`type Config struct {`
			`docker.ServiceHostPort`
			`Token string`
			`}`

			`func (c Config) APIConfig() consulapi.Config {`
			`apiConfig := consulapi.DefaultConfig()`
			`apiConfig.Address = c.Address()`
			`apiConfig.Token = c.Token`
			`return apiConfig`
			`}`

Define Consul version to test against in one place, and let it be overriden by environment. Exception: some tests that verify interoperability with older Consul versions still specify a version explicitly. (#8901) 2020-04-30 17:06:24 +00:00			`// PrepareTestContainer creates a Consul docker container. If version is empty,`
			`// the Consul version used will be given by the environment variable`
			`// CONSUL_DOCKER_VERSION, or if that's empty, whatever we've hardcoded as the`
			`// the latest Consul version.`
Update Consul bootstrap test case to conditionally add token to config (#16560) * Fix bootstrap test to conditionally add Consul token * Refactor bootstrap variable name to be more clear 2022-08-03 18:43:43 +00:00			`func PrepareTestContainer(t testing.T, version string, isEnterprise bool, doBootstrapSetup bool) (func(), Config) {`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`t.Helper()`

Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`if retAddress := os.Getenv("CONSUL_HTTP_ADDR"); retAddress != "" {`
			`shp, err := docker.NewServiceHostPortParse(retAddress)`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`return func() {}, &Config{ServiceHostPort: *shp, Token: os.Getenv("CONSUL_HTTP_TOKEN")}`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`

			config := `acl { enabled = true default_policy = "deny" }`
Define Consul version to test against in one place, and let it be overriden by environment. Exception: some tests that verify interoperability with older Consul versions still specify a version explicitly. (#8901) 2020-04-30 17:06:24 +00:00			`if version == "" {`
			`consulVersion := os.Getenv("CONSUL_DOCKER_VERSION")`
			`if consulVersion != "" {`
			`version = consulVersion`
			`} else {`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`version = "1.11.3" // Latest Consul version, update as new releases come out`
Define Consul version to test against in one place, and let it be overriden by environment. Exception: some tests that verify interoperability with older Consul versions still specify a version explicitly. (#8901) 2020-04-30 17:06:24 +00:00			`}`
			`}`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`if strings.HasPrefix(version, "1.3") {`
			config = `datacenter = "test" acl_default_policy = "deny" acl_datacenter = "test" acl_master_token = "test"`
			`}`

secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`name := "consul"`
			`repo := "consul"`
			`var envVars []string`
			`// If running the enterprise container, set the appropriate values below.`
			`if isEnterprise {`
			`version += "-ent"`
			`name = "consul-enterprise"`
Use hashicorp mirror for container pulls (#17778) When running the test suite in CI (where requests are centralized from relatively few IPs), we'd occasionally hit Dockerhub's rate limits. Luckily Hashicorp runs a (limited) public mirror of the containers we need, so we can switch to them here in the tests. For consistency between developer and CI, we've opted to have the tests always pull from the Hashicorp mirror, rather than updating the CI runner to prefer the mirror. We exclude nomad and influxdb as we don't presently mirror these repos. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2022-11-02 17:33:17 +00:00			`repo = "docker.mirror.hashicorp.services/hashicorp/consul-enterprise"`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`license, hasLicense := os.LookupEnv("CONSUL_LICENSE")`
			`envVars = append(envVars, "CONSUL_LICENSE="+license)`

			`if !hasLicense {`
			`t.Fatalf("Failed to find enterprise license")`
			`}`
			`}`

			`if dockerRepo, hasEnvRepo := os.LookupEnv("CONSUL_DOCKER_REPO"); hasEnvRepo {`
			`repo = dockerRepo`
Allow for testing Consul with a different repo that requires auth. (#9983) 2020-09-17 17:05:24 +00:00			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`runner, err := docker.NewServiceRunner(docker.RunOptions{`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`ContainerName: name,`
Allow for testing Consul with a different repo that requires auth. (#9983) 2020-09-17 17:05:24 +00:00			`ImageRepo: repo,`
			`ImageTag: version,`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`Env: envVars,`
Allow for testing Consul with a different repo that requires auth. (#9983) 2020-09-17 17:05:24 +00:00			`Cmd: []string{"agent", "-dev", "-client", "0.0.0.0", "-hcl", config},`
			`Ports: []string{"8500/tcp"},`
			`AuthUsername: os.Getenv("CONSUL_DOCKER_USERNAME"),`
			`AuthPassword: os.Getenv("CONSUL_DOCKER_PASSWORD"),`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`})`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`if err != nil {`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`t.Fatalf("Could not start docker Consul: %s", err)`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`

Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`svc, err := runner.StartService(context.Background(), func(ctx context.Context, host string, port int) (docker.ServiceConfig, error) {`
			`shp := docker.NewServiceHostPort(host, port)`
			`apiConfig := consulapi.DefaultNonPooledConfig()`
			`apiConfig.Address = shp.Address()`
			`consul, err := consulapi.NewClient(apiConfig)`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`if err != nil {`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`return nil, err`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`

secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`// Make sure Consul is up`
			`if _, err = consul.Status().Leader(); err != nil {`
			`return nil, err`
			`}`

Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`// For version of Consul < 1.4`
			`if strings.HasPrefix(version, "1.3") {`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`consulToken := "test"`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`_, err = consul.KV().Put(&consulapi.KVPair{`
			`Key: "setuptest",`
			`Value: []byte("setuptest"),`
			`}, &consulapi.WriteOptions{`
			`Token: consulToken,`
			`})`
			`if err != nil {`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`return nil, err`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`return &Config{`
			`ServiceHostPort: *shp,`
			`Token: consulToken,`
			`}, nil`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`

			`// New default behavior`
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`var consulToken string`
Update Consul bootstrap test case to conditionally add token to config (#16560) * Fix bootstrap test to conditionally add Consul token * Refactor bootstrap variable name to be more clear 2022-08-03 18:43:43 +00:00			`if doBootstrapSetup {`
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`aclbootstrap, _, err := consul.ACL().Bootstrap()`
			`if err != nil {`
			`return nil, err`
			`}`
			`consulToken = aclbootstrap.SecretID`
			`policy := &consulapi.ACLPolicy{`
			`Name: "test",`
			`Description: "test",`
			Rules: `node_prefix "" {
			`policy = "write"`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`}`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`service_prefix "" {`
			`policy = "read"`
			}`,
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`}`
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`q := &consulapi.WriteOptions{`
			`Token: consulToken,`
			`}`
			`_, _, err = consul.ACL().PolicyCreate(policy, q)`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`if err != nil {`
			`return nil, err`
			`}`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`// Create a Consul role that contains the test policy, for Consul 1.5 and newer`
			`currVersion, _ := goversion.NewVersion(version)`
			`roleVersion, _ := goversion.NewVersion("1.5")`
			`if currVersion.GreaterThanOrEqual(roleVersion) {`
secrets/consul: Add support for generating tokens with service and node identities (#15295) Co-authored-by: Thomas L. Kula <kula@tproa.net> 2022-05-10 01:07:35 +00:00			`ACLList := []*consulapi.ACLTokenRoleLink{{Name: "test"}}`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`role := &consulapi.ACLRole{`
			`Name: "role-test",`
			`Description: "consul roles test",`
			`Policies: ACLList,`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`_, _, err = consul.ACL().RoleCreate(role, q)`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`if err != nil {`
			`return nil, err`
			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`}`

secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`// Configure a namespace and parition if testing enterprise Consul`
			`if isEnterprise {`
			`// Namespaces require Consul 1.7 or newer`
			`namespaceVersion, _ := goversion.NewVersion("1.7")`
			`if currVersion.GreaterThanOrEqual(namespaceVersion) {`
			`namespace := &consulapi.Namespace{`
			`Name: "ns1",`
			`Description: "ns1 test",`
			`}`

			`_, _, err = consul.Namespaces().Create(namespace, q)`
			`if err != nil {`
			`return nil, err`
			`}`

			`nsPolicy := &consulapi.ACLPolicy{`
			`Name: "ns-test",`
			`Description: "namespace test",`
			`Namespace: "ns1",`
			Rules: `service_prefix "" {
			`policy = "read"`
			}`,
			`}`
			`_, _, err = consul.ACL().PolicyCreate(nsPolicy, q)`
			`if err != nil {`
			`return nil, err`
			`}`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`// Partitions require Consul 1.11 or newer`
			`partitionVersion, _ := goversion.NewVersion("1.11")`
			`if currVersion.GreaterThanOrEqual(partitionVersion) {`
			`partition := &consulapi.Partition{`
			`Name: "part1",`
			`Description: "part1 test",`
			`}`

			`_, _, err = consul.Partitions().Create(ctx, partition, q)`
			`if err != nil {`
			`return nil, err`
			`}`

			`partPolicy := &consulapi.ACLPolicy{`
			`Name: "part-test",`
			`Description: "partition test",`
			`Partition: "part1",`
			Rules: `service_prefix "" {
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`policy = "read"`
			}`,
secrets/consul: Add support to auto-bootstrap Consul ACL system (#10751) * Automatically bootstraps the Consul ACL system if no management token is given on the access config 2022-04-20 22:16:15 +00:00			`}`
			`_, _, err = consul.ACL().PolicyCreate(partPolicy, q)`
			`if err != nil {`
			`return nil, err`
			`}`
secret/consul: Add Consul ACL roles support (#14014) Co-authored-by: Brandon Ingalls <brandon@ingalls.io> 2022-02-17 01:31:08 +00:00			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00			`}`
			`}`

Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`return &Config{`
			`ServiceHostPort: *shp,`
			`Token: consulToken,`
			`}, nil`
			`})`
			`if err != nil {`
			`t.Fatalf("Could not start docker Consul: %s", err)`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`
secret/consul: Add support for consul namespaces and admin partitions (#13850) * Add support for consul namespaces and admin partitions 2022-02-09 21:44:00 +00:00
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 14:01:26 +00:00			`return svc.Cleanup, svc.Config.(*Config)`
Merge multiple functions for creating consul containers into one. (#6612) Merge both functions for creating mongodb containers into one. Add retries to docker container cleanups. Require $VAULT_ACC be set to enable AWS tests. 2019-04-22 16:26:10 +00:00			`}`