1
0

test_vault.py 10.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. """
  2. Integration tests for the vault modules
  3. """
  4. import inspect
  5. import logging
  6. import time
  7. import salt.utils.path
  8. from tests.support.case import ModuleCase, ShellCase
  9. from tests.support.helpers import destructiveTest, flaky, slowTest
  10. from tests.support.runtests import RUNTIME_VARS
  11. from tests.support.unit import skipIf
  12. log = logging.getLogger(__name__)
  13. @skipIf(not salt.utils.path.which("dockerd"), "Docker not installed")
  14. @skipIf(not salt.utils.path.which("vault"), "Vault not installed")
  15. class VaultTestCase(ModuleCase, ShellCase):
  16. """
  17. Test vault module
  18. """
  19. count = 0
  20. def setUp(self):
  21. """
  22. SetUp vault container
  23. """
  24. vault_binary = salt.utils.path.which("vault")
  25. if VaultTestCase.count == 0:
  26. config = '{"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}'
  27. self.run_state("docker_image.present", name="vault", tag="0.9.6")
  28. self.run_state(
  29. "docker_container.running",
  30. name="vault",
  31. image="vault:0.9.6",
  32. port_bindings="8200:8200",
  33. environment={
  34. "VAULT_DEV_ROOT_TOKEN_ID": "testsecret",
  35. "VAULT_LOCAL_CONFIG": config,
  36. },
  37. cap_add="IPC_LOCK",
  38. )
  39. time.sleep(5)
  40. ret = self.run_function(
  41. "cmd.retcode",
  42. cmd="{} login token=testsecret".format(vault_binary),
  43. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  44. )
  45. login_attempts = 1
  46. # If the login failed, container might have stopped
  47. # attempt again, maximum of three times before
  48. # skipping.
  49. while ret != 0:
  50. self.run_state(
  51. "docker_container.running",
  52. name="vault",
  53. image="vault:0.9.6",
  54. port_bindings="8200:8200",
  55. environment={
  56. "VAULT_DEV_ROOT_TOKEN_ID": "testsecret",
  57. "VAULT_LOCAL_CONFIG": config,
  58. },
  59. cap_add="IPC_LOCK",
  60. )
  61. time.sleep(5)
  62. ret = self.run_function(
  63. "cmd.retcode",
  64. cmd="{} login token=testsecret".format(vault_binary),
  65. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  66. )
  67. login_attempts += 1
  68. if login_attempts >= 3:
  69. self.skipTest("unable to login to vault")
  70. ret = self.run_function(
  71. "cmd.retcode",
  72. cmd="{} policy write testpolicy {}/vault.hcl".format(
  73. vault_binary, RUNTIME_VARS.FILES
  74. ),
  75. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  76. )
  77. if ret != 0:
  78. self.skipTest("unable to assign policy to vault")
  79. VaultTestCase.count += 1
  80. def tearDown(self):
  81. """
  82. TearDown vault container
  83. """
  84. def count_tests(funcobj):
  85. return (
  86. inspect.ismethod(funcobj)
  87. or inspect.isfunction(funcobj)
  88. and funcobj.__name__.startswith("test_")
  89. )
  90. numtests = len(inspect.getmembers(VaultTestCase, predicate=count_tests))
  91. if VaultTestCase.count >= numtests:
  92. self.run_state("docker_container.stopped", name="vault")
  93. self.run_state("docker_container.absent", name="vault")
  94. self.run_state("docker_image.absent", name="vault", force=True)
  95. @flaky
  96. @slowTest
  97. def test_sdb(self):
  98. set_output = self.run_function(
  99. "sdb.set", uri="sdb://sdbvault/secret/test/test_sdb/foo", value="bar"
  100. )
  101. self.assertEqual(set_output, True)
  102. get_output = self.run_function(
  103. "sdb.get", arg=["sdb://sdbvault/secret/test/test_sdb/foo"]
  104. )
  105. self.assertEqual(get_output, "bar")
  106. @flaky
  107. @slowTest
  108. def test_sdb_runner(self):
  109. set_output = self.run_run(
  110. "sdb.set sdb://sdbvault/secret/test/test_sdb_runner/foo bar"
  111. )
  112. self.assertEqual(set_output, ["True"])
  113. get_output = self.run_run(
  114. "sdb.get sdb://sdbvault/secret/test/test_sdb_runner/foo"
  115. )
  116. self.assertEqual(get_output, ["bar"])
  117. @flaky
  118. @slowTest
  119. def test_config(self):
  120. set_output = self.run_function(
  121. "sdb.set", uri="sdb://sdbvault/secret/test/test_pillar_sdb/foo", value="bar"
  122. )
  123. self.assertEqual(set_output, True)
  124. get_output = self.run_function("config.get", arg=["test_vault_pillar_sdb"])
  125. self.assertEqual(get_output, "bar")
  126. @destructiveTest
  127. @skipIf(not salt.utils.path.which("dockerd"), "Docker not installed")
  128. @skipIf(not salt.utils.path.which("vault"), "Vault not installed")
  129. class VaultTestCaseCurrent(ModuleCase, ShellCase):
  130. """
  131. Test vault module
  132. """
  133. count = 0
  134. def setUp(self):
  135. """
  136. SetUp vault container
  137. """
  138. if self.count == 0:
  139. config = '{"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}'
  140. self.run_state("docker_image.present", name="vault", tag="1.3.1")
  141. self.run_state(
  142. "docker_container.running",
  143. name="vault",
  144. image="vault:1.3.1",
  145. port_bindings="8200:8200",
  146. environment={
  147. "VAULT_DEV_ROOT_TOKEN_ID": "testsecret",
  148. "VAULT_LOCAL_CONFIG": config,
  149. },
  150. cap_add="IPC_LOCK",
  151. )
  152. time.sleep(5)
  153. ret = self.run_function(
  154. "cmd.retcode",
  155. cmd="/usr/local/bin/vault login token=testsecret",
  156. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  157. )
  158. login_attempts = 1
  159. # If the login failed, container might have stopped
  160. # attempt again, maximum of three times before
  161. # skipping.
