diff --git a/docs/modules/vault.md b/docs/modules/vault.md index 436d48fb00..372da297a3 100644 --- a/docs/modules/vault.md +++ b/docs/modules/vault.md @@ -21,15 +21,43 @@ It takes a context and zero or more Option values to configure the container. ### Use CLI to read data from Vault container: -[Use CLI to read data](../../modules/vault/vault_test.go) inside_block:TestVaultFirstSecretPathWithCLI +[Use CLI to read data](../../modules/vault/vault_test.go) inside_block:TestVaultGetSecretPathWithCLI ### Use HTTP API to read data from Vault container: -[Use HTTP API to read data](../../modules/vault/vault_test.go) inside_block:TestVaultFirstSecretPathWithHTTP +[Use HTTP API to read data](../../modules/vault/vault_test.go) inside_block:TestVaultGetSecretPathWithHTTP ### Use client library to read data from Vault container: -[Use library to read data](../../modules/vault/vault_test.go) inside_block:TestVaultFirstSecretPathWithClient +[Use library to read data](../../modules/vault/vault_test.go) inside_block:TestVaultGetSecretPathWithClient + + +## Container Options + +You can set below options to create Vault container. + +### Image +If you need to set a different Vault image, you can use the `WithImageName`. Default image name is `vault:1.13.0` + +[Set image name](../../modules/vault/vault_test.go) inside_block:WithImageName + + +### Token +If you need to add token authentication, you can use the `WithToken`. + +[Add token authentication](../../modules/vault/vault_test.go) inside_block:WithToken + + +### Log Level +If you need to change log level, you can use the `WithLogLevel`. Default log level is `info` + +[Change log level](../../modules/vault/vault_test.go) inside_block:WithLogLevel + + +### Command +If you need to run vault command in the container, you can use the `WithInitCommand`. + +[Run init command](../../modules/vault/vault_test.go) inside_block:WithInitCommand \ No newline at end of file diff --git a/modules/vault/vault.go b/modules/vault/vault.go index 66da2afe2a..9d281d6b3f 100644 --- a/modules/vault/vault.go +++ b/modules/vault/vault.go @@ -18,13 +18,13 @@ const ( // ContainerOptions is a function that can be used to configure the Vault container type ContainerOptions func(req *testcontainers.ContainerRequest) -// vaultContainer represents the vault container type used in the module -type vaultContainer struct { +// VaultContainer represents the vault container type used in the module +type VaultContainer struct { testcontainers.Container } // StartContainer creates an instance of the vault container type -func StartContainer(ctx context.Context, opts ...ContainerOptions) (*vaultContainer, error) { +func StartContainer(ctx context.Context, opts ...ContainerOptions) (*VaultContainer, error) { req := testcontainers.ContainerRequest{ Image: defaultImageName, ExposedPorts: []string{defaultPort + "/tcp"}, @@ -49,7 +49,7 @@ func StartContainer(ctx context.Context, opts ...ContainerOptions) (*vaultContai return nil, err } - return &vaultContainer{container}, nil + return &VaultContainer{container}, nil } // WithImageName is an option function that sets the Docker image name for the Vault @@ -89,7 +89,7 @@ func WithInitCommand(commands ...string) ContainerOptions { // HttpHostAddress returns the http host address of Vault. // It returns a string with the format http://: -func (v *vaultContainer) HttpHostAddress(ctx context.Context) (string, error) { +func (v *VaultContainer) HttpHostAddress(ctx context.Context) (string, error) { host, err := v.Host(ctx) if err != nil { return "", err diff --git a/modules/vault/vault_test.go b/modules/vault/vault_test.go index 624dc988bf..4d2551f35f 100644 --- a/modules/vault/vault_test.go +++ b/modules/vault/vault_test.go @@ -1,4 +1,4 @@ -package vault +package vault_test import ( "context" @@ -12,6 +12,7 @@ import ( vaultClient "github.com/hashicorp/vault-client-go" "github.com/hashicorp/vault-client-go/schema" "github.com/stretchr/testify/assert" + testcontainervault "github.com/testcontainers/testcontainers-go/modules/vault" "github.com/tidwall/gjson" ) @@ -21,18 +22,29 @@ const ( var ( ctx = context.Background() - vault *vaultContainer + vault *testcontainervault.VaultContainer ) func TestMain(m *testing.M) { var err error + opts := []testcontainervault.ContainerOptions{ + // WithImageName { + testcontainervault.WithImageName("vault:1.13.0"), + // } + // WithToken { + testcontainervault.WithToken(token), + // } + // WithLogLevel { + testcontainervault.WithLogLevel(testcontainervault.Debug), + // } + // WithInitCommand { + testcontainervault.WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"), + testcontainervault.WithInitCommand("kv put secret/test1 foo1=bar1"), + // } + } + // StartContainer { - vault, err = StartContainer(ctx, - WithLogLevel(Debug), - WithToken(token), - WithInitCommand("secrets enable transit", "write -f transit/keys/my-key"), - WithInitCommand("kv put secret/test1 foo1=bar1"), - WithInitCommand("kv put secret/test2 foo2=bar2 foo3=bar3")) + vault, err = testcontainervault.StartContainer(ctx, opts...) // } if err != nil { log.Fatal(err) @@ -48,7 +60,7 @@ func TestMain(m *testing.M) { os.Exit(c) } -func TestVaultFirstSecretPathWithCLI(t *testing.T) { +func TestVaultGetSecretPathWithCLI(t *testing.T) { exec, reader, err := vault.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test1"}) assert.Nil(t, err) assert.Equal(t, 0, exec) @@ -59,19 +71,7 @@ func TestVaultFirstSecretPathWithCLI(t *testing.T) { assert.Equal(t, "bar1", gjson.Get(string(bytes), "data.data.foo1").String()) } -func TestVaultSecondSecretPathWithCLI(t *testing.T) { - exec, reader, err := vault.Exec(ctx, []string{"vault", "kv", "get", "-format=json", "secret/test2"}) - assert.Nil(t, err) - assert.Equal(t, 0, exec) - - bytes, err := io.ReadAll(reader) - assert.Nil(t, err) - - assert.Equal(t, "bar2", gjson.Get(string(bytes), "data.data.foo2").String()) - assert.Equal(t, "bar3", gjson.Get(string(bytes), "data.data.foo3").String()) -} - -func TestVaultFirstSecretPathWithHTTP(t *testing.T) { +func TestVaultGetSecretPathWithHTTP(t *testing.T) { hostAddress, err := vault.HttpHostAddress(ctx) assert.Nil(t, err) @@ -88,25 +88,7 @@ func TestVaultFirstSecretPathWithHTTP(t *testing.T) { assert.Equal(t, "bar1", gjson.Get(string(body), "data.data.foo1").String()) } -func TestVaultSecondSecretPathWithHTTP(t *testing.T) { - hostAddress, err := vault.HttpHostAddress(ctx) - assert.Nil(t, err) - - request, _ := http.NewRequest(http.MethodGet, hostAddress+"/v1/secret/data/test2", nil) - request.Header.Add("X-Vault-Token", token) - - response, err := http.DefaultClient.Do(request) - assert.Nil(t, err) - defer response.Body.Close() - - body, err := io.ReadAll(response.Body) - assert.Nil(t, err) - - assert.Equal(t, "bar2", gjson.Get(string(body), "data.data.foo2").String()) - assert.Equal(t, "bar3", gjson.Get(string(body), "data.data.foo3").String()) -} - -func TestVaultFirstSecretPathWithClient(t *testing.T) { +func TestVaultGetSecretPathWithClient(t *testing.T) { hostAddress, _ := vault.HttpHostAddress(ctx) client, err := vaultClient.New( vaultClient.WithAddress(hostAddress), @@ -122,23 +104,6 @@ func TestVaultFirstSecretPathWithClient(t *testing.T) { assert.Equal(t, "bar1", s.Data["data"].(map[string]interface{})["foo1"]) } -func TestVaultSecondSecretPathWithClient(t *testing.T) { - hostAddress, _ := vault.HttpHostAddress(ctx) - client, err := vaultClient.New( - vaultClient.WithAddress(hostAddress), - vaultClient.WithRequestTimeout(30*time.Second), - ) - assert.Nil(t, err) - - err = client.SetToken(token) - assert.Nil(t, err) - - s, err := client.Secrets.KVv2Read(ctx, "test2") - assert.Nil(t, err) - assert.Equal(t, "bar2", s.Data["data"].(map[string]interface{})["foo2"]) - assert.Equal(t, "bar3", s.Data["data"].(map[string]interface{})["foo3"]) -} - func TestVaultWriteSecretWithClient(t *testing.T) { hostAddress, _ := vault.HttpHostAddress(ctx) client, err := vaultClient.New(