opensourcemirror
/
concourse
mirror of https://github.com/concourse/concourse.git
1
0
Fork 0
Code Issues Releases Wiki Activity

mount token as volume in container 

Signed-off-by: Jennifer Moore <contact@jenniferplusplus.com>
This commit is contained in:
Jennifer Moore 2024-02-28 11:37:56 -06:00
parent 5901c4f3bb
commit ad46d722f7
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
integration/creds/overrides/vault-token.yml
View File

@ -4,11 +4,12 @@ services:
web:
volumes:
- ../hack/vault/certs:/vault-certs
- ../hack/vault/token:/vault/token
environment:
CONCOURSE_VAULT_URL: https://vault:8200
CONCOURSE_VAULT_SHARED_PATH: shared
CONCOURSE_VAULT_CA_CERT: /vault-certs/vault-ca.crt
CONCOURSE_VAULT_CLIENT_TOKEN_PATH: /vault-token
CONCOURSE_VAULT_CLIENT_TOKEN_PATH: /vault/token
vault:
image: ${TEST_VAULT_IMAGE:-hashicorp/vault:latest}

22
integration/creds/vault_test.go
View File

@ -14,7 +14,9 @@ import (
)
type tokenSummary struct {
Token string `json:"token"`
Auth struct {
ClientToken string `json:"client_token"`
} `json:"auth"`
}
func TestVault(t *testing.T) {
@ -52,23 +54,23 @@ func TestVaultTokenPath(t *testing.T) {
t.Parallel()
dc := dctest.Init(t, "../docker-compose.yml", "overrides/vault-token.yml")
dc.Run(t, "up", "-d")
vault := vaulttest.Init(t, dc)
fly := flytest.InitOverrideCredentials(t, dc)
// set up kv v1 store for Concourse
dc.Run(t, "up", "-d", "vault")
vault := vaulttest.Init(t, dc)
vault.Run(t, "secrets", "enable", "-version=1", "-path", "concourse/main", "kv")
setupVaultAuth(t, vault)
// write the token as a file in the web container
// create and mount the client token as a file in the web container
summary := tokenSummary{}
vault.OutputJSON(t, &summary, "token", "create", "--policy=concourse", "--format=json")
tmp := t.TempDir()
err := os.WriteFile(filepath.Join(tmp, "token"), []byte(summary.Token), 0666)
dir := "../../hack/vault"
err := os.WriteFile(filepath.Join(dir, "token"), []byte(summary.Auth.ClientToken), 0666)
require.NoError(t, err)
dc.Run(t, "cp", filepath.Join(tmp, "token"), "web:/vault-token")
// start concourse and run the test
dc.Run(t, "up", "-d")
fly := flytest.InitOverrideCredentials(t, dc)
testCredentialManagement(t, fly, dc,
func(team, key string, val interface{}) {