Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
aos
GitHub Repository: aos/grafana-agent
 Path: blob/main/component/remote/vault/vault_test.go
4096 views
1
//go:build !nodocker

2


3
package vault

4


5
import (

6
	"fmt"

7
	stdlog "log"

8
	"testing"

9
	"time"

10


11
	vaultapi "github.com/hashicorp/vault/api"

12


13
	"github.com/docker/go-connections/nat"

14
	"github.com/go-kit/log"

15
	"github.com/grafana/agent/pkg/flow/componenttest"

16
	"github.com/grafana/agent/pkg/river"

17
	"github.com/grafana/agent/pkg/river/rivertypes"

18
	"github.com/grafana/agent/pkg/util"

19
	"github.com/stretchr/testify/require"

20
	"github.com/testcontainers/testcontainers-go"

21
	"github.com/testcontainers/testcontainers-go/wait"

22
)

23


24
func Test_GetSecerts(t *testing.T) {

25
	var (

26
		ctx = componenttest.TestContext(t)

27
		l   = util.TestLogger(t)

28
	)

29


30
	cli := getTestVaultServer(t)

31


32
	// Store a secret in value to use from the component.

33
	_, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{

34
		"key": "value",

35
	})

36
	require.NoError(t, err)

37


38
	cfg := fmt.Sprintf(`

39
		server = "%s"

40
		path   = "secret/test"

41


42
		reread_frequency = "0s"

43


44
		auth.token {

45
			token = "%s"

46
		}

47
	`, cli.Address(), cli.Token())

48


49
	var args Arguments

50
	require.NoError(t, river.Unmarshal([]byte(cfg), &args))

51


52
	ctrl, err := componenttest.NewControllerFromID(l, "remote.vault")

53
	require.NoError(t, err)

54


55
	go func() {

56
		require.NoError(t, ctrl.Run(ctx, args))

57
	}()

58


59
	require.NoError(t, ctrl.WaitRunning(time.Minute))

60
	require.NoError(t, ctrl.WaitExports(time.Minute))

61


62
	var (

63
		expectExports = Exports{

64
			Data: map[string]rivertypes.Secret{

65
				"key": rivertypes.Secret("value"),

66
			},

67
		}

68
		actualExports = ctrl.Exports().(Exports)

69
	)

70
	require.Equal(t, expectExports, actualExports)

71
}

72


73
func Test_PollSecrets(t *testing.T) {

74
	var (

75
		ctx = componenttest.TestContext(t)

76
		l   = util.TestLogger(t)

77
	)

78


79
	cli := getTestVaultServer(t)

80


81
	// Store a secret in value to use from the component.

82
	_, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{

83
		"key": "value",

84
	})

85
	require.NoError(t, err)

86


87
	cfg := fmt.Sprintf(`

88
		server = "%s"

89
		path   = "secret/test"

90


91
		reread_frequency = "100ms"

92


93
		auth.token {

94
			token = "%s"

95
		}

96
	`, cli.Address(), cli.Token())

97


98
	var args Arguments

99
	require.NoError(t, river.Unmarshal([]byte(cfg), &args))

100


101
	ctrl, err := componenttest.NewControllerFromID(l, "remote.vault")

102
	require.NoError(t, err)

103


104
	go func() {

105
		require.NoError(t, ctrl.Run(ctx, args))

106
	}()

107
	require.NoError(t, ctrl.WaitRunning(time.Minute))

108


109
	// Get the initial secret.

110
	{

111
		require.NoError(t, ctrl.WaitExports(time.Minute))

112


113
		var (

114
			expectExports = Exports{

115
				Data: map[string]rivertypes.Secret{

116
					"key": rivertypes.Secret("value"),

117
				},

118
			}

119
			actualExports = ctrl.Exports().(Exports)

120
		)

121
		require.Equal(t, expectExports, actualExports)

122
	}

123


124
	// Get an updated secret.

125
	{

126
		_, err := cli.KVv2("secret").Put(ctx, "test", map[string]any{

127
			"key": "newvalue",

128
		})

129
		require.NoError(t, err)

130


131
		require.NoError(t, ctrl.WaitExports(time.Minute))

132


133
		var (

134
			expectExports = Exports{

135
				Data: map[string]rivertypes.Secret{

136
					"key": rivertypes.Secret("newvalue"),

137
				},

138
			}

139
			actualExports = ctrl.Exports().(Exports)

140
		)

141
		require.Equal(t, expectExports, actualExports)

142
	}

143
}

144


145
func getTestVaultServer(t *testing.T) *vaultapi.Client {

146
	ctx := componenttest.TestContext(t)

147
	l := util.TestLogger(t)

148


149
	container, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{

150
		ContainerRequest: testcontainers.ContainerRequest{

151
			Image:        "hashicorp/vault:1.13.2",

152
			ExposedPorts: []string{"80/tcp"},

153
			Env: map[string]string{

154
				"VAULT_DEV_ROOT_TOKEN_ID":  "secretkey",

155
				"VAULT_DEV_LISTEN_ADDRESS": "0.0.0.0:80",

156
			},

157
			WaitingFor: wait.ForHTTP("/v1/sys/health"),

158
		},

159
		Started: true,

160
		Logger:  stdlog.New(log.NewStdlibAdapter(l), "", 0),

161
	})

162
	require.NoError(t, err)

163


164
	t.Cleanup(func() {

165
		require.NoError(t, container.Terminate(ctx))

166
	})

167


168
	ep, err := container.PortEndpoint(ctx, nat.Port("80/tcp"), "http")

169
	require.NoError(t, err)

170


171
	cli, err := vaultapi.NewClient(&vaultapi.Config{Address: ep})

172
	require.NoError(t, err)

173


174
	cli.SetToken("secretkey")

175
	return cli

176
}

177


178