118 lines
3.1 KiB
Go
118 lines
3.1 KiB
Go
package api_test
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
"github.com/hashicorp/vault/builtin/logical/pki"
|
|
"github.com/hashicorp/vault/builtin/logical/transit"
|
|
"github.com/hashicorp/vault/logical"
|
|
"github.com/hashicorp/vault/vault"
|
|
|
|
cleanhttp "github.com/hashicorp/go-cleanhttp"
|
|
vaulthttp "github.com/hashicorp/vault/http"
|
|
logxi "github.com/mgutz/logxi/v1"
|
|
dockertest "gopkg.in/ory-am/dockertest.v3"
|
|
)
|
|
|
|
var testVaultServerDefaultBackends = map[string]logical.Factory{
|
|
"transit": transit.Factory,
|
|
"pki": pki.Factory,
|
|
}
|
|
|
|
func testVaultServer(t testing.TB) (*api.Client, func()) {
|
|
return testVaultServerBackends(t, testVaultServerDefaultBackends)
|
|
}
|
|
|
|
func testVaultServerBackends(t testing.TB, backends map[string]logical.Factory) (*api.Client, func()) {
|
|
handlers := []http.Handler{
|
|
http.NewServeMux(),
|
|
http.NewServeMux(),
|
|
http.NewServeMux(),
|
|
}
|
|
|
|
coreConfig := &vault.CoreConfig{
|
|
DisableMlock: true,
|
|
DisableCache: true,
|
|
Logger: logxi.NullLog,
|
|
LogicalBackends: backends,
|
|
}
|
|
|
|
// Chicken-and-egg: Handler needs a core. So we create handlers first, then
|
|
// add routes chained to a Handler-created handler.
|
|
cores := vault.TestCluster(t, handlers, coreConfig, true)
|
|
for i, core := range cores {
|
|
handlers[i].(*http.ServeMux).Handle("/", vaulthttp.Handler(core.Core))
|
|
}
|
|
|
|
// make it easy to get access to the active
|
|
core := cores[0].Core
|
|
vault.TestWaitActive(t, core)
|
|
|
|
rootToken := cores[0].Root
|
|
address := fmt.Sprintf("https://127.0.0.1:%d", cores[1].Listeners[0].Address.Port)
|
|
|
|
config := api.DefaultConfig()
|
|
config.Address = address
|
|
config.HttpClient = cleanhttp.DefaultClient()
|
|
config.HttpClient.Transport.(*http.Transport).TLSClientConfig = cores[0].TLSConfig
|
|
client, err := api.NewClient(config)
|
|
if err != nil {
|
|
t.Fatalf("error creating vault cluster: %s", err)
|
|
}
|
|
client.SetToken(rootToken)
|
|
|
|
// Sanity check
|
|
secret, err := client.Auth().Token().LookupSelf()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if secret == nil || secret.Data["id"].(string) != rootToken {
|
|
t.Fatalf("token mismatch: %#v vs %q", secret, rootToken)
|
|
}
|
|
|
|
return client, func() {
|
|
for _, core := range cores {
|
|
defer core.CloseListeners()
|
|
}
|
|
}
|
|
}
|
|
|
|
// testPostgresDB creates a testing postgres database in a Docker container,
|
|
// returning the connection URL and the associated closer function.
|
|
func testPostgresDB(t testing.TB) (string, func()) {
|
|
pool, err := dockertest.NewPool("")
|
|
if err != nil {
|
|
t.Fatalf("postgresdb: failed to connect to docker: %s", err)
|
|
}
|
|
|
|
resource, err := pool.Run("postgres", "latest", []string{
|
|
"POSTGRES_PASSWORD=secret",
|
|
"POSTGRES_DB=database",
|
|
})
|
|
if err != nil {
|
|
t.Fatalf("postgresdb: could not start container: %s", err)
|
|
}
|
|
|
|
addr := fmt.Sprintf("postgres://postgres:secret@localhost:%s/database?sslmode=disable", resource.GetPort("5432/tcp"))
|
|
|
|
if err := pool.Retry(func() error {
|
|
db, err := sql.Open("postgres", addr)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return db.Ping()
|
|
}); err != nil {
|
|
t.Fatalf("postgresdb: could not connect: %s", err)
|
|
}
|
|
|
|
return addr, func() {
|
|
if err := pool.Purge(resource); err != nil {
|
|
t.Fatalf("postgresdb: failed to cleanup container: %s", err)
|
|
}
|
|
}
|
|
}
|