Add support for docker testclusters (#20247)

builtin/credential/radius/backend_test.go

@@ -13,8 +13,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
+	"github.com/hashicorp/vault/sdk/helper/docker"
 	"github.com/hashicorp/vault/sdk/logical"
 )
 

builtin/logical/nomad/backend_test.go

@@ -14,7 +14,7 @@ import (
 
 	nomadapi "github.com/hashicorp/nomad/api"
 	"github.com/hashicorp/vault/helper/testhelpers"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
+	"github.com/hashicorp/vault/sdk/helper/docker"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/mitchellh/mapstructure"
 )

builtin/logical/pkiext/nginx_test.go

@@ -17,11 +17,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/hashicorp/vault/builtin/logical/pki"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
-
 	"github.com/hashicorp/go-uuid"
-
+	"github.com/hashicorp/vault/builtin/logical/pki"
+	"github.com/hashicorp/vault/sdk/helper/docker"
 	"github.com/stretchr/testify/require"
 )
 
@@ -232,7 +230,7 @@ func CheckWithClients(t *testing.T, network string, address string, url string,
 	// Start our service with a random name to not conflict with other
 	// threads.
 	ctx := context.Background()
-	ctr, _, _, err := cwRunner.Start(ctx, true, false)
+	result, err := cwRunner.Start(ctx, true, false)
 	if err != nil {
 		t.Fatalf("Could not start golang container for wget/curl checks: %s", err)
 	}
@@ -258,14 +256,14 @@ func CheckWithClients(t *testing.T, network string, address string, url string,
 		wgetCmd = []string{"wget", "--verbose", "--ca-certificate=/root.pem", "--certificate=/client-cert.pem", "--private-key=/client-privkey.pem", url}
 		curlCmd = []string{"curl", "--verbose", "--cacert", "/root.pem", "--cert", "/client-cert.pem", "--key", "/client-privkey.pem", url}
 	}
-	if err := cwRunner.CopyTo(ctr.ID, "/", certCtx); err != nil {
+	if err := cwRunner.CopyTo(result.Container.ID, "/", certCtx); err != nil {
 		t.Fatalf("Could not copy certificate and key into container: %v", err)
 	}
 
 	for _, cmd := range [][]string{hostPrimeCmd, wgetCmd, curlCmd} {
 		t.Logf("Running client connection command: %v", cmd)
 
-		stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, ctr.ID, cmd)
+		stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
 		if err != nil {
 			t.Fatalf("Could not run command (%v) in container: %v", cmd, err)
 		}
@@ -295,7 +293,7 @@ func CheckDeltaCRL(t *testing.T, network string, address string, url string, roo
 	// Start our service with a random name to not conflict with other
 	// threads.
 	ctx := context.Background()
-	ctr, _, _, err := cwRunner.Start(ctx, true, false)
+	result, err := cwRunner.Start(ctx, true, false)
 	if err != nil {
 		t.Fatalf("Could not start golang container for wget2 delta CRL checks: %s", err)
 	}
@@ -313,14 +311,14 @@ func CheckDeltaCRL(t *testing.T, network string, address string, url string, roo
 	certCtx := docker.NewBuildContext()
 	certCtx["root.pem"] = docker.PathContentsFromString(rootCert)
 	certCtx["crls.pem"] = docker.PathContentsFromString(crls)
-	if err := cwRunner.CopyTo(ctr.ID, "/", certCtx); err != nil {
+	if err := cwRunner.CopyTo(result.Container.ID, "/", certCtx); err != nil {
 		t.Fatalf("Could not copy certificate and key into container: %v", err)
 	}
 
 	for index, cmd := range [][]string{hostPrimeCmd, wgetCmd} {
 		t.Logf("Running client connection command: %v", cmd)
 
