[QT-309] Ensure environment variables are populated before proceeding (#17915)

* Ensure environment variables are populated before proceeding

* DRY up credNames var

builtin/credential/okta/backend_test.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	log "github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/policyutil"
@@ -35,6 +36,15 @@ func TestBackend_Config(t *testing.T) {
 	if os.Getenv("VAULT_ACC") == "" {
 		t.SkipNow()
 	}
+
+	// Ensure each cred is populated.
+	credNames := []string{
+		"OKTA_USERNAME",
+		"OKTA_PASSWORD",
+		"OKTA_API_TOKEN",
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	defaultLeaseTTLVal := time.Hour * 12
 	maxLeaseTTLVal := time.Hour * 24
 	b, err := Factory(context.Background(), &logical.BackendConfig{

command/agent/alicloud_end_to_end_test.go

@@ -20,6 +20,7 @@ import (
 	agentalicloud "github.com/hashicorp/vault/command/agent/auth/alicloud"
 	"github.com/hashicorp/vault/command/agent/sink"
 	"github.com/hashicorp/vault/command/agent/sink/file"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -37,6 +38,14 @@ func TestAliCloudEndToEnd(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	credNames := []string{
+		envVarAlicloudAccessKey,
+		envVarAlicloudSecretKey,
+		envVarAlicloudRoleArn,
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{
 		Logger: logger,

command/agent/aws_end_to_end_test.go

@@ -19,6 +19,7 @@ import (
 	agentaws "github.com/hashicorp/vault/command/agent/auth/aws"
 	"github.com/hashicorp/vault/command/agent/sink"
 	"github.com/hashicorp/vault/command/agent/sink/file"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	vaulthttp "github.com/hashicorp/vault/http"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -47,6 +48,14 @@ func TestAWSEndToEnd(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	credNames := []string{
+		envVarAwsTestAccessKey,
+		envVarAwsTestSecretKey,
+		envVarAwsTestRoleArn,
+	}
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	logger := logging.NewVaultLogger(hclog.Trace)
 	coreConfig := &vault.CoreConfig{
 		Logger: logger,

helper/testhelpers/testhelpers.go

@@ -9,6 +9,8 @@ import (
 	"io/ioutil"
 	"math/rand"
 	"net/url"
+	"os"
+	"strings"
 	"sync/atomic"
 	"time"
 
@@ -974,3 +976,13 @@ func SetupLoginMFATOTP(t testing.T, client *api.Client) (*api.Client, string, st
 	SetupMFALoginEnforcement(t, client, enforcementConfig)
 	return entityClient, entityID, methodID
 }
+
+func SkipUnlessEnvVarsSet(t testing.T, envVars []string) {
+	t.Helper()
+
+	for _, i := range envVars {
+		if os.Getenv(i) == "" {
+			t.Skipf("%s must be set for this test to run", strings.Join(envVars, " "))
+		}
+	}
+}

plugins/database/redshift/redshift_test.go

@@ -11,6 +11,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/vault/helper/testhelpers"
 	dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing"
 	"github.com/hashicorp/vault/sdk/helper/dbtxn"
@@ -41,6 +42,12 @@ var (
 	keyRedshiftUser     = "REDSHIFT_USER"
 	keyRedshiftPassword = "REDSHIFT_PASSWORD"
 
+	credNames = []string{
+		keyRedshiftURL,
+		keyRedshiftUser,
+		keyRedshiftPassword,
+	}
+
 	vaultACC = "VAULT_ACC"
 )
 
@@ -70,6 +77,9 @@ func TestRedshift_Initialize(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, _, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -108,6 +118,9 @@ func TestRedshift_NewUser(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -158,6 +171,9 @@ func TestRedshift_NewUser_NoCreationStatement_ShouldError(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, _, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -201,6 +217,9 @@ func TestRedshift_UpdateUser_Expiration(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -261,6 +280,9 @@ func TestRedshift_UpdateUser_Password(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -315,6 +337,9 @@ func TestRedshift_DeleteUser(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -380,6 +405,9 @@ func TestRedshift_DefaultUsernameTemplate(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)
@@ -428,6 +456,9 @@ func TestRedshift_CustomUsernameTemplate(t *testing.T) {
 		t.SkipNow()
 	}
 
+	// Ensure each cred is populated.
+	testhelpers.SkipUnlessEnvVarsSet(t, credNames)
+
 	connURL, url, _, _, err := redshiftEnv()
 	if err != nil {
 		t.Fatal(err)