Allow mTLS for mysql secrets engine (#9181)

* Extract certificate helpers for use in non-mongodb packages * Created mTLS/X509 test for MySQL secrets engine. * Ensure mysql username and passwords aren't url encoded * Skip mTLS test for circleCI
2026-01-08 13:11:55 +00:00 · 2020-06-17 11:46:01 -07:00
parent cf8eaacd4e
commit 601d0eb6ea
7 changed files with 826 additions and 46 deletions
--- a/plugins/database/mongodb/mongodb_test.go
+++ b/plugins/database/mongodb/mongodb_test.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 	"time"

+	"github.com/hashicorp/vault/helper/testhelpers/certhelpers"
 	"github.com/hashicorp/vault/helper/testhelpers/mongodb"
 	"github.com/hashicorp/vault/sdk/database/dbplugin"
 	"go.mongodb.org/mongo-driver/mongo"
@@ -239,14 +240,14 @@ func testCreateDBUser(t testing.TB, connURL, db, username, password string) {
 }

 func TestGetTLSAuth(t *testing.T) {
-	ca := newCert(t,
-		commonName("certificate authority"),
-		isCA(true),
-		selfSign(),
+	ca := certhelpers.NewCert(t,
+		certhelpers.CommonName("certificate authority"),
+		certhelpers.IsCA(true),
+		certhelpers.SelfSign(),
 	)
-	cert := newCert(t,
-		commonName("test cert"),
-		parent(ca),
+	cert := certhelpers.NewCert(t,
+		certhelpers.CommonName("test cert"),
+		certhelpers.Parent(ca),
 	)

 	type testCase struct {
@@ -276,12 +277,12 @@ func TestGetTLSAuth(t *testing.T) {
 			expectErr:  true,
 		},
 		"good ca": {
-			tlsCAData: cert.pem,
+			tlsCAData: cert.Pem,

 			expectOpts: options.Client().
 				SetTLSConfig(
 					&tls.Config{
-						RootCAs: appendToCertPool(t, x509.NewCertPool(), cert.pem),
+						RootCAs: appendToCertPool(t, x509.NewCertPool(), cert.Pem),
 					},
 				),
 			expectErr: false,
@@ -293,7 +294,7 @@ func TestGetTLSAuth(t *testing.T) {
 			expectOpts: options.Client().
 				SetTLSConfig(
 					&tls.Config{
-						Certificates: []tls.Certificate{cert.tlsCert},
+						Certificates: []tls.Certificate{cert.TLSCert},
 					},
 				).
 				SetAuth(options.Credential{