add vault modules test

2024-11-07 00:55:19 +00:00 · 2018-07-16 15:48:22 -05:00 · 2018-07-16 15:48:22 -05:00 · 1178a98214
commit 1178a98214
parent ff3ff80ebe
3 changed files with 78 additions and 0 deletions
--- a/tests/integration/files/conf/master
+++ b/tests/integration/files/conf/master
@ -106,3 +106,17 @@ discovery: false
 # enable using ssh minions and regular minions
 enable_ssh_minions: True
 ignore_host_keys: True
+
+# test vault
+vault:
+  url: http://vault:8200
+  auth:
+    method: token
+    token: testsecret
+  policies:
+  - testpolicy
+peer_run:
+  .*:
+  - vault.generate_token
+sdbvault:
+  driver: vault
--- a/tests/integration/files/vault.hcl
+++ b/tests/integration/files/vault.hcl
@ -0,0 +1,6 @@
+path "secret/*" {
+  capabilities = ["read", "list", "create", "update", "delete"]
+}
+path "auth/*" {
+  capabilities = ["read", "list", "sudo", "create", "update", "delete"]
+}
--- a/tests/integration/modules/test_vault.py
+++ b/tests/integration/modules/test_vault.py
@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+'''
+Integration tests for the vault modules
+'''
+
+# Import Python Libs
+from __future__ import absolute_import, print_function, unicode_literals
+
+# Import Salt Testing Libs
+from tests.support.unit import skipIf
+from tests.support.case import ModuleCase
+from tests.support.helpers import destructiveTest
+from tests.support.paths import FILES
+
+# Import Salt Libs
+import salt.utils.path
+
+
+@destructiveTest
+@skipIf(not salt.utils.path.which('dockerd'), 'Docker not installed')
+@skipIf(not salt.utils.path.which('vault'), 'Vault not installed')
+class VaultTestCase(ModuleCase):
+    '''
+    Test vault module
+    '''
+    def setUp(self):
+        '''
+        '''
+        config = '{"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}'
+        self.run_state('docker_image.present', name='vault', tag='0.9.6')
+        self.run_state(
+            'docker_container.running',
+            name='vault',
+            image='vault:0.9.6',
+            port_bindings='8200:8200',
+            environment={
+                'VAULT_DEV_ROOT_TOKEN_ID': 'testsecret',
+                'VAULT_LOCAL_CONFIG': config,
+            },
+            cap_add='IPC_LOCK',
+        )
+        self.run_function(
+            'cmd.run',
+            'vault policy write testpolicy {0}/vault.hcl'.format(FILES),
+            env={'VAULT_ADDR': 'http://127.0.0.1:8200'},
+        )
+
+    def tearDown(self):
+        self.run_state('docker_container.stopped', name='vault')
+        self.run_state('docker_container.absent', name='vault')
+        self.run_state('docker_image.absent', name='vault', force=True)
+
+    def test_vault(self):
+        assert self.run_function('vault.write_secret', arg=['secret/test/secret'], foo='bar', spam='eggs') is True
+        assert self.run_function('vault.read_secret', arg=['secret/test/secret']) == {'foo': 'bar', 'spam': 'eggs'}
+        assert self.run_function('vault.read_secret', arg=['secret/test/secret'], key='foo') == {'foo': 'bar'}
+        assert self.run_function('vault.delete_secret', arg=['secret/test/secret']) is True
+        assert self.run_function('vault.read_secret', arg=['secret/test/secret']) == 'ERROR: 404 Client Error: Not Found'