mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-30 18:17:55 +00:00
backport of commit 1e491e16d4 (#22187)
Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core
committed by
GitHub
GitHub
parent
8113c299b8
commit
6bdba4b985
2
Makefile
2
Makefile
@@ -159,7 +159,7 @@ ci-lint:
|
||||
# dependency.
|
||||
prep:
|
||||
@sh -c "'$(CURDIR)/scripts/goversioncheck.sh' '$(GO_VERSION_MIN)'"
|
||||
@$(GO_CMD) generate $$($(GO_CMD) list ./... | grep -v /vendor/)
|
||||
@GOARCH= GOOS= $(GO_CMD) generate $$($(GO_CMD) list ./... | grep -v /vendor/)
|
||||
@if [ -d .git/hooks ]; then cp .hooks/* .git/hooks/; fi
|
||||
|
||||
# bootstrap the build by downloading additional tools needed to build
|
||||
|
||||
117
README.md
117
README.md
@@ -136,6 +136,8 @@ is not, and has never been, a supported way to use the Vault project. We aren't
|
||||
likely to fix bugs relating to failure to import `github.com/hashicorp/vault`
|
||||
into your project.
|
||||
|
||||
See also the section "Docker-based tests" below.
|
||||
|
||||
### Acceptance Tests
|
||||
|
||||
Vault has comprehensive [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing)
|
||||
@@ -169,3 +171,118 @@ things such as access keys. The test itself should error early and tell
|
||||
you what to set, so it is not documented here.
|
||||
|
||||
For more information on Vault Enterprise features, visit the [Vault Enterprise site](https://www.hashicorp.com/products/vault/?utm_source=github&utm_medium=referral&utm_campaign=github-vault-enterprise).
|
||||
|
||||
### Docker-based Tests
|
||||
|
||||
We have created an experimental new testing mechanism inspired by NewTestCluster.
|
||||
An example of how to use it:
|
||||
|
||||
```go
|
||||
import (
|
||||
"testing"
|
||||
"github.com/hashicorp/vault/sdk/helper/testcluster/docker"
|
||||
)
|
||||
|
||||
func Test_Something_With_Docker(t *testing.T) {
|
||||
opts := &docker.DockerClusterOptions{
|
||||
ImageRepo: "hashicorp/vault", // or "hashicorp/vault-enterprise"
|
||||
ImageTag: "latest",
|
||||
}
|
||||
cluster := docker.NewTestDockerCluster(t, opts)
|
||||
defer cluster.Cleanup()
|
||||
|
||||
client := cluster.Nodes()[0].APIClient()
|
||||
_, err := client.Logical().Read("sys/storage/raft/configuration")
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Or for Enterprise:
|
||||
|
||||
```go
|
||||
import (
|
||||
"testing"
|
||||
"github.com/hashicorp/vault/sdk/helper/testcluster/docker"
|
||||
)
|
||||
|
||||
func Test_Something_With_Docker(t *testing.T) {
|
||||
opts := &docker.DockerClusterOptions{
|
||||
ImageRepo: "hashicorp/vault-enterprise",
|
||||
ImageTag: "latest",
|
||||
VaultLicense: licenseString, // not a path, the actual license bytes
|
||||
}
|
||||
cluster := docker.NewTestDockerCluster(t, opts)
|
||||
defer cluster.Cleanup()
|
||||
}
|
||||
```
|
||||
|
||||
Here is a more realistic example of how we use it in practice. DefaultOptions uses
|
||||
`hashicorp/vault`:`latest` as the repo and tag, but it also looks at the environment
|
||||
variable VAULT_BINARY. If populated, it will copy the local file referenced by
|
||||
VAULT_BINARY into the container. This is useful when testing local changes.
|
||||
|
||||
Instead of setting the VaultLicense option, you can set the VAULT_LICENSE_CI environment
|
||||
variable, which is better than committing a license to version control.
|
||||
|
||||
Optionally you can set COMMIT_SHA, which will be appended to the image name we
|
||||
build as a debugging convenience.
|
||||
|
||||
```go
|
||||
func Test_Custom_Build_With_Docker(t *testing.T) {
|
||||
opts := docker.DefaultOptions(t)
|
||||
cluster := docker.NewTestDockerCluster(t, opts)
|
||||
defer cluster.Cleanup()
|
||||
}
|
||||
```
|
||||
|
||||
There are a variety of helpers in the `github.com/hashicorp/vault/sdk/helper/testcluster`
|
||||
package, e.g. these tests below will create a pair of 3-node clusters and link them using
|
||||
PR or DR replication respectively, and fail if the replication state doesn't become healthy
|
||||
before the passed context expires.
|
||||
|
||||
Again, as written, these depend on having a Vault Enterprise binary locally and the env
|
||||
var VAULT_BINARY set to point to it, as well as having VAULT_LICENSE_CI set.
|
||||
|
||||
```go
|
||||
func TestStandardPerfReplication_Docker(t *testing.T) {
|
||||
opts := docker.DefaultOptions(t)
|
||||
r, err := docker.NewReplicationSetDocker(t, opts)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer r.Cleanup()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
|
||||
defer cancel()
|
||||
err = r.StandardPerfReplication(ctx)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestStandardDRReplication_Docker(t *testing.T) {
|
||||
opts := docker.DefaultOptions(t)
|
||||
r, err := docker.NewReplicationSetDocker(t, opts)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
defer r.Cleanup()
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
|
||||
defer cancel()
|
||||
err = r.StandardDRReplication(ctx)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
Finally, here's an example of running an existing OSS docker test with a custom binary:
|
||||
|
||||
```bash
|
||||
$ GOOS=linux make dev
|
||||
$ VAULT_BINARY=$(pwd)/bin/vault go test -run 'TestRaft_Configuration_Docker' ./vault/external_tests/raft/raft_binary
|
||||
ok github.com/hashicorp/vault/vault/external_tests/raft/raft_binary 20.960s
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user