github.com/zoomfoo/nomad@v0.8.5-0.20180907175415-f28fd3a1a056/nomad/vault_testing.go (about)

     1  package nomad
     2  
     3  import (
     4  	"context"
     5  	"time"
     6  
     7  	"github.com/hashicorp/nomad/nomad/structs"
     8  	"github.com/hashicorp/nomad/nomad/structs/config"
     9  	vapi "github.com/hashicorp/vault/api"
    10  )
    11  
    12  // TestVaultClient is a Vault client appropriate for use during testing. Its
    13  // behavior is programmable such that endpoints can be tested under various
    14  // circumstances.
    15  type TestVaultClient struct {
    16  	// LookupTokenErrors maps a token to an error that will be returned by the
    17  	// LookupToken call
    18  	LookupTokenErrors map[string]error
    19  
    20  	// LookupTokenSecret maps a token to the Vault secret that will be returned
    21  	// by the LookupToken call
    22  	LookupTokenSecret map[string]*vapi.Secret
    23  
    24  	// CreateTokenErrors maps a token to an error that will be returned by the
    25  	// CreateToken call
    26  	CreateTokenErrors map[string]map[string]error
    27  
    28  	// CreateTokenSecret maps a token to the Vault secret that will be returned
    29  	// by the CreateToken call
    30  	CreateTokenSecret map[string]map[string]*vapi.Secret
    31  
    32  	RevokedTokens []*structs.VaultAccessor
    33  }
    34  
    35  func (v *TestVaultClient) LookupToken(ctx context.Context, token string) (*vapi.Secret, error) {
    36  	var secret *vapi.Secret
    37  	var err error
    38  
    39  	if v.LookupTokenSecret != nil {
    40  		secret = v.LookupTokenSecret[token]
    41  	}
    42  	if v.LookupTokenErrors != nil {
    43  		err = v.LookupTokenErrors[token]
    44  	}
    45  
    46  	return secret, err
    47  }
    48  
    49  // SetLookupTokenSecret sets the error that will be returned by the token
    50  // lookup
    51  func (v *TestVaultClient) SetLookupTokenError(token string, err error) {
    52  	if v.LookupTokenErrors == nil {
    53  		v.LookupTokenErrors = make(map[string]error)
    54  	}
    55  
    56  	v.LookupTokenErrors[token] = err
    57  }
    58  
    59  // SetLookupTokenSecret sets the secret that will be returned by the token
    60  // lookup
    61  func (v *TestVaultClient) SetLookupTokenSecret(token string, secret *vapi.Secret) {
    62  	if v.LookupTokenSecret == nil {
    63  		v.LookupTokenSecret = make(map[string]*vapi.Secret)
    64  	}
    65  
    66  	v.LookupTokenSecret[token] = secret
    67  }
    68  
    69  // SetLookupTokenAllowedPolicies is a helper that adds a secret that allows the
    70  // given policies
    71  func (v *TestVaultClient) SetLookupTokenAllowedPolicies(token string, policies []string) {
    72  	s := &vapi.Secret{
    73  		Data: map[string]interface{}{
    74  			"policies": policies,
    75  		},
    76  	}
    77  
    78  	v.SetLookupTokenSecret(token, s)
    79  }
    80  
    81  func (v *TestVaultClient) CreateToken(ctx context.Context, a *structs.Allocation, task string) (*vapi.Secret, error) {
    82  	var secret *vapi.Secret
    83  	var err error
    84  
    85  	if v.CreateTokenSecret != nil {
    86  		tasks := v.CreateTokenSecret[a.ID]
    87  		if tasks != nil {
    88  			secret = tasks[task]
    89  		}
    90  	}
    91  	if v.CreateTokenErrors != nil {
    92  		tasks := v.CreateTokenErrors[a.ID]
    93  		if tasks != nil {
    94  			err = tasks[task]
    95  		}
    96  	}
    97  
    98  	return secret, err
    99  }
   100  
   101  // SetCreateTokenError sets the error that will be returned by the token
   102  // creation
   103  func (v *TestVaultClient) SetCreateTokenError(allocID, task string, err error) {
   104  	if v.CreateTokenErrors == nil {
   105  		v.CreateTokenErrors = make(map[string]map[string]error)
   106  	}
   107  
   108  	tasks := v.CreateTokenErrors[allocID]
   109  	if tasks == nil {
   110  		tasks = make(map[string]error)
   111  		v.CreateTokenErrors[allocID] = tasks
   112  	}
   113  
   114  	v.CreateTokenErrors[allocID][task] = err
   115  }
   116  
   117  // SetCreateTokenSecret sets the secret that will be returned by the token
   118  // creation
   119  func (v *TestVaultClient) SetCreateTokenSecret(allocID, task string, secret *vapi.Secret) {
   120  	if v.CreateTokenSecret == nil {
   121  		v.CreateTokenSecret = make(map[string]map[string]*vapi.Secret)
   122  	}
   123  
   124  	tasks := v.CreateTokenSecret[allocID]
   125  	if tasks == nil {
   126  		tasks = make(map[string]*vapi.Secret)
   127  		v.CreateTokenSecret[allocID] = tasks
   128  	}
   129  
   130  	v.CreateTokenSecret[allocID][task] = secret
   131  }
   132  
   133  func (v *TestVaultClient) RevokeTokens(ctx context.Context, accessors []*structs.VaultAccessor, committed bool) error {
   134  	v.RevokedTokens = append(v.RevokedTokens, accessors...)
   135  	return nil
   136  }
   137  
   138  func (v *TestVaultClient) Stop()                                                {}
   139  func (v *TestVaultClient) SetActive(enabled bool)                               {}
   140  func (v *TestVaultClient) SetConfig(config *config.VaultConfig) error           { return nil }
   141  func (v *TestVaultClient) Running() bool                                        { return true }
   142  func (v *TestVaultClient) Stats() *VaultStats                                   { return new(VaultStats) }
   143  func (v *TestVaultClient) EmitStats(period time.Duration, stopCh chan struct{}) {}