  162. while ret != 0:
  163. self.run_state(
  164. "docker_container.running",
  165. name="vault",
  166. image="vault:1.3.1",
  167. port_bindings="8200:8200",
  168. environment={
  169. "VAULT_DEV_ROOT_TOKEN_ID": "testsecret",
  170. "VAULT_LOCAL_CONFIG": config,
  171. },
  172. cap_add="IPC_LOCK",
  173. )
  174. time.sleep(5)
  175. ret = self.run_function(
  176. "cmd.retcode",
  177. cmd="/usr/local/bin/vault login token=testsecret",
  178. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  179. )
  180. login_attempts += 1
  181. if login_attempts >= 3:
  182. self.skipTest("unable to login to vault")
  183. ret = self.run_function(
  184. "cmd.retcode",
  185. cmd="/usr/local/bin/vault policy write testpolicy {}/vault.hcl".format(
  186. RUNTIME_VARS.FILES
  187. ),
  188. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  189. )
  190. if ret != 0:
  191. self.skipTest("unable to assign policy to vault")
  192. ret = self.run_function(
  193. "cmd.run",
  194. cmd="/usr/local/bin/vault secrets enable kv-v2",
  195. env={"VAULT_ADDR": "http://127.0.0.1:8200"},
  196. )
  197. if "path is already in use at kv-v2/" in ret:
  198. pass
  199. elif "Success" in ret:
  200. pass
  201. else:
  202. self.skipTest("unable to enable kv-v2 {}".format(ret))
  203. self.count += 1
  204. def tearDown(self):
  205. """
  206. TearDown vault container
  207. """
  208. def count_tests(funcobj):
  209. return (
  210. inspect.ismethod(funcobj)
  211. or inspect.isfunction(funcobj)
  212. and funcobj.__name__.startswith("test_")
  213. )
  214. numtests = len(inspect.getmembers(VaultTestCaseCurrent, predicate=count_tests))
  215. if self.count >= numtests:
  216. self.run_state("docker_container.stopped", name="vault")
  217. self.run_state("docker_container.absent", name="vault")
  218. self.run_state("docker_image.absent", name="vault", force=True)
  219. @flaky
  220. @slowTest
  221. def test_sdb_kv2(self):
  222. set_output = self.run_function(
  223. "sdb.set", uri="sdb://sdbvault/secret/test/test_sdb/foo", value="bar"
  224. )
  225. self.assertEqual(set_output, True)
  226. get_output = self.run_function(
  227. "sdb.get", arg=["sdb://sdbvault/secret/test/test_sdb/foo"]
  228. )
  229. self.assertEqual(get_output, "bar")
  230. @flaky
  231. @slowTest
  232. def test_sdb_kv2_kvv2_path_local(self):
  233. set_output = self.run_function(
  234. "sdb.set", uri="sdb://sdbvault/kv-v2/test/test_sdb/foo", value="bar"
  235. )
  236. self.assertEqual(set_output, True)
  237. import copy
  238. opts = copy.copy(self.minion_opts)
  239. get_output = ShellCase.run_function(
  240. self,
  241. function="sdb.get",
  242. arg=["sdb://sdbvault/kv-v2/test/test_sdb/foo"],
  243. local=True,
  244. )
  245. self.assertEqual(get_output[1], " bar")
  246. @flaky
  247. @slowTest
  248. def test_sdb_runner_kv2(self):
  249. set_output = self.run_run(
  250. "sdb.set sdb://sdbvault/secret/test/test_sdb_runner/foo bar"
  251. )
  252. self.assertEqual(set_output, ["True"])
  253. get_output = self.run_run(
  254. "sdb.get sdb://sdbvault/secret/test/test_sdb_runner/foo"
  255. )
  256. self.assertEqual(get_output, ["bar"])
  257. @flaky
  258. @slowTest
  259. def test_config_kv2(self):
  260. set_output = self.run_function(
  261. "sdb.set", uri="sdb://sdbvault/secret/test/test_pillar_sdb/foo", value="bar"
  262. )
  263. self.assertEqual(set_output, True)
  264. get_output = self.run_function("config.get", arg=["test_vault_pillar_sdb"])
  265. self.assertEqual(get_output, "bar")