-		stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, ctr.ID, cmd)
+		stdout, stderr, retcode, err := cwRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
 		if err != nil {
 			t.Fatalf("Could not run command (%v) in container: %v", cmd, err)
 		}

builtin/logical/pkiext/zlint_test.go

@@ -10,8 +10,7 @@ import (
 	"testing"
 
 	"github.com/hashicorp/vault/builtin/logical/pki"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
-
+	"github.com/hashicorp/vault/sdk/helper/docker"
 	"github.com/stretchr/testify/require"
 )
 
@@ -67,25 +66,26 @@ func RunZLintContainer(t *testing.T, certificate string) []byte {
 		buildZLintContainer(t)
 	})
 
+	ctx := context.Background()
 	// We don't actually care about the address, we just want to start the
 	// container so we can run commands in it. We'd ideally like to skip this
 	// step and only build a new image, but the zlint output would be
 	// intermingled with container build stages, so its not that useful.
-	ctr, _, _, err := zRunner.Start(context.Background(), true, false)
+	result, err := zRunner.Start(ctx, true, false)
 	if err != nil {
 		t.Fatalf("Could not start golang container for zlint: %s", err)
 	}
 
 	// Copy the cert into the newly running container.
 	certCtx := docker.NewBuildContext()
 	certCtx["cert.pem"] = docker.PathContentsFromBytes([]byte(certificate))
-	if err := zRunner.CopyTo(ctr.ID, "/go/", certCtx); err != nil {
+	if err := zRunner.CopyTo(result.Container.ID, "/go/", certCtx); err != nil {
 		t.Fatalf("Could not copy certificate into container: %v", err)
 	}
 
 	// Run the zlint command and save the output.
 	cmd := []string{"/go/bin/zlint", "/go/cert.pem"}
-	stdout, stderr, retcode, err := zRunner.RunCmdWithOutput(context.Background(), ctr.ID, cmd)
+	stdout, stderr, retcode, err := zRunner.RunCmdWithOutput(ctx, result.Container.ID, cmd)
 	if err != nil {
 		t.Fatalf("Could not run command in container: %v", err)
 	}
@@ -100,7 +100,7 @@ func RunZLintContainer(t *testing.T, certificate string) []byte {
 	}
 
 	// Clean up after ourselves.
-	if err := zRunner.Stop(context.Background(), ctr.ID); err != nil {
+	if err := zRunner.Stop(context.Background(), result.Container.ID); err != nil {
 		t.Fatalf("failed to stop container: %v", err)
 	}
 

builtin/logical/rabbitmq/backend_test.go

@@ -11,8 +11,8 @@ import (
 	"testing"
 
 	"github.com/hashicorp/go-secure-stdlib/base62"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
+	"github.com/hashicorp/vault/sdk/helper/docker"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/logical"
 	rabbithole "github.com/michaelklishin/rabbit-hole/v2"

builtin/logical/ssh/backend_test.go

@@ -16,18 +16,16 @@ import (
 	"time"
 
 	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
-	"github.com/hashicorp/vault/sdk/logical"
-	"golang.org/x/crypto/ssh"
-
 	"github.com/hashicorp/vault/builtin/credential/userpass"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
+	"github.com/hashicorp/vault/helper/testhelpers/corehelpers"
 	logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
 	vaulthttp "github.com/hashicorp/vault/http"
+	"github.com/hashicorp/vault/sdk/helper/docker"
+	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/vault"
 	"github.com/mitchellh/mapstructure"
-
 	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
 )
 
 const (

changelog/20247.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+sdk: Add new docker-based cluster testing framework to the sdk.
+```

command/server/server_seal_transit_acc_test.go

@@ -14,8 +14,8 @@ import (
 
 	"github.com/hashicorp/go-uuid"
 	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/helper/testhelpers/docker"
 	"github.com/hashicorp/vault/internalshared/configutil"
+	"github.com/hashicorp/vault/sdk/helper/docker"
 )
 
 func TestTransitWrapper_Lifecycle(t *testing.T) {