test_vault.py 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
  1. # -*- coding: utf-8 -*-
  2. '''
  3. Integration tests for the vault modules
  4. '''
  5. # Import Python Libs
  6. from __future__ import absolute_import, print_function, unicode_literals
  7. import inspect
  8. import time
  9. # Import Salt Testing Libs
  10. from tests.support.unit import skipIf
  11. from tests.support.case import ModuleCase, ShellCase
  12. from tests.support.helpers import destructiveTest, flaky
  13. from tests.support.runtests import RUNTIME_VARS
  14. # Import Salt Libs
  15. import salt.utils.path
  16. @destructiveTest
  17. @skipIf(not salt.utils.path.which('dockerd'), 'Docker not installed')
  18. @skipIf(not salt.utils.path.which('vault'), 'Vault not installed')
  19. class VaultTestCase(ModuleCase, ShellCase):
  20. '''
  21. Test vault module
  22. '''
  23. count = 0
  24. def setUp(self):
  25. '''
  26. SetUp vault container
  27. '''
  28. if VaultTestCase.count == 0:
  29. config = '{"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}'
  30. self.run_state('docker_image.present', name='vault', tag='0.9.6')
  31. self.run_state(
  32. 'docker_container.running',
  33. name='vault',
  34. image='vault:0.9.6',
  35. port_bindings='8200:8200',
  36. environment={
  37. 'VAULT_DEV_ROOT_TOKEN_ID': 'testsecret',
  38. 'VAULT_LOCAL_CONFIG': config,
  39. },
  40. cap_add='IPC_LOCK',
  41. )
  42. time.sleep(5)
  43. ret = self.run_function(
  44. 'cmd.retcode',
  45. cmd='/usr/local/bin/vault login token=testsecret',
  46. env={'VAULT_ADDR': 'http://127.0.0.1:8200'},
  47. )
  48. login_attempts = 1
  49. # If the login failed, container might have stopped
  50. # attempt again, maximum of three times before
  51. # skipping.
  52. while ret != 0:
  53. self.run_state(
  54. 'docker_container.running',
  55. name='vault',
  56. image='vault:0.9.6',
  57. port_bindings='8200:8200',
  58. environment={
  59. 'VAULT_DEV_ROOT_TOKEN_ID': 'testsecret',
  60. 'VAULT_LOCAL_CONFIG': config,
  61. },
  62. cap_add='IPC_LOCK',
  63. )
  64. time.sleep(5)
  65. ret = self.run_function(
  66. 'cmd.retcode',
  67. cmd='/usr/local/bin/vault login token=testsecret',
  68. env={'VAULT_ADDR': 'http://127.0.0.1:8200'},
  69. )
  70. login_attempts += 1
  71. if login_attempts >= 3:
  72. self.skipTest('unable to login to vault')
  73. ret = self.run_function(
  74. 'cmd.retcode',
  75. cmd='/usr/local/bin/vault policy write testpolicy {0}/vault.hcl'.format(RUNTIME_VARS.FILES),
  76. env={'VAULT_ADDR': 'http://127.0.0.1:8200'},
  77. )
  78. if ret != 0:
  79. self.skipTest('unable to assign policy to vault')
  80. VaultTestCase.count += 1
  81. def tearDown(self):
  82. '''
  83. TearDown vault container
  84. '''
  85. def count_tests(funcobj):
  86. return inspect.ismethod(funcobj) or \
  87. inspect.isfunction(funcobj) and \
  88. funcobj.__name__.startswith('test_')
  89. numtests = len(inspect.getmembers(VaultTestCase, predicate=count_tests))
  90. if VaultTestCase.count >= numtests:
  91. self.run_state('docker_container.stopped', name='vault')
  92. self.run_state('docker_container.absent', name='vault')
  93. self.run_state('docker_image.absent', name='vault', force=True)
  94. @flaky
  95. def test_sdb(self):
  96. assert self.run_function('sdb.set', uri='sdb://sdbvault/secret/test/test_sdb/foo', value='bar') is True
  97. assert self.run_function('sdb.get', arg=['sdb://sdbvault/secret/test/test_sdb/foo']) == 'bar'
  98. @flaky
  99. def test_sdb_runner(self):
  100. assert self.run_run('sdb.set sdb://sdbvault/secret/test/test_sdb_runner/foo bar') == ['True']
  101. assert self.run_run('sdb.get sdb://sdbvault/secret/test/test_sdb_runner/foo') == ['bar']
  102. @flaky
  103. def test_config(self):
  104. assert self.run_function('sdb.set', uri='sdb://sdbvault/secret/test/test_pillar_sdb/foo', value='bar') is True
  105. assert self.run_function('config.get', arg=['test_vault_pillar_sdb']) == 'bar'