attempt integration tests

Signed-off-by: Jennifer Moore <contact@jenniferplusplus.com>
2024-02-20 13:55:50 -06:00 · 2024-02-20 13:55:50 -06:00 · 0def9c793f
parent 27edf61059
commit 0def9c793f
3 changed files with 61 additions and 0 deletions
--- a/hack/vault/init
+++ b/hack/vault/init
@ -20,6 +20,9 @@ vault write auth/cert/certs/concourse \
  policies=concourse \
  certificate=@hack/vault/certs/vault-ca.crt ttl=1h

+vault token create --policy=concourse --format=json > hack/vault/token.json
+jq -r .token < hack/vault/token.json > hack/vault/token
+
 echo
 echo 'to use the vault CLI, set:'
 echo
--- a/integration/creds/overrides/vault-token.yml
+++ b/integration/creds/overrides/vault-token.yml
@ -0,0 +1,27 @@
+version: '3'
+
+services:
+  web:
+    volumes:
+    - ../hack/vault/certs:/vault-certs
+    - ../hack/vault/token:/vault/token
+    environment:
+      CONCOURSE_VAULT_URL: https://vault:8200
+      CONCOURSE_VAULT_SHARED_PATH: shared
+      CONCOURSE_VAULT_CA_CERT: /vault-certs/vault-ca.crt
+      CONCOURSE_VAULT_CLIENT_TOKEN_PATH: /vault/token
+
+  vault:
+    image: ${TEST_VAULT_IMAGE:-vault:latest}
+    cap_add: [IPC_LOCK]
+    ports: [8200]
+    volumes:
+    - ../hack/vault/certs:/vault/certs
+    - ../hack/vault/config:/vault/config
+    command: server
+    environment:
+      # for running the 'vault' CLI
+      VAULT_CACERT: /vault/certs/vault-ca.crt
+
+      # sane default for 'vault' command run by tests
+      VAULT_FORMAT: json
--- a/integration/creds/vault_test.go
+++ b/integration/creds/vault_test.go
@ -42,6 +42,37 @@ func TestVault(t *testing.T) {
 	)
 }

+func TestVaultTokenPath(t *testing.T) {
+	t.Parallel()
+
+	dc := dctest.Init(t, "../docker-compose.yml", "overrides/vault-token.yml")
+	dc.Run(t, "up", "-d")
+
+	vault := vaulttest.Init(t, dc)
+
+	fly := flytest.Init(t, dc)
+
+	// set up kv v1 store for Concourse
+	vault.Run(t, "secrets", "enable", "-version=1", "-path", "concourse/main", "kv")
+
+	setupVaultAuth(t, vault)
+
+	testCredentialManagement(t, fly, dc,
+		func(team, key string, val interface{}) {
+			vault.Write(t,
+				fmt.Sprintf("concourse/%s/%s", team, key),
+				val,
+			)
+		},
+		func(team, pipeline, key string, val interface{}) {
+			vault.Write(t,
+				fmt.Sprintf("concourse/%s/%s/%s", team, pipeline, key),
+				val,
+			)
+		},
+	)
+}
+
 func TestVaultV2WithUnmountPath(t *testing.T) {
 	t.Parallel()