vault

package

v0.10.0 Latest Latest Go to latest Published: May 9, 2024 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hbocodelabs/infratest

Links

Open Source Insights

Documentation ¶

Overview ¶

Package vault provides methods for asserting that objects in Vault exist and match a given specification.

Basics ¶

Methods in the vault package make use of the functional options pattern as a way to easily evolve interfaces without breaking backwards compatibility. Many methods require the use of the Vault LogicalClient struct, which is the object used to do most read / write / non-admin functions in the Go Vault client. For these, you can use the `WithLogicalClient` functional option.

Examples ¶

Execute a method using a Vault client configured using standard Vault environment variables

import (
	"os"
	"testing"
	"github.com/hbocodelabs/infratest/pkg/vault"
)

func TestVaultThing(t *testing.T) {
	rootToken = os.GetEnv("VAULT_TOKEN")
	vaultAddress = os.GetEnv("VAULT_ADDR")
	ctx := context.Background()

	clientConfig := &api.Config{
		Address:    vaultAddress,
		MaxRetries: 100,
	}
	client, err := api.NewClient(clientConfig)
	require.Nil(t, err, "Vault NewClient method returned an unexpected error.")
	client.SetToken(rootToken)

	logicalClient := client.Logical()

	expectedPath := "secret/data/hello"
	expectedSecretData := map[string]interface{}{
		"data": map[string]interface{}{
			"username": "myname",
			"password": "password",
		},
	}

	// Do something that is supposed to create the expected secret here

	vault.AssertVaultSecretExists(t, ctx, vault.WithLogicalClient(logicalClient), vault.WithPath(expectedPath), vault.WithKey("username"), vault.WithValue("myname"))
	vault.AssertVaultSecretExists(t, ctx, vault.WithLogicalClient(logicalClient), vault.WithPath(expectedPath), vault.WithKey("password"), vault.WithValue("password"))
}

Index ¶

func AssertSecretExists(ctx context.Context, t test.T, optFns ...AssertVaultOptsFunc)
type AssertVaultOptions
type AssertVaultOptsFunc
type LogicalClient

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AssertSecretExists ¶

func AssertSecretExists(ctx context.Context, t test.T, optFns ...AssertVaultOptsFunc)

AssertSecretExists asserts that a key/value secret exists at a given path and has a given key present in the secret data. If the "WithValue" functional option is used, it wil also assert that the value of given secret key is the same as the passed in value.

Examples ¶

Assert that a secret and key exists, using a passed in client, ignoring the value of the secret key.

expectedPath := "path"
expectedKey := "key"
AssertSecretExists(
	t,
	ctx,
	WithClient(client),
	WithPath(expectedPath),
	WithKey(expectedKey),
)

Assert that a secret and key exists, using a passed in client, with a particular value.

expectedPath := "path"
expectedKey := "key"
expectedValue := "value"
AssertSecretExists(
	t,
	ctx,
	WithClient(client),
	WithPath(expectedPath),
	WithKey(expectedKey),
	WithValue(expectedValue),
)

Types ¶

type AssertVaultOptions ¶

type AssertVaultOptions struct {
	LogicalClient LogicalClient
	// The path at which the object (secret, role, etc) should exist
	Path string
	// The desired key for a Secret object
	Key string
	// The desired value for an object's key
	Value interface{}
}

AssertVaultOptions is a struct that is used for passing options to methods used for asserting against Vault objects. It should never be used directly; instead create functional option methods which modify it, according to the AssertVaultOptsFunc interface.

type AssertVaultOptsFunc ¶

type AssertVaultOptsFunc func(opts *AssertVaultOptions) error

AssertVaultOptsFunc defines the interface used for all functional options used by Vault related methods.

func WithKey ¶

func WithKey(key string) AssertVaultOptsFunc

WithKey sets the key to assert exists when using objects that have keys, such as Secrets.

func WithLogicalClient ¶

func WithLogicalClient(client LogicalClient) AssertVaultOptsFunc

WithLogicalClient allows you to pass an existing Vault Logical Client object for use with the assertion methods. This object is returned by the `Logical` method of the Vault Client object. See https://pkg.go.dev/github.com/hashicorp/vault/api#Client.Logical.

func WithPath ¶

func WithPath(path string) AssertVaultOptsFunc

WithPath sets the path at which various assertion methods will test for a Vault object's existence.

func WithValue ¶

func WithValue(value string) AssertVaultOptsFunc

WithValue sets the value to assert that an object at a given path (and key in some cases) is equal to.

type LogicalClient ¶

type LogicalClient interface {
	Read(string) (*api.Secret, error)
	Delete(string) (*api.Secret, error)
}

LogicalClient is an interface that matches with the Vault Logical Client (https://pkg.go.dev/github.com/hashicorp/vault/api#Logical) API type.

Source Files ¶

View all Source files

vault.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL