Documentation ¶
Overview ¶
Package vault provides methods for asserting that objects in Vault exist and match a given specification.
Basics ¶
Methods in the vault package make use of the functional options pattern as a way to easily evolve interfaces without breaking backwards compatibility. Many methods require the use of the Vault LogicalClient struct, which is the object used to do most read / write / non-admin functions in the Go Vault client. For these, you can use the `WithLogicalClient` functional option.
Examples ¶
Execute a method using a Vault client configured using standard Vault environment variables
import ( "os" "testing" "github.com/hbocodelabs/infratest/pkg/vault" ) func TestVaultThing(t *testing.T) { rootToken = os.GetEnv("VAULT_TOKEN") vaultAddress = os.GetEnv("VAULT_ADDR") ctx := context.Background() clientConfig := &api.Config{ Address: vaultAddress, MaxRetries: 100, } client, err := api.NewClient(clientConfig) require.Nil(t, err, "Vault NewClient method returned an unexpected error.") client.SetToken(rootToken) logicalClient := client.Logical() expectedPath := "secret/data/hello" expectedSecretData := map[string]interface{}{ "data": map[string]interface{}{ "username": "myname", "password": "password", }, } // Do something that is supposed to create the expected secret here vault.AssertVaultSecretExists(t, ctx, vault.WithLogicalClient(logicalClient), vault.WithPath(expectedPath), vault.WithKey("username"), vault.WithValue("myname")) vault.AssertVaultSecretExists(t, ctx, vault.WithLogicalClient(logicalClient), vault.WithPath(expectedPath), vault.WithKey("password"), vault.WithValue("password")) }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AssertSecretExists ¶
func AssertSecretExists(ctx context.Context, t test.T, optFns ...AssertVaultOptsFunc)
AssertSecretExists asserts that a key/value secret exists at a given path and has a given key present in the secret data. If the "WithValue" functional option is used, it wil also assert that the value of given secret key is the same as the passed in value.
Examples ¶
Assert that a secret and key exists, using a passed in client, ignoring the value of the secret key.
expectedPath := "path" expectedKey := "key" AssertSecretExists( t, ctx, WithClient(client), WithPath(expectedPath), WithKey(expectedKey), )
Assert that a secret and key exists, using a passed in client, with a particular value.
expectedPath := "path" expectedKey := "key" expectedValue := "value" AssertSecretExists( t, ctx, WithClient(client), WithPath(expectedPath), WithKey(expectedKey), WithValue(expectedValue), )
Types ¶
type AssertVaultOptions ¶
type AssertVaultOptions struct { LogicalClient LogicalClient // The path at which the object (secret, role, etc) should exist Path string // The desired key for a Secret object Key string // The desired value for an object's key Value interface{} }
AssertVaultOptions is a struct that is used for passing options to methods used for asserting against Vault objects. It should never be used directly; instead create functional option methods which modify it, according to the AssertVaultOptsFunc interface.
type AssertVaultOptsFunc ¶
type AssertVaultOptsFunc func(opts *AssertVaultOptions) error
AssertVaultOptsFunc defines the interface used for all functional options used by Vault related methods.
func WithKey ¶
func WithKey(key string) AssertVaultOptsFunc
WithKey sets the key to assert exists when using objects that have keys, such as Secrets.
func WithLogicalClient ¶
func WithLogicalClient(client LogicalClient) AssertVaultOptsFunc
WithLogicalClient allows you to pass an existing Vault Logical Client object for use with the assertion methods. This object is returned by the `Logical` method of the Vault Client object. See https://pkg.go.dev/github.com/hashicorp/vault/api#Client.Logical.
func WithPath ¶
func WithPath(path string) AssertVaultOptsFunc
WithPath sets the path at which various assertion methods will test for a Vault object's existence.
func WithValue ¶
func WithValue(value string) AssertVaultOptsFunc
WithValue sets the value to assert that an object at a given path (and key in some cases) is equal to.