github.com/hairyhenderson/gomplate/v3@v3.11.7/internal/tests/integration/datasources_vault_ec2_test.go

github.com/hairyhenderson/gomplate/v3@v3.11.7/internal/tests/integration/datasources_vault_ec2_test.go (about)

     1  //go:build !windows
     2  // +build !windows
     3  
     4  package integration
     5  
     6  import (
     7  	"encoding/pem"
     8  	"net/http"
     9  	"net/http/httptest"
    10  	"testing"
    11  
    12  	"github.com/stretchr/testify/require"
    13  	"gotest.tools/v3/fs"
    14  )
    15  
    16  func setupDatasourcesVaultEc2Test(t *testing.T) (*fs.Dir, *vaultClient, *httptest.Server, []byte) {
    17  	priv, der, _ := certificateGenerate()
    18  	cert := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: der})
    19  
    20  	mux := http.NewServeMux()
    21  	mux.HandleFunc("/latest/dynamic/instance-identity/pkcs7", pkcsHandler(priv, der))
    22  	mux.HandleFunc("/latest/dynamic/instance-identity/document", instanceDocumentHandler)
    23  	mux.HandleFunc("/sts/", stsHandler)
    24  	mux.HandleFunc("/ec2/", ec2Handler)
    25  
    26  	srv := httptest.NewServer(mux)
    27  	t.Cleanup(srv.Close)
    28  
    29  	tmpDir, v := startVault(t)
    30  
    31  	err := v.vc.Sys().PutPolicy("writepol", `path "*" {
    32    policy = "write"
    33  }`)
    34  	require.NoError(t, err)
    35  	err = v.vc.Sys().PutPolicy("readpol", `path "*" {
    36    policy = "read"
    37  }`)
    38  	require.NoError(t, err)
    39  
    40  	return tmpDir, v, srv, cert
    41  }
    42  
    43  func TestDatasources_VaultEc2(t *testing.T) {
    44  	tmpDir, v, srv, cert := setupDatasourcesVaultEc2Test(t)
    45  
    46  	v.vc.Logical().Write("secret/foo", map[string]interface{}{"value": "bar"})
    47  	defer v.vc.Logical().Delete("secret/foo")
    48  
    49  	err := v.vc.Sys().EnableAuth("aws", "aws", "")
    50  	require.NoError(t, err)
    51  	defer v.vc.Sys().DisableAuth("aws")
    52  
    53  	_, err = v.vc.Logical().Write("auth/aws/config/client", map[string]interface{}{
    54  		"secret_key": "secret", "access_key": "access",
    55  		"endpoint":     srv.URL + "/ec2",
    56  		"iam_endpoint": srv.URL + "/iam",
    57  		"sts_endpoint": srv.URL + "/sts",
    58  	})
    59  	require.NoError(t, err)
    60  
    61  	_, err = v.vc.Logical().Write("auth/aws/config/certificate/testcert", map[string]interface{}{
    62  		"type": "pkcs7", "aws_public_cert": string(cert),
    63  	})
    64  	require.NoError(t, err)
    65  
    66  	_, err = v.vc.Logical().Write("auth/aws/role/ami-00000000", map[string]interface{}{
    67  		"auth_type": "ec2", "bound_ami_id": "ami-00000000",
    68  		"policies": "readpol",
    69  	})
    70  	require.NoError(t, err)
    71  
    72  	o, e, err := cmd(t, "-d", "vault=vault:///secret",
    73  		"-i", `{{(ds "vault" "foo").value}}`).
    74  		withEnv("HOME", tmpDir.Join("home")).
    75  		withEnv("VAULT_ADDR", "http://"+v.addr).
    76  		withEnv("AWS_META_ENDPOINT", srv.URL).
    77  		run()
    78  	assertSuccess(t, o, e, err, "bar")
    79  }