scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit 1e491e16d4 (#22187)

Browse Source 
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-08-17 14:49:23 -04:00
committed by GitHub
parent 8113c299b8
commit 6bdba4b985
2 changed files with 118 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -159,7 +159,7 @@ ci-lint:
# dependency. # dependency.
prep: prep:
@sh -c "'$(CURDIR)/scripts/goversioncheck.sh' '$(GO_VERSION_MIN)'" @sh -c "'$(CURDIR)/scripts/goversioncheck.sh' '$(GO_VERSION_MIN)'"
@$(GO_CMD) generate $$($(GO_CMD) list ./... | grep -v /vendor/) @GOARCH= GOOS= $(GO_CMD) generate $$($(GO_CMD) list ./... | grep -v /vendor/)
@if [ -d .git/hooks ]; then cp .hooks/* .git/hooks/; fi @if [ -d .git/hooks ]; then cp .hooks/* .git/hooks/; fi
# bootstrap the build by downloading additional tools needed to build # bootstrap the build by downloading additional tools needed to build

117
README.md
View File

@@ -136,6 +136,8 @@ is not, and has never been, a supported way to use the Vault project. We aren't
likely to fix bugs relating to failure to import `github.com/hashicorp/vault` likely to fix bugs relating to failure to import `github.com/hashicorp/vault`
into your project. into your project.
See also the section "Docker-based tests" below.
### Acceptance Tests ### Acceptance Tests
Vault has comprehensive [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing) Vault has comprehensive [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing)
@@ -169,3 +171,118 @@ things such as access keys. The test itself should error early and tell
you what to set, so it is not documented here. you what to set, so it is not documented here.
For more information on Vault Enterprise features, visit the [Vault Enterprise site](https://www.hashicorp.com/products/vault/?utm_source=github&utm_medium=referral&utm_campaign=github-vault-enterprise). For more information on Vault Enterprise features, visit the [Vault Enterprise site](https://www.hashicorp.com/products/vault/?utm_source=github&utm_medium=referral&utm_campaign=github-vault-enterprise).
### Docker-based Tests
We have created an experimental new testing mechanism inspired by NewTestCluster.
An example of how to use it:
```go
import (
"testing"
"github.com/hashicorp/vault/sdk/helper/testcluster/docker"
)
func Test_Something_With_Docker(t *testing.T) {
opts := &docker.DockerClusterOptions{
ImageRepo: "hashicorp/vault", // or "hashicorp/vault-enterprise"
ImageTag: "latest",
}
cluster := docker.NewTestDockerCluster(t, opts)
defer cluster.Cleanup()
client := cluster.Nodes()[0].APIClient()
_, err := client.Logical().Read("sys/storage/raft/configuration")
if err != nil {
t.Fatal(err)
}
}
```
Or for Enterprise:
```go
import (
"testing"
"github.com/hashicorp/vault/sdk/helper/testcluster/docker"
)
func Test_Something_With_Docker(t *testing.T) {
opts := &docker.DockerClusterOptions{
ImageRepo: "hashicorp/vault-enterprise",
ImageTag: "latest",
VaultLicense: licenseString, // not a path, the actual license bytes
}
cluster := docker.NewTestDockerCluster(t, opts)
defer cluster.Cleanup()
}
```
Here is a more realistic example of how we use it in practice. DefaultOptions uses
`hashicorp/vault`:`latest` as the repo and tag, but it also looks at the environment
variable VAULT_BINARY. If populated, it will copy the local file referenced by
VAULT_BINARY into the container. This is useful when testing local changes.
Instead of setting the VaultLicense option, you can set the VAULT_LICENSE_CI environment
variable, which is better than committing a license to version control.
Optionally you can set COMMIT_SHA, which will be appended to the image name we
build as a debugging convenience.
```go
func Test_Custom_Build_With_Docker(t *testing.T) {
opts := docker.DefaultOptions(t)
cluster := docker.NewTestDockerCluster(t, opts)
defer cluster.Cleanup()
}
```
There are a variety of helpers in the `github.com/hashicorp/vault/sdk/helper/testcluster`
package, e.g. these tests below will create a pair of 3-node clusters and link them using
PR or DR replication respectively, and fail if the replication state doesn't become healthy
before the passed context expires.
Again, as written, these depend on having a Vault Enterprise binary locally and the env
var VAULT_BINARY set to point to it, as well as having VAULT_LICENSE_CI set.
```go
func TestStandardPerfReplication_Docker(t *testing.T) {
opts := docker.DefaultOptions(t)
r, err := docker.NewReplicationSetDocker(t, opts)
if err != nil {
t.Fatal(err)
}
defer r.Cleanup()
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
err = r.StandardPerfReplication(ctx)
if err != nil {
t.Fatal(err)
}
}
func TestStandardDRReplication_Docker(t *testing.T) {
opts := docker.DefaultOptions(t)
r, err := docker.NewReplicationSetDocker(t, opts)
if err != nil {
t.Fatal(err)
}
defer r.Cleanup()
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
defer cancel()
err = r.StandardDRReplication(ctx)
if err != nil {
t.Fatal(err)
}
}
```
Finally, here's an example of running an existing OSS docker test with a custom binary:
```bash
$ GOOS=linux make dev
$ VAULT_BINARY=$(pwd)/bin/vault go test -run 'TestRaft_Configuration_Docker' ./vault/external_tests/raft/raft_binary
ok github.com/hashicorp/vault/vault/external_tests/raft/raft_binary 20.960s
```