scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

DBPW - Enables AutoMTLS for DB plugins (#10220)

Browse Source 
This also temporarily disables couchbase, elasticsearch, and
mongodbatlas because the `Serve` function needs to change signatures
and those plugins are vendored in from external repos, causing problems
when building.
This commit is contained in:
Michael Golowka
2020-10-22 15:43:19 -06:00
committed by GitHub
parent 0510cdf275
commit d87657199d
221 changed files with 348 additions and 40021 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
builtin/logical/database/backend_test.go
View File

@@ -10,15 +10,16 @@ import (
"testing"
"time"
// mongodbatlas "github.com/hashicorp/vault-plugin-database-mongodbatlas"
"github.com/go-test/deep"
mongodbatlas "github.com/hashicorp/vault-plugin-database-mongodbatlas"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/namespace"
postgreshelper "github.com/hashicorp/vault/helper/testhelpers/postgresql"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/plugins/database/mongodb"
"github.com/hashicorp/vault/plugins/database/postgresql"
"github.com/hashicorp/vault/sdk/database/dbplugin"
v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/database/helper/dbutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/consts"
@@ -48,73 +49,58 @@ func getCluster(t *testing.T) (*vault.TestCluster, logical.SystemView) {
sys := vault.TestDynamicSystemView(cores[0].Core)
vault.TestAddTestPlugin(t, cores[0].Core, "postgresql-database-plugin", consts.PluginTypeDatabase, "TestBackend_PluginMain_Postgres", []string{}, "")
vault.TestAddTestPlugin(t, cores[0].Core, "mongodb-database-plugin", consts.PluginTypeDatabase, "TestBackend_PluginMain_Mongo", []string{}, "")
vault.TestAddTestPlugin(t, cores[0].Core, "mongodbatlas-database-plugin", consts.PluginTypeDatabase, "TestBackend_PluginMain_MongoAtlas", []string{}, "")
// vault.TestAddTestPlugin(t, cores[0].Core, "mongodbatlas-database-plugin", consts.PluginTypeDatabase, "TestBackend_PluginMain_MongoAtlas", []string{}, "")
return cluster, sys
}
func TestBackend_PluginMain_Postgres(t *testing.T) {
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" {
if os.Getenv(pluginutil.PluginVaultVersionEnv) == "" {
return
}
caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv)
if caPEM == "" {
t.Fatal("CA cert not passed in")
dbType, err := postgresql.New()
if err != nil {
t.Fatalf("Failed to initialize postgres: %s", err)
}
args := []string{"--ca-cert=" + caPEM}
apiClientMeta := &api.PluginAPIClientMeta{}
flags := apiClientMeta.FlagSet()
flags.Parse(args)
postgresql.Run(apiClientMeta.GetTLSConfig())
v5.Serve(dbType.(v5.Database))
}
func TestBackend_PluginMain_Mongo(t *testing.T) {
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" {
if os.Getenv(pluginutil.PluginVaultVersionEnv) == "" {
return
}
caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv)
if caPEM == "" {
t.Fatal("CA cert not passed in")
}
args := []string{"--ca-cert=" + caPEM}
apiClientMeta := &api.PluginAPIClientMeta{}
flags := apiClientMeta.FlagSet()
flags.Parse(args)
err := mongodb.Run(apiClientMeta.GetTLSConfig())
dbType, err := mongodb.New()
if err != nil {
t.Fatal(err)
t.Fatalf("Failed to initialize mongodb: %s", err)
}
v5.Serve(dbType.(v5.Database))
}
func TestBackend_PluginMain_MongoAtlas(t *testing.T) {
if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" {
return
}
caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv)
if caPEM == "" {
t.Fatal("CA cert not passed in")
}
args := []string{"--ca-cert=" + caPEM}
apiClientMeta := &api.PluginAPIClientMeta{}
flags := apiClientMeta.FlagSet()
flags.Parse(args)
err := mongodbatlas.Run(apiClientMeta.GetTLSConfig())
if err != nil {
t.Fatal(err)
}
}
// func TestBackend_PluginMain_MongoAtlas(t *testing.T) {
// if os.Getenv(pluginutil.PluginUnwrapTokenEnv) == "" {
// return
// }
//
// caPEM := os.Getenv(pluginutil.PluginCACertPEMEnv)
// if caPEM == "" {
// t.Fatal("CA cert not passed in")
// }
//
// args := []string{"--ca-cert=" + caPEM}
//
// apiClientMeta := &api.PluginAPIClientMeta{}
// flags := apiClientMeta.FlagSet()
// flags.Parse(args)
//
// err := mongodbatlas.Run(apiClientMeta.GetTLSConfig())
// if err != nil {
// t.Fatal(err)
// }
// }
func TestBackend_RoleUpgrade(t *testing.T) {
@@ -122,14 +108,14 @@ func TestBackend_RoleUpgrade(t *testing.T) {
backend := &databaseBackend{}
roleExpected := &roleEntry{
Statements: dbplugin.Statements{
Statements: v4.Statements{
CreationStatements: "test",
Creation: []string{"test"},
},
}
entry, err := logical.StorageEntryJSON("role/test", &roleEntry{
Statements: dbplugin.Statements{
Statements: v4.Statements{
CreationStatements: "test",
},
})
@@ -858,14 +844,14 @@ func TestBackend_roleCrud(t *testing.T) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
expected := dbplugin.Statements{
expected := v4.Statements{
Creation: []string{strings.TrimSpace(testRole)},
Revocation: []string{strings.TrimSpace(defaultRevocationSQL)},
Rollback: []string{},
Renewal: []string{},
}
actual := dbplugin.Statements{
actual := v4.Statements{
Creation: resp.Data["creation_statements"].([]string),
Revocation: resp.Data["revocation_statements"].([]string),
Rollback: resp.Data["rollback_statements"].([]string),
@@ -917,14 +903,14 @@ func TestBackend_roleCrud(t *testing.T) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
expected := dbplugin.Statements{
expected := v4.Statements{
Creation: []string{strings.TrimSpace(testRole)},
Revocation: []string{strings.TrimSpace(defaultRevocationSQL)},
Rollback: []string{},
Renewal: []string{},
}
actual := dbplugin.Statements{
actual := v4.Statements{
Creation: resp.Data["creation_statements"].([]string),
Revocation: resp.Data["revocation_statements"].([]string),
Rollback: resp.Data["rollback_statements"].([]string),
@@ -980,14 +966,14 @@ func TestBackend_roleCrud(t *testing.T) {
t.Fatalf("err:%s resp:%#v\n", err, resp)
}
expected := dbplugin.Statements{
expected := v4.Statements{
Creation: []string{strings.TrimSpace(testRole), strings.TrimSpace(testRole)},
Rollback: []string{strings.TrimSpace(testRole)},
Revocation: []string{strings.TrimSpace(defaultRevocationSQL), strings.TrimSpace(defaultRevocationSQL)},
Renewal: []string{strings.TrimSpace(defaultRevocationSQL)},
}
actual := dbplugin.Statements{
actual := v4.Statements{
Creation: resp.Data["creation_statements"].([]string),
Revocation: resp.Data["revocation_statements"].([]string),
Rollback: resp.Data["rollback_statements"].([]string),