mount token as volume in container
Signed-off-by: Jennifer Moore <contact@jenniferplusplus.com>
This commit is contained in:
parent
5901c4f3bb
commit
ad46d722f7
|
@ -4,11 +4,12 @@ services:
|
|||
web:
|
||||
volumes:
|
||||
- ../hack/vault/certs:/vault-certs
|
||||
- ../hack/vault/token:/vault/token
|
||||
environment:
|
||||
CONCOURSE_VAULT_URL: https://vault:8200
|
||||
CONCOURSE_VAULT_SHARED_PATH: shared
|
||||
CONCOURSE_VAULT_CA_CERT: /vault-certs/vault-ca.crt
|
||||
CONCOURSE_VAULT_CLIENT_TOKEN_PATH: /vault-token
|
||||
CONCOURSE_VAULT_CLIENT_TOKEN_PATH: /vault/token
|
||||
|
||||
vault:
|
||||
image: ${TEST_VAULT_IMAGE:-hashicorp/vault:latest}
|
||||
|
|
|
@ -14,7 +14,9 @@ import (
|
|||
)
|
||||
|
||||
type tokenSummary struct {
|
||||
Token string `json:"token"`
|
||||
Auth struct {
|
||||
ClientToken string `json:"client_token"`
|
||||
} `json:"auth"`
|
||||
}
|
||||
|
||||
func TestVault(t *testing.T) {
|
||||
|
@ -52,23 +54,23 @@ func TestVaultTokenPath(t *testing.T) {
|
|||
t.Parallel()
|
||||
|
||||
dc := dctest.Init(t, "../docker-compose.yml", "overrides/vault-token.yml")
|
||||
dc.Run(t, "up", "-d")
|
||||
|
||||
vault := vaulttest.Init(t, dc)
|
||||
|
||||
fly := flytest.InitOverrideCredentials(t, dc)
|
||||
|
||||
// set up kv v1 store for Concourse
|
||||
dc.Run(t, "up", "-d", "vault")
|
||||
vault := vaulttest.Init(t, dc)
|
||||
vault.Run(t, "secrets", "enable", "-version=1", "-path", "concourse/main", "kv")
|
||||
setupVaultAuth(t, vault)
|
||||
|
||||
// write the token as a file in the web container
|
||||
// create and mount the client token as a file in the web container
|
||||
summary := tokenSummary{}
|
||||
vault.OutputJSON(t, &summary, "token", "create", "--policy=concourse", "--format=json")
|
||||
tmp := t.TempDir()
|
||||
err := os.WriteFile(filepath.Join(tmp, "token"), []byte(summary.Token), 0666)
|
||||
dir := "../../hack/vault"
|
||||
err := os.WriteFile(filepath.Join(dir, "token"), []byte(summary.Auth.ClientToken), 0666)
|
||||
require.NoError(t, err)
|
||||
dc.Run(t, "cp", filepath.Join(tmp, "token"), "web:/vault-token")
|
||||
|
||||
// start concourse and run the test
|
||||
dc.Run(t, "up", "-d")
|
||||
fly := flytest.InitOverrideCredentials(t, dc)
|
||||
|
||||
testCredentialManagement(t, fly, dc,
|
||||
func(team, key string, val interface{}) {
|
||||
|
|
Loading…
Reference in New Issue