github.com/hairyhenderson/gomplate/v3@v3.11.7/internal/tests/integration/datasources_vault_ec2_test.go (about) 1 //go:build !windows 2 // +build !windows 3 4 package integration 5 6 import ( 7 "encoding/pem" 8 "net/http" 9 "net/http/httptest" 10 "testing" 11 12 "github.com/stretchr/testify/require" 13 "gotest.tools/v3/fs" 14 ) 15 16 func setupDatasourcesVaultEc2Test(t *testing.T) (*fs.Dir, *vaultClient, *httptest.Server, []byte) { 17 priv, der, _ := certificateGenerate() 18 cert := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der}) 19 20 mux := http.NewServeMux() 21 mux.HandleFunc("/latest/dynamic/instance-identity/pkcs7", pkcsHandler(priv, der)) 22 mux.HandleFunc("/latest/dynamic/instance-identity/document", instanceDocumentHandler) 23 mux.HandleFunc("/sts/", stsHandler) 24 mux.HandleFunc("/ec2/", ec2Handler) 25 26 srv := httptest.NewServer(mux) 27 t.Cleanup(srv.Close) 28 29 tmpDir, v := startVault(t) 30 31 err := v.vc.Sys().PutPolicy("writepol", `path "*" { 32 policy = "write" 33 }`) 34 require.NoError(t, err) 35 err = v.vc.Sys().PutPolicy("readpol", `path "*" { 36 policy = "read" 37 }`) 38 require.NoError(t, err) 39 40 return tmpDir, v, srv, cert 41 } 42 43 func TestDatasources_VaultEc2(t *testing.T) { 44 tmpDir, v, srv, cert := setupDatasourcesVaultEc2Test(t) 45 46 v.vc.Logical().Write("secret/foo", map[string]interface{}{"value": "bar"}) 47 defer v.vc.Logical().Delete("secret/foo") 48 49 err := v.vc.Sys().EnableAuth("aws", "aws", "") 50 require.NoError(t, err) 51 defer v.vc.Sys().DisableAuth("aws") 52 53 _, err = v.vc.Logical().Write("auth/aws/config/client", map[string]interface{}{ 54 "secret_key": "secret", "access_key": "access", 55 "endpoint": srv.URL + "/ec2", 56 "iam_endpoint": srv.URL + "/iam", 57 "sts_endpoint": srv.URL + "/sts", 58 }) 59 require.NoError(t, err) 60 61 _, err = v.vc.Logical().Write("auth/aws/config/certificate/testcert", map[string]interface{}{ 62 "type": "pkcs7", "aws_public_cert": string(cert), 63 }) 64 require.NoError(t, err) 65 66 _, err = v.vc.Logical().Write("auth/aws/role/ami-00000000", map[string]interface{}{ 67 "auth_type": "ec2", "bound_ami_id": "ami-00000000", 68 "policies": "readpol", 69 }) 70 require.NoError(t, err) 71 72 o, e, err := cmd(t, "-d", "vault=vault:///secret", 73 "-i", `{{(ds "vault" "foo").value}}`). 74 withEnv("HOME", tmpDir.Join("home")). 75 withEnv("VAULT_ADDR", "http://"+v.addr). 76 withEnv("AWS_META_ENDPOINT", srv.URL). 77 run() 78 assertSuccess(t, o, e, err, "bar") 79 }